
DISCLAIMER:
  This program takes advantage of an oversight in X windows.  I
haven't had much opportunity to make sure it works on any system
but my own, so no promises! It does work on my Ultrix DECstation,
with X11R6 from MIT (I think), and with Digital's version of the
X11R5 server.  The program, specifically spying on what other
people are typing, may violate some contract you signed for your
account or the law.  Use at your own risk, on your own
responsibility.

ABOUT:
  xspy, appropriately named as it is, is mostly useful for spying
on people; it was written on a challenge, to see if I could trick
Xwindows into giving up passwords from the xdm login window or
xterm secure-mode.  Because it can, the price I ask for
distributing it is that you don't use any information gained, in
an illegal or malicious manner.  Pranks are good, and if you think
of some good ones let me know!
  It works by polling the keyboard, by default every hundredth of
a second.  This polling is not affected by any secure modes,
which grab the keyboard.  This is an oversight by the designers
of X, and will probably be fixed sooner or later.

COMPILE:
  To compile:  xmkmf; make.  If you really want this, you have to
figure out how to compile it!  Th tiny Imakefile might work, but
you probably will have to edit code to make it work for your
system.  I did include a usleep function, in case your computer
doesn't have it.

PROTECTION:
  To protect your display from xspy, simply use the command
"xhost".  If it reports that any host can connect, use "xhost -"
to disable that.  Use "xhost" again to see if any hosts are
specifically mentioned.  For any host it lists, use 
"xhost -<host>" to disable access from that host.
  This should make it impossible for somebody to spy on your
session, unless they already are.  For more information, refer
the the X man page (may be Xws) or consult the Xwindows Security
FAQ.  Programmers: The only way a program can securely read input
is to call XGrabServer() and XGrabKeyboard() --most only grab the
keyboard, since grabbing the server is discouraged.


RELATED PROGRAMS:
  xevact (X EVent ACTions) is a program that I wrote that takes a
different approach: mark all windows to send xevact copies of
keystrokes and (any) other events.  It performs user-defined
actions; I have it set up the execute commands from the function
keys (F17 is xlock, etc) and to play an "orchestra hit" when I
type ctrl-c!
  xghostwriter takes a message you give it, and repeatedly remaps
the X keymap so that all keys are the next character in the
message.  It now sends just about any character (upper and lower
case, and symbols). Also it only works with things that support
the KeymapNotify events (like anything written with Xt or Motif,
including xterm).
    
  These and other programs of mine can be found on my website,
www.acm.vt.edu/~jmaxwell.

	--JAM (jmaxwell@acm.vt.edu)


Changes from 1.0b to 1.0c:
	Imakefile
	Now XKeyCodeToStr() uses static char buf[] so it doesn't
	  crash or return garbage anymore!  (Thanks for Claude
	  Lecommandeur for pointing this out).


