Categories
Computers Rants

Historical Function

Today, I delved into a tiny bit of X11/xorg plumbing to see if I could move this damnable .xsession-errors file to someplace more out of the way. For those of you not in the know about Linux or X11, it’s basically a holding tank of any GUI application errors that aren’t normally logged. To me, it seems vestigial of a time before centralized system logging via systemd, but who am I to question our forefathers?

Well, damn it, it’s open source! Lets see if I can fuck with it and make it do what I want it to do!

Turns out no. At least not easily.

Inside /etc/X11/Xsession (on Debian, anyway), exists the following bit of code to create or temporarily create an error log file:

ERRFILE=$HOME/.xsession-errors

# attempt to create an error file; abort if we cannot
if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] &&
  [ ! -L "$ERRFILE" ]; then
  chmod 600 "$ERRFILE"
elif ERRFILE=$(tempfile 2> /dev/null); then
  if ! ln -sf "$ERRFILE" "${TMPDIR:=/tmp}/xsession-$USER"; then
    message "warning: unable to symlink \"$TMPDIR/xsession-$USER\" to" \
             "\"$ERRFILE\"; look for session log/errors in" \
             "\"$TMPDIR/xsession-$USER\"."
  fi
else
  errormsg "unable to create X session log/error file; aborting."
fi

exec >>"$ERRFILE" 2>&1

The gist (haha) here is that if you don’t have one, make it, if you can’t make it, create a dummy one in the system temp folder and if that fails, just give up. All well and good, right? Right.

So, what happens if we, say, modify the ERRFILE path to something else? Well, I tried that and I got an unexpected result: The file being created correctly in the right location (yay) and an empty file created in the original location (boo).

Excuse me, what the actual fuck?

Right now, I’m kind of at an impasse here. It seems like changing the code above to do what I want it to do works but there is something probably hard-coded elsewhere that just goes “DUMP IT IN $HOME/.xsession-errors“, which is frustrating. I don’t know where else to look. If anyone has any ideas, let me know, I’d be glad to credit you.

Update

I thought I had a smoking gun. I redirected everything in my .xprofile to two different logs, manually. This logged correctly, but I still got a leftover file, let’s see who has it open:

Oh, hello i3bar….

So, I go and re-introduce my changes to Xsession, like so:

# Original
# ERRFILE=$HOME/.xsession-errors
ERRFILE=$HOME/.cache/xorg/errors

# attempt to create an error file; abort if we cannot
# if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] &&
#   [ ! -L "$ERRFILE" ]; then
#   chmod 600 "$ERRFILE"
# elif ERRFILE=$(tempfile 2> /dev/null); then
#   if ! ln -sf "$ERRFILE" "${TMPDIR:=/tmp}/xsession-$USER"; then
#     message "warning: unable to symlink \"$TMPDIR/xsession-$USER\" to" \
#              "\"$ERRFILE\"; look for session log/errors in" \
#              "\"$TMPDIR/xsession-$USER\"."
#   fi
# else
#   errormsg "unable to create X session log/error file; aborting."
# fi

exec >>"$ERRFILE" 2>&1

I checked and it dumps the standard rigamarole from X starting up. That’s good(tm). Problem is, I still get an (empty) .xsession-errors file.

Time to investigate sway/wayland.

Categories
Computers Rants

UnFantastical

So, Fantastical, a heretofore “fantastic” calendar dropped a big new update for version 3.0. To celebrate, they decided to make it have a subscription component for stuff that was already in the app, and stuff that doesn’t need any external tooling or servers.

It’s really telling when a company that is awarded by consumers and the platform owners, has a product so good/popular that they only thing they can do is ruin it.

I was once a proud user of the app. I enjoyed it so much that I bought their contact management app, CardHop. Now, I’m back to the stock iOS apps for contacts, calendars and reminders because they got greedy (or didn’t have a strategy). Either way, good riddance. I have no place in my heart for yet another subscription.

Categories
Awesome Computers

Emacs Occur

I love Emacs. It’s a great text editor and platform for doing all sorts of things. One of the ways that it makes a great editing environment is that things are extensible, often live in the environment. One of the things I used to use is a package called “ioccur“, this allowed you to edit occurrences of a specified text across the document. This mirrored a built-in function called “Occur“, which showed you each line or instance of the occurrence across the document. The biggest problem was that once you found stuff, you had to swap back and forth between the list and the actual document. I have since learned about the ability to edit the document right from the “Occur” results.

Once you have a list of items, you can press e to enter edit mode. Each line becomes linked to their buffer line and you can make edits to whatever you want and they’ll be reflected, live. Once you’re done, you can return to the “Occur” mode (which allows you to do more) by pressing C-c C-c (a common Emacs ‘complete’ command).

