From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/76217 Path: news.gmane.org!not-for-mail From: Richard Riley Newsgroups: gmane.emacs.gnus.general Subject: Re: Guns and Privacy : sample use case/tutorial effort Date: Tue, 01 Feb 2011 13:53:52 +0100 Organization: aich tea tea pea dicky riley dot net Message-ID: <0bwrljncf3.fsf@news.eternal-september.org> References: <87sjw8t1l1.fsf@nzebook.haselwarter.org> <9ilj20ndyz.fsf@news.eternal-september.org> <87fws8sz8k.fsf@nzebook.haselwarter.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1296564877 26275 80.91.229.12 (1 Feb 2011 12:54:37 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 1 Feb 2011 12:54:37 +0000 (UTC) Cc: ding@gnus.org To: Philipp Haselwarter Original-X-From: ding-owner+M24569@lists.math.uh.edu Tue Feb 01 13:54:29 2011 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PkFka-0005Xf-Lw for ding-account@gmane.org; Tue, 01 Feb 2011 13:54:29 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1PkFkJ-00072d-R0; Tue, 01 Feb 2011 06:54:11 -0600 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1PkFkI-00072S-MB for ding@lists.math.uh.edu; Tue, 01 Feb 2011 06:54:10 -0600 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1PkFkH-0006ND-9p for ding@lists.math.uh.edu; Tue, 01 Feb 2011 06:54:10 -0600 Original-Received: from mail-bw0-f44.google.com ([209.85.214.44]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1PkFkG-0003yp-8Z for ding@gnus.org; Tue, 01 Feb 2011 13:54:08 +0100 Original-Received: by bwz12 with SMTP id 12so6449688bwz.17 for ; Tue, 01 Feb 2011 04:54:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:from:to:cc:subject:in-reply-to:date :organization:message-id:references:user-agent:mime-version :content-type:content-transfer-encoding; bh=q72zhik6mAXBsc4bStUmdBGufpBe2f9xuJUhDQpFm2I=; b=mS21RM8yUmhuN9N9vVfABxX2mpZAYLaPmENIlcavYLTGPNFNks0hHWcpJNEpqHXP4p R8LmtundGEHvA7up80o/3gzk27EiTQFTOET7QSdABdmrNYREuCsG67T0TrpJTAtYAXzC vwKyX/G4b8nmbqRzbMNiRhLRqfO5G7MwwVw8M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=from:to:cc:subject:in-reply-to:date:organization:message-id :references:user-agent:mime-version:content-type :content-transfer-encoding; b=mh/05p3ZGoMJwLlTRu/4oT36RefcVlHSeSwCrpYhxw/XowM2Y6TkWcUVh9Qyln+qHo V4XiDmzeR/EutGRxH6ICL5NeGqGzVvPlVMdS6DgKdmtK3Ae/87GvNWMIyKGVrIGEWhSN uf2Vu8F1rjjbemQrB7fXuIoRnhv+9fPEg1MAo= Original-Received: by 10.204.102.206 with SMTP id h14mr6607701bko.45.1296564842797; Tue, 01 Feb 2011 04:54:02 -0800 (PST) Original-Received: from localhost ([85.183.18.158]) by mx.google.com with ESMTPS id z18sm8719418bkf.20.2011.02.01.04.54.01 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 04:54:01 -0800 (PST) In-Reply-To: <87fws8sz8k.fsf@nzebook.haselwarter.org> (Philipp Haselwarter's message of "Tue, 01 Feb 2011 13:42:03 +0100") User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux) X-Spam-Score: -3.0 (---) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:76217 Archived-At: Philipp Haselwarter writes: > Richard Riley writes: > >> Philipp Haselwarter writes: >> >>> Richard Riley writes: >>> >>> ---8<---[snipped 61 lines]---8<--- >>>> >>>> The loading of this file would cause emacs or the system to prompt you >>>> for a password to decrypt the file if the agent (gpg-agent) or emacs >>>> hasnt already cached the password for that key. This prompt can be an >>>> issue if you're using the emacs daemon especially if starting the >>>> process at system login. When to prompt? One nice way is to only load >>>> the gpg file when you create an emacs frame. e.g >>>> >>>> ,---- >>>> | (defun load-secure-config(frame) >>>> | (require 'my-config "my-config.gpg")) >>>> |=20 >>>> | (add-hook 'after-make-frame-functions 'load-secure-config) >>>> `---- >>>> >>>> Here we see that the private configuration information is only loaded = and >>>> decrypted when you actually bring up an emacs frame - generally that >>>> would be sufficient in the case of gnus. >>> >>> Just wondering, how does this prevent emacs from prompting when there's >>> no frame? >> >> This is aimed at the initial load : it only loads after the initial >> frame. It then assumes that the password is cached. Clearly if the >> password is then needed again (cache expiry) in something involving gnu= s then there is >> generally a frame available anyway. >> > > But this opens the encrypted file for any emacs instance that creates a > frame, even if you don't want to use gnus at all. Which is not very much > in the spirit of securing your personal data. Clearly if you dont want to load it earlier then you do this on a more limited hook. some sort of "gnus start hook" or somesuch This is not just for Gnus, Hence I included an erc-password example. I will clarify that (but I'm not a big fan of the emacs wiki approach tbh). My .gpg file contains senstive passwords for other apps and, in addition, org data too. I dont feel its much of a security leak opening it earlier rather than later when used in conjunction with the gpg-agent. The file is still a gpg encrypted file. But yes someone could open it in emacs and save it as plain text in that session at that keyboard. > >>> >>> I used to start emacs-daemon on system start, and ran into this problem, >>> but that was in conjunction with desktop.el. Opening pdf's asks if you >> >> >> I stopped using desktop.el for related reasons. >> > I just use `emacsclient -a=3D"" -nw' (aliased) as editor now, the prevents > starting emacs unnecessarily (okay, I rarely don't have emacs open) and > is Really Simple to set up. No problems since. I use this set up but in conjunction with an xmonad scratchpad toggle. I documented the technique yonks ago when the daemon start methods improved:- http://splash-of-open-sauce.blogspot.com/2010/10/emacs-23-emacs-daemon-and-= emacsclient_7756.html The daemon is pretty damn cool ;) I also used -nw for a while but it clashed with function keys and what have too often so I reverted back to the gtk version. termcap beats Gnus splitting for making my brain melt. > > Another desktop.el-related PITA is when files that have auto-save data > around are restored (user gets queried too), haven't found a way around > that yet.. --=20 =E2=98=98 http://www.shamrockirishbar.com, http://splash-of-open-sauce.blog= spot.com/ http://www.richardriley.net