New OOTS products from CafePress
New OOTS t-shirts, ornaments, mugs, bags, and more
Results 1 to 14 of 14
  1. - Top - End - #1
    Ogre in the Playground
     
    gomipile's Avatar

    Join Date
    Jul 2010

    Default Benevolent keylogger for "instant replay" undo of mistakes?

    Is there any benevolent keylogger software out there designed for productivity purposes? I'd like something with a configurable limited time window of recording. Say, only the most recent hour or 20 minutes. Also, it would only record to RAM, to make it harder to co-opt as a security flaw. Lots of software these days seems to be able to tell when you're typing passwords and usernames these days, so I suppose it might be possible to make it not record those at all.

    Here's the use case: I'd like to be able to recover recently typed text in case of a software/website problem. I think we've all entered a long post on a message board, hit "post" and had nothing happen due to a browser or server-side bug or some other problem.
    Quote Originally Posted by Harnel View Post
    where is the atropal? and does it have a listed LA?

  2. - Top - End - #2
    Ettin in the Playground
     
    Kobold

    Join Date
    May 2009

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    A word processor does that with the Undo button, no extra software required. I think the suggested solution is overkill for the proposed use-case - it introduces potential security problems that are quite disproportionate to the benefit.

    On this particular forum, I've never lost a post as you describe, because just clicking 'back' in the browser restores the message. On other forums - yes, I've experienced it, and if I have a feeling it might happen (usually 'cuz I've spent a long time typing and correcting), I'll use the Clipboard for insurance purposes. I think that's really all you need.
    "None of us likes to be hated, none of us likes to be shunned. A natural result of these conditions is, that we consciously or unconsciously pay more attention to tuning our opinions to our neighbor’s pitch and preserving his approval than we do to examining the opinions searchingly and seeing to it that they are right and sound." - Mark Twain

  3. - Top - End - #3
    Ogre in the Playground
     
    NecromancerGuy

    Join Date
    Mar 2010

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    As veti says, it would be safer to make use of a word processor with a recovery function. I type any post longer than a few sentences in vim first before copying and pasting it, so even if my computer dies suddenly I have the swapfile, which is at most 200 characters or four seconds out of date by default. Would that meet your needs?

  4. - Top - End - #4
    Colossus in the Playground
     
    BlackDragon

    Join Date
    Feb 2007
    Location
    Manchester, UK
    Gender
    Male

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    Yeah, I'm with the others. The massive increase in potential attack surface against your computer just isn't necessary for the tiny amount of benefit.

  5. - Top - End - #5
    Ogre in the Playground
     
    gomipile's Avatar

    Join Date
    Jul 2010

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    Well, I lost a post today and I did use a word processor for the followup post I made to that same forum(not this forum.)

    However, I'd like a transparent solution that lets me recover after the fact rather than have to proactively use a workaround like typing into a word processor first.

    Also, I'm guilty of this too, but you're all doing the geek thing of talking down at me, telling me I shouldn't be asking what I'm asking, and ignoring the actual question I asked.
    Quote Originally Posted by Harnel View Post
    where is the atropal? and does it have a listed LA?

  6. - Top - End - #6
    Troll in the Playground
    Join Date
    Jan 2012

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    This would be a fairly simple task for a AutoHotKey script, and sure enough, Google reveals several AutoHotKey scripts which effectively dump your keystrokes to a logfile.

    I guess they could be modified to add keystrokes to a string and periodically (every five minutes or so) move the contents of the string into a set of buffers, with the buffer at the end being the twenty minute-mark buffer. Then a hotkey could be set which would regurgitate the contents of the buffers into the clipboard.

    How are you with programming?
    Last edited by Grinner; 2017-05-27 at 09:52 AM.

  7. - Top - End - #7
    Ogre in the Playground
     
    gomipile's Avatar

    Join Date
    Jul 2010

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    Quote Originally Posted by Grinner View Post
    This would be a fairly simple task for a AutoHotKey script, and sure enough, Google reveals several AutoHotKey scripts which effectively dump your keystrokes to a logfile.

    I guess they could be modified to add keystrokes to a string and periodically (every five minutes or so) move the contents of the string into a set of buffers, with the buffer at the end being the twenty minute-mark buffer. Then a hotkey could be set which would regurgitate the contents of the buffers into the clipboard.

    How are you with programming?
    I guess to have it work the way I asked, I'd have to set up a RAM disk for the logfile? It's too bad there'd be no easy way to have it auto reject logging user names and passwords, though.
    Last edited by gomipile; 2017-05-27 at 02:17 PM.

