Rook provides a secret service a-la secret-tool, keyring, or pass/gopass, except backed by a Keepass kdbx file.

The problem Rook solves is mainly in script automation, where you have aerc, offlineimap, isync, vdirsyncer, msmtp, restic, or any other cron jobs that need passwords and which are often configured to fetch these passwords from a secret service with a CLI tool. Unlike existing solutions, Rook is headless, and does not have a bespoke secrets database full of passwords that must be manually synchronized with Keepass; instead, it uses a Keepass db directly.

Rook is in the AUR and in Alpine testing; binaries are available from the project page.

From the changelog, since the last Lemmy release announcement v0.1.3 on May 20:

[v0.2.0] Fri Oct 11 09:01:03 2024 -0500

Added

• support for password + key file credentials
• show --no-eol option, to strip CRs after, eg, passwords

Changed

• show matches search: it's now case insensitive

Fixed

• successful OPEN with password wasn't clearing the one-time pin, so the DB was staying locked.

stmps is a fork of stmp, under active development and with several additional features. (*) items are PRs which also been accepted by the stmp project.

• mpris support (*)
• improved help text
• improved playlist handling, including concurrent loading in the background
• improved browser behavior, e.g. add all songs by an artist
• global, server-side search
• artist search in the browser (*)
• TUI-less server information query
• queue reordering
• queue shuffling
• randomly add songs to the queue
• randomly add similar songs to the queue, using the Subsonic "get similar songs" feature

It's fast, keyboard driven, and a single executable; it is regularly tested against Navidrome and Gonic.

stmps can be installed by a simple go install command, and it's also in AUR as stmps.

I'm not the author, but am one of the active contributors.

The reactions to most posts are overwhelmingly negative and critical. Ironically, posts to c/unpopularopinion tend to argue that they agree with the post, and are consequently more supportive.

I'm posting here because I have nowhere else to post. If you squint, this meets the community rules because my current keyboard is a Piantor/42, and my issue stems from a combination of 40% and QMK behavior. Although, to be honest, this is mostly about QMK, but using Discord is painful, and I'll go there only as a last resort.

For a long while, I used Kanata on my laptop, and desktop an ErgoDox, having replaced kmonad because of one certain feature: tap-hold key sequence behavior. It's best described here, but the tl;dr is that (press lsft) (press a) (release lsft) (release a) where a is a tap-hold key should output "A" and not "a" -- kmonad outputs "a".

A few months ago, when I got my Piantor, I discovered that this sequence outputs no character, and although there's an option that makes it output "a", I can't find a combination that makes it output "A". I'm asking whether, in the bewildering set of QMK variables, is there a way to configure QMK s.t. the sequence (press lsft) (press a) (release lsft) (release a) outputs "A"?

That's the main thrust of my question. As a sort of addendum, I think this behavior is behind another of my QMK irritations: I'm a reasonably fast typer, and often will be typing the next key before I've completely released the previous key. This means I have to set a large-ish time-out before tap-hold engages, which introduces an annoying delay whenever I want to chord a layer and get at, e.g. numbers. I do understand that this is may be an unsolvable issue, that it's just an unavoidable limitation on small keyboards in having so many common keys (numbers, punctuation, and arrows are the worst -- coding, nearly half the text are characters from layers). Either I have a long timeout and and live with an annoying delay when I want to type (many) punctuation characters or numbers; or I have a short timeout and frequently accidentally shifting layers. However, I feel as if this might be mitigated somewhat with the Kanata-style key sequence handling, because even though my Kanata configuration is nearly an exact mirror of my QMK layer configuration, I never have this problem with Kanata.

I suppose I could give up on using QMK for anything except the most fundamental mapping, and use Kanata instead. However, there's an appeal to the portability of having the programming in the keyboard itself; it makes me a little less dependent on the computer to which the keyboard is attached.

Edit 2024-10-01

Another person posted about a similar need, and I decided to create a matrix document to track it, in the hope that those of us looking for this specific use case could come up with the best solution. The idea here is that, while many OSS social media projects are capable of being used like a Fcbook wall, they don't all necessarily provide an ideal user experience. Feature set is not equivalent to being designed for a specific use case, and the desired workflow should be the primary means of interacting with the service. The (for now) open document tracking this is here.

I'm a little surprised I can't find any posts asking this question, and that there doesn't seem to be a FAQ about it. Maybe "Facebook" covers too many use cases for one clean answer.

Up front, I think the answer for my case is going to be "Friendica," but I'm interested in hearing if there are any other, better options. I'm sure Mastodon and Lemmy aren't it, but there's Pixelfed and a dozen other options with which I'm less familiar with.

