Integrating Vim and GPG

Quite frequently, I need to take a quick textual note but when the content is sensitive, even just transiently, well, some things shouldn’t be left around on disk in plain text. Now before you pipe up with “but I encrypt my home directory” keep in mind that that only pretects data against it being read in the event your machine is stolen; if something gets onto your system while it’s powered up and you’re logged in, the file is there to read.

So for a while my workflow there has been the following rather tedious sequence:

$ vi document.txt
$ gpg --encrypt --armour 
    -r andrew@operationaldynamics.com 
    -o document.asc document.txt
$ rm document.txt
$

and later on, to view or edit the file,

$ gpg --decrypt -o document.txt document.asc 
$ view document.txt
$ rm document.txt

(yes yes, I could use default behaviour for a few things there, but GPG has a bad habit of doing things that you’re not expecting; applying the principle of least surprise seems a reasonable defensive measure, but fine, ok

$ gpg < document.asc

indeed works. Pedants, the lot of you).

Obviously this is tedious, and worse, error prone; don’t be overwriting the wrong file, now. Far more serious, you have the plain text file sitting around while you’re working on it, which from an operational security standpoint is completely unacceptable.

vim plugin

I began to wonder if there was better way of doing this, and sure enough, via the volumous Vim website I eventually found my way to this delightful gem: https://github.com/jamessan/vim-gnupg by James McCoy.

Since it might not be obvious, to install it you can do the following: grab a copy of the code,

$ cd ~/src/
$ mkdir vim-gnupg
$ cd vim-gnupg/
$ git clone git://github.com/jamessan/vim-gnupg.git github
$ cd github/
$ cd plugin/
$ ls

Where you will see one gnupg.vim. To make Vim use it, you need to put in somewhere vim will see it, so symlink it into your home directory:

$ mkdir ~/.vim
$ mkdir ~/.vim/plugin
$ cd ~/.vim/plugin/
$ ln -s ~/src/vim-gnupg/github/plugin/gnupg.vim .
$

Of course have a look at what’s in that file; this is crypto and it’s important to have confidence that the implementation is sane. Turns out that the gnupg.vim plugin is “just” Vim configuration commands, though there are some pretty amazing contortions. People give Emacs a bad rap for complexity, but whoa. :). The fact you can do all that in Vim is, er, staggering.

Anyway, after all that, it Just Works™. I give my filename a .asc suffix, and ta-da:

$ vi document.asc

the plugin decrypts, lets me edit clear text in memory, and then re-encrypts before writing back to disk. Nice! For a new file, it prompts for the target address (which is one’s own email for personal use) and then on it’s way. [If you’re instead using symmetrical encryption, I see no way around creating an empty file with gpg first, but other than that, it works as you’d expect]. Doing all of this on a GNOME 3 system, you have a gpg-agent running, so you get all the sexy entry dialogs and proper passphrase caching.

I’m hoping a few people in-the-know will have a look at this and vet that this plugin doing the right thing, but all in all this seems a rather promising solution for quickly editing encrypted files.

Now if we can just convince Gedit to do the same.

AfC

November 15, 2012 12:23 AM

Got EVDO? Help me out!

I’m trying to reverse engineer the EVDO Pilot Sets V2 QCDM log item so we can get EVDO signal strength while connected with ModemManager.  I’ve got most of it figured out, but half the battle of reverse engineering is getting enough variation in the data to see the patterns.  That’s where you come in.  I’m specifically interested in getting results from EVDO on 850MHz (Americas), 450MHz (Europe and Russia), and 1700MHz/AWS (North America), so if you’re in the US and you have Leap, Cricket, MetroPCS, US Cellular, C-Spire, nTelos, then you get bonus points.  But even if you have Verizon or Sprint, the data is still useful.

You obviously have to have an EVDO-capable WWAN data card or phone that uses Qualcomm chipsets and exposes a DIAG port, but luckily almost all devices that speak CDMA/EVDO are Qualcomm-based.  You don’t even need to have an active subscription, as the tool is read-only.

