KeePassXC Debian package situation

gemini://namno.duckdns.org/blog/2024-05-15.gmi

On 23rd of April 2023 Julian Andres Klode, Debian maintainer of keepassxc package have removed all networking and IPC features, including support for YubiKeys, from that package, following a very slow-flowing bugreport thread that complained that additional features may increase attack surface. Additionally, keepassxc-full package was created, that retained all these features. I consider this move to be misguided and harmful for following reasons: Everyone expects full KeePassXC by default In one of the threads created following this decision Julian have said that he would expect complains for a year because no one reads NEWS file. He is correct that no one reads NEWS file (or knows about it in general) but he is wrong in his estimate of complains. Complains will not stop after a year, they will continue until keepassxc package stops giving people cut-down version of KeepPassXC, like it does on all other distros. KeePassXC is advertised with all these features, they are the main reason to choose this package manager over any other. Even Debian package description mentions them: >In contrast to KeePassX (package keepassx), KeePassXC is actively developed and has more features, e.g., connectivity to a Web Browser plugin (package webext-keepassxc-browser).

https://packages.debian.org/testing/keepassxc [HTTPS] If someone needed "more secure" option, they could have picked one of the many alternatives that support same database format, but without features that are unnecessary for them. So the only useres that this "benefit" are those who don't know difference between different package managers and just install what's popular, in which case they probably are even more confused as to why their version of program doesn't work like it does for other people. These are not plugins Many other people defended this decision by saying that many other Debian packages do not include plugins by default. First of all, there is plenty of packages that have (1st party) plugins included in their package, or as a dependency. Second of all. they are not plugins. They are #ifdef-ed pieces of code, that only tested with all of them enabled. Option to disable all of the options (as is the current debian situation) is tested only for its ability to compile and no further. This leads to my third point. Disabling everything decreases safety Many features disabled by Julian are necessary for keeping the security. From physical USB keys, to browser plugin, that among other things helps distinguishing between real and phishing sites, they activly increase security. Disabling these features leads to users opting into less secure options, like transfering password using clipboard. Conclusion I hope that Julian eventually reevaluates his decision and if not reenables these features in main keepassxc package with optional keepasssc-core/minimal/whatever package that you could opt in, at least enables some of the features that actually provide security, like browser integration or secret provider. I also hope that Debain stops thinking that they are center of the universe and stops breaking packages for no good reason.

Stylish updated to version 3.0.1 and immediately stopped working, and not just because I was expected to manually import all of my custom styles to the new framework: I’d go into the new control panel (which looks ugly btw) and click buttons and nothing would happen... Eventually (and completely accidentally) I figured out that I had to whitelist cookies for its auto-generated page (moz-extension:// whatever) for it to work (because I block cookies from all but my trusted sites as a paranoid security measure).

Strongly suggest getting the Firefox extension Clean Links, which will automatically strip those tokens if you open a link that has them.

This isn't helpful as the person giving out links,but it is VERY handy as the person clicking on them.

Text link only because otherwise tumblr will hide the post from the notes for 'linking offsite'. Remove the space between Mozilla and org to use.

https://addons.mozilla. org/en-US/firefox/addon/clean-links-webext/

Tumblr is Tracking Shared Links

It looks like Tumblr @staff have finally implemented tracking garbage into shared links in the Tumblr mobile app. It took them years and years, but Tumblr is finally making an attempt to track shared links you click or links you share with friends.

