Gorilla 1.6.0.beta1 Lacks "email" Field for Password Safe Compatibility

[fraber]

Hi!

I'm a fellow TCL guy with about 500.000 LoC of TCL written as part of www.project-open.com. Check it out, if you need anything related to project management. But be warned, it's not as ugly as TCL/TK, but it's ugly :-)

I'm currently moving from Windows 7 to Ubuntu 18.04 on Dell XPS 15, and I've got Password Gorilla installed from the Ubuntu app store and working OK the first 10 minutes. Congrats! That way of distribution makes a big difference.

However, I won't be able to use the app, because I have a lot of information in the "e-mail" field of Password Safe. Is there an important reason you dropped it?

I'll let you know about any additional issues.

Congrats to everybody involved! Frank

[rich123]

Looking at the formatV3.txt definition file: https://github.com/medo64/PasswordSafe/blob/master/Resources/formatV3.txt we did not "drop it". Rather password safe added it and we were not made aware of its addition:

[16] Separate Email address field as per RFC 2368 (without the 'mailto:' prefix. This field was introduced in version 0x0306 (PasswordSafe V3.19). The formatV3.txt file I have locally only documents up to field number 0x16. PasswordSafe has added fields 0x17 to 0x1f at some point(s) in the past and we did not notice (or get notified of) until now.

[rich123]

I did make some changes some number of commits back to make unknown field items in the password file be pass through (even if they do not yet display in the Gorilla GUI). Would you be willing to create a fake password file with PWSafe and load/mod/save it via Gorilla then reload in PWSafe to see if the other fields do get preserved?

[fraber]

Hi Rich,

I've performed the following steps:

• Created a new password database on Windows Password Safe V3.34.01 (Jul 28th, 2014...)
• Create an entry "Title" for "Username" including email
• Copied the DB to Linux
• Opened with Gorilla 1.6.0.beta1
• Modified all accessible fields adding a "1"
• Saved in Ubuntu
• Copied to Windows
• Opened again using Windows Password Safe

Result:

• Round-trip basically worked.
• All fields were correct.
• "Email" was still there and unchanged

So everything basically works and preserves the field, even though it doesn't show it.

However, why didn't you try yourself? Don't you use your own software? Check out PasswordSafe on Android, it's nice as a back-up...

Cheers Frank

[rich123]

I do have the Android version of PWSafe installed (this one: https://sourceforge.net/projects/passwordsafe/).

When I read your comment above, my first thought was I'd never seen 'email' in the Android version either.

So I went looking, and had to try adding a new entry on Android before I saw the email field. I did not know it was there because Gorilla didn't create one, so Android PWSafe never showed one (I generally don't update the file on Android).

But I'm glad to know that my changes to preserve unknown fields seems to have worked properly. That is good, and this means that adding access to the fields is some GUI work within Gorilla itself.

[rich123]

I was going to say I didn't think PWSafe on Android (this one: https://sourceforge.net/projects/passwordsafe/) had an email field. Then I tried adding a new entry, and the email field was present for new data entry. I never noticed they were missing on Android because Gorilla does not add them, and so PWSafe on Android does not display the field at all. I've been generally treating my safe on Android as read only on Android. I make any changes on my other systems, then push a new file over to the phone as needed. So I never noticed the extra fields from using the Android version.

[fraber]

Interesting...

I'm now using Gorilla for an additional day. I'm now productive on Ubuntu 18.04 but with Win10 in a virtual machine for my funky consulting support software (PowerPoint, MS-Project and GoToMeeting...).

At the moment I still use Windows as the password master and Linux + Android as copies.

What I've noticed:

• I now understand why Rony Shapiro has a search bar at the bottom of the page: The Gorilla search window covers just the part of the screen with the search results! So I always need to move the search window to the right....
• Keyboard "accellerators" / shortcuts are missing: Double-click on the line copies the password, Ctrl-Enter opens the Edit screen. I'm using these about 20 - 100 times a day, and I miss them...

So these would be my main usability suggestions for the next version at the moment. Apart from that I find Gorilla usable.

I wrote a 4-start review on the Ubuntu app store...