So if you’re game, grab this tarball and run ‘make’ in the extracted directory.  That’ll give you an ‘evdolog’ binary which when run dumps out the data I’m interested in.  When you’ve got the dump, mail it to me.  There’s a README in the tarball that has more detail on everything.

The tool doesn’t dump any personal data, just information about what radio channels your modem is listening on and information about what radio channels the modem might jump to if you move around.  The output looks like this:

SS: State: 1
SS: Band Class: 1
S: Channel: 75

L: PN:      3
L: AS ct:   1
L: AS win:  60
L: AS chan: 2123 (0x084B)
L: UNK 1:   63 (0x3F)
L: CA ct:   0
L: CA win:  0
L: RE ct:   14
L: RE win:  100
L: UNK 2:   0 (0×00)
L: Act 0:   PN: 30   6f 01 11 00 03 00 ba 3b
L: Rem 0:   PN: 33   00 00 4b 08 64 00 00 00
L: Rem 1:   PN: 36   00 00 4b 08 64 00 00 00
L: Rem 2:   PN: 402  34 00 4b 08 64 00 00 00
L: Rem 3:   PN: 279  06 00 4b 08 64 00 00 00
L: Rem 4:   PN: 27   00 00 4b 08 64 00 00 00
L: Rem 5:   PN: 21   00 00 4b 08 64 00 00 00
L: Rem 6:   PN: 126  00 00 4b 08 64 00 00 00
L: Rem 7:   PN: 399  00 00 4b 08 64 00 00 00
L: Rem 8:   PN: 318  00 00 4b 08 64 00 00 00
L: Rem 9:   PN: 24   00 00 4b 08 64 00 00 00
L: Rem 10:  PN: 300  00 00 4b 08 64 00 00 00
L: Rem 11:  PN: 504  00 00 4b 08 64 00 00 00
L: Rem 12:  PN: 507  00 00 4b 08 64 00 00 00
L: Rem 13:  PN: 510  00 00 4b 08 64 00 00 00

Which, if you know CDMA, you know there is no channel 2123 in band class 0 or 1, which is one reason I’m asking for data dumps here

Thanks!

November 14, 2012 10:52 PM

Open Source communities

I was re-reading one of my favourite blog posts on running an Open Source community today, and thought I would share it.

Max Kanat-Alexander is the Bugzilla Release Manager, and put a variety of thoughts on leading an Open Source community together – Open Source Community, Simplified.

The TL;DR version, for those too lazy to click through, is:

1. Don’t freeze your trunk for long periods
2. Turnover is inevitable, so recruitment is vital
3. Respond to contributions immediately
4. Be extremely kind and appreciative
5. Encourage a total absence of personal negativity

His own tl;dr version of this is: “be really, abnormally, really, really kind, and don’t be mean”.

He then talks about removing barriers to contribution, promoting your project and getting new contributors interested.

All in all, an excellent contribution, and well worth the read.

November 14, 2012 08:50 PM

GNOME/Exceed, LibreOffice, Portal, Zimbra

Things have been very busy since the last blog.  Lots of concurrent projects happening and some long term design elements falling into place.

GNOME/Exceed

The software that allows iPad tablets to connect to GNOME was moved over to the production machine and is now in the hands of some beta testers.  The speed is great, and things are working really well.  From home, I can tap a few buttons and my work GNOME session appears on the tablet over my cable modem and is almost as fast as being in our City Hall building.   I sent off a few suggestions for making it easier to work on a multi-touch device with mouse based software and hope to see some of these ideas in future client releases.  I'm anticipating that we'll buy some licenses at the end of the trail.

Portal Tablet Support

Being that users will now be logging in with tablets, I wanted to change our in-house support portal to correctly log these authentications and make it easier for our staff to see where and how users are logged in and be able to send them remote control requests.  Very often users call and aren't really sure how they are logged in, and the software now helps us see exactly what's happening.

I always have more ideas than time, and have wanted to work in this area for a long time.  From the portal when you enter the user name, it hunts the network for their active logins.  With my changes made, it understand if they are logged in with a tablet and displays it in the right area and layers a shot of their screen over an iPad image.  Previously to perform functions on a session, you would click on the screen thumbnail and go to a detail screen.  I added small shortcut buttons below the screenshot to eliminate another few clicks.  [ I understand certain UI decisions and artwork could be better.  Time doesn't always allow for this level of design.]   It works, we use it all the time, and it's constantly evolving


I also spruced up the code to detect users that are logged in multiple workstations and this makes it easier to find the right session.  Users also can log into workstations and tablets at the same time too.   This all is clearly displayed.  In the shot below, I was logged into two workstations and both were located.



LibreOffice

 3.6.3 came out and this is the best one yet.  The earlier releases had some install bugs that I worked around.  This one installed cleanly and we have no reports of users crashing and import filters are working better than in earlier versions.  If you have been holding on 3.5, now might be the time to look over 3.6.

Zimbra For Email

After a lengthy process the Governance Committee has asked us to move to the Zimbra email software.  This software runs 100% in a browser, and this means that Evolution/SLED and Groupwise/SLES will be retired.  We've had Groupwise since 1994, so it's a major step for us.  Especially in the 1990s, Groupwise was away ahead of its time, but it fell more and more behind and we couldn't get Evolution patches and features fast enough to keep up with demands.  This upgrade will happen sometime in early 2013.

Other projects: Teaching myself OpenLDAP and learning how best to get it integrated, looking over Firefox 17, keeping plugins current and continued work on the new Ubuntu thin client operating system.

November 14, 2012 08:22 PM

Showrunner and Show Bible? Or Cult?

I don’t currently do much heavily collaborative writing, but I’m still very interested in the process of creating very collaborative works. So one of the many stimulating discussions at Monktoberfest was a presentation by two awesome O’Reilly staffers about the future (and past) of authorship. Needless to say, collaborative authoring was a major theme. What particularly jumped out at me in the talk and the discussion afterwards was a nagging fear that any text authored by multiple people would necessarily lack the coherence and vision of the best single-author writing.

I’ve often been very sympathetic to this concern. Watching groups of people get together and try to collaboratively create work is often painful. Those groups that have done best, in my experience, are often those with some sort of objective standard for the work they’re creating. In software, that’s usually “it compiles,” followed (in the best case) by “it passes all the tests.” Where there aren’t objective standards all team members can work with – as is often the case with UI  – the process tends to fall apart. Where there are really detailed objective standards that every contribution can be measured against – HTTP, HTML – open source is often not just competitive, but dominant.

On the flip side, you get no points for thinking of the canonical example of a single designer’s vision guiding the development of software. But Apple is an example that proves the rule – software UIs that are developed without reference to objective standards of good/bad are usually either bad, or run by a not-very-benevolent dictator who has spent decades refining his vision of authorship.

Wikipedia is another very large exception to the “many cooks” argument. It is an exception because most written projects can’t possibly have a rule of thumb so straightforward and yet effective as “neutral point of view,” because most written projects aren’t factual, dry or broken-up-into-small-chunks. In other words, most written projects aren’t encyclopedias and so can’t be written “by rule.”

Or at least that’s what I was thinking during the talk. In response to this, someone commented during the post-talk Q&A¹ that essentially all TV shows are collaboratively written, and yet manage to be coherent. In fact, in our new golden age of TV drama they’re often more than coherent- they’re quite good, despite extremely complex plots sprawling over several years of effort. This has stuck in my head ever since because it goes against all my hard-learned instincts.

I really don’t know what the trick is, since I’m not a TV writer. I suspect that in most cases the showrunner does it by (1) having a very clear vision of where the show is going (often not the case in software) and (2) clearly articulating and communicating that vision – i.e. having a good show bible and sticking to it.

If you’re not looking carefully, this looks a lot like what Aaron has rightly called a cult of personality. But I think, after being reminded about showrunners and show bibles, it is important to distinguish the two. It is a fine line, but there is a real different between what Aaron is concerned about and skilled leadership. Maybe a good test is to ask that leader: where is your show bible? What can I read to understand the vision, and help flesh it out like the writer of an episode? If the answer is “follow whatever I’m thinking about this month,” or “I’m too busy leading to write it down”, then you’ve got problems. But if your leadership can explain, don’t throw the baby out with the bathwater- that’s a person who has thought seriously about what they’re doing and how you can help them build something bigger and better than you could each do alone, not a cult leader.

1. if you’re this person, please drop me a note and I’ll credit you!

November 14, 2012 05:50 PM

2012-11-14: Wednesday.

• Up early; mail chew, worked away reviewing and polishing the Unity menus work from Canonical / Bjoern / Antonio Fernandez of Aentos. For the curious pictures of this and more are here - it should ship working out of the box in 4.0.
• Lunch. Baak to mail, admin etc. TDF Board call.
• A few quick thoughts in response to Armin: Of course we're grateful to all who have contributed code to LibreOffice, and we will do our best to credit them where appropriate as we build out our 4.0 release notes; thanks Armin. We're currently in a 4.0 feature-freeze / release crunch, with the code shaping up really nicely with contributions from hundreds of volunteers. No-one should get the idea that LibreOffice will blindly include whatever gets into Apache OpenOffice into our code-base going forward. That is emphatically not the case - any code that is included will be reviewed rather later, with a priority and preference given to code first contributed to LibreOffice. If you haven't tried it - why not jump into hacking on LibreOffice today: our codebase gets rapidly cleaner and prettier but we're always in need of help. One great live topic of today is the new: Widget Layout work in VCL that makes the UI look significantly prettier.

November 14, 2012 05:33 PM

Exploring design ideas for Epiphany — interactively

Some time ago, I wrote a small functional prototype to explore some of the design ideas for the evolution of the GNOME Web browser (maintained by my colleagues at Igalia). I thought that it would be a good idea to show these experiments to a wider public.

The basic idea by the GNOME designers is that, instead of tabs, open pages would be placed in an overview: you would click on a thumbnail there to return to a certain web page, and clicking again on “Pages” would take you back to the overview. A possible evolution of this would be to integrate bookmarks and reading lists in that overview.

This first video shows the interaction as described in the current design: in the overview, open pages are shown in a horizontal list, which gets reordered so that the leftmost element in the list corresponds to the last open tab. Note how the thumbnail is updated whenever we go back to “Pages”, and how the list scrolls to the left to show the most recently opened sites.

(link to video)

I also implemented an alternative UI where the open pages are arranged in a static 2D grid. Here it is:

(link to video)

This little application was written in a bit over 200 lines of QML. The code is available here:

• people.igalia.com/femorandeira/files/Ephy_20120530.tar.gz

The project folder includes compiled binaries that should work on, at least, 64-bit Debian and Ubuntu. Just uncompress it and run

cd Ephy ; ./Ephy

Note that if you want to build it yourself, you will need the qt4, qt-webkit and qmlviewer development libraries for your distribution; then, you can just run

make distclean ; qmake && make

November 14, 2012 03:08 PM

Color Management Hackfest 2012

Well, it was an excellent weekend for me.

General notes:

So apart from Ania having to look after a 4 week old baby on her own (which was pretty stressful for her) it was an excellent trip. We’ve agreed to repeat the event next year, and also do a track at LGM this year. The amount of interest in Linux CM seems to be genuinely increasing and it makes sense to take advantage of the momentum that’s growing.

So, +1 from me. Thanks go to Kai-Uwe, jreznik, sirko and the others who did a really good job organising everything.

