Security Technology and Internet

Who keeps an eye on clipboard access?

If there is any feature that “universally” describes the usage of computers, it is the copy/paste pattern. We are used to it, practically all the common graphical user interfaces have support for it, and it magically works.

We copy some information from one application and paste into another, and another…

How does these applications have access to this information? The clipboard must be something that is shared across all of them, right? Right.

While very useful, this raises a lot of security questions. As far as I can tell, all apps could be grabbing what is available on the clipboard.

It isn’t uncommon for people to copy sensitive information from one app to another and even if the information is not sensitive, the user generally has a clear target app for the information (the others don’t have anything to do with it).

These questions started bugging me a long time ago, and the sentiment even got worse when Apple released an iOS feature that notifies users when an app reads the contents of the clipboard. That was brilliant, why didn’t anyone thought of that before?

The result? Tons of apps caught snooping into the clipboard contents without the user asking for it. The following articles can give you a glimpse of what followed:

That’s not good, and saying you won’t do it again is not enough. On iOS, apps were caught and users notified, but what about Android? What about other desktop operating systems?

Accessing the clipboard to check what’s there, then steal passwords, or replace cryptocurrency addresses or just to get a glimpse of what the user is doing is a common pattern of malware.

I wonder why hasn’t a similar feature been implemented in most operating systems we use nowadays (it doesn’t need to be identical, but at least let us verify how the clipboard is being used). Perhaps there exists tools can help us with this, however I wasn’t able to find any for Linux.

A couple of weeks ago, I started to look at how this works (on Linux, which is what I’m currently using). What I found is that most libraries just provide a simple interface to put things on the clipboard and to get the current clipboard content. Nothing else.

After further digging, I finally found some useful and interesting articles on how this feature works on X11 (under the hood of those high level APIs). For example:

Then, with this bit of knowledge about how the clipboard works in X11, I decided to do a quick experiment in order to check if I can recreate the clipboard access notifications seen in iOS.

During the small periods I had available in the last few weekends, I tried to build a quick proof of concept, nothing fancy, just a few pieces of code from existing examples stitched together.

Here’s the current result:

Demonstration of clipboard-watcher detecting when other apps access the contents

It seems possible to detect all attempts of accessing the clipboard, but after struggling a bit, it seems that due to the nature of X11 it is not possible to know which running process owns the window that is accessing the clipboard. A shame.

The information that X11 has about the requesting client must be provided by the client itself, which makes it very hard to know for sure which process it is (most of the time it is not provided at all).

Nevertheless, I think this could still be a very useful capability for existing clipboard managers (such as Klipper), given the core of this app works just like one.

Even without knowing the process trying to access the clipboard contents, I can see a few useful features that are possible to implement, such as:

  • Create some stats about the clipboard access patterns.
  • Ask the user for permission, before providing the clipboard contents.

Anyhow, you can check the proof of concept here and give it a try (improvements are welcome). Let me know what you think and what I’ve missed.

Technology and Internet

Easy backups with Borg

One of the oldest and most frequent advises to people working with computers is “create backups of your stuff”. People know about it, they are sick of hearing it, they even advice other people about it, but a large percentage of them don’t do it.

There are many tools out there to help you fulfill this task, but throughout the years the one I end up relying the most is definitely “Borg“. It is really easy to use, has good documentation and runs very well on Linux machines.

Here how they describe it:

BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it supports compression and authenticated encryption.

The main goal of Borg is to provide an efficient and secure way to backup data. The data deduplication technique used makes Borg suitable for daily backups since only changes are stored. The authenticated encryption technique makes it suitable for backups to not fully trusted targets.

Borg’s Website

The built-in encryption and de-duplication features are some of its more important selling points.

Until recently I’ve had a hard time recommending it to less technical people, since Borg is mostly available through the command line and can take some work to implement the desired backup “policy”. There is a web based graphical user interface but I generally don’t like them as a replacement for native desktop applications.

However in the last few months I’ve been testing this GUI frontend for Borg, called Vorta, that I think will do the trick for family and friends that ask me what can they use to backup their data.

The tool is straight forward to use and supports the majority of Borg’s functionality, once you setup the repository you can instruct it to regularly perform your backups and forget about it.

I’m not gonna describe how to use it, because with a small search on the internet you can quickly find lots of articles with that information.

The only advise that I would like to leave here about Vorta, is related to the the encryption and the settings chosen when creating your repository. At least on the version I used, the recommend repokey option will store your passphrase on a local SQLite database in clear-text, which is kind of problematic.

This seems to be viewed as a feature:

Fallback to save repo passwords. Only used if no Keyring available.

Github Repository

But I could not find the documentation about how to avoid this “fallback”.

Random Bits

0 A.D: a pleasant surprise

When I was younger, I remember being a great fan of real-time strategy games, specially those based of history. One of the main reasons I was really happy when I’ve got my first computer, was that from that moment i would be able to play the first “Age of Empires” game, which my dad bought together with the computer. During months I saved 100% of my allowance, just to be able to buy the first expansion pack the “Rise of Rome”. In the years that followed, I’d also bought the second version of the game and its expansion pack, spending countless hours playing them.

More than a decade after, which I went through without playing games (or at least on a regular basis), I’ve decided to find some RTS of this genre to play. Since the Age of Empires series do not run on Linux based operating systems, I had to start looking for similar alternatives. I didn’t took long to find the first contender, which is called 0 A.D., the game is open source and from the contents shown on the website it looked just what I was looking for.