When you share a post and choose to “copy” a link to your clipboard, you can see that they use their (new?) url shortener, at.tumblr.com.  The shortened URL appears to contain: your blog name; either the ID of the destination post, or the short string associated with the post; and an alphanumeric string.  Eg:

https://at.tumblr.com/pizza-and-ramen/im-fucking-dying-this-is-hilarious/uqndb20nkyob

The shortened URL redirects you to the destination link, but with 2 URL parameters: _branch_referrer and _branch_match_id.  Both are associated with a third-party analytics tool, branch.io.  Eg:

https://pizza-and-ramen.tumblr.com/post/118684413624/im-fucking-dying-this-is-hilarious?_branch_referrer=H4sIAAAAAAAAAxXEwQ2AIAwAwIlKH8aP21RQaaSAUIIyvZpczqvmuiCSGm2yhmJsEsw8BgFFB4Vki8gCe7MnxwPc86%2BeK3w8ByqcWsU7jHnql0u99xd0v%2FAuVQAAAA%3D%3D&_branch_match_id=1104914739086906151

_branch_referrer appears to be another shortened at.tumblr.com URL, except it’s been gzipped, base64 encoded, then URL encoded.  Eg:

H4sIAAAAAAAAAxXEwQ2AIAwAwIlKH8aP21RQaaSAUIIyvZpczqvmuiCSGm2yhmJsEsw8BgFFB4Vki8gCe7MnxwPc86%2BeK3w8ByqcWsU7jHnql0u99xd0v%2FAuVQAAAA%3D%3D

URL decode to:

H4sIAAAAAAAAAxXEwQ2AIAwAwIlKH8aP21RQaaSAUIIyvZpczqvmuiCSGm2yhmJsEsw8BgFFB4Vki8gCe7MnxwPc86+eK3w8ByqcWsU7jHnql0u99xd0v/AuVQAAAA==

base64 decode to (in hex for legibility):

1F8B0800 00000000 000315C4 C10D8020 0C00C089 4A1FC68F DB545069 A4805082 32BD9A5C CEABE6BA 20921A6D B286626C 12CC3C06 01450785 648BC802 7BB327C7 03DCF3AF 9E2B7C3C 072A9C5A C53B8C79 EA974BBD F71774BF F02E5500 0000

and unzipped with gunzip:

https://at.tumblr.com/pizza-and-ramen/im-fucking-dying-this-is-hilarious/xlz53wqdowww

which directs to the post with the same _branch_referrer but a new _branch_match_id:

https://pizza-and-ramen.tumblr.com/post/118684413624/im-fucking-dying-this-is-hilarious?_branch_match_id=1104899685865808870&_branch_referrer=H4sIAAAAAAAAAxXEwQ2AIAwAwIlKH8aP21RQaaSAUIIyvZpczqvmuiCSGm2yhmJsEsw8BgFFB4Vki8gCe7MnxwPc86%2BeK3w8ByqcWsU7jHnql0u99xd0v%2FAuVQAAAA%3D%3D

_branch_match_id, according to this stackoverflow answer, is an identifier unique to you, used to track users.  It could be based on browser fingerprinting, as branch.io’s branch_match_id is.

Anyway, there’s not a terribly easy way to avoid this tracking from the Tumblr mobile app, but if you get a link that has the id, not the string, you can modify it to the format of blog.tumblr.com/ID, like so before sending it to a friend:

https://at.tumblr.com/pizza-and-ramen/118684413624/uqndb20nkyob

https://pizza-and-ramen.tumblr.com/118684413624

Alternately, you could paste the link in your browser, allow it to redirect, then remove everything past the ? at the end, eg:

https://pizza-and-ramen.tumblr.com/post/118684413624/im-fucking-dying-this-is-hilarious?_branch_referrer=H4sIAAAAAAAAAxXEwQ2AIAwAwIlKH8aP21RQaaSAUIIyvZpczqvmuiCSGm2yhmJsEsw8BgFFB4Vki8gCe7MnxwPc86%2BeK3w8ByqcWsU7jHnql0u99xd0v%2FAuVQAAAA%3D%3D&_branch_match_id=1104914739086906151

https://pizza-and-ramen.tumblr.com/post/118684413624/im-fucking-dying-this-is-hilarious

Anyway, this has been my privacy rant of the day.  Thanks for reading, and let me know if you know more about this than I do!