Here is the feature in action:

Here is the effect in action, inside my .profile file.
Categories
Computers Misc

Free Software

No big exposition on free software, or anything like that. I just wanted to write about how I re-enrolled as a Associate (Student) Member to the Free Software Foundation. I encourage anyone who believes in Open Source to do so as well.

I also wanted to upload this.

Categories
Computers

National Cyber-security Awareness Month

Note: I technically missed this post, but it’s still good.


October is National Cyber-security Awareness Month. While many people ignore it as something that they don’t need to learn about, even basic awareness can help you be massively more secure than the next person. Generally, low level attackers are just looking to get access to the easiest to targets, because anything more than that requires exponentially more investment from their already razor thin margins.

Passwords

Love them, or more accurately: Hate them, they’re here to stay. There are methods to make them less of a pain and more secure at the same time. Many tools to secure passwords and implement second factor authentication are already freely available and easy to implement.

Use a Password Manager

By my current count, I have somewhere in the neighborhood of 400 accounts on various sites, services and tools. Some of these are defunct, some of them might still have my account information in them. The good news is, because I use a password manager, each one is unique. That means if the security for that site isn’t all that great and they have a data breach, my password can’t be used to exploit any other sites.

Both Android and Apple have built-in password managers in the form of iCloud Keychain and Google Passwords. Both can help you not only generate a strong password, but can store it securely online and sync it to other devices. They also offer features like auto-fill on sites and apps when you visit them. These features are usually enabled by default, so you actually have to ignore them to not use them.

If you’re not jazzed by the default tools, or want something more robust for secret keeping, Bitwarden is a fantastic tool for storing your passwords, second-factor tokens, notes, identities, licenses and more that can sync with pretty much any device that has access to the Internet. The software is open-source, and can be self-hosted, but their own hosting costs only $10 a year which is an amazing deal. Other options, like 1Password are also good choices due to their multi-platform efforts, more robust syncing and rigorous approach to security.

In short: Don’t keep reusing that password. Get a password manager and stop reusing your passwords.

Second-Factor (2FA)

When dealing with passwords, you’re putting a lot behind a single code. Why not add an additional layer of security? A 2FA or second-factor is usually a one-time code either text’d to you, emailed to you in the form of a special login link or in most cases, a code that your computer or phone generates in response to a key that the site generates for you. To set this up, check your account settings and see if there is an option. Many sites are beginning to offer this feature as it provides an additional hurdle for attackers to breach.

Setting it up is usually easy too. Generally you scan a QR code in your password manager, or setup a phone number to send the codes to. Once done, you’ll login and then be asked to type in an additional code. Most good password managers will already have queued up this code in your clipboard, so often you just have to paste the code. Nice!

Backups

Yup, that old chestnut. However, you don’t have an excuse. Storage (especially online storage) so cheap in the current economy that often you’re paying fractional cents (USD) for gigabytes of storage. Combine that with some really excellent tools that all but automate the process for you, and backups are easier to get going than password management.

Don’t trust online storage, or you’re just strapped for cash? Check with a friend. You can encrypt data on a spare drive with VeraCrypt or similar and ask him to keep it in a cabinet at home. Better yet, do that with a couple of friends and now you have multiple offsite backups!

Seriously. Much of the botnet, malware and ransomware problems can be fixed with having a good backup system to restore from. Keeping important stuff encrypted and safe is also free and easy to do with little to no intervention on your behalf and storing data is cheaper than ever.

Scams, Phishing and Spam

You are the weakest link in your security. You’re vulnerable to persuasion and are the keeper of all the keys. Often attackers try to exploit this fact and trick you into providing secrets or data directly. These attacks will usually come through email, as it’s not time sensitive, but occasionally they’ll come through instant messaging or text services. No matter their origin, you should watch out for some tell tale signs:

  • Asking for information they should already have.
    Is the other end asking you for information they should already have, like a password, or personal information?
  • Misspellings and grammatical errors.
    I never understood this one, but I’m glad it’s here. Often attackers are not English speaking, or just have poor language skills, making their messages difficult to read or use mannerisms that don’t fit.
  • Weird looking links.
    Usually attackers will try to hide links by using HTML to mask them to look legitimate. One tactic you can use is to hover your mouse over the link, most tools will show you a tooltip of where the link actually points to. If any part of it looks off, don’t click on it.
  • When in doubt? Call them.
    Lots of attackers try to masquerade as official looking email. If you’re not expecting anything from them, or you’re suspicious, just call or reach out in another manner. Generally, if this information is needed, a person will be able to confirm or deny it.

Updates

I can’t believe I actually have to address this in 2019. So many devices now try and force updates, and so many people try and disable or ignore them. Honestly, this is the easiest issue to remedy. Keep your stuff up-to-date. If you hate the problematic time that updates present themselves, try and configure it to run at a time when you’re not going to be active, like overnight. iOS, as an example, will run updates and backups overnight so long as you’re connected to wifi and plugged into a power source. Something people do automatically before going to bed.