Jump to content
Enpass Discussion Forum

sxc4567

Members
  • Posts

    26
  • Joined

  • Last visited

  • Days Won

    5

Everything posted by sxc4567

  1. Hi @Vinod Kumar, Thank you very much for your reply. I have to say, this sounds really excellent! I read through the linked thread as well; do I understand correctly that, so long as Enpass is locked (for example at the PIN prompt), there is very little risk of data leakage through memory - aside perhaps from UI libraries that are extremely difficult to control anyway?
  2. Hi there, I've been an avid Enpass user for many years and I love how it keeps improving! Recently though, I had a scare: Enpass core-dumped. This likely wasn't Enpass' own fault as it had been pretty stable until I upgraded my machine to Ubuntu 22.04; after the upgrade, I experienced a definite uptick in crashes with a number of apps that were running fine before. The main issue here is that Ubuntu decided to upload the crash report (complete with core dump) to their server without so much as notifying, much less prompting me! When I discovered this a few days later I was livid. I'm not sure the state Enpass was in when the crash occurred; it was possibly locked on the PIN prompt but it could also have been unlocked. I decided the risk was too big and proceeded to change all my passwords! You can imagine how pleasant and productive an activity this is... Now that I'm aware of the risk posed by this scenario, I'd like to rest a little easier next time something as drastic as this happens. Someone on reddit came up with the following tip: Does Enpass make use of this feature? If not, could it in the future? I'd love to get back on the reddit thread to point out that actually my data was safe all along, all thanks to Enpass.
  3. Hi @rubenJS Do you have the correct beta repo configured? This is where I got the "official" beta version 6.6.0.761 from, after testing various private debug builds over the last month in a bid to help the team resolve the issue. I do hope this build gets promoted soon as there's no doubt it's superior to every build, going back to version 6.3, which, I believe, introduced these crashes. In case you don't already have the beta repo installed: $ echo "deb https://apt.enpass.io/testing testing beta" | sudo tee /etc/apt/sources.list.d/enpass-beta.list $ sudo apt update $ apt policy enpass | head WARNING: apt does not have a stable CLI interface. Use with caution in scripts. enpass: Installed: 6.6.0.761 Candidate: 6.6.0.761 Version table: *** 6.6.0.761 500 500 https://apt.enpass.io/testing testing/beta amd64 Packages 100 /var/lib/dpkg/status 6.5.1.723 500 500 https://apt.enpass.io stable/main amd64 Packages 6.5.1.719 500 $ sudo apt upgrade enpass (obviously, you'd see your current version rather than "Installed: 6.6.0.761" as in above). You may also need to remove the "hold" to an earlier version in case you'd previously configured it per my 1st November post above: $ sudo apt-mark unhold enpass Needless to say, it's probably a good idea to backup your data before installing beta software ;-)
  4. Hi @Pratyush Sharma, A big THANK YOU to the entire team - and particularly developers - for finally fixing Enpass for Linux. It's taken a while but I'm pleased to confirm that version 6.6.0.761 finally addresses the constant crashes I've been experiencing on the Linux version for well over a year. I'm really glad I'll be able to continue using Enpass and hope that Linux users won't be left out in the cold for quite so long next time an issue like this crops up...
  5. "Last couple of weeks" is a bit of an understatement. As far as I am concerned, Enpass on Linux has been utterly broken since version 6.4 was released about a year ago. 6.5.0.701 is a bit more stable than the 6.4.x releases but 6.5.1 seems to be taking a step backwards. Any attempt to assist with debugging just seems to go down a black hole... at least they are kind enough to acknowledge them here... When I find the time, it feels like I'll have to start looking for an alternative. For me the must-have features (that Enpass would have, if it weren't for an unusable Linux version) are: Cross-platform support (Linux & iOS are the ones I need) Offline syncing support (Enpass' WebDav capability is good here) Support for segregated databases (aka "multi-vault") Feedback on suitable alternatives is welcome...
  6. In case this helps investigating the issue, I decided to run Enpass on the command line as follows: /opt/enpass/Enpass > /tmp/enpass_log 2>&1 & The logfile shows a large number of error messages that say: "QQmlComponent: Created graphical object was not placed in the graphics scene." (this happens as soon as Enpass is started, and some keep appearing later on). I'm wondering if this (and my large number of crashes) could be due to the fact that I use multiple workspaces? (note: workspaces are a standard GNOME feature that Enpass' developers may not be aware of. It's essentially a grouping of windows and your monitor displays one of them at a time). To move a window - such as Enpass' - to another workspace, right-click its titlebar and select "Move to Workspace Down". You can then use Win+PgUp/PgDown to move between workspaces. I typically choose the "Always on Visible Workspace" right-click option for Enpass, since I use it on multiple workspaces. Here's a list of error messages that appear (multiple times) in stdout/stderr while Enpass is running. The first one is by far the most frequent. QQmlComponent: Created graphical object was not placed in the graphics scene. Case insensitive sorting unsupported in the posix collation implementation Numeric mode unsupported in the posix collation implementation QObject::startTimer: Timers cannot have negative intervals This is with Enpass 6.5.0.701 as it's the only post 6.4 version that's stable enough to consider using presently. When Enpass crashes, it typically happens due to a SEGV (segmentation violation), which we could use to dump a memory image (core). Let me know if I can assist analyzing such a core dump although it's obviously not something I could share since it might possibly include clear-text passwords etc.
