 Okay, so next on the young also widely known as the jinx from Amsterdam Hacker space we will talk about cutie pass and the project which started As a short today project and grew into something very exciting indeed Thank you. Now to see how this remote works probably doesn't well spacebar works My name is on the umbrella. I'm Developer and hacker I work at a Company called my protocol and I found it or co-founded one Amsterdam Hacker collective called IHAC and I started cutie pass which currently is at version 1.1 point six And we're working on a 1.2 release, but Cutie pass is pretty interesting compared to possible. We started around the same time We have one tenth of the developers or contributors one tenth of the commits of Possible, but yeah, that's pretty understandable since it's in C++ instead of PHP But let's start at the beginning I was working at a full-service company that had lots of clients different clients different projects and many secrets per project to share and to use internally which was a big problem because How do you keep those things well in their case a big Samba share with per project a lot of files a lot of folders and a password dot txt file That's not a way to do it Especially if you have external people working and have customers coming to your office connecting to the Wi-Fi It was a public share So yeah, we needed something else. We needed a way to store password securely to Share with co-workers with external people preferably open standards Preferably open source and it has to be easy to use So we got someone working on a project to find that into in our company and he found it in pass the standard UNIX password manager Which is Found at password store.org. It's a collection of bash scripts Basically, it uses open GPTG It uses git optionally it uses tree to display a list of passwords and It uses PW gen for password generation optionally This is what it looks like or might look like if you have Some tests going on It was really nice The developers all loved it instantly. It's very easy to use. It's automatable You can just do tap completion on the tree structure. It Directly feels right. You can also use Token based authentication with the GPG. So you be key or something Which you can then take from a Person when he leaves the company. So that's an added layer of of safety in there But then we ran into a problem management managers really don't like the command line and For no good reason not all managers of course, but With no good reason so yeah, we had to find the solution to get management team on board and That's why I thought well, I know some Qt. Let's whip up a simple Qt GUI application three view place for showing the contents of the password file update button to do a git pull and Well, that's very doable So, yeah, I wrote that proof of concept in two nights waiting for night buses in Amsterdam Laptop keeping me warm was pretty nice And just use this pass in the back end and get it was a simple wrapper written in Qt it was read only I put it on github and Did a small hackathon with a couple of friends To add translations and then I send a mail to the password store.org mailing list on August 1st 2014 with To notify them. Yeah, well, I've written this simple read only GUI thing Have a look at it if you find it interesting and well that was it a bit Oh, yeah, I added native mode so you don't need pass for example on Windows You can't run bash scripts properly, but you can use git and GPG and So I added a native mode Put it on github, which by then didn't look as busy as now But I thought well, that's that's about it Just made a nice thing That's it But then all of a sudden Easter 2015. I got a lot of pull requests from Rimer Duffinger will later met in Amsterdam for a beer and He added adding and editing of passwords in those pull requests. He added basic user management because password store pass In the file tree you can add a dot GPG ID file in which you list the people for whom it should be encrypted to and That is pretty obtuse. It's just a dot file in a dot folder and it has only the hashes or emails of the People's GPG IDs, so it's bit obtuse He made a very basic user management to make it simple and Edit fixes for the windows build that it would actually build on Windows This is what the user management looked like after I started hacking on it a bit added the search feature and color coding system to see which keys are usable and I really got enthusiastic again about Developing on it because of yeah, some other people just joining in and started coding. So we added many many extra options this is from version 1.0 and Then August 2015 August 1st exactly a year later. I decided yeah, let's have a release party Because why not? Everybody should do that if you have an open source project and you don't have a 1.0 release yet Just pick an arbitrary date pick an arbitrary goal Have a release party so in Amsterdam We did this in Amsterdam and Cafe Batavia 1920 which is straight across from Central Station. I did a little translation hackathon I told everybody I'd buy him a beer if they would translate it to their language So he got Hungarian simplified Chinese We also we also did a soldering workshop. It was a very nice festive day and we had a lot of beers, of course so Then QTPoS looked like this which was a lot more interesting. We added different profiles so you can use different password stores on your system a private one a company one whatever and We added something else which you might have seen here Which is the splash screen which? Has very clearly stating please report any issues you might have with this software and that really helps because Every time you start it you get this notification and you think ah something is broken something sucks It takes away all the boundaries for someone to just click the issues link go to the github and add a new issue To the tree so five days later August 5th. I get a message. I'm waiting for the ferry in Amsterdam I get a message I Looked into it and I would like to hide the contents. We only had a height password feature at that point So I'm looking at it and yeah, that's interesting someone who has done c++ in the past would like to give it a shot So I'm standing there waiting for my ferry to come step on the ferry and write a very simple summary of Where to look what to add what to do and the next day. I got a pull request With the feature I mean that's yeah that that makes you enthusiastic about doing more and more adding more stuff So then I thought what else would be nice password store pass uses a preferred system of Naming fields, which is just colon separated very simple. It's also used by the Firefox plug-in I think for login name and