  8. - Top - End - #8
    Troll in the Playground
    Join Date
    Jan 2012

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    Quote Originally Posted by gomipile View Post
    I guess to have it work the way I asked, I'd have to set up a RAM disk for the logfile?
    That would be one way to do it, although if security is really a concern, that method would retain some of the risks of writing it to the hard disk.

  9. - Top - End - #9
    Troll in the Playground
     
    Solaris's Avatar

    Join Date
    Jan 2007
    Location
    Neither here nor there
    Gender
    Male

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    Quote Originally Posted by gomipile View Post
    Also, I'm guilty of this too, but you're all doing the geek thing of talking down at me, telling me I shouldn't be asking what I'm asking, and ignoring the actual question I asked.
    That's not a geek thing, that's an expert thing; I'm not a tech guy, but in my areas of expertise I've had similar experiences of having to shoot down 'great' ideas that look good on paper but aren't so great in implementation. That's because you're asking for a solution that's worse than an already existing solution, on account of not only does it require more work to implement than using the original tool, it's a potential security risk in a way that existing solutions aren't. You're not just asking for a broom to rake up leaves (instead of, y'know, a rake), you're asking for a custom-designed broom made from scratch. It's possible, sure, but why?

    Talking down to you would be simply telling you 'no' without bothering to explain why it's a bad idea. They're actually demonstrating good customer service skills by identifying the reasons for the request and suggesting better solutions than the one the customer thinks they want.
    My latest homebrew: Majokko base class and Spellcaster Dilettante feats for D&D 3.5 and Races as Classes for PTU.

    Currently Playing
    Raiatari Eikibe - Ghostfoot's RHOD Righteous Resistance

  10. - Top - End - #10
    Titan in the Playground
     
    Aedilred's Avatar

    Join Date
    Apr 2006
    Location
    Bristol
    Gender
    Male

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    Quote Originally Posted by Solaris View Post
    Talking down to you would be simply telling you 'no' without bothering to explain why it's a bad idea. They're actually demonstrating good customer service skills by identifying the reasons for the request and suggesting better solutions than the one the customer thinks they want.
    "I want to know how to safely amputate my toes so my shoes fit."
    "That's not a very good idea considering possible infection and blood loss, and inevitable physical trauma and loss of amenity. You'd be better off just getting a bigger pair of shoes."
    "Don't talk down to me; just answer the question I asked!"
    GITP Blood Bowl Manager Cup
    Red Sabres - Season I Cup Champions, two-time Cup Semifinalists
    Anlec Razors - Two-time Cup Semifinalists
    Bad Badenhof Bats - Season VII Cup Champions
    League Wiki

    Spoiler: Previous Avatars
    Show
    (by Strawberries)
    (by Rain Dragon)

  11. - Top - End - #11
    Ettin in the Playground
     
    Telok's Avatar

    Join Date
    Mar 2005
    Location
    61.2° N, 149.9° W
    Gender
    Male

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    It occurs to me that the product would look and act very similarly to the clipboard if it copied all keyboard input and never saved anything. At that point it's exactly as safe as the current clipboard would be if you typed everything in there first and copy/pasted it out. The only threat I see is someone having physical access to the machine at which point most security is already useless.

  12. - Top - End - #12
    Ettin in the Playground
     
    Kobold

    Join Date
    May 2009

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    Quote Originally Posted by Telok View Post
    It occurs to me that the product would look and act very similarly to the clipboard if it copied all keyboard input and never saved anything. At that point it's exactly as safe as the current clipboard would be if you typed everything in there first and copy/pasted it out. The only threat I see is someone having physical access to the machine at which point most security is already useless.
    The difference is that if it's automatically recording all the time, then it's gonna capture everything. Including, without limitation: password, credit card numbers etc., which no-one in their right mind would put in the clipboard.

    And "stored only in RAM" is not really something that can be guaranteed. Pagefiles are a thing. If the computer should happen to crash while this particular memory is still current, then a malicious actor may be able to retrieve it from disc even though it was never purposely saved there.
    "None of us likes to be hated, none of us likes to be shunned. A natural result of these conditions is, that we consciously or unconsciously pay more attention to tuning our opinions to our neighbor’s pitch and preserving his approval than we do to examining the opinions searchingly and seeing to it that they are right and sound." - Mark Twain

  13. - Top - End - #13
    Ettin in the Playground
     
    BardGuy

    Join Date
    Jan 2009

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    Quote Originally Posted by gomipile View Post
    I guess to have it work the way I asked, I'd have to set up a RAM disk for the logfile? It's too bad there'd be no easy way to have it auto reject logging user names and passwords, though.
    I don't enough about how computers generally work to even understand what "set up a RAM disk for a logfile" means, but I know enough programming that I could envision a fairly easy program* that could scan a text file and delete information you don't want saved.

