Results 1 to 14 of 14
-
2017-05-26, 08:49 PM (ISO 8601)
- Join Date
- Jul 2010
Benevolent keylogger for "instant replay" undo of mistakes?
Is there any benevolent keylogger software out there designed for productivity purposes? I'd like something with a configurable limited time window of recording. Say, only the most recent hour or 20 minutes. Also, it would only record to RAM, to make it harder to co-opt as a security flaw. Lots of software these days seems to be able to tell when you're typing passwords and usernames these days, so I suppose it might be possible to make it not record those at all.
Here's the use case: I'd like to be able to recover recently typed text in case of a software/website problem. I think we've all entered a long post on a message board, hit "post" and had nothing happen due to a browser or server-side bug or some other problem.
-
2017-05-26, 11:02 PM (ISO 8601)
- Join Date
- May 2009
Re: Benevolent keylogger for "instant replay" undo of mistakes?
A word processor does that with the Undo button, no extra software required. I think the suggested solution is overkill for the proposed use-case - it introduces potential security problems that are quite disproportionate to the benefit.
On this particular forum, I've never lost a post as you describe, because just clicking 'back' in the browser restores the message. On other forums - yes, I've experienced it, and if I have a feeling it might happen (usually 'cuz I've spent a long time typing and correcting), I'll use the Clipboard for insurance purposes. I think that's really all you need."None of us likes to be hated, none of us likes to be shunned. A natural result of these conditions is, that we consciously or unconsciously pay more attention to tuning our opinions to our neighbor’s pitch and preserving his approval than we do to examining the opinions searchingly and seeing to it that they are right and sound." - Mark Twain
-
2017-05-27, 12:31 AM (ISO 8601)
- Join Date
- Mar 2010
Re: Benevolent keylogger for "instant replay" undo of mistakes?
As veti says, it would be safer to make use of a word processor with a recovery function. I type any post longer than a few sentences in vim first before copying and pasting it, so even if my computer dies suddenly I have the swapfile, which is at most 200 characters or four seconds out of date by default. Would that meet your needs?
-
2017-05-27, 12:33 AM (ISO 8601)
- Join Date
- Feb 2007
- Location
- Manchester, UK
- Gender
Re: Benevolent keylogger for "instant replay" undo of mistakes?
Yeah, I'm with the others. The massive increase in potential attack surface against your computer just isn't necessary for the tiny amount of benefit.
-
2017-05-27, 12:47 AM (ISO 8601)
- Join Date
- Jul 2010
Re: Benevolent keylogger for "instant replay" undo of mistakes?
Well, I lost a post today and I did use a word processor for the followup post I made to that same forum(not this forum.)
However, I'd like a transparent solution that lets me recover after the fact rather than have to proactively use a workaround like typing into a word processor first.
Also, I'm guilty of this too, but you're all doing the geek thing of talking down at me, telling me I shouldn't be asking what I'm asking, and ignoring the actual question I asked.
-
2017-05-27, 09:52 AM (ISO 8601)
- Join Date
- Jan 2012
Re: Benevolent keylogger for "instant replay" undo of mistakes?
This would be a fairly simple task for a AutoHotKey script, and sure enough, Google reveals several AutoHotKey scripts which effectively dump your keystrokes to a logfile.
I guess they could be modified to add keystrokes to a string and periodically (every five minutes or so) move the contents of the string into a set of buffers, with the buffer at the end being the twenty minute-mark buffer. Then a hotkey could be set which would regurgitate the contents of the buffers into the clipboard.
How are you with programming?Last edited by Grinner; 2017-05-27 at 09:52 AM.
-
2017-05-27, 02:15 PM (ISO 8601)
- Join Date
- Jul 2010
Re: Benevolent keylogger for "instant replay" undo of mistakes?
Last edited by gomipile; 2017-05-27 at 02:17 PM.
-
2017-05-27, 03:17 PM (ISO 8601)
- Join Date
- Jan 2012
-
2017-05-28, 10:21 AM (ISO 8601)
- Join Date
- Jan 2007
- Location
- Neither here nor there
- Gender
Re: Benevolent keylogger for "instant replay" undo of mistakes?
That's not a geek thing, that's an expert thing; I'm not a tech guy, but in my areas of expertise I've had similar experiences of having to shoot down 'great' ideas that look good on paper but aren't so great in implementation. That's because you're asking for a solution that's worse than an already existing solution, on account of not only does it require more work to implement than using the original tool, it's a potential security risk in a way that existing solutions aren't. You're not just asking for a broom to rake up leaves (instead of, y'know, a rake), you're asking for a custom-designed broom made from scratch. It's possible, sure, but why?
Talking down to you would be simply telling you 'no' without bothering to explain why it's a bad idea. They're actually demonstrating good customer service skills by identifying the reasons for the request and suggesting better solutions than the one the customer thinks they want.My latest homebrew: Majokko base class and Spellcaster Dilettante feats for D&D 3.5 and Races as Classes for PTU.
Currently Playing
Raiatari Eikibe - Ghostfoot's RHOD Righteous Resistance
-
2017-05-28, 12:01 PM (ISO 8601)
- Join Date
- Apr 2006
- Location
- Bristol
- Gender
Re: Benevolent keylogger for "instant replay" undo of mistakes?
