Questions and Suggestions

Hi @CalebJohn. Sorry I guess I overlooked that. All I payed attention to was the “Notes and settings are stored in: /media/veracrypt1/joplin-desktop/” note and the path text field in the General section of the settings. I notice the text editor command label but didn’t pay much mind to it. However, I did get those terminal commands to open up my saved database. Thanks!

If it’s not too much of a burden, would you mind telling me or referring me to a tutorial on how to create a shell script or modify the .desktop file? Is this the database file you’re referring to?

These are basic linux things (actually desktop files are specifically linux desktop things). Desktop files basically describe launcher icons for your applications. here is an article about them, it is on the gnome website but isn’t specific to gnome.

Shell scripts are just collections of terminal commands that can be run together, in your case you might want to create a file named something like joplin that contains
joplin.AppImage --profile /your/profile
so that you can run joplin simply by typing joplin in the terminal.

fyi. if you had googled “linux desktop file” you would have gotten the same information. Same goes for “linux shell script”

Thanks Caleb. Sorry for the trouble.

I wouldn’t say useless. If you’re a security guy, you know everything should be in layers. There should be multiple levels and no single points of failure. Why make it easy? I am using VeraCrypt, and would continue to do so. If Joplin had it’s own built in encryption, I’d use that too. Don’t even mention BitLocker. What good is encryption with back doors? I helped out a local forensics company on a high profile case. I am a certified computer forensics specialist. All of the companies laptops being investigated had BitLocker. We had one key, and the drives were magically decrypted. That’s why people were so outraged when the creators of Truecrypt recommended BitLocker. But then again, you can’t have US based encryption without a government back door. It’s there in every product. The companies can’t disclose it due to a gag order. That’s why I ALWAYS recommend open source encryption. There is no place for such a door to hide. No matter how tightly you secure and protect it, it’s still a door! Of course if one door leads to another lock, followed by yet another, hopefully they’ll give up at some point. Never use a passWORD. Back in the 80’s that might have been acceptable, but not today. Always use a passphrase, You want a minimum of 16 characters. I know, I hate rebooting! It takes me a half an hour to get everything open again. Fortunately Linux doesn’t require frequent reboots. But, if someone were to grab my computer, the hardware is useful, but the data, well, they’ll get nothing. Overkill? Definitely. Peace of mind? Without a doubt. If something offers MFA, I always use it. Sure, it takes a little longer and adds an extra step. Can these be defeated? VeraCrypt, no. Snowden proved that with Truecrypt. Therefore, that one essential piece of software is sufficient, but why not add additional layers, just in case?

3 Likes

This is definitely an amazing quote. That’s part of why I switched from LastPass to Bitwarden as my Password Manager. Not only is Bitwarden fully Open Source, but for $10 a year, you can implement several layers of authentication into it and even use its own built in authenticator for other apps and websites. It’s a bit impressive how much the devs thought about all of this with it.

I was rather referring to a PIN to lock/unlock the app, which came up many, many times in this forum and on gh. As a security guy you should know that security through obscurity is no security.
A PIN wouldn’t change the fact that the local data is not encrypted.

Local encryption is not inherently usless, but is already (FDE) available or can be (VeraCrypt). I don’t see a reason to make Joplin’s code more complex.

I also switched from LastPass to Bitwarden. I have a few blog entries at blog.irwinelectronics.com where I talk about Bitwarden, VeraCrypt, Joplin, and others. I’ve also used KeePass quite extensively. While there are some features of KeePass I really like, for most people my recommendation would go to LastPass for ease of use. That was until Bitwarden came on the scene. Bitwarden and LastPass are nearly identical in terms of ease of use and functionality. But it’s Bitwarden’s open source code that pushes it far ahead of the competition. While KeePass is also open source, and a great option for Enterprise use, KeePass has a much steeper learning curve and still doesn’t offer the functionality of Bitwarden. Most importantly, you must install additional software to auto fill browser entries and it does not automatically capture and add new logins. You must manually add them to KeePass. I also ran into synchronization problems with KeePass. While Bitwarden handles all of this as well as any commercial package on the market today. The only negative to Bitwarden is that they use their own server to store your data. You can change that though. I would much prefer to use an independent third party like Box or Dropbox to store my data. Other than that minor point, Bitwarden still easily takes the award for best password manager for most people. The combination of Bitwarden and Joplin is hard to beat. I saw today that Evernote is FINALLY creating a Linux client. For years they said they had no interest. Evernote’s lack of encryption and commercial nature will keep me a Joplin fan. I do feel Evernote’s interface is much slicker. I really do not like, actually I hate, the dual pane editor of Joplin. There have been a couple threads about that a while back. Some people love the enhanced features it offers. I’m sorry, but I am not a fan. The Joplin team is open to adding an additional interface if someone is willing to code it, so there is hope for the future. Joplin’s two negatives are both pretty major, the built in editor, and difficulty Syncing encrypted files. I’m an MCSE with over 30 years of IT experience, and even I had problems setting up the encryption. Once it’s done though, it’s rock solid.

2 Likes

Joplin’s ui isn’t exactly pretty and parts could definitely be made more intuitive and easy for new users that aren’t tech savvy or patient enough to work around them, but it is functional. I’ve seen terrible ones. It’s definitely not Ardour, a very powerful audio mixing and editing software that has a UI and core functionality that is super bizarre and obtuse.