  7. Can we please have a simple toggle (perhaps under Settings -> Advanced) to "disable integrated crash reporter". Privacy conscious users will certainly appreciate the option too. Background For over a year, Enpass has been less than stable on Linux. I have documented, extensively, the issues faced. Things have improved a little recently with 6.5.0, before worsening again with 6.5.1. In any case, it's still far off with Enpass crashing at least a few times on me daily. This is on "vanilla" Ubuntu LTS (20.04), which has to be the most used desktop Linux distribution. The integrated crash reporter makes a bad situation worse by wasting even more time (up to a few seconds) upon a crash. I have used it to report *hundreds* of crashes and that seems to have made very little difference as to the stability of the product, nor did I ever get any feedback so I strongly suspect that all my reports are going down a great big black hole. Even if they were actually useful, it should be possible to disable it after reporting, say, 5 crashes. Thank you very much.
  8. @rubenJS not to worry, your post in perfectly on topic. What versions of Enpass and Pop_OS are you running? I found that Enpass 6.5.0.701 is the most stable for me on Ubuntu 20.04 (GNOME). This is supposedly a beta version, which you can install by following these instructions. Once you've done this, you can downgrade Enpass, as follows: sudo apt update apt-cache policy enpass # shows all versions available from the repositories sudo apt install enpass=6.5.0.701 # or whichever other version you'd like to try out sudo apt-mark hold enpass # prevent subsequent automatic upgrades by locking the installed version The last line "holds" enpass to the installed version, so it doesn't get upgraded automatically later. Use the same command with `unhold` if you'd like to try a newer version that will most hopefully fix things before too long...
  9. I'm having to share some passwords with a customer organization that also uses Ubuntu and finding it very hard to recommend Enpass due to the continuous crashes that have been ongoing since the beginning of the year. I noticed that 1Password is moving into the Linux space. I *really*, *really* like Enpass and desperately want to stay with it but the frustration caused by 10+ daily crashes is starting to add up...
  10. Hi @Garima Singh, I got an update to version 6.5.1.719 (beta) and it's *significantly worse* than the previous version (6.5.0.707). 6.5.0 would crash about once a day; 6.5.1.719 is back to crashing at least 10 times a day. I've just had a crash, followed by an immediate second crash just after typing the master password. I would strongly advise a rollback of 6.5.1.719. I also looked into the "logs" which I enabled, inside the Enpass app. All I get are a number of "info" entries logging interactions with the WebDav server where my vaults are stored (). They don't look very useful to me but I can send them across if that's helpful. PLEASE can we get the option to disable the automatic crash reporter? (make it default to submit the reports if you like). I can't believe that the 101th crash report I submitted is more useful than the 100 previous ones and this thing makes a bad situation much worse in terms of frustrating one's workflow with Enpass so long as it continues to crash as often.
  11. Hi @Garima Singh, Thanks again for following up. It's really good to see that you care about your Linux users. I have enabled logs and will email support@enpass.io with logs upon the next crash. Here's my answer to your generic questions: Size of database? I have 4 vaults, all synchronized with the iOS mobile version using a local WebDav server. Not sure vault #1: 1.1MB, 324 items, 4 attachments (1.5MB in total); #2: 411kB 165 items, 1 attachment (5kB); #3: 70kB, 14 items, no attachments; #4: 66kB, 12 items, no attachments I run standard Ubuntu 20.04.1, fully up-to-date; Gnome, X11, not Wayland. I run Enpass at system startup. I have to run it with `QT_AUTO_SCREEN_SCALE_FACTOR=0 QT_SCREEN_SCALE_FACTORS=1` (as documented in your support articles) to prevent it from being huge on my screen. One thing I do which might possibly contribute to the issue (?) is using multiple workspaces. I typically set Enpass to be "Always on visible workspace", so it can be invoked from whichever workspace I happen to be working on. Scenarios: Enpass typically crashes when invoked from Firefox (again, standard, up-to-date build, which is currently 80.0.1), when using a hotkey from a login form. The crashes can occur in a variety of scenarios, eg: before I even see the Enpass UI (so Firefox displays the "looking for Enpass app" page; and usually this takes a while and I often but not always get to see the crash reporter) before I interact with the UI; for example while I use the search box to look up an entry just as it's filling out the form and sometimes just after filling out the form. Previously (with v6.4.1) Enpass would crash so often that there were no observable pattern; sometimes it would crash at the start of the day, ie: just after waking up my laptop from ACPI sleep, but this seems to have improved with 6.5.0. So far with v6.5.0, the pattern appears to be related to filling out forms from Firefox. I haven't observed a correlation of crashes with system updates. Locking time? Do you mean Enpass locking? I have the following options enabled: When main window is closed System sleeps System is inactive for 2 minutes I also have the PIN option set I hope this is useful; I'll be sure to follow up with logs as/when Enpass crashes next time. I still think there ought to be an option to switch off the crash reporter; having had to suffer it for over 6 months before 6.5.0 came out was really no fun, I can assure you!
