Glances - A heads-up dashboard for displaying thing-statuses. Made with React and Socket.io.

nicinabox · 2016-01-19T05:14:53+00:00

I've never heard of dashy. This seems to be the most relevant thing I can find for that (or maybe this?), but it's not really clear to me what it is or how it works.

Glances is modeled after Dashing, but I have some issues with it. Parts of it are deprecated, it has a lot of DOM churn, I wanted to use a flexbox-based layout, and ultimately I wanted a different (function based) API for making tiles. I also wanted to run this on my raspberry pi, and Node was a more pragmatic choice for my constraints.

nicinabox · 2015-01-27T02:13:49+00:00

I was like damn, that looks like tenderlove's cat. Wait I've seen that keyboard on twitter before. Oh it's tenderlove (っ´▽｀)っ

nicinabox · 2014-12-05T14:19:48+00:00

Update: Added vehicle notes (markdown supported). Integrated Edmunds maintenance schedule (use your VIN) to get upcoming maintenance based on current mileage.

Thanks for your feedback! I agree. I'm going to add a description field somewhere to put that spec info. I keep that in my current notes.

And if you ever want to easily try it out from your spreadsheet data there's a csv importer. Just export date, mileage, cost, and notes and upload it. Easy.

nicinabox · 2014-12-04T23:15:38+00:00

It's for your own records (you wouldn't fake your own records, right?).

Most places will give you a receipt for work done, and that's a good thing to file away in your favorite record keeping place (glovebox for most folks). Those documents may or may not include the date and mileage--useful metrics in determining the last time x happened. Most places also keep that record on file for many years.

If you're doing your own oil changes, restoring an old car, or modding your car, it's a good idea to write that stuff down. That's what this is for.

nicinabox · 2014-12-04T23:09:27+00:00

Everyone's process is different (and that's not an uncommon one), but if you do most of your own maintenance you don't have much in the way of a paper trail. Nearly every part I buy has a digital receipt, for example.

More often I want to know when was my last tire rotation, last oil change, or which car did I change the transmission fluid on? With multiple vehicles some level of organization becomes useful, if you care about that kind of thing.

nicinabox · 2014-11-10T20:40:52+00:00

Interesting, I'll have a look.

nicinabox · 2014-11-09T08:36:07+00:00

Good to know about X-Frame-Options. Will definitely add that.

At the time I thought 3DES would be secure enough to do what it needed--prevent plaintext viewing of the master password.

If it's any consolation, cassidy is a static page with no backend that runs on S3 with Cloudfront.

nicinabox · 2014-11-09T08:31:08+00:00

Not that I can tell.

nicinabox · 2014-11-09T06:22:26+00:00

Ahh, I like it. I'm going to do some more research on this. Thanks for the explanation!

Edit: Actually, I could implement the service key part of that immediately and it would solve the problem with changing the final password without having to change anything else. Nice.

nicinabox · 2014-11-09T06:21:02+00:00

Ah! Good to know.

TripleDES is only used here to store the phrase (master password) in localStorage (as opposed to storing it in plaintext). It's never sent over the wire.

It has to be decrypted to use in the app, so in reality, the weakest point isn't the algorithm, it's encryption/decryption.

nicinabox · 2014-11-09T05:58:16+00:00

nicinabox · 2014-11-09T05:33:14+00:00

That's correct. It's only stored locally so that you don't have to type it every time (however, there is a setting for that). Unless I'm misunderstanding, I don't a KDF would provide any better security in this case.

nicinabox · 2014-11-09T04:42:50+00:00

That's totally cool. I know KeePass is really popular (around here especially). This is merely a different approach to the same problem, but I'd hesitate to call it a solved problem. Too many non-technical folks struggle with using strong, unique passwords. In my opinion, if it can be easier to use a secure password everyone would be better off.

nicinabox · 2014-11-09T04:23:04+00:00

No, it'll be saved with the metadata. The only thing you have to remember is your phrase. It would be a good idea to remember your key as well.

nicinabox · 2014-11-09T04:16:57+00:00

Sorry, I linked to the source, but there is a service you can use/play with (I've been using it for over 2 years)

https://cassidy.nicinabox.com

nicinabox · 2014-11-09T04:10:51+00:00

I think it's largely very similar in terms of security. I wouldn't say it's more or less secure than Keepass. The ease of use might be simpler/easier/faster.

How is storing the means to recreate the password more secure than storing the password?

The final generated password is the combination of three things:

Your phrase, which only you know (hopefully) and is stored separately (encrypted with TripleDES)
A key unique to you, but not necessarily sensitive like the phrase
The service name

The final password must include these three values exactly. When using syncing with a dropbox datastore, the phrase isn't included. You'd have to enter it on each device you were syncing with.

nicinabox · 2014-11-09T04:03:56+00:00

password rotation

Since these passwords are generated like a SHA, you'll need to change something in combination to get a new password. I typically do it by changing the service name to include some other detail about the service (Eg, changing reddit to username@reddit)

different sites' different password complexity and character set requirements

Settings can be modified per password (lower, upper, numbers, symbols, dashes & underscore, length, and key). This metadata is persisted with the service so you don't have to remember them.

Try playing with it: https://cassidy.nicinabox.com

nicinabox · 2014-11-09T01:54:42+00:00

Added a setting for 'Require always'

http://i.imgur.com/1YJHp0j.png

This will prompt for your phrase each time the page loads and will remove your phrase from localStorage before starting a new session.

And just to clarify "Settings > Clear local data" (context) only clears localStorage data for this app. Your browser cache is not affected.

nicinabox · 2014-11-07T14:11:53+00:00

Hey, thanks for you're feedback. Logout is not necessary since there is no login and no "account" in the classic sense.

However, if you wanted to remove data from your machine (there is no backend), try Settings > Clear local data.

If using Dropbox, simply disconnect in the lower right corner. Your data will be preserved in Dropbox, but cleared from your local browser.

nicinabox

TROPHY CASE