1. 3

    I haven’t dug into it much yet but I’m looking at a “literate devops”-type thing with Emacs, Org mode, and Tramp mode. You run commands, write scripts, and other tasks all within an Org document so you’re able to capture the thoughts and reasoning behind the code blocks in a longer form rather than just having some terse and likely sparse comments. This process leaves you with snippets of code that can be moved to a script once the process is worked out but, more importantly, you’ll have a record of why you chose the paths you did. That will prove to be invaluable 5, 10 years down the road when the script inevitably breaks and you (or someone else) needs to revise it.

    https://www.youtube.com/watch?v=dljNabciEGg

    This could of course be accomplished without the Emacs stack but I find the tight integration and fluidity it affords very compelling. The idea of doing everything from within a single environment and not needing to switch around between various terminals, browsers, text editors, IDEs, whatever is very appealing to me.

    1. 3

      I’ve had a similar set up for a couple of years now and love it! You can also throw Syncthing on a personal server for a way to sync your database when one device is offline for whatever reason.

      1. 2

        Yeah I also run a syncthing ‘server’. It just makes everything go smoothly. I guess I might as well use nextcloud, but I don’t like the bottomless pit of features it seems to be turning into.

        1. 2

          I stopped running Nextcloud long ago for exactly that reason. It feels like it does a bad job at everything.

      1. 1

        Mine is at https://secluded.site. I’d love to get some suggestions for improvements!

        I recently started with Emacs and fell in love with Org mode; I’m seriously considering ditching Hugo and going much more minimal with a small, handwritten stylesheet and HTML pages generated from Org.

        1. 2

          Just as a heads up, you can also write your blog posts in orgmode and have hugo render it (if you weren’t aware).

          1. 2

            On Firefox android, the pages always start in dark mode and then pop to light mode after remembering my preference (set by tapping the icon once on the home page).

            Seems too low contrast in dark mode.

            I also read Butterick and like the circle links and gradients, I think they’re fun though I don’t know how many people would miss them.

            1. 2

              It is pleasant to read.

              A few nitpicks not liking the gradients when the circle links expand; seems like “home” and “about” could be merged into one page - nothing much is going on at “home”. Also not a fan of how code blocks look in both light and dark themes.

              1. 1

                Also not a fan of how code blocks look in both light and dark themes.

                You don’t like the colours of the highlighting or something else?

                1. 1

                  I think they are too dark. The background is black and the text itself is quite dark within. For me it stands out too much from your otherwise light theme. They do look considerably better in darkmode, now that I took a second look at it.

              2. 2

                Clean, and loads quickly, but the contrats seem a bit too low for my taste. I’m not sure if this even qualifies as an oppinion, but I was expecting more on the front-page, and tried to scroll. The blinking cursor animation is actually calming!

                I’m seriously considering ditching Hugo and going much more minimal with a small, handwritten stylesheet and HTML pages generated from Org.

                On that topic, there is ox-hugo that can convert a org-document into a hugo-compatible site, and then render it.

                1. 1

                  the contrats seem a bit too low for my taste

                  Yeah, I’ve been meaning to increase it a bit haha. Thank you for reminding me!

                  there is ox-hugo that can convert a org-document into a hugo-compatible site

                  I’m actually working on a blog post that will be exported with ox-hugo but there’s still the whole “Hugo workflow” as well as dependency on Hugo itself. Simply using Emacs and nothing else is pretty attractive.

                2. 2

                  I enjoy your theme. The site is fast, which is really good.

                  I really like the way your blog posts are organized on the blog page. I like the tags at the top.

                  Overall the content is well formatted, with good margins.

                  If I had to suggest anything it would be to do something with the homepage. Use it as an opportunity to shepherd the user to relevant content, and or give them roads to walk down.

                  1. 2

                    Others have mentioned the all-but-blank homepage as well so I will very likely make some changes there.

                    I appreciate the suggestion and kind words!

                  2. 2

                    Reviewed on iPhone X.

                    To me, the low contrast and short line-length makes reading uncomfortable. I suggest a slightly smaller font so more words fit on a line on portrait mobile, and increasing the line-height and text contrast to compensate for the smaller size.

                    The link treatment was surprising, but delightful. A great touch for a personal site.

                    1. 2

                      Beautiful. I like the theme and the fonts. There is one annoyance though: the system fonts are displayed momentarily, before it’s swapped out to use your fonts, but I think that’s an unsolved problem today.

                      1. 2

                        I came back to this thread specially to say I love the pipe section on your site. I hope you get around to reviewing the pipes and tobacco, I’m now reading your pipe origin articles.

                        I see you do rss feeds per category, I like that a lot. I do it myself on my site for each and every tag, but had never seen it elsewhere.

                        1. 1

                          Hugo is what I currently generate the site with and it actually has feeds for every taxonomy, not just categories

                          I hope you get around to reviewing the pipes and tobacco

                          Once I’m finished documenting my email setup, I’ll get to work on some of those!

                      1. 2

                        Since none of the existing tools fit my requirements I also went down the rabbit-hole and wrote my personal note server. What I didn’t like about most existing solutions is that they either had too many bells-and-whistles or they were completely CLI based. In the end it took me about two days of writing code to get it to a point were I was happy using it.

                        The tool is a small self-contained Go webserver using a encrypted SQLite database. The service provides:

                        • markdown input (including emoji shortcut support, e.g. it renders :joy: as 😂)
                        • full text search (this is the most important feature)
                        • a super basic javascript-less web interface that only contains a form for writing or editing existing notes and that shows a list of all existing notes grouped by day

                        I should open source this 🤔

                        1. 1

                          If you do, post about it here or let me know; that sounds very interesting!

                          1. 2

                            It took me a couple of days, but here is the open source version of my note server: https://github.com/klingtnet/notes

                            There are no installation instructions for macOS (but at least prebuilt binaries), so if you own an Apple device I would be happy to receive a contribution that adds some documentation and preferrably a launchd script.

                        1. 8

                          I built Org-roam, which i had initially intended to be a simple layer on top of Org-mode that added backlinks to regular Org-mode files. A bunch of tools such as org-roam-bibtex and org-roam-server have since been built by community users to work with citations and provide a graphical overview of the notes. My notes are automatically published via netlify here.

                          Org-mode is unparalleled as a plain-text system, which beginners can use as a simple outliner, and power users can use it to build complex workflows (GTD, literate programming etc.). It’s simply a gift that keeps on giving.

                          1. 2

                            Thanks jethro for org-roam. It’s been a few months now that I use it daily and I really love it.

                            As far as I can tell, this is the ultimate note taking tool.

                            Along the rest of org-mode (org-agenda, org-capture, etc…) this is a life changer tool for me.

                            1. 3

                              you’re welcome!

                            2. 1

                              After hearing about org-mode and org-agenda for a while and then org-roam yesterday, I’ve finally decided to dive into Emacs. I’m starting from the basics with a vanilla installation and reading through a few people’s config files and the docs before I attempt to use org-roam though; I’ve heard it’s a challenge to work with.

                              My notes are automatically published via netlify here.

                              That’s incredibly similar to what someone sent me yesterday, which was the final straw that convinced me to try Emacs. Is the output a template from a specific package or something you’ve created yourself?

                              1. 3

                                As a new user I was glad to start to use emacs using a configuration framework like doom-emacs or spacemacs. In fact, after a few years getting used to emacs I now believe that doom emacs make a better job than I could ever do myself to create an emacs configuration.

                                That being said, let just say that diving into org-mode was probably one of the best use of my time, and I hope you’ll enjoy it as much as I do.

                                1. 2

                                  I’m starting from the basics with a vanilla installation and reading through a few people’s config files and the docs before I attempt to use org-roam though; I’ve heard it’s a challenge to work with.

                                  It’s hard if you fight it, easier if you are ready to learn – seeing that you have the right stance, you’ll probably be fine.

                                  1. 1

                                    I’m starting from the basics with a vanilla installation and reading through a few people’s config files and the docs before I attempt to use org-roam though; I’ve heard it’s a challenge to work with.

                                    Yes it is. Emacs is a complex beast, and so is Org-mode, and Org-roam, it really does take some time to get used to. Maybe this guide can help you: https://github.com/nobiot/Zero-to-Emacs-and-Org-roam

                                    That’s incredibly similar to what someone sent me yesterday, which was the final straw that convinced me to try Emacs. Is the output a template from a specific package or something you’ve created yourself?

                                    That’s my hugo theme, cortex, which that website in that link had modified for use directly with org-publish. I had since taken some of the modifications (javascript, mostly) and placed them back into my theme :)

                                1. 14

                                  Wouldn’t a title like “Backing up YouTube for Offline Viewing” be more descriptive of the post content? It seems that the main inspiration for the post is the closing down of Invidious (it looks like a peertube instance?) that inspired OP to download YouTube videos to watch later. While I get that OP is replacing youtube’s front-end with a local player, I was expecting a replacement for the backend from the original title. Arguably, Invidious’ closing down might show why replacing YouTube is so difficult, as there is much more to the service as the front-facing viewer interface.

                                  Great youtube-dl setup and walk-through, by the way.

                                  1. 7

                                    If it was about backing up YouTube for offline viewing, certainly. However, it’s more about using YouTube in a privacy-friendly manner. A better title would likely have just been “Replacing Invidious”. It’s late and I was more focused on the content haha.

                                    No, Invidious isn’t a PeerTube instance. As the repo says, it’s “an alternative front-end to YouTube”. Invidious is much lighter and has no JS or tracking elements.

                                    https://github.com/iv-org/invidious

                                    I ran it for some time but had so many users that there weren’t enough resources for my other services.

                                  1. 3

                                    Writing documentation

                                    docs.nixnet.services

                                    1. 3

                                      I installed MediaWiki on a server three years ago for a project and I really liked it! It was nice using software that thousands of other people had already gone through the pain of trying out.

                                      I got rid of it because I didn’t want to keep maintaining a cloud server. If anybody’s got a CF stack for AWS that sets up a serverless MediaWiki, hit me up. I’d love to try it out.

                                      1. 3

                                        I am in the process of setting up MediaWiki Fort personal content (personal kB) and I’m using the official docker image. It’s very ergonomic.

                                        1. 2

                                          I actually use TiddlyWiki and find that it’s more than adequate.

                                          1. 3

                                            I gave that a small try and it didn’t feel like the right fit for me. Still a nice idea though.

                                        2. 1

                                          It’s not AWS but I did find a gist about setting it up on Heroku. Might be something to look into https://gist.github.com/caseywatts/d04bda6626ef2c6c8f97

                                          1. 1

                                            After I posted my comment I started thinking about various ways to accomplish this. The easiest would probably be a container deployment used only as-needed on a spot-bid basis with a budget. This heroku solution looks really cool also. There’s probably a much harder way to do it without instances at all, and it might make for a great blog post, but I don’t have the necessary motivation to chase it down. I really love the tool, though. It’s amazing that such tools are free.

                                        1. 2

                                          I recall setting up MediaWiki years ago and loving it! Really like the idea of a personal Wiki fro this kind of thing - currently using SimpleNote but it’s pretty limiting, maybe I’ll give MediaWiki a go.

                                          1. 2

                                            At the beginning, I wasn’t all that impressed or optimistic about MediaWiki simply because of how dated it looks. After exploring more and seeing what it’s actually capable of, I don’t know how I ever lived without it ;) All of what I’m documenting is for NixNet and MediaWiki is perfect but I’ve also started trying to maintain a Zettelkasten as more of a personal knowledge base. It’s only been a few weeks and I haven’t had much to write outside of documentation but it seems like it’ll work pretty well.

                                          1. 3

                                            The Zettelkasten thing sure has been hitting the zeitgeist hard these last few months - right around when I started poking at those ideas myself after kind of edging around them for a decade or two. It’s interesting to feel a burgeoning nerd methodology cult wash over and through the system of my own thinking. I was a lot less self-aware the last few times this really happened to me (the first big wiki wave back in the era of thousand-line Perl CGI wiki software comes to mind), and I never got drawn into GTD or Agile on any deeply felt personal level, so it’s almost like a new experience.

                                            Anyhow, nice writeup. I’ll probably steal something here, and it’s a good reminder I should condense my own recent fiddling on stuff like vimwiki into a useful post.

                                            1. 1

                                              The idea behind Zettelkasten is really interesting and powerful but I’ve found it difficult to get started; I have no idea what kinds of things I should be writing down and keeping track of. Starting Saturday, however, I’ll have a lot more time to dig into things. Finals have been hitting me hard this week but my last one is tomorrow evening.

                                              Until now, I’d never heard of GTD. Agile has crossed my radar a couple of times and I hosted Taiga on NixNet for a bit but very few people actually used it. I didn’t either so I stopped running it. Agile is an interesting approach for software development but it seems as if GTD is actually better for individuals. At first glance, it looks as if it’s something I could really benefit from; I always keep my tasks in my head and inevitably end up forgetting some of them.

                                              How do you like vimwiki? I’ve seen a lot of people rave about it and it does look really nice but I don’t know how I feel about spreading everything over a ton of files. It seems to me that org-mode would be more useful if that’s the workflow you (“you” in general, not you specifically) are going for. I haven’t used it very much at all though; I just installed Doom Emacs last week and haven’t had time to dig into it.

                                              1. 2

                                                The idea behind Zettelkasten is really interesting and powerful but I’ve found it difficult to get started; I have no idea what kinds of things I should be writing down and keeping track of.

                                                I think most of the trick is to start taking notes and stick at it, let them evolve over time.

                                                The box full of interlinked cards for ideas is an interesting way to think about this, and it’s informing my own habits, but if you get too concerned with emulating the hard-to-pin-down but allegedly crucial specifics of methods with supposedly near-mystical powers to reorganize your life/work/thought, it’s pretty easy to lock up and go nowhere at all with it.

                                                How do you like vimwiki? I’ve seen a lot of people rave about it and it does look really nice but I don’t know how I feel about spreading everything over a ton of files. It seems to me that org-mode would be more useful if that’s the workflow you (“you” in general, not you specifically) are going for. I haven’t used it very much at all though; I just installed Doom Emacs last week and haven’t had time to dig into it.

                                                Rambling thoughts: Org mode is a much more featureful and powerful piece of software overall than something like vimwiki, but I quit using Emacs about 20 years ago because it physically hurt, and none of my attempts to revisit it since have really worked out. All the same, org seems pretty amazing and is probably worth exploring in the general case.

                                                Prior to Vimwiki, I was keeping notes in a small set of plain text files, so that felt like a natural transition. It doesn’t, overall, do very much, but linking between pages and minimal syntax for things like lists and TODOs are handled pretty well. I rarely bother rendering to HTML and primarily use it within the editor. The diary feature is great.

                                                I’ve bolted some extra features onto my notes by way of small filter scripts, autocommands, and custom keybindings. Eventually I think I’m going to want that stuff to be a bit more coherent and ergonomic. In the meanwhile, I’ve taken on some of the support load for the plugin on Freenode #vimwiki and do some GitHub issue triage for it. I’m on the fence as to whether to devote more time to improving the plugin; I may instead eventually start fresh with my own codebase, but for now Vimwiki’s structure and syntax are simple enough that I don’t feel particularly locked in if it does feel necessary to port my notes to something else.

                                            1. 4

                                              maybe just a detail, but I have added a little snippet in my vimrc. I find those ——— more readable than # Title: mt stands for “markdown title”. Choose your own.

                                              nnoremap <leader>mt yy<Esc>jP0v$r-<esc> 
                                              
                                              make the current line a title

                                              like this !

                                              1. 4

                                                You can even optimize it to fewer keystrokes ! Down to a point I don’t even need a mapping anymore now it’s in my muscle memory ☺

                                                yypVr-
                                                
                                                1. 2

                                                  I use mt sufficiently enough to keep it in a 3-key stroke. But thanks for the yypVr- trick: it is always nice to see a better solultion.

                                                2. 2

                                                  I personally prefer using the # for headers but a friend of mine always uses -------. He also uses Vim so I’ll be sure to send this to him! It also gives me some other ideas for using key combos to format markdown rather than doing it “manually”

                                                  1. 3

                                                    Don’t hesitate to share those ideas !

                                                    Mines are simply:

                                                    nnoremap <leader>m- I- <Esc> 
                                                    nnoremap <leader>ml I- <Esc>   
                                                    nnoremap <leader>mt yy<Esc>jP0v$r-<esc>
                                                    nnoremap <leader>mpl I- <Esc>p
                                                    nnoremap <leader>mx :s/^- /x /<esc> 
                                                    nnoremap <leader>m# I# <esc> 
                                                    nnoremap <leader>m<cr> O<esc> 
                                                    nnoremap <leader>md :r!date +\%c<cr>
                                                    

                                                    mx is for todo like mardown list, the dot get x when it’s done. mpl, it’s because I paste link as in dot list in general. I will probably use the better version proposed by z3bra in the comment above. Sure you will have more clever ones than mines ;-)

                                                    1. 2

                                                      It’s really recent for me. I have been using # Title exclusively for more than 1 or 2 year. But then only I finally notice that —— are more readable for me.

                                                      This appears true only when using # and ##. Suddenly Main titles are just more apparent and really stands apart from the little indented ## and ###. Well at least for me ;-), that’s the way I look at text.

                                                      So I changed to ——— only a few days weeks ago. A now I much prefer it.

                                                  1. 2

                                                    I’ve also been using the nginx rtmp module to handle multi-location video streaming as well. My band as well as electronic duo are planning to live stream a full show very soon. Just need to run some stress tests on the RTMP server. We’re using OBS to transition between the video feeds, and for the audio, we’re going to all be on a private NINJAM server. Since we can adjust the audio delay in OBS to match up with everyone’s video, we believe it will provide the closest thing to a live performance that you can get in quarantine.

                                                    1. 1

                                                      NINJAM is really cool. I’ve thought about trying to do something similar but always decided it wasn’t really worth the trouble because of the latency involved. I’m going to have to look into it some more and might actually use it with a few friends; thanks for mentioning it!

                                                      1. 1

                                                        It’s not exactly easy to start up a NINJAM server, you have to compile from source and it’s not very well supported. But once it’s running, it’s pretty stable, and I haven’t noticed any latency when jamming with others on my public server, but considering the results of our latest RTMP server tests, I’m predicting that I’ll have to adjust the audio source latency in OBS to compensate for the video latency. Just listening to the audio alone, however, shows that everyone in the server is definitely playing along together and reacting to each other just as they would in a real-life jam.

                                                    1. 1

                                                      I blog a lot on Secluded.Site. It’s really just whatever technical stuff comes to mind, Dungeons & Dragons campaigns, and pipe smoking. I’m in the process of migrating some of my posts to there from NixNet but, in the meantime, that will give you an idea of the technical things I write.

                                                      You should read it if you like what I write ;)

                                                      1. 2

                                                        I’m not sure if I’m missing it or if it’s not there, but there doesn’t seem to be any way to serve the web interface over https. Don’t see any “ToDo” items either: https://todo.sr.ht/~sircmpwn/koushin?search=https

                                                        Am I looking right past it?

                                                        1. 2

                                                          Yes, koushin assumes a reverse proxy is set up right now.

                                                          1. 1

                                                            It’s likely meant to be served from behind a webserver like NGINX or Apache with a reverse proxy; they would then handle TLS. That’s how I intend to run it.

                                                            1. 1

                                                              [edit: found an Echo recipe and it looks like Koushin isn’t wired up to call StartAutoTLS]

                                                              Echo, the underlying web server says it supports “Automatic TLS via Let’s Encrypt”.

                                                              I’m screwing around with it inside my NAT’ed house network, so any Acme bits aren’t going to work….

                                                              This Echo recipe indicates that the server needs to be started via e.StartAutoTLS, but cmd/koushin/main.go starts it with e.Start, so it looks like it’s not supposed to be working at the moment.

                                                            1. 2

                                                              Could I use it to read my Gmail emails?

                                                              1. 2

                                                                On a self-hosted instance, sure. There’s a doc for that . From what I can tell, if it was a public instance, you wouldn’t be able to use CardDAV or CalDAV for contacts and calendars.

                                                              1. 5

                                                                But will it support HTML email?

                                                                1. 4

                                                                  I really hope not. Standard though it may be, HTML email is a cancer that needs to die out. I always recommend new users on my platform to read useplaintext.email.

                                                                  1. 12

                                                                    It does support HTML e-mails. However:

                                                                    • Sanitized HTML e-mails are displayed in sandboxed <iframe> elements where many features are disabled (e.g. JavaScript). The Content-Security-Policy set by koushin is an additional security.
                                                                    • This can be easily disabled: just disable the viewhtml plugin
                                                                    1. 2

                                                                      I’m curious about this sanitization. Is there a standard algorithm or set of checks that are performed?

                                                                      1. 1

                                                                        Sanitization is performed via bluemonday, a widely used Go library.

                                                                    2. 6

                                                                      HTML is abused, but I don’t want email where I can’t even use bold or italic, or hyperlinks like the one you put in your comment. Why should emails be less expressive than forum comments?

                                                                      (Yes, I would totally welcome Markdown email as a standard. I’m sure it won’t happen, though.)

                                                                      1. 6

                                                                        Reverting to plain text, Markdown or some other kind of ad-hoc markup because HTML can be abused makes me shudder. I want nice typography and proper design in my emails. I want reading an email to be as good an experience as reading a well-designed website. In particular, I like the current resurgence of high-quality newsletters delivered to my inbox. Instead of throwing up our hands and giving up on this, I would like to see us actually attack and try to solve this problem.

                                                                        1. 4

                                                                          It’s funny, because that’s where Markdown comes from.

                                                                          the single biggest source of inspiration for Markdown’s syntax is the format of plain text email

                                                                          https://daringfireball.net/projects/markdown/syntax

                                                                          1. 3

                                                                            A lot of good emails clients will display plaintext surrounded by underscores in italics and text surrounded by asterisks in bold. As to hyperlinks, that’s what [1]. Some clients that work particularly well with plaintext will make that [1] a clickable link so you don’t have to scroll down and search for it either.

                                                                            I completely agree about markdown emails. The client that implements that will be my gold standard.

                                                                            [1]: is for

                                                                            1. 5

                                                                              imagine if we had some well-specified plain text system for applying inline formatting to text that “good” email clients could render, and hyperlinks could go inline so you don’t have to use up more screen space and manually re-index them when you add or move them in the text.

                                                                              maybe we could use less than and greater than characters to enclose the inline formatting commands. it would be great!

                                                                      1. 12

                                                                        Screenshots would be helpful :P

                                                                        1. 17

                                                                          This project is being completed under a consulting contract with Migadu for their next-generation webmail. They’re also working on a theme:

                                                                          https://sr.ht/mcvO.png https://sr.ht/ml1l.png https://sr.ht/Yk6A.png

                                                                          If it’s not obvious yet from this, Amolith, and geocar’s comments: Koushin is themeable :)

                                                                          1. 3

                                                                            Thanks, that looks a lot more promising than the other 2 posts.

                                                                            I don’t have high standards and it doesn’t have to be beautiful, but unthemed without even half an hour of css work is a bit too little effort.

                                                                            1. 2

                                                                              It looks really good! I like it. It reminds me of gmail, back in 2005, before it turned into a bloated piece of shit.

                                                                              1. 7

                                                                                I think I’ve finally found my dream webmail client. It’s incredibly minimal and wonderfully extensible; I’m going to set it up for NixNet Mail, add a little bit of CSS, and recommend it over Roundcube.

                                                                                1. 2
                                                                                  • Studying for my Discrete Math test tomorrow
                                                                                  • Migrating some services to a new domain
                                                                                  • Writing privacy policies and documentation for everything I host

                                                                                  That last one is a massive task that I’m not looking forward to in the least.

                                                                                  1. 1

                                                                                    How was the exam?

                                                                                  1. 11

                                                                                    The password manager I use (pass) has a really simple and widely supported ‘backup’ mechanism built in (git).

                                                                                    1. 7

                                                                                      One downside of pass that I don’t see being talked about much is that the key names are not encrypted. This leaks a bit of metadata. Other than that’s it’s pretty much perfect for me.

                                                                                      https://github.com/gopasspw/gopass is also quite good, uses the same storage as pass and adds a few interesting features like git auto-syncing and browser integration.

                                                                                      1. 5

                                                                                        For the issue of having your names unencrypted, I came with the following idea for safe, which could also work with pass or similar secret keepers:

                                                                                        When syncing your secrets online, you can obfuscate the whole directory renaming all your entries after their sha256’d names, and store the conversion in a new secret, say “hashmap”. Your directory structure is then totally unreadable, unless you have the key to read the secrets themselves.
                                                                                        I like this approach, because your safe protects itself. Here is my implementation (again, using safe as a backend):

                                                                                        #!/bin/sh
                                                                                        ORIG=$HOME/.secrets
                                                                                        HASH=$HOME/.hashes
                                                                                        
                                                                                        # Create a new vault with the same master password
                                                                                        mkdir -p $HASH
                                                                                        cp $ORIG/master $HASH
                                                                                        
                                                                                        # Copy all secret in new vault, using their hashed names as key
                                                                                        for p in $(find $ORIG -type f | grep -v /master$); do
                                                                                        	n="${p##$ORIG/}"
                                                                                        	h=$(echo $n | openssl sha256 | cut -d' ' -f2)
                                                                                        	cp $p "$HASH/$h"
                                                                                        
                                                                                        	# print "HASH	NAME" for the hashmap
                                                                                        	printf '%s\t%s\n' "$h" "$n"
                                                                                        done | safe -s $HASH -a hashmap
                                                                                        

                                                                                        Note: the hash is the one of the entry name, not the password itself of course ;)

                                                                                        Then you end up with a password store like the following, which you can store in plain sight over git or whatever:

                                                                                        .hashes/master
                                                                                        .hashes/hashmap
                                                                                        .hashes/455f66d5e5f75ec1334127d73a3479b7a66c69ef4cc094e28def2075cc731035
                                                                                        .hashes/d3eb539a556352f3f47881d71fb0e5777b2f3e9a4251d283c18c67ce996774b7
                                                                                        .hashes/98623d38989a6957ec74319dc4552480fa3d96a59c5ffcac76c0e080d3940406
                                                                                        .hashes/df58574b01c57710a70ba201df6b5fb8dc0bf3906b8bf39f622936f92e6ffec7
                                                                                        

                                                                                        And when you want to de-obfuscate it, you can decrypt the secret “hashmap”, and used that to rename your entries:

                                                                                        $ safe -s ~/.hashes "hashmap"
                                                                                        455f66d5e5f75ec1334127d73a3479b7a66c69ef4cc094e28def2075cc731035        dedup.key
                                                                                        d3eb539a556352f3f47881d71fb0e5777b2f3e9a4251d283c18c67ce996774b7        dummy
                                                                                        98623d38989a6957ec74319dc4552480fa3d96a59c5ffcac76c0e080d3940406        token/gitlab
                                                                                        df58574b01c57710a70ba201df6b5fb8dc0bf3906b8bf39f622936f92e6ffec7        switch
                                                                                        
                                                                                        1. 4

                                                                                          Yeah this downside bothers me a lot and it felt I’m pretty much alone in that. It’s what prevented me from using pass for ages.

                                                                                          I’d made the switch eventually and I’m really happy with it, but I had to add an the name obfuscation myself. The “unix philosophy” of pass is great because you can actually build stuff on top of it.

                                                                                          1. 1

                                                                                            Yeah the weird thing was all the outrage that 1Password got literally the same issue, but nobody it saying a thing for pass. Not that I recommend outrage but I think it’s important to be aware of the attack vectors.

                                                                                            1. 6

                                                                                              Every time I see pass come up, it’s not long before someone mentions that the names of passwords aren’t kept secret. This seems like the most frequently mentioned and most severe downside of pass. So I’m not sure that it isn’t talked about much.

                                                                                              I do personally use pass and I do it in spite of the names being leaked. My threat model isn’t particularly sophisticated, so I’m generally okay with hiding the names simply by not sharing the repo.

                                                                                        2. 5

                                                                                          Note that git use is optional. My ‘pass’ passwords are backed up daily along with the rest of the important files in my home directory, no extra work required as they’re just GPG-encrypted text files.

                                                                                          1. 4

                                                                                            Came here to say the same thing. My backup of my pass repo is a) it’s on every device I use and b) gets synced monthly to my off-site backup drive. If I lose the encryption key I’m in trouble, but I back that up, too.

                                                                                            Using 2 password managers seems like a strange solution to me.

                                                                                            1. 2

                                                                                              I switched from pass to KeePassXC a while ago. I use Syncthing to get the DB to my phone for use with KeePassDX and encrypted backups are automatically taken overnight with borg.

                                                                                              Recommending two password managers is a little odd, I agree, but he does bring up a good point that everything is fallible and multiple backups are a good thing to have.

                                                                                              1. 3

                                                                                                Eh, it’s 2 applications reading the same file format. Calling them 2 password managers would be the same as using 1password on 2 platforms, I don’t even see that worth mentioning.

                                                                                                FWIW, I also use KeepassXC on Linux+Windows, and Keepass2Android on Android, and Syncthing. I only sync down to my phone like once a month, and it works beautifully.

                                                                                              2. 2

                                                                                                If I lose the encryption key I’m in trouble, but I back that up, too.

                                                                                                I use gopass, which allows for multiple encryption keys for the same password store. This is very useful in the case of losing access to one of them, or the intended purpose, having multiple users of the same store.

                                                                                              3. 4

                                                                                                The unfortunate issue with pass is that when it uses git to back itself up, you still need a way to backup your GPG key, which is of course incompatible with git. Even if your GPG key is encrypted, I doubt you’d want to publish it online. So in order to backup your password manager, you must come up with 2 different backup medium, which means twice as much possibilities to lock yourself out.

                                                                                                Also, managing a GPG keyring can have a lot of problems on its own on a daily usage basis (using a device without your keys, syncing keys, …). On this topic, using password managers based on a master password can help a lot.

                                                                                                1. 1

                                                                                                  Those are all good points. Since I use GPG for basically everything else (signing commits, communication, etc), the work to back that up I don’t really consider it to be part of the ‘backup my password manager’ activity.

                                                                                                  The beauty of pass is that the storage mechanism is just a bunch of flat text files. Back them up however you want, you don’t have to use git (but it is nice that git support is built in).

                                                                                                  I doubt you’d want to publish it online

                                                                                                  Who said anything about it being public? Private git repos exist, either self hosted or with some paid service.

                                                                                                  1. 1

                                                                                                    When you use GPG on a daily basis for other stuff, this would make more sense indeed. It is not my case though, so it bothered me a lot. So much that I ended up writing my own to mirror “pass” usage but with a master password. The cool stuff about it is that I can now store my GPG key inside my secret manager 😉

                                                                                                    You’re right about private repos indeed, I think making it private makes it more complex to use git to sync it across devices. It makes for a good backup anyway as you said ! The flat file structure is great, and the composability of the tool makes it a breeze to obfuscate, backup, convert or integrate to any workflow !

                                                                                                    1. 1

                                                                                                      I think making it private makes it more complex to use git to sync it across devices.

                                                                                                      Not that complex, but yes, you now have to use either password or key auth to access it. And keep track of that, etc. The main thing I like about this setup is that it’s made from several simple components. Any of which could be replaced without affecting the others (or affecting them enough to require significant changes). And the architecture is simple enough for me to understand it without having to trust some external entity to always do the right thing and not break.