password and that kind of well password is always the first line So I'm for login URL that kind of stuff So I added that feature which was pretty far nice, but adding all those features Has a downside It gets clunky and clutery, so I thought I need to do something with that and looked into stuff so I set up Travis to do Linux and Windows and OS X builds and Also pushing to co verity, which is a static code analysis Site for open source projects is free to use up to a certain amount of times a day I can't exactly remember But static code analysis really helps it finds bugs before they become bugs and initialize variables that kind of stuff And it well if you just run it. It's always there. You don't have to think about it so The Travis file if if anybody hasn't done Travis yet and is doing something with CC plus plus or any other language actually Please set it up. It's very simple. It's a service. That's free for open source projects, etc And this is a bit simplified. I took out some of the crap but it just runs the cute make and It notifies on success only if there's a change Or on failure always So whenever there's something that doesn't compile on either Linux or OS X in either GCC or clang So for built I get a notification on both IRC and male, but yeah, then Windows Cute is very nice in that it's a completely cross platform And I wanted to add next to the OS X builds, which we're now being done by Travis by the way I wanted to do Windows builds. So how do I do that? I download a VM from modern dot ie because I don't own any Windows computers I set up cute creator at the ISS install creators studio Etc. Have to do that every month because The VM license expires. It's really obnoxious Luckily, I found that there's also app there, which is exactly the same as Travis only for Windows Unfortunately, the syntax is a bit more clunky because Windows But actually every build I get an installer is made with the ISCC the installer builder And whenever I do a tech release, it's automatically uploaded to GitHub So I don't have to touch Windows VMs anymore. Happy happy If you need any help with this kind of setup with your own project Feel free to contact me No worries there. So, yeah, we got more and more people contributing Doing a lot of UX changes making it Nicer and starting to use iconography. We had a long discussion on GitHub issue queue about this free desktop.org has a nice system of Setting up icons for stuff, which is standardized and works on everything Unfortunately, not on Mac OS or Windows. So I changed to SVGs for that but Yeah, adding a lot of new features For example double click to edit that kind of stuff and we thought yeah time for another release 1.1 Which looks on a dark KDE theme looks like this Unknown looks like this. So it takes on your standard preferred setup of look and feel really nice Currently, we're working on a new release a new big release to 1.2 release. Oh, what did I push? Working on a 1.2 release Yeah We have currently five active contributors who are doing week near weekly Commits and and the pull requests We're doing a lot of refactoring and finally doing unit tests although I have to admit I only added one unit test which is for a static helper function to always add a slash to a path but There is now a possibility to run unit tests which are also run by Travis, etc. And Again, we're doing a lot of UI and UX changes. So this is what the current master version of Qt pass looks like We added copying buttons for the different fields and A lot more stuff. Also, you can now do ASCII art Hence the indentation in your password files always nice We're thinking about adding possibility of doing binary attachments, but not Not standardized on how we add Because it's running on GPG behind the scenes that shouldn't be a problem GPG can do binary attachments. No problem That was about it any questions Someone has a question no question We have a question here Hello, I see that you are saving Passwords, but only one password. Can you save or is it planned to have multiple field? for example, I Comments what password is it or maybe? login a password another thing The passwords currently have that option That's the field down below where it currently says testing indentation and more indentation In this example, that's a completely freeform field where you can add whatever comments you'd like Also, you can in the configuration set the fields you would like for example in this case password login URL test But you can also click a button that allows any colon separated key value pair to be a field like that with a copy button Okay, and it helps yes, and now Can you will you have it some kind of template? for example, you I want to add a I don't know what credit a credit card number. It has a fixed Level of fields. Yeah, I haven't thought about that, but that sounds like like an interesting feature. Yeah That should be doomed One thing else I forgot in the 1.2 upcoming 1.2 release There's also dragging and dropping of files and folders and Because you can set for every folder to whom it should be encrypted for whom it should be decryptable Everything gets re-encrypted as soon as you do a drag-and-drop operation Which might pop up your GPG passphrase or something Which is a bit interesting adding passwords doesn't require any keys because GPG encrypting to someone to a public key is Is a non-privileged operation but decrypting you get asked for your GPG decryption key Unless you have no password passphrase on your GPG And we have the last question at the end Hello, I Was asking if there is something to ease the creation of GPG keys for people that don't for managers and people that Well GPG Qt pass does have a nice key generator if you start it up and you don't have a private key in your user Or there's no private key available to GPG. You get presented with a two-field option for name and email address and a checkbox to Enable complete editing of the GPG key generation file But Well, we made it a simple two-step process for example take a clean windows machine install Qt pass first thing it pops up is a link to The win GPG GPG for win something like that For you to download GPG as soon as you've done that you get presented with a two-field option name and email and Your key is generated. You can get going and if you set up outlook or For example Mac OS mail with GPG tools you automatically get get the added benefit of sending encrypted emails or at least signed and That's in our company when we started with Qt pass That was a nice edit bonus because all of a sudden all the managers started sending encrypted emails Does that help does that answer your question Yes, thank you. Thank you and thanks for the tool. Let's upload it You