This mostly centers around my 3-y/o niece and a geographically distributed family, and the desire for Facebook-like image sharing with a timeline feed, comments, likes (positive feedback), that sort of thing. Critical, in our case, is a good iOS experience for capturing and sharing short videos and pictures; a process where the parents have to take pictures, log into a web site, create a post, attach an image from the gallery is simply too fussy, especially for the non-technical and mostly overwhelmed parents. Less important is the extended family experience, although alerts would be nice. Privacy is critical; the parents are very concerned about limiting access to the media of their daughter that is shared, so the ability to restrict viewing to logged-in members of the family is important.

FUTO Circles was almost perfect. There was some initial confusion about the difference between circles and groups, but in the end the app experience was great and it accomplished all of the goals -- until it didn't. At some point, half of the already shared media disappeared from the feeds of all of the iOS family members (although the Android user could still see all of the posts). It was a thoroughly discouraging experience, and resulted in a complete lack of faith in the ecosystem. While I believe it might be possible to self-host, by the time we decided that everyone liked it and I was about to look into self-hosting our own family server (and remove the storage restrictions, which hadn't yet been reached when it all fell apart), the iOS app bugs had cropped up and we abandoned the platform.

So there's the requirements we're looking for:

• The ability to create private, invite-only groups/communities
• A convenient mobile capture+share experience, which means an app
• Reactions (emojis) & comment threads
• Both iOS and Android support, in addition to whatever web interface is available for desktop use

and, given this community, obviously self-hostable.

I have never personally used Facebook, but my understanding is that it's a little different in that communities are really more like individual blogs with some post-level feedback mechanisms; in this way, it's more like Mastodon, where you follow individuals and can respond to their posts, albeit with a loosely-enforced character limit. And as opposed to Lemmy, which while moderated, doesn't really have a main "owner" model. I can imagine setting up a Lemmy instance and creating a community per person, but I feel as if that'd be trying to wedge a square peg into a round hole.

Pixelfed might be the answer, but from my brief encounter with it, it feels more like a photo-oriented Mastodon, then a Facebook wall-style experience (it's Facebook that has "walls", right?).

So back to where I started: in my personal experience, it seems like Friendica might be the best fit, except that I don't use an iPhone and don't know if there are any decent Friendica apps that would satisfy the user experience we're looking for; honestly, I haven't particularly liked any of the Android apps, so I don't hold out much hope for iOS.

Most of the options speak ActivityPub, so maybe I should just focus on finding the right AP-based mobile client? Although, so far the best experience (until it broke) has been Circles, which is based on Matrix.

It's challenging to install and evaluate all of the options, especially when -- in my case -- to properly evaluate the software requires getting several people on each platform to try and see how they like it. I value the community's experience and opinions.

Can anyone identify this font? The title page in the ebook is an image, and there's no credit listed, and my web searches have all been dead ends.

I'm not certain there aren't three similar fonts; there are at least two distinct fonts here, and maybe three, although they could all be in the same family -- Bold, Normal, and Light. I'm most interested in the middle font, but all three are interesting.

It's a striking title page, and I'd really like to ID these. My fall back will be to write the publisher and ask, but I'm hoping someone here will be able to toss the family off the top of their head.

I haven't seen this discussed since the debate, and I'm curious what people think would happen.

(If you've seen this twice, I first posted it to a community that only allows links to news items, which rule I read only after creating the post. I removed that post)

The idea came from a post-debate discussion on NPR (National Public Radio), where one of the (professional) political commentators was asked if this was possible and they replied, briefly, that it would have to be done soon.

1. From the analyst's response, and what I can find online (e.g., here) it seems that it's not too late for Trump to make this change. Vance would have to voluntarily step down, but I can't imagine him defying Trump if he was told to beat it.
2. It's clear Trump isn't as enamored of Vance as he initially was.
3. I think even hard-core conservatives would agree that Vance hasn't helped Trump's campaign, and (as the commentator pointed out) he's gone off-piste from Trump's talking points at times.
4. Trump's core is voting for Trump; the running mate is a side show, and it's questionable how much Vance appeals to Trump's base. I believe Trump knows all of this, or at least believes it himself.
5. Trump prides himself on firing people when he doesn't like the way things are going, and it would be in keeping character for him to make Vance a scapegoat for the polling reversal and his losing the debate.

Therefore, I think this is not just a purely hypothetical question, but a very real possibility. Trump is chaos at the best of times, and this would be an unsurprising action. Regardless of advice he gets from his handlers, he'll do what he feels like.

