|
Tehran 1979 posted:Can't screenshot it. Soon as you hit the alt key it closes the menus. Just press the print screen button, paste into Paint, then take a cropped screenshot of the screenshot.
|
#
?
Dec 30, 2019 11:53
|
|
|
|
| # ? Apr 18, 2024 16:41 |
|
|
If you are on Windows 10, you can press WIN+SHIFT+S to open up the snipping tool and take a snippet of it. It puts the picture in your notification shade and you can click on it to annotate, save, or share it. Also, Greenshot is super amazing as a screenshot tool.
|
|
#
?
Dec 30, 2019 18:36
|
|
|
You can also set the Print Sceen button to automatically activate Snip & Sketch in the Ease of Access settings. No need for copy & pasting!
|
|
#
?
Dec 30, 2019 18:42
|
|
|
Nalin posted:Also, Greenshot is super amazing as a screenshot tool. You can also set Greenshot to directly output to mspaint or some other editing tool.
|
|
#
?
Dec 30, 2019 21:03
|
|
|
Thanks for all the advice, I ended up getting it to work from one of your ways and these are the whiteness that came back and I can't get rid of. https://imgur.com/FlXqVhW https://imgur.com/SzSmv3h It's just the default Windows dark theme, the addon "Dark Mode" and the Firefox theme "Light Black". I've uninstalled all the addons, turned Windows theme on/off, tried installing one at a time or mixed/match and none of it goes back to how it used to. Tehran 1979 fucked around with this message at 01:15 on Dec 31, 2019 |
|
#
?
Dec 31, 2019 01:12
|
|
|
Tehran 1979 posted:Thanks for all the advice, I ended up getting it to work from one of your ways and these are the whiteness that came back and I can't get rid of. This has apparently been a problem for a while; here's the bug tracking page for the context + popup menus: https://bugzilla.mozilla.org/show_bug.cgi?id=1553682 Doesn't look like it's a huge priority, unfortunately. I'm actually a bit curious about how you'd managed to get that behavior in the past. Might you have edited your userChrome type files to add some customizations there? e: For example, something like they suggest in the comments of this reddit thread. If so, make sure toolkit.legacyUserProfileCustomizations.stylesheets is set to true in about :config. astral fucked around with this message at 02:33 on Dec 31, 2019 |
|
#
?
Dec 31, 2019 02:28
|
|
|
Is there any add-on or something that would allow me to use the "send tab" function to send a tab at a specific date/time? IE. I have a tab open that I want to open on another computer on Saturday. Currently my workaround is to use Email This and then snooze it in Gmail until that time, but a one-step solution would be nice.
|
|
#
?
Jan 7, 2020 02:33
|
|
|
I have Firefox set to always be in private browsing mode. This automatically enables enhanced tracking protection, but disables the ability to add domains to its whitelist. Is there any way to re-enable this without just disabling private browsing? Private mode also seems to disable desktop notifications, can I get those back or no?
|
|
#
?
Jan 7, 2020 03:41
|
|
|
i vomit kittens posted:I have Firefox set to always be in private browsing mode. This automatically enables enhanced tracking protection, but disables the ability to add domains to its whitelist. Is there any way to re-enable this without just disabling private browsing? Private mode also seems to disable desktop notifications, can I get those back or no? You could set Firefox to not remember history and to delete cookies & cache on exit, and then use regular Firefox instead of private browsing.
|
|
#
?
Jan 7, 2020 04:26
|
|
|
Firefox 72 releases today. Mac and Linux get picture-in-picture mode now. Also be aware that "Enhanced Tracking Protection" was updated to block fingerprinting scripts, so that may cause additional site problems for people who use it. Firefox 73 beta doesn't seem to have much interesting stuff. You can set a default zoom level, they fixed some audio bugs when audio isn't played at 100% speed, and they added a second DNS over HTTPS provider (NextDNS) and added a drop-down that lets you choose your provider (if you turn the option on). Hopefully it fixes some of the graphical corruption issues that I was encountering in the 72 beta.
|
|
#
?
