|
Lain Iwakura posted:hey everyone. what is the best vpn? 🙃 libreswan obv. in unrelated news, turns out the feature we added to execute arbitrary code (with full access to our user management libraries) can be used for privilege escalation attacks. who'd have guessed!? this feature basically exists so that we can tick an extra box for procurement departments. im pretty sure nobody has used it for its stated purpose ever.
|
#
?
Oct 22, 2019 03:20
|
|
|
|
| # ? Apr 29, 2024 13:16 |
|
|
what kind of insane handle opens upwards like that
|
|
#
?
Oct 22, 2019 04:28
|
|
|
i was going to leave this here without comment and jump on a plane, but i hosed up actually posting before i lost signal, so now i just have to give it this lovely prologue anyway it might be interesting to people
|
|
#
?
Oct 22, 2019 05:33
|
|
|
Krankenstyle posted:what kind of insane handle opens upwards like that it feels like a full two-thirds of ollam's cool bypasses only work on shoddy american doors
|
|
#
?
Oct 22, 2019 05:43
|
|
|
Share Bear posted:gonna guess this is still correct? https://gist.github.com/grugq/353b6fc9b094d5700c70 what makes freedome an acceptable vpn?
|
|
#
?
Oct 22, 2019 06:02
|
|
|
Shaggar posted:I use nordvpn with code lowtaxspine and it works fine for downloading Linux isos. i use it for anything because my government session logs everything and insists on handing out traffic logs to any lawyer who asks no questions asked
|
|
#
?
Oct 22, 2019 09:11
|
|
|
Lain Iwakura posted:hey everyone. what is the best vpn? 🙃 pptp
|
|
#
?
Oct 22, 2019 09:56
|
|
|
rjmccall posted:i was going to leave this here without comment and jump on a plane, but i hosed up actually posting before i lost signal, so now i just have to give it this lovely prologue this is great, thank you. I didn’t really understand the discriminator stuff before, but I think I do now
|
|
#
?
Oct 22, 2019 11:58
|
|
|
Krankenstyle posted:what kind of insane handle opens upwards like that ADA compliant ones.
|
|
#
?
Oct 22, 2019 14:13
|
|
|
i accidentally opened up lDAP to the internet and the past month my azure vm uploaded like 17 tb. it was only like 6 or 700 bucks which seems pretty reasonable
|
|
#
?
Oct 22, 2019 14:14
|
|
|
sure thats bad to add to DOS attacks, but it also felt kinda good to finally be part of something bigger than myself
|
|
#
?
Oct 22, 2019 14:15
|
|
|
CMYK BLYAT! posted:libreswan obv. Disable it by default and require admin configuration to enable it?
|
|
#
?
Oct 22, 2019 14:16
|
|
|
Deviant Ollam's talks are great.
|
|
#
?
Oct 22, 2019 14:39
|
|
|
Volmarias posted:Disable it by default and require admin configuration to enable it? I think you'll find that might generate calls to support.
|
|
#
?
Oct 22, 2019 15:29
|
|
|
But if no one uses it...
|
|
#
?
Oct 22, 2019 15:31
|
|
|
Subjunctive posted:this is great, thank you. I didn’t really understand the discriminator stuff before, but I think I do now yeah, discriminators are totally central to the protection because it’s unfortunately proven not that hard to find whole functions that work as gadgets it’s like some sort of hosed-up cake recipe where, okay, you need three cups of flour, a cup of oil, and two cups of sugar, but unlike normal that list isn’t exclusive and it’s okay to throw in ingredients with random other garbage as long as they get you towards your total. like, here’s a dead rat, its carcass contains oil that analogy was not as illuminating as i was hoping but it sure got vivid anyway i’m giving a talk about this in about two hours, as soon as the recording is up i’ll let y’all know
|
|
#
?
Oct 22, 2019 15:39
|
|
|
Krankenstyle posted:what kind of insane handle opens upwards like that in addition to ADA compliance that Shaggar pointed out there's no reason for the manufacturer to restrict the mechanism because you can just buy the same handle and mount it on either side of a door as needed
|
|
#
?
Oct 22, 2019 15:45
|
|
|
Krankenstyle posted:what kind of insane handle opens upwards like that the only thing novel about that is being able to use film and not a piece of scrap metal like do usually does, like 15m29s in: https://www.youtube.com/watch?v=raBMFqZRB0s&t=929s
|
|
#
?
Oct 22, 2019 17:34
|
|
|
today at NYT: infoesec is for someone else https://twitter.com/runasand/status/1186775481615605760
|
|
#
?
Oct 23, 2019 00:48
|
|
|
May the Krebs be with you
|
|
#
?
Oct 23, 2019 01:10
|
|
|
infernal machines posted:today at NYT: infoesec is for someone else holy poo poo who would ever get rid of Runa
|
|
#
?
Oct 23, 2019 03:18
|
|
|
Subjunctive posted:holy poo poo who would ever get rid of Runa why have runa when you can have bret stephens and bari weiss
|
|
#
?
Oct 23, 2019 03:21
|
|
|
Subjunctive posted:holy poo poo who would ever get rid of Runa the "failing" ny times, apparently this seems like some oldschool "it is a cost center" stuff, but who knows
|
|
#
?
Oct 23, 2019 03:24
|
|
|
Phone posted:why have runa when you can have bret stephens and bari weiss well there is that
|
|
#
?