November 14, 2012 02:07 PM

“Community citizenship” survey

I spoke to Kevin Carillo about what makes a good community citizen a few months ago – he had already been working for some time on his research at that point, and I thought that his approach and ideas were interesting.

Recently, he blogged about his work, and released a survey targeting recent contributors to a variety of projects, including Debian, GNOME and Mozilla.

As a long-time participant in various open source projects, I regularly see sociologists posting announcements for surveys to lists asking for developers time without first trying to get a feel for the communities involved, and figuring out how their work can benefit the community. They are zoologists, studying the behaviour of strange and wondrous beasts they don’t understand.

Kevin, like Evangelia Berdou and Malgorzata Ciesielska in the past, has adopted another approach – talking to people one-on-one and crafting a survey after building an understanding of community dynamics. I have high hopes that his resulting research will be as valuable to us as Evangelia and Gosia’s work was in the past.

I encourage anyone who fits the target profile to participate in his survey.

November 14, 2012 11:50 AM

GNIGHTS of GNOME Hackfest, #2

The second GNIGHTS of GNOME hackfest is happening this coming Saturday, from 11 am to 5 pm at Pumping Station: One (feel free to come for all or stop by -- the schedule is posted HERE (on the "canonical with a lowercase 'c'" Chicago GNU/LUG website)) . Jim Campbell will be giving a talk on DConf and GSettings for Sysadmins, and there will be food and coffee.  Come and hack with us if you are in Chicago :) 

Thanks to the GNOME Foundation for sponsoring snacks, and to PS1 for letting us use their space!

November 14, 2012 02:52 AM

2012-11-13: Tuesday.

• Poked mail, tried to track down some (apparent) confusion between system and internal boost breaking some tinderboxes; finally found the issue some missing use_unpacked,,boost dependencies. Built the ESC bug stats.
• Lydia & Janice over for dinner. Worked late; read some blogs - lots of encouraging work going on in LibreOffice - a small fraction of which is being blogged; my favourites today:
  • Until recently it was fashionable to complain about regressions in the RTF filters: the background being that we kicked out a huge scad of old, ugly duplicate code and unified it with the existing MS format filters. Anyhow - as of now, only 1 (minor performance) regression bug remains open that I'm aware of. Miklos has also added a huge slew of features (things like not loosing all the document after the first embedded formula). He just blogged some pretty pictures of these RTF Drawing Object import.
  • Another fun development is Fridrich's (spare time) project to work on the Visio file formats which is yielding some great fruit - he has even implemented Visio 2013 import support before that has shipped: LibreOffice Visio filter at LibreGraphics World.
  • Also nice to see people arriving for the group photo from the LibreOffice conference, hopefully a better shot to follow at some stage: from the LibreOffice conference - lots of happy contributors (and a small number of ODF plug-festers) in a wonderful venue, with many thanks to the German Federal Ministry of Economics and Technology.

November 13, 2012 09:00 PM

Tue 2012/Nov/13

• Turning off referers breaks live.gnome.org

  A few days ago I followed the steps in this Electronic Frontier Fondation's page about stopping online tracking.

  And only days later I discovered that I could no longer log into Gnome's wiki, live.gnome.org. I had no idea that those changes were the reason for not being able to log in, so I had trouble figuring out what was wrong. Thankfuly Andrea Veri helped me out.

  EFF's page recommends setting the value of Firefox's network.http.sendRefererHeader (in about:config) to 0, so that it never sends the HTTP referer header. This breaks logins in live.gnome.org; I guess it wants you to log in only from that site and that's the way it checks for this. Changing the value back to 1 or 2 fixes logins (explanation for network.http.sendRefererHeader).

  This has been a public service announcement.

November 13, 2012 04:22 PM

Open Communication

In my previous two blog posts, I have talked about growing our community and communication. In this post I will be focusing on communication and how we can best improve it, and in so doing expand our community. A number of things can be done to improve our communication, some of which I laid out in previous posts. But one way or another we must impr