Jan 7, 2020 20:47
|
|
|
I've been considering getting a password manager, but then went into a weird hellhole of research over the last few days and now I am more uncertain than ever. I just don't know what to choose! Never had one before so I'm probably experiencing information overload. For free options across multiple devices, I think the only real options are BitWarden, Lastpass, and Keepass, correct? Basically, I use multiple computers, and my Android phone mostly. I thought a password manager lets me remember one password and then I can use it across multiple devices. But then I thought, what if, for whatever reason, I lose my master password. And then I read people say it's still not secure if someone manages to say break into my phone/laptop. And then I think of all the accounts I need to create passwords for to be secure. What happens if someone gets a monopoly? Is it difficult to transfer passwords? Can they hack in forever? What if I want to get off the ecosystem? Aaaaaaa I'm just overwhelmed. My gut feel is password manager is a definite improvement. But I've never used one before and I'm not sure how to go about doing it. Any advice either way, or a resource that I should refer to? Apologies if this is the wrong thread or has been discussed, went back a couple pages briefly and didn't see it in the opening either.
|
|
#
?
Jan 8, 2020 11:46
|
|
|
Keepass works by storing your passwords in an encrypted database file. The database is only decrypted when you unlock it with your master password, and when you lock it again (it automatically does that after an inactivity timeout) the application makes sure to clear the memory that was occupied by the decypted passwords. This means the possible attack vectors are capturing a copy of your password database plus master password, or compromising your system with software that can steal decypted passwords out of memory while the database is unlocked, or remote unprivileged attacks using Spectre/Meltdown/related vulnerabilities to steal decrypted passwords out of memory. The latter can be executed by Javascript/WebASM on pages you visit, depending on installed mitigations. If you use a browser plugin you also get additional possible attack vectors through that. The primary advantage of a password manager is making it easier to use unique passwords on every service that requires one, so when one service is compromised, your accounts on other services are unaffected. The disadvantage is if a determined attacker compromises your password database, all your accounts are compromised, except those with proper 2FA. Yes it's a risk if someone breaks into your device. If you let them do that, they could just as well install a keylogger and capture the passwords you type on the keyboard. Monopoly/lock-in is not a risk with Keepass at least, since it's free/open software and the data is stored in a file under your control, not on a cloud service (unless you put it there yourself.) I use Keepass, store my password database on OneDrive, synced between my desktop and my phone. My master password is 30+ characters, which I can type in a few seconds. I don't use a browser plugin, but rather copy-paste the passwords from the application when I need them. If I need a password while at work or somewhere else I don't have Keepass installed on the computer, I look it up on my phone, have it show the password on screen, and type it manually.
|
|
#
?
Jan 8, 2020 13:44
|
|
|
Artelier posted:But then I thought, what if, for whatever reason, I lose my master password. Once you only have to remember a single password that you never* have to change, it becomes remarkably easy not to lose it. *unless the service gets hacked and it turn out they were doing dumb things that reduced security (cough cough Lastpass) But you can also write it down and keep it in a safe place if you're worried. If you have a filing cabinet with important docs like birth certificates or whatever, that's good. A criminal that breaks into your house will grab your laptop off the table, they don't spend time looking through your tax returns. When I switched to a password manager system, I wrote down my google password and put it in a safe spot. That way in the unlikely event that every computer-type device I own is lost or stolen at the same time, I can get back into my gdrive where my keepass file is. But that's a problem specific to keepass where someone else is providing the cloud. If I was using bitwarden or 1password that wouldn't be possible. As for what to use, I think you should use Bitwarden. If you're already overwhelmed at this stage just use something easy. Artelier posted:Lastpass
|
|
#
?
Jan 8, 2020 15:38
|
|
|
I'm lazy and just use Firefox's built in password manager/generator. Works fine since I only use Firefox on all my machines.
|
|
#
?
Jan 8, 2020 15:49
|
|
|
Thanks for the advice everyone! Great info, will do more specific research on how to use BitWarden or Keepass, and leaning towards BitWarden so far yes. ...Also I hope I'm not the only one that constantly reads it as Keep rear end.
|
|
#
?
Jan 8, 2020 16:14
|
|
|
Artelier posted:
this is honestly the main reason i am considering switching over to using it
|
|
#
?
Jan 8, 2020 16:44
|
|
|
For anyone else that used the tabs on the bottom css script and had it break again when updating to Firefox 72, there's two ways to fix it. If that's the only thing you have in your userchrome file, you can just remove the @namespace line at the top and it works again. Otherwise, use the instructions here to give it it's own file in that folder. I was able to just delete my @namespace line so I don't know how well the other method works, exactly. It wasn't that long ago I had to update the script, it's getting to be kind of a pain in the rear end to keep my tabs where I want them 
|
|
#
?
Jan 8, 2020 17:22
|
|
|
Keepass password databases are designed to be copied over unsafe medium. The database encryption algorithm is designed to be slow to decrypt and to require a large amount of memory so that it is less efficient to brute force even if an attacker gets their hands on the database file. E: but yes, the main advantage is using a unique random password for every site and service you use
|
|
#
?
Jan 8, 2020 19:18
|
|
|
Artelier posted:I've been considering getting a password manager, but then went into a weird hellhole of research over the last few days and now I am more uncertain than ever. I just don't know what to choose! Never had one before so I'm probably experiencing information overload. Well your research was worthless and led you badly astray. Go with KeepAss. Put all your not-super-important passwords there. All my actual important passwords are on physical objects, held in a location I know and lock, and in a wholly indecipherable cipher. If your research made you consider LastPass as even an option the research was worthless garbage, and so are the whole "it's not secure if someone hacks YOUR BRAIN" Reddit bullshit, and literally everything followed "But then I thought". Password managers help you reduce password reuse, and reusing passwords is the biggest security problem. It's not about complex nonsensical passwords, because those are actually entirely worthless. (Apart from the problem where a lot of other people are also using the same password, like password123.) They're not perfectly secure but they're secure enough, and if "secure enough" isn't good enough for you please refer to Plato's discussions about his cave.
|
|
#
?
Jan 8, 2020 19:51
|
|
|
I use Bitwarden. It is cool and nice.Artelier posted:But then I thought, what if, for whatever reason, I lose my master password. What I do is I keep my Gmail password (of similar complexity + 2FA on both ofc) out of the manager and some info on Gmail to help me remember it but not enough for someone to figure it out. That way, if I lose all the manager passwords I can just recover them to my mail. And if someone breaks into my manager, they still can't get my main mail. Converting everything at once is a pain, just do it bit by bit. Do your most visited sites in one go, then just do the rest as you visit them or the login cookies expire.
|
|
#
?
Jan 8, 2020 20:51
|
|
|
endlessmonotony posted:It's not about complex nonsensical passwords, because those are actually entirely worthless. What do you mean by that?
|
|
#
?
Jan 8, 2020 21:40
|
|
|
Is there a way to resize tabs on the tab bars? I recently did a clean install and finally updated firefox past 56, but now my tab bars is all crunched up with basicly no text. I could not find any addon that will fix this, other than sidebar like stuff, that I have never bothered to use, and do not really want to use.
|
|
#
?
Jan 8, 2020 23:09
|
|
|
Wheany posted:What do you mean by that? If you're at the situation where someone's bothering to break into a properly implemented system by bruteforcing it, all of the passwords in that container are already compromised because it's only a matter of time. Longer passwords do mean it takes a (lot) longer to bruteforce but it's not about the complexity to humans at that point. All complex characters and being perfectly random can be replaced with adding one more word to the passphrase. The only real thing you can do is to protect yourself against dictionary attacks as far as bruteforcing goes. The rest... if you've got someone who wants your info and can credibly bruteforce it out then they don't actually have to give a poo poo about what your password is. A properly implemented system throws up roadblocks to bruteforcing - optimally by restricting the rate of attempts to something a human barely notices but that really slows down a computer trying passwords as fast as it can. In the case of situations where that's not possible, like a KeepAss database, the system itself is complex and (computationally) expensive enough you have to throw some fairly significant money to crack something longer than, say, ten characters. Either that's too daunting for them or they've got your passwords already and it didn't actually matter. Meanwhile if a site gets compromised they'll have your password, and they'll have your email, so they'll just try that on other sites. It's something that actually happens.
|
|
#
?
Jan 8, 2020 23:23
|
|
|
endlessmonotony posted:Meanwhile if a site gets compromised they'll have your password, and they'll have your email, so they'll just try that on other sites. It's something that actually happens. This isn't an argument against using "nonsensical passwords" though, assuming that nonsensical means randomly generated. That is an argument against password reuse, which you don't have to do when you have a password manager. You just generate a new password for every site you register on and let the password manager remember it. You don't even have to see your password if you just copy and paste it (or autotype it).
|
|
#
?
Jan 9, 2020 11:16
|
|
|
The password manager solves the problem of reused passwords, even though they need not be very complex. But an argument for using complex passwords nonetheless is that Random Site may not be storing the passwords with salts. So someone else of the 1 billion users might by chance also have "chzded445" and once that password is discovered in a rainbow attack, all users with that password are simultaneously compromised. If yours is likely to be unique, your social media account won't be fighting for Putin or whatever. An argument for using very complex master passwords for the manager is that the manager provider's database is a super high value target. The provider also have limited resources in defending against attacks, probably take on open source volunteers etc. So a leaked database is definitely something a powerful actor would care about, because it could contain a treasure trove and can be attacked efficiently. There's probably many that have a super complex password for their government job, but have stored it in a manager secured by "SafePassword2017". The diceware method is great (battery horse staple etc). http://world.std.com/~reinhold/diceware.html You can for instance generate a bunch of six word sentences, then store all those safely somewhere. Then build your passphrase from that collection, perhaps sprinkle with some phrase or character not written down. If you forget it, looking at that collection should hopefully be enough to jog your memory. But it's not likely that someone will reconstruct it unless you've written exactly what it is and is for, or you are a stupid president or otherwise a very high value target. You can of course use a password manager you host yourself. Then the risk is more about less practicality, losing access to it, deleting it by accident etc.
|
|
#
?
Jan 9, 2020 12:31
|
|
|
If the site's bad enough to have bad salt the rest if its security won't be up to snuff either. Having a long password for the password manager itself isn't a bad idea but honestly it's still a risk reward equation for the attacker and attacking a password manager database has a high risk of wasting a lot of electricity for sweet fuckall. Meanwhile loving lol at a password manager standing up to a state actor. A jilted ex is the number one threat scenario for a password manager. Also the argument against nonsensical passwords is they're a pain in the rear end to enter manually when you need to and barely improve security even in an optimal case.
|
|
#
?
Jan 9, 2020 13:01
|
|
|
endlessmonotony posted:If the site's bad enough to have bad salt the rest if its security won't be up to snuff either. That's not guaranteed, everything can be tip top apart from using a salted hash. Lots of sites have otherwise competent engineers that think they've made the a good solution, but aren't quite up to date on the present best practice. One example is using very strong encryption algorithms instead of hashing, where the password itself is also the password of the encryption, perhaps with a common salt. The output effectively becomes a rainbow attackable hash since two similar passwords will have the same output. endlessmonotony posted:Having a long password for the password manager itself isn't a bad idea but honestly it's still a risk reward equation for the attacker and attacking a password manager database has a high risk of wasting a lot of electricity for sweet fuckall. It needn't be a state actor but well organized credit card stealers etc. Stealing the Bitwarden db means you can attack it efficiently at your leisure. If your password is easy to guess, i.e. easy to find in a password list or generate with common cracking techniques, no algorithm is secure enough. If your password is likely to be unique and long enough and the algorithm used is one of the good ones, no state is powerful enough to open your password manager in the lifetime of the solar system. endlessmonotony posted:A jilted ex is the number one threat scenario for a password manager. Speak for yourself on this one... endlessmonotony posted:Also the argument against nonsensical passwords is they're a pain in the rear end to enter manually when you need to and barely improve security even in an optimal case. But do you advocate generating passwords that make sense? Or not using a manager? I have 100+ passwords in my manager now, I wouldn't be able to remember all of those without some degree of reuse. It is indeed a pain in the rear end to enter manually on the extremely rare occasion copy/paste doesn't work, perhaps it would be easier if the manager generated diceware ones. But it's such a rare and minuscule problem that it's hardly an argument against managers or their common workflow.
|
|
#
?
Jan 9, 2020 13:32
|
|
|
Ola posted:It is indeed a pain in the rear end to enter manually on the extremely rare occasion copy/paste doesn't work, perhaps it would be easier if the manager generated diceware ones. There are websites out there that prevent pasting in passwords or simply require the user to type something in the password field before the login button is enabled. Rare but they exist. And, in my personal opinion, they can die in a fire. Had a security team from India test a website I made a few years ago and the fact that one could paste text into the password field was one of the issues they raised. 
|
|
#
?
Jan 9, 2020 15:03
|
|
|
Lotta really weird & bad password talk here from people who definitely don't know what they're talking about. There is zero difference between a password composed out of random alphanumeric characters and a phrase from a bunch of words, as long as they have the same entropy (aka randomness) value. One word from a diceware list has about the same value as 2 alphanumeric characters. If 6 random words is easier to remember than 12 random characters, that's fine and you should feel great using words. But words do not have any inherent value. Your master password for a password manager does not need to be an insanely long phrase or in general be a "harder" password than the passwords for websites that it contains. This is because the database is protected by stronger and more time-consuming algorithms than what websites use to protect your passwords. Ola posted:But an argument for using complex passwords nonetheless is that Random Site may not be storing the passwords with salts. So someone else of the 1 billion users might by chance also have "chzded445" and once that password is discovered in a rainbow attack, all users with that password are simultaneously compromised. If yours is likely to be unique, your social media account won't be fighting for Putin or whatever. This is not how rainbow attacks work, a rainbow table doesn't have every combination of random characters. All combinations of just 9 random alphanumeric characters is 62^9 entries long. If every entry of key + hashes is just 100 bytes, your rainbow table is (62^9*100)/(1024^6) = 1.17 exabytes. (Uncompressed text though, put it in a zip file and it'll only be a couple dozen petabytes or so. Have fun torrenting that!) A 9 character alphanumeric is stupidly low if you're using a password manager. Bitwarden defaults to 14 characters. So plug 14 into that bit of math up there instead of 9 and run it through your calculator. endlessmonotony posted:Meanwhile loving lol at a password manager standing up to a state actor. The NSA would not be able to break my Keepass database, unless they have top-secret quantum computers or backdoors in cryptography or have discovered math that collapses factoring. My keepass takes about a second of CPU time to decrypt. Even if the NSA has computers 100 billion times faster than mine, it would take years to centuries. If a state actor wants to know my passwords they'll sneak into my house and replace my keyboard cable with a seemingly identical cable that actually has a tiny keylogger in it that transmits everything I type to the van outside.
|
|
#
?