  12. Hi @Garima Singh, Thank you for following up. I suggest we continue in the new thread, which I see you've also commented on: Enpass beta 6.5.0 (701) MUCH more stable but crashes still
  13. Hi there, A massive THANK YOU for the release of beta 6.5.0 for Linux. I have documented the excruciating experience I had with the previous version (6.4.1) on stock Ubuntu 20.04, which was crashing up to 20 times a day on me! As soon as I saw news of the 6.5.0 beta, I didn't hesitate one second. The outcome: it's a massive improvement in stability as it only crashes maybe once a day on average; I probably use Enpass 20-30 times a day on my desktop. Still, once a day is not fully satisfactory; thus my queries: Is there any practical way I can help you debug these issues whilst the beta is being finalized? I've been sending those crash reports; you much have an absolute pile of them from me. Re the crash reports: PLEASE, can we have an option to turn these off? I don't believe the 100th crash report is going to add much value to the 99 before it and when Enpass is having a bad day, having to wait for them to gather their data and click through them increases the frustration manifold.
  14. Hi @Garima Singh, It's been over three months and I still face Enpass crashing several times every day on me on stock Ubuntu 20.04. It's come to the point where I dread having to log on to any website as I know by instinct this will very likely cause a 30+ seconds interruption in my workflow while Enpass takes its time to crash, present me with the crash reporter (have you been getting those???) and finally comes back up... As suggested previously, I'm most happy to help you debug this issue in any practical way. Otherwise I would really appreciate an ETA for a fix. I noticed that the Linux desktop version is a couple of minor versions behind Windows...
  15. @Pratyush Sharma is there a way I can disable the crash reporter please? I suppose that by now you have enough of my reports (must be 50 or so...) and I certainly have enough of having to go through the reporter several times a day, as this only serves to exacerbate the impact on my workflow. Many thanks!
  16. Hi @Pratyush Sharma, I must have submitted at least 20 crash reports with this thread mentioned in the comments over the last couple of weeks; and that's not even all the crashes I encountered. Basically Enpass crashes on average at least 2-3 times a day. Perhaps a couple of specific aspects from my setup that may or may not matter: I have three vaults in my Enpass setup Each is synchronized with a WebDav server. Let me know if you need anything else from me? Happy to run debug versions etc to try and get to the bottom of this if this is helpful.
  17. Hi Pratyush, Thanks a lot for your reply! I have just submitted a crash report that occurred with the typical pattern of invoking Enpass from Firefox - to fill out a login form - using the hotkey. I have included this thread's URL in the crash report and will be repeating this process for a week or so. I hope this method works for you; let me know if you need anything else or a different way of flagging those issues. Cheers!
  18. Hi Enpass team, I have been experiencing very persistent crashes on my Ubuntu 19.10 laptops (stock Ubuntu version with latest updates), including a brand new build installed from scratch quite recently. Typically crashes occur when I try to invoke Enpass from Firefox to fill out some login details using the shortcut key; however since upgrading to 6.4.0.631, they've also started to occur without any interaction: I just had it SEGV on me while my session was locked (an Apport notification popped up on the lock screen). I think those crashes started occurring with version 6.2 or thereabout. They were definitely already a feature with 6.3. I've been an avid Linux Enpass user since June 2016 and it had been a pretty solid experience until then. I am submitting the crash report feedback when prompted by your integrated reporter - must have done so at least 15 times over the past 2 months - but not the Apport ones for obvious reasons (core dumps). Today's - while my laptop was locked - has this: SegvAnalysis: Segfault happened at: 0x536329: mov 0x48(%rbp),%r8 PC (0x00536329) ok source "0x48(%rbp)" (0x00000048) not located in a known VMA region (needed readable region)! destination "%r8" ok SegvReason: reading NULL VMA What can I do to help you debug these issues? I really like Enpass and would like it to be stable again.
  19. Replying to my own question in case it helps someone else: I can confirm that swapping the primary vault with a secondary one can simply be achieved by: Ensuring everything is "cloud" (or WebDAV) synced Using the "Erase everything" button under Settings -> Advanced Create a new "primary" vault and choose the "restore from existing sync location" option Repeat step 3 for any secondary vault Usual caveats apply: make sure you have an offline backup of as much stuff as possible to be on the safe side... This procedure has been successfully tested on both iOS and the desktop (Linux) versions of Enpass versions 6.3/6.2