Cheers Frank

[rich123]

Do keep in mind that PWGorilla was never intended to be a clone of Password Safe the application. The 'compatibility' with Password Safe is in using the same encrypted password storage file rather than trying to be a clone of the GUI.

The action to take when double clicking an entry is configurable among five choices (one choice is the null choice). See the File->Preferences window in the "General" tab.

There are also some keyboard shortcuts in PWGorilla, but they very likely all differ from the PWSafe (the GUI app) shortcuts for similar functions. Most of them should be visible in the drop down menus when the menus are dropped down. The "edit entry" keyboard shortcut for PWGorilla is Control+e.

If you want Control+Enter instead, then change the line (somewhere around line 688 within gorilla.tcl) that reads: bind . <$meta-e> {.mbar.login invoke 1} to bind . {.mbar.login invoke 1}

As to the opening location of the find window, PWGorilla does not set any position for that window (at the moment). So where it appears on screen is determined entirely by your window manager (and as window managers have the ultimate say, the position where it opens could be enforced by suitable window manager configuration changes). I said "at the moment" above because by glancing at the code to verify, I see that the code attempts to position the find window where it was in the saved preferences, but what is missing is capturing and saving the current size/location when the window is withdrawn.

[fraber]

Hi Rich,

Funny, so many years in IT, and I didn't see the "Preferences". I'm getting old... Thanks!

• What is "Gorilla auto-copy"?

I checked the TCL source.

• Wow, 10k LoC in one file. No problem with that!
• Are you sure with "bind . {.mbar.login invoke 1}"? Isn't there something missing for Ctrl-Enter?

Concerning the window: Yeah, that's the problem with windows, that you have to place them somewhere... :-) I just wanted to say that noted why a "search bar" can be better then a Microsoft Word style "search window", unless you've got too many search options and variants...

And by the way, some author at some moment was apparently German speaking like myself :-)

For new developments in ]project-open[ (www.project-open.com) we use TCL only for the back-end functionality, while replacing it with Sencha ExtJS in the browser front-end. We're currently writing a "DropBox" style file sync in Electron/JavaScript/ExtJS. I've got the impression that JavaScript is more compact on the GUI side, compared to TCL/Tk, but I could be wrong... We've only got ~2000 LoC so far, with somehow comparable functionality, I believe...

Cheers Frank

[rich123]

auto-copy: See Help->Help then "General Preferences" item (I've already written an explanation there, no need to retype/paste it all here again).

The code's just sort of grown over time, and as with all projects that are done by volunteers on free time, with limited free time, some things that should be done get deprioritized. There are some chunks I've always intended to get around to eventually factoring out, but "limited free time" keeps getting in the way.

(&@#$& github: The "after" line was correct when I typed it into the editing area. It changed when getting inserted into the final message.

It should read:

bind . <Control-Return> {.mbar.login invoke 1}

Yeah, I can see where a "search bar" somewhere within the main window could be a good addition, esp. if one uses search often.

Zbigniew Diaczyszyn was the developer who picked up the code from its original author, Frank Pilhofer. He was the German speaker and contributed the German translations. I came in a year or two later, but as I only speak English, I can't help with the translations. Sadly, Zbigniew is no longer with us, so right now I am it, and I squeeze in time where I can, but "real life" always likes to intrude....

As for compactness of JS vs TCL, while I have done some toy JS stuff for myself, I really can't comment as to which is more compact.

[fraber]

Cool, everybody on the same page.

deprioritized

Understand. I managed to become an open-source developer full-time. But yeah, in order to grow your project you need the right market niche and you need to learn to do sales, marketing and accounting and many more...

Thanks for the other comments.

Cheers Frank

[rich123]

Unfortunately, I've not yet had any "full time open source dev" opportunities appear, so I've got the issue of $job consuming much of my time, then $reallife consuming up the leftovers, with little time left for PWGorilla. And while answering git hub queries is usually quick, programming (at least for me), is not an activity conducive to being accomplished in disconnected 5-10 minute intervals here and there.

I.e.: https://heeris.id.au/2013/this-is-why-you-shouldnt-interrupt-a-programmer/ is so true....