    If you set up the other work, perhaps you could have a subroutine in your keylogger that scans for things of a certain format and deletes them from the record. Examples could be numbers that are as long as a credit card number, numbers in 555-55-5555 format for Social Security Numbers, and you could probably set up something like "if I type <my username here>, delete it and the next 15 characters" to delete usernames and passwords. You could of course hard-code for it for delete the passwords themselves, but that means having your passwords saved in a program, which seems a bad security idea; with the aforementioned, only your usernames are hard-coded.

    *well, easy conceptionally. Actually programming the code to scan a text file, remembering where you are, deleting text, etc., then recombining it would probably take me a couple hours to write and debug. From the languages I know, it would be quite a pain to get the initial scan function written and acting as desired, but once it's figured out for one 'format for something you want deleted', should be easy to add additional targets. And, if you're lucky, the language you use's SCAN function (or equivalent) might be built to easily allow you to use it without much augmentation.

    EDIT: after re-reading the post, I figured I'd note that I realize this doesn't make it 'reject' the sensitive info, but rather it saves the sensitive stuff then deletes it. Which probably has it somewhere in memory, at least until the equivalent to 'garbage is really recycled' happened. But at least it'd be harder to find. Maybe not worth the effort.
    Last edited by JeenLeen; 2017-05-30 at 08:15 AM.

  14. - Top - End - #14
    Troll in the Playground
    Join Date
    Jan 2012

    Default Re: Benevolent keylogger for "instant replay" undo of mistakes?

    Quote Originally Posted by JeenLeen View Post
    I don't enough about how computers generally work to even understand what "set up a RAM disk for a logfile" means, but I know enough programming that I could envision a fairly easy program* that could scan a text file and delete information you don't want saved.
    There are certain programs which can cordon off a section of the computer's RAM and then register it as a storage device with the operating system, allowing the computer to treat that section of memory like a hard drive. This virtual disk is called a RAMdisk. It's a useful trick for high-end gaming rigs with lots of memory, since you can preload the game onto the disk and run it from there.

    Quote Originally Posted by JeenLeen View Post
    If you set up the other work, perhaps you could have a subroutine in your keylogger that scans for things of a certain format and deletes them from the record. Examples could be numbers that are as long as a credit card number, numbers in 555-55-5555 format for Social Security Numbers, and you could probably set up something like "if I type <my username here>, delete it and the next 15 characters" to delete usernames and passwords. You could of course hard-code for it for delete the passwords themselves, but that means having your passwords saved in a program, which seems a bad security idea; with the aforementioned, only your usernames are hard-coded.

    *well, easy conceptionally. Actually programming the code to scan a text file, remembering where you are, deleting text, etc., then recombining it would probably take me a couple hours to write and debug. From the languages I know, it would be quite a pain to get the initial scan function written and acting as desired, but once it's figured out for one 'format for something you want deleted', should be easy to add additional targets. And, if you're lucky, the language you use's SCAN function (or equivalent) might be built to easily allow you to use it without much augmentation.

    EDIT: after re-reading the post, I figured I'd note that I realize this doesn't make it 'reject' the sensitive info, but rather it saves the sensitive stuff then deletes it. Which probably has it somewhere in memory, at least until the equivalent to 'garbage is really recycled' happened. But at least it'd be harder to find. Maybe not worth the effort.
    I do like the way you're thinking, but the technical problems you mention are all solvable by selecting a language which doesn't rely on garbage collection and by utilizing regex expressions in place of the scan function. You could also employ buffering and a finite state automata to examine data as it comes in and determine whether it constitutes sensitive data or not. In doing so, you could filter it out and prevent it from ever being written to the hard disk in the first place.

    More problematic is the reliance on humans behaving in a predictable manner. A simple example might be if I misspell my username but correctly spell my password. According to our rules, it would save that information to the log file. Or what if I misspell my password, realize my mistake, hit backspace, and re-enter my password, resulting in a full or partial password being written to the disk. Or what if the user enters some sensitive information not known to the program to be sensitive (such as a routing and account numbers)? Or what if the user just fails to configure the program correctly?

    Stuff like that. I think there's an adage, something along the lines of "No program survives contact with the user". Consequently, the higher art of programming is ensuring the program works the way you intend it to, not just the way you write it to.

    Personally, I've just gotten into the habit of pressing Ctrl-A and Ctrl-C before submitting something.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •