From 7d1bf55e6191959e75f04fced25673cdd6585b4c Mon Sep 17 00:00:00 2001 From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com> Date: Fri, 11 Jul 2025 09:13:29 -0500 Subject: [PATCH 1/2] Add secure input finder --- bin/find_processes_using_secure_input.py | 99 ++++++++++++++++++++++++ homes/darwin.nix | 2 + 2 files changed, 101 insertions(+) create mode 100755 bin/find_processes_using_secure_input.py diff --git a/bin/find_processes_using_secure_input.py b/bin/find_processes_using_secure_input.py new file mode 100755 index 0000000..7287e81 --- /dev/null +++ b/bin/find_processes_using_secure_input.py @@ -0,0 +1,99 @@ +#!/usr/bin/env python +# find_processes_using_secure_input.py +# From "Finding the app/process that’s using Secure Input" by Alex Chan +# (https://alexwlchan.net/2021/secure-input/). +# Licensed under CC-BY 4.0 +""" +If macOS detects that you're typing sensitive data (e.g. a password), it prevents +other apps from reading keystrokes. This is normally a good thing, but it's mildly +annoying if you use an app like TextExpander, and macOS doesn't notice that it's +no longer using Secure Input. Then your keyboard shortcuts stop working! + +This script will print a list of processes that have Secure Input enabled, e.g.: + + The following processes are using Secure Input: + 113 loginwindow + 302 Safari + 519 Firefox + +It relies on two interesting commands: + + ioreg -a -l -w 0 + prints the I/O Kit Registry in XML format, which includes information about + a process using Secure Input in the kCGSSessionSecureInputPID key + + ps -c -o command= -p + prints the executable name associated with a process ID (pid), which is + used for the output + +See https://alexwlchan.net/2021/secure-input/ + +""" + +import plistlib +import subprocess + + +def find_dicts_in_tree(d): + """ + Traverses the values of d, returning everything that looks dict-like. + + Ideally I'd have a better idea of the structure of the output of ioreg, + but I don't care to spend that much time on this problem. + """ + if isinstance(d, dict): + yield d + for dict_value in d.values(): + for dv in find_dicts_in_tree(dict_value): + yield dv + elif isinstance(d, list): + for list_item in d: + for lv in find_dicts_in_tree(list_item): + yield lv + else: + pass + + +def executable_name(pid): + """ + Returns the executable name associated with a given pid. + """ + return subprocess.check_output([ + "ps", + "-c", # Only show the executable name, not the full command line + "-o", "command=", # Only show the command column, no header + "-p", str(pid) # Only show the given process ID + ]).strip().encode("utf8") + + +if __name__ == "__main__": + ioreg_output = subprocess.check_output([ + "ioreg", + "-a", # Archive the output in XML + "-l", # Show properties for all displayed objects + "-w", "0" # Unlimited line width + ]) + + try: + plist = plistlib.loads(ioreg_output, fmt=plistlib.FMT_XML) + except AttributeError: # Python 2 + plist = plistlib.readPlistFromString(ioreg_output) + + process_ids = set() + for d in find_dicts_in_tree(plist): + if "kCGSSessionSecureInputPID" in d: + process_ids.add(d["kCGSSessionSecureInputPID"]) + + sorted_pids = [ + str(pid) + for pid in sorted(int(p) for p in process_ids) + ] + + print("The following processes are using Secure Input:") + if sorted_pids: + subprocess.check_call([ + "ps", + "-c", # Only show the executable name, not the full command line + "-o", "pid=,command=", # Only show the PID/command column, no header + "-p", ",".join(sorted_pids) # Only get the selected processes + ]) diff --git a/homes/darwin.nix b/homes/darwin.nix index 71665b0..a072866 100644 --- a/homes/darwin.nix +++ b/homes/darwin.nix @@ -9,6 +9,8 @@ (pkgs.writeShellScriptBin "get-current-wifi" '' ipconfig getsummary $(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/{getline; print $2}') | awk -F ' SSID : ' '/ SSID : / {print $2}' '') + (pkgs.writeScriptBin "secure-finger" + (builtins.readFile ./../bin/find_processes_using_secure_input.py)) ]; sessionVariables = { JULIA_NUM_THREADS = "$(sysctl -n hw.logicalcpu)"; From a86f527a76297ecb4e565e2a83279417b65b6abf Mon Sep 17 00:00:00 2001 From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com> Date: Fri, 11 Jul 2025 09:20:40 -0500 Subject: [PATCH 2/2] Make starship prompt less verbose --- programs/starship.nix | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/programs/starship.nix b/programs/starship.nix index e6d5815..a353d6e 100644 --- a/programs/starship.nix +++ b/programs/starship.nix @@ -1,4 +1,7 @@ -{ lib }: { +{ lib }: +let language-format-string = "[$symbol($version )]($style)"; +in { + enable = true; enableBashIntegration = true; enableZshIntegration = true; @@ -29,6 +32,14 @@ format = "([\\[$all_status$ahead_behind\\]]($style))"; }; hostname = { format = "[$hostname]($style)"; }; + julia = { format = language-format-string; }; + nix_shell = { + symbol = ""; + impure_msg = "/󰓑"; + pure_msg = "/󱕦"; + format = "[$symbol$state( ($name))]($style)"; + }; + nodejs = { format = language-format-string; }; os = { disabled = false; symbols = { @@ -41,6 +52,24 @@ NixOS = ""; }; }; + package = { + format = language-format-string; + symbol = " "; + }; + python = { + format = + "[\${symbol}\${pyenv_prefix}(\${version} )(($virtualenv) )]($style)"; + symbol = ""; + }; + quarto = { format = language-format-string; }; + rlang = { + format = language-format-string; + symbol = ""; + }; + ruby = { + format = language-format-string; + symbol = ""; + }; shell = { # Show which shell if not using zsh (the default) disabled = false;