  20. Hi there, I've been an avid Enpass user for a few years now and whenever I get the chance (eg: here just yesterday), I keep telling everyone what a great product it is! So I've set up my "primary" vault containing business data many moons ago; then along came the multiple vaults feature and I've finally gotten around to writing some Python code to convert my 15+ years old creaking eWallet store to Enpass as a secondary vault. This works great; for me - as for many others I believe - separation of concerns has been one of the key use-cases for multiple vaults. Now I'd quite like to swap these two vaults around so my personal vault is the primary and my business data is stored as a secondary vault. Can this be done? I suppose this might be possible by starting everything afresh and re-importing the data using the "sync" feature (I use WebDav, works a treat)... but I'd really appreciate if someone can confirm this would work as I definitely don't want to run the risk of losing any data. Many thanks! Chris
  21. FWIW, the "pre-release" add-on (reported as v 5.5.0.1 even though the downloaded filename says 5.5.0.2.xpi) works perfectly on FF 57.0 (just GA-released) running on Ubuntu 17.04 with Enpass 5.6.0. Thank you for the great work, Enpass team! Now, I agree with commenters elsewhere who suggested this add-on ought to be made available as an official FF extension for all the obvious reasons.
  22. A key reasons I use Enpass over competing solutions is that I'm keen to keep my vaults local. I know it's all encrypted but prefer to shield myself from future encryption vulnerabilities and brute force attacks... So, in order to sync between my Ubuntu laptop and iPhone, I setup a WebDav server on the office WiFi, which seems to work well. However there's an issue with the iOS app: whenever the WebDav server isn't available, it keeps pestering with red "Error syncing data" banners. These come back a few seconds after being dismissed (the Linux client's UI is better behaved, simply colouring the sync icon red). Thankfully these banners aren't too intrusive but I'm wondering what they imply; presumably every re-appearance means the app has again been looking for the server. An attacker could observe this behaviour and try to exploit it. May I suggest some ways to improve this? Provide a "manual" (vs. the current "automatic") syncing option and a button allowing the user to explicitly request a sync from the client (the Linux client sort of has this: a "sync now" button under "Status: couldn't connect to server"). If the client/app is in "manual" mode, then sync only occurs when explicitly requested. Automatically switch to "manual"/"offline" after a number of repeated automatic sync failures rather than keep trying. (smart feature): offline/online behaviour could be tied to a WiFi network (ie: sync is auto-enabled when on a known network). These three features are incremental improvements; ie: one could start with feature 1. for the bare minimum which would address the current shortcoming. PS: Clicking "Disconnect" in the Sync settings pane is definitely not a solution as it clobbers the complete sync settings. Many thanks! Chris
  23. How do you sync your mobile device(s) with your desktop/laptop without relying on a public cloud service? You could run an OwnCloud or WebDav server privately but it's rather heavy to set up. I have used eWallet for many years and it has a rather elegant solution to this problem: the desktop client can act as a sync server on the LAN. A trust relationship must first be established with the mobile device(s) and presto you have fully private syncing without the need to install any additional software. It sort of works the opposite way of the "local WiFi" option that's offered when you first install Enpass on an iOS device and offers true syncing as opposed to just backup/restore. One of Enpass' key USP is the fact that it doesn't compel its users to store their precious data on random cloud servers. Despite being encrypted, the vaults could be retrieved then subjected to brute force attacks offline. Future exploits against encryption algos and Moore's law make this an unattractive prospect to many a user. Offering this feature would certainly strengthen that Enpass' USP IMHO. This feature could also enable syncing with any future "dropbox"-style public cloud service (ie: any cloud that's transparently accessible via the desktop's filesystem) without incurring any additional dev work. Please let me know if this is unclear and/or it would be useful to post a video of how this works on competing solutions)
  24. Hi @Hemant Kumar, This sounds great! If multiple databases are supported, it would finally be time for me to migrate to Enpass! Couple of quick q's: What's the "Portable" version of Enpass? Will multiple DB support extend across platforms, to include synchronisation eg: Linux & iOS? Many thanks! Chris
  25. As stated elsewhere I'm evaluating enpass as a replacement for a solution I've used to 10+ years - which doesn't even have a Safari integration feature so enpass wins anyway... So pretty much the first thing I tried is to sign-up for this forum on my iPad ;-) Naturally I brought up the iOS extension and went to 'create new sign-in', expecting to find the password generator there...?
×
×
  • Create New...