sxan

cross-posted from: https://midwest.social/post/9890016

Rook, a secret service backed by Keepass 4.x kdbx

Howdy Lemmy,

I'm announcing Rook v0.0.9, software that provides a secret service a-la secret-tool, keyring, or pass/gopass, except backed by a Keepass 4.x kdbx file.

The problem Rook solves is mainly in script automation, where you have aerc, offlineimap, isync, vdirsyncer, msmtp, restic, or any other cron jobs that need passwords and which are often configured to fetch these passwords from a secret service with a CLI tool. Unlike existing solutions, Rook is headless and does not have a bespoke secrets database, full of passwords that must be manually synchronized with Keepass; instead, it uses a Keepass db directly.

While the readme goes into more detail, I will say the motivation for Rook evolved from a desire to use a Keepass db in a GUI-less environment and finding no existing solutions. KeepassXC provides a secret service, but is not headless; it also provides a CLI tool, but this requires the db credentials on every call. kpmenu exists, but is designed specifically to require human interaction and is unsuitable for cron environment scripting. Every other solution maintains its own DB back end, incompatible with Keepass.

Rook also benefits from minimal external dependencies, and at 1kloc is auditable by developers - I believe even by ones who do not know Go (the language of implementation). Being able to verify for yourself that there's no malicious code is a critical trait for a tool with which you're trusting secrets.

Rook is fit for purpose, and signed binaries are provided as well as build-from-source instructions (for auditors).

The project contains work in progress: credentials are limited to simple password-locked kdbx, and so doesn't yet support key files. Bash scripts that provide autotyping and attribute/secret selection via rofi, fzf, and xdotool are provided, for GUI environments; these have known bugs. Rook has not been tested on BSD, Darwin, or any other system than Linux, but may well work; the main sticking point is the use of a local file socket for client/server communication, so POSIX systems should be fine, but still, YMMV.

As a final caveat: up until v0.0.9 I've been compressing with brotli, which is very nice yet somewhat obscure. With the next release, everything will be gzipped. Also included in the next release will be packages for various distributions.

Howdy Lemmy,

I'm announcing Rook v0.0.9, software that provides a secret service a-la secret-tool, keyring, or pass/gopass, except backed by a Keepass 4.x kdbx file.

The problem Rook solves is mainly in script automation, where you have aerc, offlineimap, isync, vdirsyncer, msmtp, restic, or any other cron jobs that need passwords and which are often configured to fetch these passwords from a secret service with a CLI tool. Unlike existing solutions, Rook is headless and does not have a bespoke secrets database, full of passwords that must be manually synchronized with Keepass; instead, it uses a Keepass db directly.

While the readme goes into more detail, I will say the motivation for Rook evolved from a desire to use a Keepass db in a GUI-less environment and finding no existing solutions. KeepassXC provides a secret service, but is not headless; it also provides a CLI tool, but this requires the db credentials on every call. kpmenu exists, but is designed specifically to require human interaction and is unsuitable for cron environment scripting. Every other solution maintains its own DB back end, incompatible with Keepass.

Rook also benefits from minimal external dependencies, and at 1kloc is auditable by developers - I believe even by ones who do not know Go (the language of implementation). Being able to verify for yourself that there's no malicious code is a critical trait for a tool with which you're trusting secrets.

Rook is fit for purpose, and signed binaries are provided as well as build-from-source instructions (for auditors).

The project contains work in progress: credentials are limited to simple password-locked kdbx, and so doesn't yet support key files. Bash scripts that provide autotyping and attribute/secret selection via rofi, fzf, and xdotool are provided, for GUI environments; these have known bugs. Rook has not been tested on BSD, Darwin, or any other system than Linux, but may well work; the main sticking point is the use of a local file socket for client/server communication, so POSIX systems should be fine, but still, YMMV.

As a final caveat: up until v0.0.9 I've been compressing with brotli, which is very nice yet somewhat obscure. With the next release, everything will be gzipped. Also included in the next release will be packages for various distributions.

I assume this is QMK, because changing the settings clears or introduces the issue. I'm using Vial for the programming/configuration.

I have a key configured tap-dance, like many others: - on tap, and ctrl on hold. The issue is that most of the time when I type something like -p, I get only the -. Then, the next time I type p, I get 2 of them. So something like this will happen:

I type foo -p bar baz, but don't notice the p is missing until after baz, cursor left and type p again, and end up with -pp

Most of my keys are tap-dance of some pattern: on tap, layer shift in hold, on tap-hold. I've noticed this buffered character after - on other characters; it isn't just p. Changing the timeout does affect the frequency, but doesn't entirely eliminate it. I haven't noticed it on any other combo, although they're all of the same pattern; it seems to be only happening with the -/ctrl tap-dance. Removing the multitap on - eliminates the issue.

This is my first QMK. I'd been using an Ergodox for years, and kmonad on my laptop for a year or so, although I recently switched to kanata (fantastic piece of software, incidentally), so I'm more or less familiar with the world of layers, multi-tap/tap-dance, combos, and so on. This one has me stumped, though.

I've checked and there's no combo defined that involves dash. I've never created a QMK macro, but it occurs to me that I didn't check if there are any defined.

