Log in

No account? Create an account
Techy rant: Why I hate gnome sometimes - The tissue of the Tears of Zorro — LiveJournal [entries|archive|friends|userinfo]

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Techy rant: Why I hate gnome sometimes [Mar. 13th, 2009|12:21 am]
[Tags|, , , ]

Yet another gnome rant below. Yet I still use it.

Sometimes I don't like gnome - it's their attitude. There's this prevailing attitude that because they've decided on a new way to do something, that it's automatically better and that everyone should use it, regardless of how they feel on the matter. This lack of choice is a big thing.

Strangely though, I find myself using it a lot because I had to get used to it in work.

Personally, I have something against using gnome-keyring. I don't like the eggs-in-one-basket approach, I DON'T want all my passwords centralised, and I DON'T want this fucking keyring manager prompting me for a password every damn time. I don't like how it butts in when I use pidgin to chat on MSN, and I don't like how it butts in when I want to run ssh-add to register my keys with ssh-agent.

So, I've disabled gnome-keyring. But, as a result, IT DOESN'T START SSH-AGENT. Basically, I have to use it, or not at all. This seems wrong somehow. Hey, I could get it to start and ignore ssh, but it has the same effect, ssh-agent does not start.

This means that I have to roll my own solution. So, I dusted off some bits, vaguely remembering how I used to do it. Did I do it at the gdm level or some other level? Unfortunately, those were back in the days when XFree86 was still around - it's been a while, and people have subdivided scripts into smaller scripts, all strewn around my hard drive. The fun bit is that most recipes for starting ssh-agent when you start X do assume you're using some VERY antiquated ways that don't reflect how a graphical session is presented to you these days.

So, I google for advice, and find everyone recommending gnome-keyring. I look around, and I find change requests like this, advocating removing the old-school functionality. And now, there are no readily-available docs of how to do it any more. I try and see how KDE does it, but it takes much the same tack as GNOME. And nobody seems to get that somehow these apps raise the most basic sensations of being in the presence of Big Brother. Yet this is all meant to be about choice, but nobody seems to be offering the choice to do things the old way - nobody is willing to point to the proper place to insert the magic bit of code, that I understand quite well, in the right place.

To me, my ssh keys are my identity. I already store them, encrypted on my disk. Is it really so hard to believe that I don't want to store the relavent decryption information ON THE SAME DISK? Is it unfathomable to think that I don't want the two components of my identity on important machines to be stored beside one another?

I feel I'm being unnecessarily coddled. The fact is, if you're using ssh-agent, you should know what you are doing - meaning that it really ought to be of concern to people that unless gnome-keyring is securing the passphrase to my keys with greater security than the scheme with which your key is encrypted with that passphrase, you're providing an easier vector of attack, should someone get their hands on those files. And it's not something that others should try to make cuddly and fluffy.

I just want my damn ssh-agent to start. I don't want them to tell me "Well, this is the way we've decided we're doing it, and you just don't have a choice" - fucking hell, it's open source software, it's meant to BE about choice; instead, it's anything but. The problem is, they know they have a userbase that won't sway from it. They know that the best-known window and widget library is theirs, and that those applications integrate best with their desktop, and that most distributions will use it. They have a monopoly. They can do whatever the damn hell they like... abstracting away more and more control, and most people will follow because it's easier than not.


[User Picture]From: ebel
2009-03-13 10:01 am (UTC)
Yes you're right about the Gnome attitude. However I basically like that attitude. I dislike KDE's 'let's give the user an option for *everything*' approach.

Anyways, I'd *assume* that gnome-keyring would not store the unencrypted keys on the disk and would instead store them in memory.

I remember having lots of similar problems with gnome-keyring aswell with ssh keys. However it seems to be working now, so I assume it is working now.
(Reply) (Thread)
[User Picture]From: tearsofzorro
2009-03-13 10:21 am (UTC)
Well, even if it stored the phrases encrypted on the drive, it's only going to be as strong as the weakest link - so I'd be concerned about what encryption keyring would use, because if it's weaker than what my keys are encrypted with, I lose the security of the keys.

Anyway, I have it sorted for opensolaris at home, and I'll be sorting out the same in work.
(Reply) (Parent) (Thread)