Oct 23, 2019 03:25
|
|
|
if security is so important how come we dont get pwned more, huh, can you answer that smart guy
|
|
#
?
Oct 23, 2019 04:47
|
|
|
Bulgakov posted:lol I never saw this
|
|
#
?
Oct 23, 2019 06:07
|
|
|
yah beat me to it
|
|
#
?
Oct 23, 2019 06:15
|
|
|
p sure you didn't have to like, hack anything to know trump's password was "yourefired" like it had to be that, or maybe that but misspelled in other ways by his fat stubby sausage fingers
|
|
#
?
Oct 23, 2019 06:27
|
|
|
I'm slightly late to password manager chat, but: keepassXC doesn't have the same synchronize feature that keepass does, although it has its own, different version. KeepassXC's sync/share feature is called KeeShare and by all metrics it sucks rear end. The basic idea is that you'd create a new password group and during the setup (naming, icon selection) a KeeShare 'type' can be selected, either import, export, or sync. You set a path and a password, then you can send 'shared.kdbx.share' to anybody you want and they can import it into their KeepassXC, then you share the passphrase separately for them to unlock and import it. Imagine trying to use this process to get a password from your computer to your phone. As a few others said, Bitwarden feels like a more polished, non-rent-collecting alternative to pretty much all the solutions. Flawless multi-device sync and a pretty generous selection of multi-factors. Yubikey, Duo, TOTP, u2f, all supported out-of-the-box if you host it yourself. I think that selection is limited if you use the non-paid hosted version. on another note, when i attempt to install keepass on my computer it wants to install mono (!!) code:
|
|
#
?
Oct 23, 2019 06:30
|
|
|
Original GANster posted:As a few others said, Bitwarden feels like a more polished, non-rent-collecting alternative to pretty much all the solutions. Flawless multi-device sync and a pretty generous selection of multi-factors. Yubikey, Duo, TOTP, u2f, all supported out-of-the-box if you host it yourself. I think that selection is limited if you use the non-paid hosted version. oh that makes sense, was sorta wondering how they would have an open source thing with those omitted - i imagine someone would just fork it and implement support if they werent there anyway been using it a few days now and its been pretty much a drop-in replacement after having used 1pass for the last ~year. and having actual standalone apps everywhere has been nice the desktop apps are electron iirc, but still better than 1pass only providing a browser plugin with functionality removed. for example I had to use the work mac to export my stuff since the 1pass browser plugin doesnt do that
|
|
#
?
Oct 23, 2019 07:12
|
|
|
Progressive JPEG posted:the desktop apps are electron iirc love 2 use a password manager that might randomly leave a convenient debugging port open in case you leave your laptop at home and need to do a quick rce to get your passwords
|
|
#
?
Oct 23, 2019 09:09
|
|
|
about vpns, mullvad is an alternative to protonvpn if you look for one. they are third party audited, support wireguard, and as low commitment as you can get for a paid service in terms of data - but far from cheapest. third vpn rec i could make is airvpn, but ive moved on from them and have not followed the service since 2016
|
|
#
?
Oct 23, 2019 09:11
|
|
|
Progressive JPEG posted:oh that makes sense, was sorta wondering how they would have an open source thing with those omitted - i imagine someone would just fork it and implement support if they werent there i've been running an unofficial clone called bitwarden_rs (https://github.com/dani-garcia/bitwarden_rs) for a few weeks that allows mysql/sqlite to be used instead of mssql which is what the official one wants for some reason Progressive JPEG posted:the desktop apps are electron iirc very easy access through the browser instead which i prefer, and second factors are always required for a browser login, but not with the client when i initially tried it (once i'd logged into the client, I didn't have to 2fa anymore to "unlock" the vault next time i started it)
|
|
#
?
Oct 23, 2019 09:48
|
|
|
Original GANster posted:on another note, when i attempt to install keepass on my computer it wants to install mono (!!) well, yeah. the original keepass is made with c#. with mono it can run on any platform, and it has the most plugin support so i use that, and it works ok.
|
|
#
?
Oct 23, 2019 12:25
|
|
|
yeah, and if you wanted to run a java program it'd need the jre lol
|
|
#
?
Oct 23, 2019 12:56
|
|
|
akadajet posted:yeah, and if you wanted to run a java program it'd need the jre lol Oracle Keepass
|
|
#
?
Oct 23, 2019 13:18
|
|
|
Progressive JPEG posted:for example I had to use the work mac to export my stuff since the 1pass browser plugin doesnt do that
|
|
#
?
Oct 23, 2019 14:05
|
|
|
Chris Knight posted:why would it? the plugin is for filling in login information to the browser and that's it. b/c 1password doesn't have a standalone app for All Platforms and bills the browser extension as the substitute
|
|
#
?
Oct 23, 2019 14:07
|
|
|
Captain Foo posted:Oracle Keepass for Enterprise 69g
|
|
#
?
Oct 23, 2019 14:20
|
|
|
|
| # ? Apr 29, 2024 13:16 |
|
|
I just recently heard of this password app called myki - has a kind of interesting security model where everything lives on the phone and it can be used in browsers with you authing with touch/Face ID. anyone know anything about if it’s a massive pos?
|
|
#
?
Oct 23, 2019 14:52
|
|