Does anyone have a suggestion of how I can debug this? Could there be some bug, some bit that I accidentally set, that's causing this? Is there some QMK feature that does exactly this thing, and I've somehow enabled it? I've power cycled the keyboard, although I haven't yet tried a hard or factory reset.

Any ideas would be appreciated!

Edit corrected "multi-tap" to "tap-dance", as QMK calls it the one thing and not t'other

I've been looking around for one; search (in my Lemmy client) doesn't find one, and while there seems to be at least one in Reddit, the only communities listed on qmk.fm are Reddit and Discord.

Is there a good place to ask questions in the Fediverse?

I have been using a piantor built for me by beekeeb.com, and am enjoying the more agressive stagger than my previous Ergodox. However, my typing experience is being spoiled by how tight the key spacing is. I have large hands, and can span an octave on a full-size piano; the Piantor is downright cramped.

In looking for a possible replacement (the Kyria was my primary option, but I guess splitkb.com has entirely given up on selling pre-builts, and I don't solder), what should I be looking at for specs to get some wider spacing on the keys? Is it simply "key spacing?"

Most commercial keyboards are fine; my prior was an Ergodox and the spacing was fine. The Piantor supplies that - it might even be a touch too much, but it's still better than the tepid stagger on the Ergos.

What are the terms for language anachronisms?

I had a conversation about a year ago with someone about anachronisms in language. We both felt that there were terms for these things, but could neither recall nor find (via web search) satisfying answers. This came up again recently in a different discussion in a Lemmy community, and it's driving me a little nuts. Help me Linguistics-Wan Kenobi; you're my only hope.

So we have the term "skeumorphism," which refers to oramental anachronism. I may be using "anachronism" incorrectly, but it's the hammer I have. Skeumorphisms, in computers, refer to the graphical representations of things, but not the underlying concepts. There are similar linguistic anachronisms that I feel also have specific labels:

• "disks" which are still in use, but are largely being replaced by solid-state, rectangular SSDs; but most people still call all persistent storage devices "disks."
• "film" to refer to movies, regardless of the media (increasingly digital and having nothing to do with film).
• "rice" to refer to the process of fancifying something, like computer desktops
• "desktops" to refer to computer GUI window managing interfaces
• "files" and "folders" in computers

Are these all the same category of things? Is there a term for them?

A recent update to Droid-ify has improved the user experience in a confusing way.

This is the new package installation modal confirmation dialog.

There was an owl hooting outside our house earlier, and it occurred to me that every other bird has a high-pitched call.

Ravens have a croak that could be considered low, but their loud call is a caw that's higher. I can't think of another bird with a call nearly as low as owls'.

Search engines are no help, mostly duplicates answering why they hoot. Why are owls' calls so much lower than other birds?

Can commodity products detect which pixel you're looking at on a screen?

For a number of years, I've wanted a system that eliminates mouse pointer devices. In my imaginary system, there are hotkeys bound to left & right mouse clicks, and what gets clicked is whatever you're looking at.

When I've looked at this before, the tech field tends to suffer in granularity and/or physical limitations, like needing to limit gross head movements. Most products talk about what they can do, but avoid talking about their limitations. It can be hard to find out what devices are capable of - accuracy, working with corrective eyewear, speed, head movement, software (OS) support, etc. Many products are geared at research, leading me to believe the tech isn't there yet.

Anyone have, or used a device that would be able to replace a mouse?

I got tired of pinentry popping up and interrupting whatever I was doing; I didn't find a solution elsewhere, so I wrote a little bash script to address this. This is designed for (poly|i3|way|...)bar users. The blog entry (no ads, no tracking) linked has the script verbatim, plus some rambling about the why and wherefore.

It's 22 lines of does-stuff; the rest is whitespace, comments, and instructions -- including a little blob example of using it with polybar.

A known issue is that it does occasionally pop up pinentry twice in a row when unlocking. I'm not surprised, and it has happened to me only once since I've been using it -- not enough for me to need to bother trying to address it. But I wanted to call it out.

It's not rocket science, but it took a bit of time to make sure it functioned correctly (enough), and hopefully it'll help someone else.

On Amzn, there are nicely framed, wall-mounted control panels for proprietary home automation systems. What are people using for HA? I'm leaning toward trying to wall mount tablets, but I'd need 3, and cost starts to factor in. Mounts are a problem; I want it to look as built in as possible, but most mounts aren't picture-frame style. The ones that I've found that are, are designed for specific tablets, and not the low end cheap ones. I don't have a 3D printer, so I'm limited to mounts I can buy.

I like some projects here I've seen using eInk - that's the ideal solution! Is there a source for pre-fab Android eInk wall mounted control panels, or are what I've seen bespoke projects?

I'm not opposed to gross wiring, and am not afraid of cutting holes in dry-wall... it's really the mounting that I'm stuck at. Android 7-10" tablets sufficient to run the UI would probably work, and I can probably even figure out wiring the charger, if I could just get some nice picture-frame style mounts.

What are your solutions that you think is pretty neat? Or products that I may have missed?

I count 7 in mine.