This is amazing! I see multiple comments asking why, and all I can do is get really excited about having dedicated keys for unicode drawing characters, or APL operators. I want a qwerty keyboard with 3 extra rows of keys bolted ontop. Layers are supposed to do a similar thing, but I could never get to the point where layers felt natural.
This. OK. Thank you. I almost can take this somewhat kinda barely seriously now, if I look at it like that.
It’s for people who don’t like modifier keys. Like, you could have a dedicated function key for every single keyboard shortcut you’ll ever need bwahahaha… In the limit, who even needs a shift key, when you got capital keys and lowercase keys?
Or, maybe you want a Japanese or Arabic or Cyrillic keyboard conjoined with your “regular” one? (Why not just have another keyboard on your desk, though? Better ergo to not have the unused off-mode keys in the way.
The extreme can go the other way too, though. If you had a keyboard with 9 modifiers and a single “pressing” key, you should be able to produce 512 (2^9) different symbols/actions. This would be beautifully ergonomic because you wouldn’t need to move your hands at all! What’s with all these 80%/60%/40% keyboards – that’s just utter bloat.
Seriously though, I wouldn’t want the monstrosity linked in the article, but I do want more keys than most standard keyboards have.
It’s not necessarily just about not liking modifier keys. The absolute vast majority of my typing is on my Kinesis Advantage keyboard. I love that shape and if I didn’t inherit one from a colleague, I would have bought one or gone for something like the ErgoDox EZ. That design is perfect in terms of the hand/wrist position for me, the better utilisation of thumbs, etc.
But I also really want all modifier keys to be present on both sides for comfort/ergonomics. In addition I do want a Winkey/Command/Super key. I use a compose key (currently mapped to Caps Lock) and I use caps lock (mapped to simultaneously pressed Shift keys). This causes trouble sometimes and a dedicated key would help. I don’t use arrows or numpad normally, but both are expected to be there in the familiar groupings when playing games. And I need them there when developing games. Especially for traditional roguelikes, the numpad is kind of a big deal.
And there are other things I would like to have dedicated keys for (the whole F-keys row plus some multimedia keys and maybe some common system shortcuts too). These can be off to the side as they’re not being used that often. But I’m a creature of comfort and my keyboard is already overloaded to the max and still missing some crucial keys.
I only got a handful and I’ve always named them after the characters from the Wiedźmin (Witcher) books: Geralt, Ciri, Yennefer, Regis, Anguleme, Cahir, Jaskier, Triss, etc.
One downside of pass that I don’t see being talked about much is that the key names are not encrypted. This leaks a bit of metadata. Other than that’s it’s pretty much perfect for me.
https://github.com/gopasspw/gopass is also quite good, uses the same storage as pass and adds a few interesting features like git auto-syncing and browser integration.
For the issue of having your names unencrypted, I came with the following idea for safe, which could also work with pass or similar secret keepers:
When syncing your secrets online, you can obfuscate the whole directory renaming all your entries after their sha256’d names, and store the conversion in a new secret, say “hashmap”. Your directory structure is then totally unreadable, unless you have the key to read the secrets themselves.
I like this approach, because your safe protects itself. Here is my implementation (again, using safe as a backend):
#!/bin/sh
ORIG=$HOME/.secrets
HASH=$HOME/.hashes
# Create a new vault with the same master password
mkdir -p $HASH
cp $ORIG/master $HASH
# Copy all secret in new vault, using their hashed names as key
for p in $(find $ORIG -type f | grep -v /master$); do
n="${p##$ORIG/}"
h=$(echo $n | openssl sha256 | cut -d' ' -f2)
cp $p "$HASH/$h"
# print "HASH NAME" for the hashmap
printf '%s\t%s\n' "$h" "$n"
done | safe -s $HASH -a hashmap
Note: the hash is the one of the entry name, not the password itself of course ;)
Then you end up with a password store like the following, which you can store in plain sight over git or whatever:
Yeah this downside bothers me a lot and it felt I’m pretty much alone in that. It’s what prevented me from using pass for ages.
I’d made the switch eventually and I’m really happy with it, but I had to add an the name obfuscation myself. The “unix philosophy” of pass is great because you can actually build stuff on top of it.