In the game you can choose between 8 factions/civilizations from the ancient times (the website says that on the final release there will be 12), each of them with special characteristics, strengths and weaknesses. The Idea is that these civilizations should have had their peak between the 500 B.C. and 500 A.C., leaving many more contenders in the waiting list to be added to the possible choices.

The game is in 3D, where you have control over the camera and you can adjust it to the best angle on any given situation. The graphics look pretty good turning the game into a nice experience. Other aspect that I really liked is that even tough there are specialized units, many of them can assume roles on both worlds (the military and the civilian) which opens a whole range of possibilities.

According to the development team the game is still on “alpha”, or in other words it’s “far from completion”, however it already is playable both on single and multi-player (during the few hours I’ve spent playing it I didn’t found any annoying issue).

So if you like this kind of games give it a try, the official page of the game, where you can download the last version, is On Debian (testing) you can use apt since the repositories are up to date.


Plasma 5 doesn’t start in Debian (testing)

Well, I just lost a few hours of my time trying to solve an issue cause by an upgrade to my debian workstation. My desktop environment, which is KDE Plasma 5, was not starting so I had to switch to Gnome for a while to correctly use my computer and do my work. Also almost all of KDE applications were failing to start, with some “Dbus” related errors.

After some research I found a few references that lead me to the solution:

Specially this reply was very useful:

So after trying lots of things the solution was simple, just to downgrade the library that was causing the problem, until it is fixed. So I looked at my local archives and with the following command I fixed the issue:

$ sudo dpkg -i /var/cache/apt/archives/libqt5x11extras5_5.4.2-2+b1_amd64.deb

So I hope this is useful to you and can save you some time if you are having similar issues.

P.S.: I didn’t used gnome for a long time and after this ~6 hour experience, I hope I don’t need to go back. I tried to play around a bit and it has some soul crushing limitations (at least the base installation), for example, If you want to choose another wallpaper, it must he in a certain folder. Another one, for people that use 2 displays, only the main one changes when switching between several virtual desktops.

Random Bits

Multimedia tools for Linux

Convincing someone to try and adopt a Linux based operating system is a hard task, not because these systems are hard (nowadays) or don’t offer enough functionality, but mainly because when people learn to use a certain system/product and it already is engrained in their workflow changing is hard.

I’m certain this is the main line of thinking for many companies, when they offer their products for free to students during college. After that period switching to something else feels like a waste of time (even without addressing the non interoperable file formats that chain the users even more).

In the field of software development we don’t notice this as much, since many of the tools we use for the majority of the tasks (programming languages, compilers, editors, debuggers, etc) are already open, cross-platform and there are lots of alternatives and competition. In many other areas this doesn’t happen. For a long time there is this notion that free software doesn’t offer “alternatives” with enough quality that could rival with widely established proprietary and expensive products in areas such as photo editing, vector graphics, video editing, 3D modelling, CAD software, sound editing, etc.

So in this post I will try to aggregate a list of open-source multimedia tools and other non-free software that can run on Linux machines, that could be used by 75% of the users, instead of relying on expensive software, for common and basic tasks. I’m not saying that it covers all the use cases and that it fit for everyone, but I’m certain that it fits the use cases from amateurs to some professionals, and can save them a “few” bucks.

All of the following examples can be installed in different operating systems, since adapting to new interfaces and work-flows is the most difficult part, so people can try first, change gradually and eventually move to a free operating system without losing any productivity.

(I’m open to new suggestions, since, as it is expected, I’m not aware or tried everything that is out there)

Gimp | Image Editing |

Krita | Illustration |

Inkscape | Vector Graphics |

Kdenlive | Video Editing |

Lightworks | Video Editing |

Natron | Video Composing |

Blender | 3D graphics and Animation |

Audacity | Audio Editing |

Ardour | Audio Editing |

Scribus | Desktop Publishing  |

Synfig | 2D Animation |

Darktable | Photography |


13/11/2015 –  Added two more projects

18/08/2016 – Added one more project

Technology and Internet

KDE Connect

The KDE ecosystem is filled with great applications, an awesome DE and great tools to develop computer software. I’ve been a satisfied user for a couple of years and I’m still learning and discovering new features and capabilities of this software collection.

The last one was “KDE Connect“, available since 2013 (I’m late to the party), allows you to pair your Android mobile device with your computer, giving you the ability to do stuff like:

  • Manage and transfer files between both systems in your file manager (ex. Dolphin)
  • Receive the phone notifications on the computer
  • Easy access to the phone information (ex: battery) in a widget
  • Control your computer’s media player through your phone
  • Transform your phone in a touch-pad and keyboard
  • Share the same clipboard

It started as a Google “Summer of Code” project, but the development continued and many more features seem to be planed according to the blog of the developer. The installation was pretty easy and the first synchronization straightforward, but you have to be careful and set your firewall rules accordingly or the devices won’t detect each other.

If you didn’t tried it yet and use KDE, please do. The design of the application is basic but the functionality is great. Here is a little video of the software in action:

Old Posts

Running on 11.4

I have just upgraded my system and now i’m using openSuse 11.4. Till now everything has been great, the upgrade process went well with no big issues and KDE 4.6 is awesome. Here is a screenshot from openSuse website:


So if you’re want to try/use another Linux distribution that isn’t Ubuntu, give a chance to openSuse.