So my questions are: first, who's the most likely choice for a swap; and second, how do you think it'd impact the election?

I do not have CHS, a symptom of which is vomiting. I have never vomited from cannabis. I have always, however, gotten the spins, and almost invariably spend the high uncomfortably nauseous. It really doesn't matter how much I take; anything more than a microdose and I get nauseous. I've been this way forever, since the first time I tried it.

I live in a state where recreational use is legal, and it really irks me that I can't partake.

Does anyone have any advice about what I could do to get rid of the side effect of nausea? Why does this happen to me‽

cross-posted from: https://feddit.uk/post/15132091

> Bedfordshire Police have said just ten arrests were made over the Bedford River Festival this weekend (20/21 July) with Live Facial Recognition (LFR) technology responsible...

cross-posted from: https://feddit.uk/post/15132091

> Bedfordshire Police have said just ten arrests were made over the Bedford River Festival this weekend (20/21 July) with Live Facial Recognition (LFR) technology responsible...

I vastly prefer to support community artisans over mass-produced material when I can. Is anyone in the community making Moopsies?

Cross-posting here, as the content under discussion is political in nature, and I feel as if the question might be of similar concern to other posters. Most probably don't care; data miners harvesting information to sell to HR departments and hiring managers are a real thing, though, so I think answers are relevant.

cross-posted from: https://midwest.social/post/14464872

> A friend of mine would like to post an op-ed style political essay about the current turmoil in the Democratic Party about Biden's fitness. They are concerned about it affecting their career, should it be linked back to them; the US is highly divided and they know some of their peers are Republicans, and they're not sure about the affiliations of people in their upward chain of command. My friend is concerned that posting an emotional opinion piece might -- if attributed to them and seen -- negatively affect their career. They want to stay anonynmous. > > I think getting something posted anonymously in Lemmy would be fairly easy; no-one is going to trying legally coercing an email out of a Lemmy instance over an op-ed. And getting a boost in Mastodon would be simple. I was hoping that there'd be something like WriteFreely where they could post, but anonymity appears to be not even a consideration by the main developers. > > And then there's the question of how to get links to the essay out of the Fediverse, where 90% of the people are. I don't have a Xitter account anymore, and have never had a Facebook account. > > What suggestions does Lemmy have? How, in today's world, does someone anonymously post content? > > Subscript: I do not mean political anonymity -- not in the way that protection from law enforcement is needed. My friend lives in the US where freedom of speech is still more-or-less ensured, and the content is not illegal, incidiary, inciting, or even unusual. However, they want anonymity sufficient to guard against data miners, correlators, and brokers. They need to get something off their chest, express an opinion, but not at a risk to their career.

A friend of mine would like to post an op-ed style political essay about the current turmoil in the Democratic Party about Biden's fitness. They are concerned about it affecting their career, should it be linked back to them; the US is highly divided and they know some of their peers are Republicans, and they're not sure about the affiliations of people in their upward chain of command. My friend is concerned that posting an emotional opinion piece might -- if attributed to them and seen -- negatively affect their career. They want to stay anonynmous.

I think getting something posted anonymously in Lemmy would be fairly easy; no-one is going to trying legally coercing an email out of a Lemmy instance over an op-ed. And getting a boost in Mastodon would be simple. I was hoping that there'd be something like WriteFreely where they could post, but anonymity appears to be not even a consideration by the main developers.

And then there's the question of how to get links to the essay out of the Fediverse, where 90% of the people are. I don't have a Xitter account anymore, and have never had a Facebook account.

What suggestions does Lemmy have? How, in today's world, does someone anonymously post content?

Subscript: I do not mean political anonymity -- not in the way that protection from law enforcement is needed. My friend lives in the US where freedom of speech is still more-or-less ensured, and the content is not illegal, incidiary, inciting, or even unusual. However, they want anonymity sufficient to guard against data miners, correlators, and brokers. They need to get something off their chest, express an opinion, but not at a risk to their career.

It is not my intention to ignite an EMACS/vim war; I will say that I find it baffling that Lower Decks is ending while Strange New Worlds is being continued. I like Strange New Worlds, despite disagreeing with some of the artistic licenses being taken. But if I had to choose between the two shows, it'd be no contest. Not only as a viewer do I prefer LD, but it has to be the cheaper show to produce. The fact that next season is the last (both by design, it only being contracted for 5 years; and announcement) is sad and incomprehensible in the same way the cancelation of Firefly was - except LD is popular and successful, whereas Firefly merely had a fanatical (🖐️) fan base.