Yeah the weird thing was all the outrage that 1Password got literally the same issue, but nobody it saying a thing for pass. Not that I recommend outrage but I think it’s important to be aware of the attack vectors.
Every time I see pass come up, it’s not long before someone mentions that the names of passwords aren’t kept secret. This seems like the most frequently mentioned and most severe downside of pass. So I’m not sure that it isn’t talked about much.
I do personally use pass and I do it in spite of the names being leaked. My threat model isn’t particularly sophisticated, so I’m generally okay with hiding the names simply by not sharing the repo.
Note that git use is optional. My ‘pass’ passwords are backed up daily along with the rest of the important files in my home directory, no extra work required as they’re just GPG-encrypted text files.
Came here to say the same thing. My backup of my pass repo is a) it’s on every device I use and b) gets synced monthly to my off-site backup drive. If I lose the encryption key I’m in trouble, but I back that up, too.
Using 2 password managers seems like a strange solution to me.
I switched from pass to KeePassXC a while ago. I use Syncthing to get the DB to my phone for use with KeePassDX and encrypted backups are automatically taken overnight with borg.
Recommending two password managers is a little odd, I agree, but he does bring up a good point that everything is fallible and multiple backups are a good thing to have.
Eh, it’s 2 applications reading the same file format. Calling them 2 password managers would be the same as using 1password on 2 platforms, I don’t even see that worth mentioning.
FWIW, I also use KeepassXC on Linux+Windows, and Keepass2Android on Android, and Syncthing. I only sync down to my phone like once a month, and it works beautifully.
If I lose the encryption key I’m in trouble, but I back that up, too.
I use gopass, which allows for multiple encryption keys for the same password store. This is very useful in the case of losing access to one of them, or the intended purpose, having multiple users of the same store.
The unfortunate issue with pass is that when it uses git to back itself up, you still need a way to backup your GPG key, which is of course incompatible with git. Even if your GPG key is encrypted, I doubt you’d want to publish it online. So in order to backup your password manager, you must come up with 2 different backup medium, which means twice as much possibilities to lock yourself out.
Also, managing a GPG keyring can have a lot of problems on its own on a daily usage basis (using a device without your keys, syncing keys, …). On this topic, using password managers based on a master password can help a lot.
Those are all good points. Since I use GPG for basically everything else (signing commits, communication, etc), the work to back that up I don’t really consider it to be part of the ‘backup my password manager’ activity.
The beauty of pass is that the storage mechanism is just a bunch of flat text files. Back them up however you want, you don’t have to use git (but it is nice that git support is built in).
I doubt you’d want to publish it online
Who said anything about it being public? Private git repos exist, either self hosted or with some paid service.
When you use GPG on a daily basis for other stuff, this would make more sense indeed. It is not my case though, so it bothered me a lot. So much that I ended up writing my own to mirror “pass” usage but with a master password. The cool stuff about it is that I can now store my GPG key inside my secret manager 😉
You’re right about private repos indeed, I think making it private makes it more complex to use git to sync it across devices. It makes for a good backup anyway as you said ! The flat file structure is great, and the composability of the tool makes it a breeze to obfuscate, backup, convert or integrate to any workflow !
I think making it private makes it more complex to use git to sync it across devices.
Not that complex, but yes, you now have to use either password or key auth to access it. And keep track of that, etc. The main thing I like about this setup is that it’s made from several simple components. Any of which could be replaced without affecting the others (or affecting them enough to require significant changes). And the architecture is simple enough for me to understand it without having to trust some external entity to always do the right thing and not break.
I’ve always wanted to make games so the project closest to my heart is Dose Response. It’s a small open-world roguelike where you play an addict. Written in Rust, running on Linux, Windows, macOS as well as WebAssembly. Free/Libre/Open Source, pay what you want.
Unfortunately, I did not have a lot of time and energy to update it after the 1.0 release yet.
This is not a very good idea, IMO. Many utilities/tools tend to create folders and files in the home directory, like Ghidra for example, creates a ~/ghidra_scripts. It’s bound to get messy fast.
It’s probably a better idea to maintain a separate “dotfiles” folder where you symlink config files/folders that you want to persist across installs, and version that using git instead.
The first line in the ~/.gitignore file causes it to ignore everything. Anything you want to track you need to add explicitly and new files won’t even show up in git status.
Not mine, but yeah I wondered :-). I’m using the more traditional dotfiles approach as well.
I had actually tried to put my home dir under git ages ago, running exactly into the issues you’ve mentioned. Ignoring everything by default and only adding files explicitly does sound like an interesting alternative to consider at least.
This argument makes sense to me when it comes to synchronizing two or more different computers.
What kind of version control systems is preferable when it comes to the synchronization/backup of the ~/Documents folder alone? I guess syncing Windows/Linux mashines should not be a problem here, no?
I using rsync for backups these days, and never thought about looking into version control systems. Any experiences here?
It depends. If your files for backup are generally text based, i.e. config files, then using a VCS is a good idea. Something like git offers great ease in managing them. But if your files are binaries, like pictures for example, then rsync is alright, I guess.
I’m one of those people who learned English with British textbooks and for me that’s a mega useful feature, as I constantly opt for the British spellings, even though I know in Computer Science we’re not supposed to use them.
I am spelling British and am rather unapologetic about it. Languages have dialects and people should spell in any colour they want to.
(I see the strive for consistency, but as long as the particular codebase has not standardised on a spelling, I won’t walk around and figure out which one it uses)
I’m Canadian, even for words that we consistently spell British (which is most of them I think), I spell American in source code. Most source code seems to be American and I want to minimize the number of identifier mispredictions for anyone editing it - including myself.
But don’t they generally then also spell American English outside the code, then?
I don’t (English is my second language, my spelling is British, but in code I do American for the same reasons gpm outlined). However, I come to contact with a lot of non-native speakers and I feel that pretty much all of them lean American in both their spelling and pronunciation in all contexts.
I’m an American and I use American spellings in my own code and writing about code. That said I see no reason why British people or nonnative speakers who learned British rather than American spellings should feel the need to switch. I think nearly every educated AmEng speaker is familiar enough with British useages (and vice versa) that there’s no serious barrier of comprehensibility.
As a matter of fact, in my readings of the recently-deceased Joe Armstrong’s papers and other writing about Erlang, he (a British person who worked in Sweden) did in fact use British spellings like “colour” without any kind of problem.
This is amazing! I see multiple comments asking why, and all I can do is get really excited about having dedicated keys for unicode drawing characters, or APL operators. I want a qwerty keyboard with 3 extra rows of keys bolted ontop. Layers are supposed to do a similar thing, but I could never get to the point where layers felt natural.
This. OK. Thank you. I almost can take this somewhat kinda barely seriously now, if I look at it like that.
It’s for people who don’t like modifier keys. Like, you could have a dedicated function key for every single keyboard shortcut you’ll ever need bwahahaha… In the limit, who even needs a shift key, when you got capital keys and lowercase keys?
Or, maybe you want a Japanese or Arabic or Cyrillic keyboard conjoined with your “regular” one? (Why not just have another keyboard on your desk, though? Better ergo to not have the unused off-mode keys in the way.
The extreme can go the other way too, though. If you had a keyboard with 9 modifiers and a single “pressing” key, you should be able to produce 512 (2^9) different symbols/actions. This would be beautifully ergonomic because you wouldn’t need to move your hands at all! What’s with all these 80%/60%/40% keyboards – that’s just utter bloat.
Seriously though, I wouldn’t want the monstrosity linked in the article, but I do want more keys than most standard keyboards have.
It’s not necessarily just about not liking modifier keys. The absolute vast majority of my typing is on my Kinesis Advantage keyboard. I love that shape and if I didn’t inherit one from a colleague, I would have bought one or gone for something like the ErgoDox EZ. That design is perfect in terms of the hand/wrist position for me, the better utilisation of thumbs, etc.
But I also really want all modifier keys to be present on both sides for comfort/ergonomics. In addition I do want a Winkey/Command/Super key. I use a compose key (currently mapped to Caps Lock) and I use caps lock (mapped to simultaneously pressed Shift keys). This causes trouble sometimes and a dedicated key would help. I don’t use arrows or numpad normally, but both are expected to be there in the familiar groupings when playing games. And I need them there when developing games. Especially for traditional roguelikes, the numpad is kind of a big deal.