Webexting | Peter Parker

You were laying on your bed on Instagram waiting for something to happen, which so happens to be a certain spider knocking on your window.

You rolled off your bed and walked over to the window before opening it which Peter crawled through.

“Hi Pete, what new?” You asked laying back on your bed. “Nothing.”His voice creaked. You curiously sat up and Peter’s face was bruised. “Oh My God Peter What Happened?!” You grabbed his face to check to see if he had anymore bruises.

“I got decked while fighting some guy.” You don’t believe him. “What really happened?” He held his head down and muttered something that you couldn’t quite hear. “What did you say?” You asked trying to make out what he previously said before. “I said I swung into a building while texting.” You shook your head in disappointment.

“How many times have I and rest of the avengers told you not to do that.” You said getting the first-aid kit “7 times.” He said still holding his head down.

You walked back over to where he was sitting and begin to patch him up. “Seriously Peter you really have to be more thoughtful on what you do.” She wiped away the blood from his head and lightly dabbed at his busted lip before disinfecting the wound on his head and wrapping bandages around it.

“Like do you really think I want a beat up boyfriend?” You asked looking him in his eyes. “No.” He said lightly shaking his head.

“It’s bad enough that I have to worry about while your off fighting crime, I don’t need to worry about you swinging into a building.”

“Don’t worry (Y/N) it won’t happen again.” He said once you were done. “Oh, I know it won’t. Until further notice your not getting this back.” You said waving his phone in front of his face before placing it in your desk drawer.

“Aww, come (Y/N) how I’m supposed to talk to you?” You walked back over to him and bent down to his eye level. “You can always come and visit me.” You said before leaning in kissing him gently to be mindful of the bruised lip.

He looked slightly dazed as a smile made it’s way upon his face. “Your right (Y/N) without my phone that just means I get spend more time with you.” You giggled with joy before kissing him on the cheek and smiling at how lucky you to have some like him.

Using clr browser source plugin

Download browserpass-github.crx from the latest release and drag'n'drop it into chrome://extensions.

This extension has the same ID as the one in Chrome Web Store, so when a new version will appear in Web Store, it will auto-update! Use if you want to be on latest and greatest version.

Download browserpass-webstore.crx from the latest release and drag'n'drop it into chrome://extensions.

Install the extension from Chrome Web Store (which will provide auto-updates).

Debian: webext-browserpass includes Chromium extension.

Arch Linux: browserpass-chromium, browserpass-chrome.

Install using a package manager for your OS (which will provide auto-update and keep extension in sync with native host app):.

Browser extension for Chromium-based browsers (choose one of the options):.

In order to install Browserpass correctly, you have to install two of its components:

A password store that follows certain naming conventions.

The latest stable version of gpg (having pass or gopass is actually not required).

The latest stable version of Chromium or Firefox, or any of their derivatives.

Why Browserpass on Firefox does not work on Mozilla domains?.How to use the same username and password pair on multiple domains.Error: Unable to fetch and parse login fields.Verifying authenticity of the Github releases.In order to use Browserpass you must also install a companion native messaging host, which provides an interface to your password store. It allows you to auto-fill or copy to clipboard credentials for the current domain, protecting you from phishing attacks. Browserpass is a browser extension for zx2c4's pass, a UNIX based password store manager.

Nextent Nextent is a multi-purpose WordPress theme by team WebExtent. It is a complete package for any business purpose, Shop purpose, Retailer Purpose, Restaurant Purpose, woo-commerce Purpose, etc.

Insights into Why Hyperbola GNU/Linux is Turning into Hyperbola BSD

In late December 2019, Hyperbola announced that they would be making major changes to their project. They have decided to drop the Linux kernel in favor of forking the OpenBSD kernel. This announcement only came months after Project Trident announced that they were going in the opposite direction (from BSD to Linux).

Hyperbola also plans to replace all software that is not GPL v3 compliant with new versions that are.

To get more insight into the future of their new project, I interviewed Andre, co-founder of Hyperbola.

Why Hyperbola GNU/Linux Turned into Hyperbola BSD

It’s FOSS: In your announcement, you state that the Linux kernel is “rapidly proceeding down an unstable path”. Could you explain what you mean by that?

Andre: First of all, it’s including the adaption of DRM features such as HDCP (High-bandwidth Digital Content Protection). Currently there is an option to disable it at build time, however there isn’t a policy that guarantees us that it will be optional forever.

Historically, some features began as optional ones until they reached total functionality. Then they became forced and difficult to patch out. Even if this does not happen in the case of HDCP, we remain cautious about such implementations.

Another of the reasons is that the Linux kernel is no longer getting proper hardening. Grsecurity stopped offering public patches several years ago, and we depended on that for our system’s security. Although we could use their patches still for a very expensive subscription, the subscription would be terminated if we chose to make those patches public.

Such restrictions goes against the FSDG principles that require us to provide full source code, deblobbed, and unrestricted, to our users.

KSPP is a project that was intended to upstream Grsec into the kernel, but thus far it has not come close to reaching Grsec / PaX level of kernel hardening. There also has not been many recent developments, which leads us to believe it is now an inactive project for the most part.

Lastly, the interest in allowing Rust modules into the kernel are a problem for us, due to Rust trademark restrictions which prevent us from applying patches in our distribution without express permission. We patch to remove non-free software, unlicensed files, and enhancements to user-privacy anywhere it is applicable. We also expect our users to be able to re-use our code without any additional restrictions or permission required.

This is also in part why we use UXP, a fully free browser engine and application toolkit without Rust, for our mail and browser applications.

Due to these restrictions, and the concern that it may at some point become a forced build-time dependency for the kernel we needed another option.

It’s FOSS: You also said in the announcement that you would be forking the OpenBSD kernel. Why did you pick the OpenBSD kennel over the FreeBSD, the DragonflyBSD kernel or the MidnightBSD kernel?

Andre: OpenBSD was chosen as our base for hard-forking because it’s a system that has always had quality code and security in mind.

Some of their ideas which greatly interested us were new system calls, including pledge and unveil which adds additional hardening to userspace and the removal of the systrace system policy-enforcement tool.

They also are known for Xenocara and LibreSSL, both of which we had already been using after porting them to GNU/Linux-libre. We found them to be well written and generally more stable than Xorg/OpenSSL respectively.

None of the other BSD implementations we are aware of have that level of security. We also were aware LibertyBSD has been working on liberating the OpenBSD kernel, which allowed us to use their patches to begin the initial development.

It’s FOSS: Why fork the kernel in the first place? How will you keep the new kernel up-to-date with newer hardware support?

Andre: The kernel is one of the most important parts of any operating system, and we felt it is critical to start on a firm foundation moving forward.

For the first version we plan to keep in synchronization with OpenBSD where it is possible. In future versions we may adapt code from other BSDs and even the Linux kernel where needed to keep up with hardware support and features.

We are working in coordination with Libreware Group (our representative for business activities) and have plans to open our foundation soon.

This will help to sustain development, hire future developers and encourage new enthusiasts for newer hardware support and code. We know that deblobbing isn’t enough because it’s a mitigation, not a solution for us. So, for that reason, we need to improve our structure and go to the next stage of development for our projects.

It’s FOSS: You state that you plan to replace the parts of the OpenBSD kernel and userspace that are not GPL compatible or non-free with those that are. What percentage of the code falls into the non-GPL zone?

Andre: It’s around 20% in the OpenBSD kernel and userspace.

Mostly, the non-GPL compatible licensed parts are under the Original BSD license, sometimes called the “4-clause BSD license” that contains a serious flaw: the “obnoxious BSD advertising clause”. It isn’t fatal, but it does cause practical problems for us because it generates incompatibility with our code and future development under GPLv3 and LGPLv3.

The non-free files in OpenBSD include files without an appropriate license header, or without a license in the folder containing a particular component.

If those files don’t contain a license to give users the four essential freedoms or if it has not been explicitly added in the public domain, it isn’t free software. Some developers think that code without a license is automatically in the public domain. That isn’t true under today’s copyright law; rather, all copyrightable works are copyrighted by default.

The non-free firmware blobs in OpenBSD include various hardware firmwares. These firmware blobs occur in Linux kernel also and have been manually removed by the Linux-libre project for years following each new kernel release.

They are typically in the form of a hex encoded binary and are provided to kernel developers without source in order to provide support for proprietary-designed hardware. These blobs may contain vulnerabilities or backdoors in addition to violating your freedom, but no one would know since the source code is not available for them. They must be removed to respect user freedom.

It’s FOSS: I was talking with someone about HyperbolaBSD and they mentioned HardenedBSD. Have you considered HardenedBSD?

Andre: We had looked into HardenedBSD, but it was forked from FreeBSD. FreeBSD has a much larger codebase. While HardenedBSD is likely a good project, it would require much more effort for us to deblob and verify licenses of all files.

We decided to use OpenBSD as a base to fork from instead of FreeBSD due to their past commitment to code quality, security, and minimalism.

It’s FOSS: You mentioned UXP (or Unified XUL Platform). It appears that you are using Moonchild’s fork of the pre-Servo Mozilla codebase to create a suite of applications for the web. Is that about the size of it?

Andre: Yes. Our decision to use UXP was for several reasons. We were already rebranding Firefox as Iceweasel for several years to remove DRM, disable telemetry, and apply preset privacy options. However, it became harder and harder for us to maintain when Mozilla kept adding anti-features, removing user customization, and rapidly breaking our rebranding and privacy patches.

After FF52, all XUL extensions were removed in favor of WebExt and Rust became enforced at compile time. We maintain several XUL addons to enhance user-privacy/security which would no longer work in the new engine. We also were concerned that the feature limited WebExt addons were introducing additional privacy issues. E.g. each installed WebExt addon contains a UUID which can be used to uniquely and precisely identify users (see Bugzilla 1372288).

After some research, we discovered UXP and that it was regularly keeping up with security fixes without rushing to implement new features. They had already disabled telemetry in the toolkit and remain committed to deleting all of it from the codebase.

We knew this was well-aligned with our goals, but still needed to apply a few patches to tweak privacy settings and remove DRM. Hence, we started creating our own applications on top of the toolkit.

This has allowed us to go far beyond basic rebranding/deblobbing as we were doing before and create our own fully customized XUL applications. We currently maintain Iceweasel-UXP, Icedove-UXP and Iceape-UXP in addition to sharing toolkit improvements back to UXP.

It’s FOSS: In a forum post, I noticed mentions of HyperRC, HyperBLibC, and hyperman. Are these forks or rewrites of current BSD tools to be GPL compliant?

Andre: They are forks of existing projects.

Hyperman is a fork of our current package manager, pacman. As pacman does not currently work on BSD, and the minimal support it had in the past was removed in recent versions, a fork was required. Hyperman already has a working implementation using LibreSSL and BSD support.

HyperRC will be a patched version of OpenRC init. HyperBLibC will be a fork from BSD LibC.

It’s FOSS: Since the beginning of time, Linux has championed the GPL license and BSD has championed the BSD license. Now, you are working to create a BSD that is GPL licensed. How would you respond to those in the BSD community who don’t agree with this move?

Andre: We are aware that there are disagreements between the GPL and BSD world. There are even disagreements over calling our previous distribution “GNU/Linux” rather than simply “Linux”, since the latter definition ignores that the GNU userspace was created in 1984, several years prior to the Linux kernel being created by Linus Torvalds. It was the two different software combined that make a complete system.

Some of the primary differences from BSD, is that the GPL requires that our source code must be made public, including future versions, and that it can only be used in tandem with compatibly licensed files. BSD systems do not have to share their source code publicly, and may bundle themselves with various licenses and non-free software without restriction.

Since we are strong supporters of the Free Software Movement and wish that our future code remain in the public space always, we chose the GPL.

It’s FOSS: I know at this point you are just starting the process, but do you have any idea who you might have a usable version of HyperbolaBSD available?

Andre: We expect to have an alpha release ready by 2021 (Q3) for initial testing.

It’s FOSS: How long will you continue to support the current Linux version of Hyperbola? Will it be easy for current users to switch over to?

Andre: As per our announcement, we will continue to support Hyperbola GNU/Linux-libre until 2022 (Q4). We expect there to be some difficulty in migration due to ABI changes, but will prepare an announcement and information on our wiki once it is ready.

It’s FOSS: If someone is interested in helping you work on HyperbolaBSD, how can they go about doing that? What kind of expertise would you be looking for?

Andre: Anyone who is interested and able to learn is welcome. We need C programmers and users who are interested in improving security and privacy in software. Developers need to follow the FSDG principles of free software development, as well as the YAGNI principle which means we will implement new features only as we need them.

Users can fork our git repository and submit patches to us for inclusion.

It’s FOSS: Do you have any plans to support ZFS? What filesystems will you support?

Andre: ZFS support is not currently planned, because it uses the Common Development and Distribution License, version 1.0 (CDDL). This license is incompatible with all versions of the GNU General Public License (GPL).

It would be possible to write new code under GPLv3 and release it under a new name (eg. HyperZFS), however there is no official decision to include ZFS compatibility code in HyperbolaBSD at this time.

We have plans on porting BTRFS, JFS2, NetBSD’s CHFS, DragonFlyBSD’s HAMMER/HAMMER2 and the Linux kernel’s JFFS2, all of which have licenses compatible with GPLv3. Long term, we may also support Ext4, F2FS, ReiserFS and Reiser4, but they will need to be rewritten due to being licensed exclusively under GPLv2, which does not allow use with GPLv3. All of these file systems will require development and stability testing, so they will be in later HyperbolaBSD releases and not for our initial stable version(s).

I would like to thank Andre for taking the time to answer my questions and for revealing more about the future of HyperbolaBSD.

What are your thoughts on Hyperbola switching to a BSD kernel? What do you think about a BSD being released under the GPL? Please let us know in the comments below.

If you found this article interesting, please take a minute to share it on social media, Hacker News or Reddit.

from It's FOSS https://itsfoss.com/hyperbola-linux-bsd/

Insights into Why Hyperbola GNU/Linux is Turning into Hyperbola BSD was initially seen on http://alaingonza.com/

from https://alaingonza.com/2020/01/16/insights-into-why-hyperbola-gnu-linux-is-turning-into-hyperbola-bsd/

Show HN: A Firefox extension to leave comments on any URL

https://github.com/comntr/webext Comments

Article URL: https://github.com/comntr/webext

Comments URL: https://news.ycombinator.com/item?id=20292638

Points: 6

# Comments: 3

@guusbosman If you bulk edited them in Chrome.... you can import them back in Firefox :D https://t.co/Ew778O8ENB also if you bump into WebExt issues, please report them to https://t.co/hDpjcms0qi It's like a bug tracker for the web #fxhelp via @FirefoxScout

AddOns Legacy Add-On( Don' t sort alphabetically, use Ctrl+ F), Daily users, Last Updated, Developer Status, Notes, WE alternatives, Feature Parity, WE notes Adblock Plus, 13’ 690’ 768, 2017-12-12, ported, Mostly, uBlock Origin performs significantly better, because it' s more resource-effici... http://ift.tt/2l8gI0V

[WebExt] Fixed incompatibility with Firefox 54; [WebExt] Initiated preference migration via embedded WebExtension; [e10s] Fixed HTTP redirection ...

Hello Readers

I have been recently playing with Windows 2012 R2 Web Application Proxy for Skype for Business URLs (Meet, Dialin, Lyncdiscover, Internal/External web services and WAC) and was getting a bit frustrated with the process. So like any good IT Professional I thought there must be an easier way to create the Skype for Business URLs with the required backend servers, port numbers and certificate.

Please welcome New-WebApplicationProxy.ps1 script designed to deploy and configure the required Skype for Business URL. In this script there is some customizable options in case you dont like the name conventions I have used for the Skype for Business URLs. You can edit the following using Notepad or Powershell ISE.

## Customize Options ## ${SfB Rule WebExt} = ‘Sfb rule for {0}’ ${SfB Rule LyncDiscover} = ‘Sfb rule for LyncDiscover’ ${SfB Rule Dial} = ‘Sfb rule for Dialin’ ${SfB Rule Meet} = ‘Sfb rule for Meet’ ${OOS Rule} = ‘Office Web App/Online Server Rule

Only edit the wording with ‘  ‘ for example ${SfB Rule LyncDiscover} = ‘Sfb rule for LyncDiscover’ to ${SfB Rule LyncDiscover} = ‘Sfb rule for LyncDiscover.lyncme.co.uk’

Section 1. Running the script

We will now run the process of how to create the Skype for Business URLs.

Launch Powershell as Administrator

Browse to the location of the downloaded script

Press Enter

Specify your public certificate thumbprint as shown above and Press Enter

Specify your internal domain name and Press Enter

Specify your external domain name and Press Enter

Specify your internal web services name as shown above and Press Enter

Examples of web services url are shown below

Specify your external web services name as shown above and Press Enter

Specify your internal Office Web Apps/Office Online Server name or Pool name as shown above and Press Enter

For the purpose of this post I have a single OOS called os01.lyncme.local

Specify your internal Office Web Apps/Office Online Server name or Pool Domain name as shown above and Press Enter

Specify your external Office Web Apps/Office Online Server name as shown above and Press Enter

This now completes the deployment and configuration of the Skype for Business URLs and Office Web Apps/Office Online Server.

Section 2.

Section 3. Downloading the Script

So where can you download this script?

http://ift.tt/2kChyVV

  If you have any ideas for me to improve this script? Ping me an email at [email protected]

  Regards

Andrew J. Price

Capitulo Extra - Jantar

- Por que está me abraçando? – ela me perguntou.

- Achei que você precisa se de um abraço – eu respondi enquanto a soltava.

- Você achou certo – nós sorrimos.

- MENINAS, VENHAM – meu pai nos chamou da cozinha.

Nós duas fomos para a sala de jantar e sentamos na mesa em silencio.

- Filha... Você e Carolina... – meu pai começou.

- Carol – eu o corrigi e sorri.

- Você e Carol, já são amigas? – ele perguntou

- Sim – nós respondemos juntas.

- Que ótimo – ele sorriu.

Nós começamos a comer.

- Então... Manu conte-me um pouco sobre você – Elena tentou puxar assunto.

- O que você quer saber? – perguntei desanimada, comecei a cutucar a comida.

- Hum... Pra onde você gostaria de viajar um dia?

- Londres – eu respondi.

- Seu pai me contou que você fala inglês fluentemente.

- É verdade...

- Fala mais alguma língua?

- Um pouco de espanhol.

Em todo o jantar ficamos conversando coisas sem importância e a conversa se estendeu para depois dele, na sala e continuou até Carol e Elena irem embora.

- O que você achou dela? - meu pai perguntou quando elas haviam ido embora.

- Sinceramente? - eu perguntei, já sabendo a resposta - não gostei muito dela.

- Por quê?

- Eu não sei, só não gostei.

Ficamos em silencio até minha mãe chegar para me levar para casa.

<< Capítulo Anterior || Próximo Capítulo >>