"I want to know how to safely amputate my toes so my shoes fit."
"That's not a very good idea considering possible infection and blood loss, and inevitable physical trauma and loss of amenity. You'd be better off just getting a bigger pair of shoes."
"Don't talk down to me; just answer the question I asked!"GITP Blood Bowl Manager Cup
Red Sabres - Season I Cup Champions, two-time Cup Semifinalists
Anlec Razors - Two-time Cup Semifinalists
Bad Badenhof Bats - Season VII Cup Champions
League Wiki
Spoiler: Previous Avatars(by Strawberries)
(by Rain Dragon)
-
2017-05-28, 10:33 PM (ISO 8601)
- Join Date
- Mar 2005
- Location
- 61.2° N, 149.9° W
- Gender
Re: Benevolent keylogger for "instant replay" undo of mistakes?
It occurs to me that the product would look and act very similarly to the clipboard if it copied all keyboard input and never saved anything. At that point it's exactly as safe as the current clipboard would be if you typed everything in there first and copy/pasted it out. The only threat I see is someone having physical access to the machine at which point most security is already useless.
-
2017-05-29, 07:40 PM (ISO 8601)
- Join Date
- May 2009
Re: Benevolent keylogger for "instant replay" undo of mistakes?
The difference is that if it's automatically recording all the time, then it's gonna capture everything. Including, without limitation: password, credit card numbers etc., which no-one in their right mind would put in the clipboard.
And "stored only in RAM" is not really something that can be guaranteed. Pagefiles are a thing. If the computer should happen to crash while this particular memory is still current, then a malicious actor may be able to retrieve it from disc even though it was never purposely saved there."None of us likes to be hated, none of us likes to be shunned. A natural result of these conditions is, that we consciously or unconsciously pay more attention to tuning our opinions to our neighbor’s pitch and preserving his approval than we do to examining the opinions searchingly and seeing to it that they are right and sound." - Mark Twain
-
2017-05-30, 08:13 AM (ISO 8601)
- Join Date
- Jan 2009
Re: Benevolent keylogger for "instant replay" undo of mistakes?
I don't enough about how computers generally work to even understand what "set up a RAM disk for a logfile" means, but I know enough programming that I could envision a fairly easy program* that could scan a text file and delete information you don't want saved.
If you set up the other work, perhaps you could have a subroutine in your keylogger that scans for things of a certain format and deletes them from the record. Examples could be numbers that are as long as a credit card number, numbers in 555-55-5555 format for Social Security Numbers, and you could probably set up something like "if I type <my username here>, delete it and the next 15 characters" to delete usernames and passwords. You could of course hard-code for it for delete the passwords themselves, but that means having your passwords saved in a program, which seems a bad security idea; with the aforementioned, only your usernames are hard-coded.
*well, easy conceptionally. Actually programming the code to scan a text file, remembering where you are, deleting text, etc., then recombining it would probably take me a couple hours to write and debug. From the languages I know, it would be quite a pain to get the initial scan function written and acting as desired, but once it's figured out for one 'format for something you want deleted', should be easy to add additional targets. And, if you're lucky, the language you use's SCAN function (or equivalent) might be built to easily allow you to use it without much augmentation.
EDIT: after re-reading the post, I figured I'd note that I realize this doesn't make it 'reject' the sensitive info, but rather it saves the sensitive stuff then deletes it. Which probably has it somewhere in memory, at least until the equivalent to 'garbage is really recycled' happened. But at least it'd be harder to find. Maybe not worth the effort.Last edited by JeenLeen; 2017-05-30 at 08:15 AM.
-
2017-05-30, 01:52 PM (ISO 8601)
- Join Date
- Jan 2012
Re: Benevolent keylogger for "instant replay" undo of mistakes?
There are certain programs which can cordon off a section of the computer's RAM and then register it as a storage device with the operating system, allowing the computer to treat that section of memory like a hard drive. This virtual disk is called a RAMdisk. It's a useful trick for high-end gaming rigs with lots of memory, since you can preload the game onto the disk and run it from there.
I do like the way you're thinking, but the technical problems you mention are all solvable by selecting a language which doesn't rely on garbage collection and by utilizing regex expressions in place of the scan function. You could also employ buffering and a finite state automata to examine data as it comes in and determine whether it constitutes sensitive data or not. In doing so, you could filter it out and prevent it from ever being written to the hard disk in the first place.
More problematic is the reliance on humans behaving in a predictable manner. A simple example might be if I misspell my username but correctly spell my password. According to our rules, it would save that information to the log file. Or what if I misspell my password, realize my mistake, hit backspace, and re-enter my password, resulting in a full or partial password being written to the disk. Or what if the user enters some sensitive information not known to the program to be sensitive (such as a routing and account numbers)? Or what if the user just fails to configure the program correctly?
Stuff like that. I think there's an adage, something along the lines of "No program survives contact with the user". Consequently, the higher art of programming is ensuring the program works the way you intend it to, not just the way you write it to.
Personally, I've just gotten into the habit of pressing Ctrl-A and Ctrl-C before submitting something.