And there are other things I would like to have dedicated keys for (the whole F-keys row plus some multimedia keys and maybe some common system shortcuts too). These can be off to the side as they’re not being used that often. But I’m a creature of comfort and my keyboard is already overloaded to the max and still missing some crucial keys.
I think there’s at least katakana on the linked one.
I only got a handful and I’ve always named them after the characters from the Wiedźmin (Witcher) books: Geralt, Ciri, Yennefer, Regis, Anguleme, Cahir, Jaskier, Triss, etc.
The password manager I use (pass) has a really simple and widely supported ‘backup’ mechanism built in (git).
One downside of pass that I don’t see being talked about much is that the key names are not encrypted. This leaks a bit of metadata. Other than that’s it’s pretty much perfect for me.
https://github.com/gopasspw/gopass is also quite good, uses the same storage as
passand adds a few interesting features like git auto-syncing and browser integration.For the issue of having your names unencrypted, I came with the following idea for
safe, which could also work withpassor similar secret keepers:When syncing your secrets online, you can obfuscate the whole directory renaming all your entries after their sha256’d names, and store the conversion in a new secret, say “
hashmap”. Your directory structure is then totally unreadable, unless you have the key to read the secrets themselves.I like this approach, because your safe protects itself. Here is my implementation (again, using
safeas a backend):Note: the hash is the one of the entry name, not the password itself of course ;)
Then you end up with a password store like the following, which you can store in plain sight over git or whatever:
And when you want to de-obfuscate it, you can decrypt the secret “
hashmap”, and used that to rename your entries:Yeah this downside bothers me a lot and it felt I’m pretty much alone in that. It’s what prevented me from using
passfor ages.I’d made the switch eventually and I’m really happy with it, but I had to add an the name obfuscation myself. The “unix philosophy” of pass is great because you can actually build stuff on top of it.
Yeah the weird thing was all the outrage that 1Password got literally the same issue, but nobody it saying a thing for pass. Not that I recommend outrage but I think it’s important to be aware of the attack vectors.
Every time I see
passcome up, it’s not long before someone mentions that the names of passwords aren’t kept secret. This seems like the most frequently mentioned and most severe downside ofpass. So I’m not sure that it isn’t talked about much.I do personally use
passand I do it in spite of the names being leaked. My threat model isn’t particularly sophisticated, so I’m generally okay with hiding the names simply by not sharing the repo.Note that git use is optional. My ‘pass’ passwords are backed up daily along with the rest of the important files in my home directory, no extra work required as they’re just GPG-encrypted text files.
Came here to say the same thing. My backup of my
passrepo is a) it’s on every device I use and b) gets synced monthly to my off-site backup drive. If I lose the encryption key I’m in trouble, but I back that up, too.Using 2 password managers seems like a strange solution to me.
I switched from
passto KeePassXC a while ago. I use Syncthing to get the DB to my phone for use with KeePassDX and encrypted backups are automatically taken overnight with borg.Recommending two password managers is a little odd, I agree, but he does bring up a good point that everything is fallible and multiple backups are a good thing to have.
Eh, it’s 2 applications reading the same file format. Calling them 2 password managers would be the same as using 1password on 2 platforms, I don’t even see that worth mentioning.
FWIW, I also use KeepassXC on Linux+Windows, and Keepass2Android on Android, and Syncthing. I only sync down to my phone like once a month, and it works beautifully.
I use gopass, which allows for multiple encryption keys for the same password store. This is very useful in the case of losing access to one of them, or the intended purpose, having multiple users of the same store.
The unfortunate issue with
passis that when it uses git to back itself up, you still need a way to backup your GPG key, which is of course incompatible with git. Even if your GPG key is encrypted, I doubt you’d want to publish it online. So in order to backup your password manager, you must come up with 2 different backup medium, which means twice as much possibilities to lock yourself out.Also, managing a GPG keyring can have a lot of problems on its own on a daily usage basis (using a device without your keys, syncing keys, …). On this topic, using password managers based on a master password can help a lot.
Those are all good points. Since I use GPG for basically everything else (signing commits, communication, etc), the work to back that up I don’t really consider it to be part of the ‘backup my password manager’ activity.
The beauty of pass is that the storage mechanism is just a bunch of flat text files. Back them up however you want, you don’t have to use git (but it is nice that git support is built in).
Who said anything about it being public? Private git repos exist, either self hosted or with some paid service.
When you use GPG on a daily basis for other stuff, this would make more sense indeed. It is not my case though, so it bothered me a lot. So much that I ended up writing my own to mirror “
pass” usage but with a master password. The cool stuff about it is that I can now store my GPG key inside my secret manager 😉You’re right about private repos indeed, I think making it private makes it more complex to use git to sync it across devices. It makes for a good backup anyway as you said ! The flat file structure is great, and the composability of the tool makes it a breeze to obfuscate, backup, convert or integrate to any workflow !
Not that complex, but yes, you now have to use either password or key auth to access it. And keep track of that, etc. The main thing I like about this setup is that it’s made from several simple components. Any of which could be replaced without affecting the others (or affecting them enough to require significant changes). And the architecture is simple enough for me to understand it without having to trust some external entity to always do the right thing and not break.
I’ve always wanted to make games so the project closest to my heart is Dose Response. It’s a small open-world roguelike where you play an addict. Written in Rust, running on Linux, Windows, macOS as well as WebAssembly. Free/Libre/Open Source, pay what you want.
Unfortunately, I did not have a lot of time and energy to update it after the 1.0 release yet.
A great game! Thank you for sharing.
Thank you for playing! I’m glad you like it!
This is not a very good idea, IMO. Many utilities/tools tend to create folders and files in the home directory, like Ghidra for example, creates a
~/ghidra_scripts. It’s bound to get messy fast. It’s probably a better idea to maintain a separate “dotfiles” folder where you symlink config files/folders that you want to persist across installs, and version that using git instead.What do you mean?
The first line in the
~/.gitignorefile causes it to ignore everything. Anything you want to track you need to add explicitly and new files won’t even show up ingit status.Oh right, yes. My bad. I’d failed to notice the first like in your
.gitignore.Not mine, but yeah I wondered :-). I’m using the more traditional dotfiles approach as well.
I had actually tried to put my home dir under git ages ago, running exactly into the issues you’ve mentioned. Ignoring everything by default and only adding files explicitly does sound like an interesting alternative to consider at least.
This argument makes sense to me when it comes to synchronizing two or more different computers.
What kind of version control systems is preferable when it comes to the synchronization/backup of the ~/Documents folder alone? I guess syncing Windows/Linux mashines should not be a problem here, no?
I using rsync for backups these days, and never thought about looking into version control systems. Any experiences here?
It depends. If your files for backup are generally text based, i.e. config files, then using a VCS is a good idea. Something like git offers great ease in managing them. But if your files are binaries, like pictures for example, then
rsyncis alright, I guess.I am spelling British and am rather unapologetic about it. Languages have dialects and people should spell in any colour they want to.
(I see the strive for consistency, but as long as the particular codebase has not standardised on a spelling, I won’t walk around and figure out which one it uses)
I’m Canadian, even for words that we consistently spell British (which is most of them I think), I spell American in source code. Most source code seems to be American and I want to minimize the number of identifier mispredictions for anyone editing it - including myself.
It’s the same for non-English speakers. Few people write code in anything other than American English.
But don’t they generally then also spell American English outside the code, then?
I don’t (English is my second language, my spelling is British, but in code I do American for the same reasons gpm outlined). However, I come to contact with a lot of non-native speakers and I feel that pretty much all of them lean American in both their spelling and pronunciation in all contexts.
My point was primarily about English, not specifically only the American dialect.
I’m an American and I use American spellings in my own code and writing about code. That said I see no reason why British people or nonnative speakers who learned British rather than American spellings should feel the need to switch. I think nearly every educated AmEng speaker is familiar enough with British useages (and vice versa) that there’s no serious barrier of comprehensibility.
As a matter of fact, in my readings of the recently-deceased Joe Armstrong’s papers and other writing about Erlang, he (a British person who worked in Sweden) did in fact use British spellings like “colour” without any kind of problem.