I don't understand it. Yes, you want to end on a high note. Maybe the writers are running out of plot ideas. Perhaps, given an initial life span of 5 years, the actors have all made other arrangements and aren't available. But I just can't believe the One Big Plot Arc that's been building would necessitate ending the series by its resolution.

LD is a strong show. It's lighthearted. It's a breath of fresh air after the more decidedly darker, ethically challenging, and emotionally straining runs of TNG, Voyager, DS9. And Strange New Worlds... the Gorn are basically Xenomorphs from the Alien franchise.Who, despite being the existential threat of the show, somehow get entirely forgotten about by the time in TOS.

But I digress. I'm going to miss Lower Decks, badly. How can this happen? And why?

This is kind of a rant, but mostly a plea.

There are times when BusyBox is the only tool you can use. You've got some embedded device with 32k RAM or something; I get it. It's the right tool. But please, please, In begging you: don't use it just because you're lazy.

I find BusyBox used in places where it's not necessary. There's enough RAM, there's more than enough storage, and yet, it's got BusyBox.

BusyBox tooling is absolutely aenemic. Simple things, common things, like - oh, - capturing a regexp group from a simple match are practically impossible. But you can do this in bash; heck, it's built in! But BusyBox uses ash, which is barely a shell and certainly doesn't support regexp matching with group capture. Maybe awk? Well, gawk lets you, with -oP, but of course BusyBox doesn't use GNU awk, and so you can't get at the capture groups because it doesn't support perl REs. It'd be shocking if BusyBox provided any truly capable tools like ripgrep, in which this would be trivial. I haven't tried BB's sed yet, because sed's RE escaping is and has always been a bizarre nightmarish Frankenstein syntax, but I've got a dime riding on some restriction in BB's sed that prevents getting at capture groups there, too.

BusyBox serves a purpose; it is intentionally barely functional; size constraining trumps all other considerations. It achieves this well. My issue isn't with BusyBox, it's with people using it everywhere when they don't need to, making life hell for anyone who's trying to actually get any work done in it.

So please. For the sanity of your users: don't reach for BusyBox just because it's easy, or because you're tickled that you're going to save a megabyte or two; please spare a thought for your users on which you are inflicting these constraints. Use it when you have to, because otherwise it doesn't fit. Otherwise, chose a real shell, at least bash, and include some tools capable of more than less than the bare minimum.

I know it's tragically pedestrian; and I know there's supposed to be a 4 in 2025; and I also know there's many a slip twixt cup and lip, and the gaming industry is going through some pretty radical changes... but all I really want is another Borderlands.

There's not much they can do with it, not many places to go, and I'm sure everyone who's worked on the series over the years is thoroughly sick of it. But, damn. Every one of the main games (at least; I haven't loved every in-between spin-off) has his a sweet spot of mindless fun, funniness, and replay-ability. I've played 3 so many times through, and spent so many hours just running around in every location, even I can't work up much enthusiasm to fire it up anymore.

There's an occasional game that fills the same niche; Bullet Storm was pretty fun, but with low replay-ability. I just want a game where I can turn off the higher brain functions and run around killing stuff in interesting ways.

Thanks for attending my Ted Talk.

Rook provides a secret service a-la secret-tool, keyring, or pass/gopass, except backed by a Keepass v2 kdbx file.

The problem Rook solves is mainly in script automation, where you have aerc, offlineimap, isync, vdirsyncer, msmtp, restic, or any other cron jobs that need passwords and which are often configured to fetch these passwords from a secret service with a CLI tool. Unlike existing solutions, Rook is headless, and does not have a bespoke secrets database full of passwords that must be manually synchronized with Keepass; instead, it uses a Keepass db directly.

Rook is in the AUR; binaries are available from the project page.

From the changelog, since the last Lemmy release announcement (v0.0.9):

[v0.1.3] Mon May 20 17:12:25 2024 -0500

Added

• status command, a more lightweight way of testing if a DB is open. Using this instead of info in e.g. statusbar scripts greatly reduces CPU load.
• case-insensitive search.

Changed

• removing some nil panics that could occur when DB is closed while a client call is being processed.

Fixed

• a hidden bug in the OTP pin code.
• some errors being ignored (and therefore not logged)
• TOTP attributes getting missed by otp generator check

[v0.1.2] Fri Apr 26 15:13:55 2024 -0500

Added

• one-time pin soft locking
• installation instructions for distributions that have rook in a repository
• more of the special autotype {} commands are supported (backspace, space, esc)

Changed

• getAttr adds a little delay before typing, allowing initiator tools (like rofi) to close windows before text is output
• cleans up code per golint/gochk

Fixed

• an autotype bug in outputting literals

[v0.1.1] Sun Mar 17 13:44:54 2024 -0500

Added

• the original source rook.svg
• ability to start the rook server passing in the password via stdin pipe.

Changed

• assets moved to directory
• documentation referenced Keepass v4; there's no such thing, it's v2.
• license, was missing (c) from original
• stop trying to remove the version number from build assets
• documentation to clarify when the master password exists as plain text, in response to questions from @[email protected]

[v0.1.0] Fri Mar 15 14:03:25 2024 -0500

Added

• nfpm file
• logo

Changed

• clears out the password so it's not being held in plain text by the flags library.
• some of the documentation, and fixes the duplicated v0.0.9 entry in the changelog.
• CI build targets are more limited, but also include some distro packages
• better README documentation

Removed

• the monitor attribute was taken out, as rook no longer busy-polls the DB

Rook is a lightweight, stand-alone, headless secret service tool backed by a Keepass v2 database. It provides client and server modes in a single executable, built from a reasonably small (auditable) code base with a small and shallow dependency tree - it should not be challenging to verify that it is not doing anything sketchy with your secrets.

Reasonable auditability, the desire to use KeePass files, and to do so through a headless tool that doesn't spawn off the better part of a DE through otherwise unused services, were the main motivations for Rook.

You might be interested in Rook if one or more of these are true:

• you use KeePass v2-compatible tools to store secrets already
• you are not running a DE like KDE or Gnome (although Rook may still be interesting because of secret consolidation)
• you prefer to minimize background GUI applications (KeePassXC is excellent and provides a secret service, but doesn't run headless)
• you run background applications such as vdirsyncer, mbsync (isync), offlineimap, or restic, or applications such as aerc that can be configured to fetch credentials from a secret service rather than hard-coded in a config file.

Pre-built binaries for limited OS/archs are built by the CI, and Rook if available in AUR. There's an nfpm config in the repos that will build RPMs and Debs, among others. I consider Rook to be essentially free of any major bugs and fit-for-purpose, although I welcome hearing otherwise.

Utility scripts in zsh and bash are available for providing autotyping and entry/attribute selection using xdotool, rofi, xprop, and so on; these are YMMV-quality.

Changes from v0.1.1 are:

Added

• one-time pin soft locking
• installation instructions for distributions that have rook in a repository
• more of the special autotype {} commands are supported (backspace, space, esc)

Changed

• getAttr adds a little delay before typing, allowing initiator tools (like rofi) to close windows before text is output
• cleans up code per golint/gochk

Fixed

• an autotype bug in outputting literals

Update

On a whim, I tried searching YouTube instead of search engines and found a short video which led me to this shop in Etsy. It looks quite promising, so I'm going to update the title as "solved."

Original post

I've had an Elektra Micro Casa Leva for a number of years, and a while ago I bought a naked portafilter for it. It was (and still is, on the product site) as "for the Micro Casa." It is, without a doubt, one of the poorest quality things I've ever bought. The wood appears painted, not stained; it's been resistant to oiling, and lately the paint has been flaking off leaving what I assume is cheap pine. The wood itself has been cracking and splitting. The portafilter itself is painted to look like brass; I can tell this because that paint has started chipping and peeling. It looks as if it's some type of steel underneath -- I'd suspect aluminum, except for the weight and I assume the maker would be concerned about having one literally melt on a user. In any case, it's horrible. The handle is not screwed in, or else it's screwed & glued; if the metal weren't so obviously crap, I'd consider routing out the handle and replacing it myself; as is, it's so poorly made it hardly seems worth the effort. Regardless, I've been using it for a few years and it hasn't outright broken yet, but with all the paint chipping and peeling, it's looking really rough, and you don't own a Micro Casa Leva for the convenience.

The Elektra takes a non-standard 49mm portafilter, which can make finding parts challenging. Is there a company that makes decent portafilters that fit the Leva? It's possible I simply haven't delved the depths of the web deeply enough. Or, is there a craftsman in the community who does this sort of work -- making nice handles, sourcing appropriate baskets, etc? Failing all of that, is there a place I can buy a naked portafilter of good quality for the Leva, and is there anyone making good handles for portafilters? I'm no craftsman, but I can manage sanding wood to fit a hole, and I can mix epoxy.

What I'd really like to end up with is a brass portafilter with a beautiful wood handle with a nice grain and stain. I'd settle for a naked portafilter for the Leva that isn't a cheap piece of garbage.