In alt.hackers, Big Bad Bob <BigBadBob-at...@testing.local> wrote:
> Github is about to change their policies to REQUIRE you to use an
> alphabet soup generated token in lieu of passwords that are easy to
> remember.
I guess I had not been paying attention, because I had not heard that.
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
> HOWEVER... since I use my _own_ github ID for a lot more than "just my
> own stuff" (like being able to get/update source for a customer's
> private github repo) it is highly likely that I'll be using "machines
> that are not mine" to make updates with.
Accounts are free. Good practice to have multiple accounts. I have three
active ones now, $WORK, $RESUME, $PERSONAL, and at least three inactive
ones from previous jobs.
> So I realy need an easy way to do this.
>
> However, I came up with something rather fun, using a standard simple
> encryption program [in this case one that I wrote]
I've used vault (
https://www.vaultproject.io) running in "dev" mode
as an in-memory password cache. Each reboot I need to restock it with
passwords from an encrypted file, then I can run a simple script to
copy them to my clipboard.
setpw:
#!/bin/sh
unset VAULT_CAPATH
export VAULT_ADDR=
http://127.0.0.1:8200
printf "Enter password for $1: "
stty_orig=$(stty -g)
stty -echo
read value
stty $stty_orig
vault kv put secret/"$1" "value=$value"
if [ $? != 0 ] ; then
echo "is vault running?"
echo " vault server --dev &"
echo " export
VAULT_TOKEN=s.ZQVdL74r4gjtGNZNk21jhdqc # eg"
exit $?
fi
getpw:
#!/bin/sh
unset VAULT_CAPATH
export VAULT_ADDR=
http://127.0.0.1:8200
vault kv get -field=value secret/"$1" | xclip -i
exit $?
The "unset VAULT_CAPATH" stuff was needed for me when I had a work
vault that required that varible.
It's helpful to store the entire shell command to set a password in
the encrypted file:
echo not-secret | setpw testentry
not-secret
if [ $? != 0 ] ; then
echo "WHOA! is vault running?"
exit $?
fi
echo 5ebe2294ecd0e0f08eab7690d2a6ee69 | setpw user
echo cd5c569173452f8438cf9bbe84d811fa | setpw root
If you want to pipe it so sh, or cut-n-paste lines. Standard bash
does not save lines that start with whitespace to history, hence
extra indent. Current $JOB has made it very easy for me to use a single
password for everything, so I haven't had that running lately. It was a
lifesaver about two jobs ago.
> I did consider gpg and openssl, but these seem to be WAY too complicated
> to set up a simple "prompt me for a pass phrase" decrypt of stdin to stdout.
While openssl has a crypt function, it is in fact a very poor encryption
and is not recommended.
> OK you'll have to install 'xclip' too - it's an X11 standard application
> that lets you use the command line to assign text to the X11 clipoard.
It's just so handy, isn't it?
> Until they gain a level of "clue" over at github, this should get you
> past the MAJOR inconvenience of clipping the pass phrase from a secure
> application, or [WORSE] from a PLAIN TEXT FILE. Ew.
I like my encrypted local files, but needing to decrypt frequently would
be a pain.
ObHack:
You can "decode" MD5 hashes by entering the hash string in a search
engine.
OkayForRealObHack:
I needed a strap of metal similar to the ones used in door bars:
_________
/ /|
/_______ / |
_____________| | | |________________
/ | / | / /
/ () () | / | / () () /
/_______________|/ |________________/
That's sized for a 2x2 nominal (1.5"x1.5") wood bar, with two fastening
screws on each side. I needed it to be fairly strong, so I couldn't just
pick some material I could easily bend by hand. I went with 1" x 1/8"
aluminum, and improvised a bending brake for this. In my 6" wide vise, I
put magnetic jaw inserts (these are widely sold[*]) for holding pipe that
have right angles, side view:
.-----._. ._.-----.
/___. | | .___\
| / \ |
| / \ |
| \ / |
| \ / |
`----' `----'
I initially tried using square rod (key stock) to mesh with that for
making a bend, similar to the bending brake vice inserts that are not
widely sold[**]. I found that didn't work well. What did work was having
the jaw inserts extend out of the side of the jaw and bending around
them.
https://i.imgur.com/kck38Sn.jpg
After that, drilling the holes to mount it was very easy.
I'm using it on the underside of my kitchen table with a piece of 2x2 to
help steady the fold up leaves. The table top was long ago raised an
extra inch and half above the skirt and legs, I don't know why, but I
suspect to give space for a pull out cutting board. I'm using that gap
to slide my 2x2 in, and the strap of metal to hold it fast to the center
board instead of just acting like a lever to pull the table top off of
the legs and skirt. Probably at the same someone modified it to be a
"grain bin table" with round bottom drawers at either end.
[*] Widely sold: available in my local hardware store.
[**] No widely sold: not available in my local hardware store.
Elijah
------
needed to use short screws to not go through the table top