Jan 9, 2020 16:29
|
|
|
Klyith posted:There is zero difference between a password composed out of random alphanumeric characters and a phrase from a bunch of words, as long as they have the same entropy (aka randomness) value. One word from a diceware list has about the same value as 2 alphanumeric characters. If 6 random words is easier to remember than 12 random characters, that's fine and you should feel great using words. But words do not have any inherent value.
|
|
#
?
Jan 9, 2020 16:37
|
|
|
Klyith posted:If a state actor wants to know my passwords they'll sneak into my house and replace my keyboard cable with a seemingly identical cable that actually has a tiny keylogger in it that transmits everything I type to the van outside. Or just use a wrench
|
|
#
?
Jan 9, 2020 16:37
|
|
|
Klyith posted:If a state actor wants to know my passwords they'll sneak into my house and replace my keyboard cable with a seemingly identical cable that actually has a tiny keylogger in it that transmits everything I type to the van outside. I saw a security hardware vid on that kind of stuff once. They have made some creepy things. Like unpowered radio reflective inserts into video cables that someone transmit data to the remote scanning device. (More or less, thats my vague memory)
|
|
#
?
Jan 9, 2020 16:38
|
|
|
FRINGE posted:I saw a security hardware vid on that kind of stuff once. They have made some creepy things. Like unpowered radio reflective inserts into video cables that someone transmit data to the remote scanning device. (More or less, thats my vague memory)
|
|
#
?
Jan 9, 2020 16:42
|
|
|
FYI, there's a critical security flaw in every version of Firefox below 72.0.1 (68.4.1 ESR) with active exploits in the wild. Update ASAP 
|
|
#
?
Jan 9, 2020 16:45
|
|
|
D. Ebdrup posted:Dictionary attacks are the exact reason why words should be avoided. There's zero difference between a brute force attack of words from a dictionary vs characters from alpha/alphanum/etc. It's going through the list of all possible combinations either way. Against weak hashing systems a 4 word diceware phrase and a 9 character alpha are relatively equivalent (both are bad). Against the same attack 6 words of diceware requires as many guesses as 13 characters of alphanum. Both are good. 7776^6 = 2.2x10^23 permutations 62^13 = 2.0x10^23 permutations Pre-computed rainbow tables do not exist for either. Both will take 1000s of years to crack. Dictionary attacks are why the average passwords that most people use, a word plus some characters to make the box stop yelling about needing a capital letter and a number, are extremely breakable. A password like "myjohnson_9IN" is to 2 dictionary words (bad) and 4 random characters (bad), and combining two bad things is still bad. But there is a reason why long passphrases are questionable specifically for various websites: web forms, aka the box you type your password into, have to truncate input somewhere. They don't want you to paste the entirety of war and peace into the password box and try to submit it. Some crap websites have been known to truncate input at stupidly short number of characters, turning a passphrase into "correct horse batter" and a much weaker password. Now, this is the fault of the dumb websites. But still a reason that a password manager defaults to 14 or 20 random characters. tl;dr get a password manager, use the default password generator for your passwords. FRINGE posted:I saw a security hardware vid on that kind of stuff once. They have made some creepy things. Like unpowered radio reflective inserts into video cables that someone transmit data to the remote scanning device. (More or less, thats my vague memory) The USB cable thing was a direct example from the Snowden leaks iirc. Now if I'd wanted to be funny I'd use the mossad example.
|
|
#
?
Jan 9, 2020 18:44
|
|
|
Klyith posted:If a state actor wants to know my passwords they'll sneak into my house and replace my keyboard cable with a seemingly identical cable that actually has a tiny keylogger in it that transmits everything I type to the van outside. Or they just send a few well dressed men who will politely ask for the password.
|
|
#
?
Jan 9, 2020 19:03
|
|
|
Wheany posted:Or they just send a few well dressed men who will politely ask for the password. They'll just send an email to the hoster where your data is stored.
|
|
#
?
Jan 9, 2020 19:07
|
|
|
Lambert posted:They'll just send an email to the hoster where your data is stored. That doesn't help with keepass.
|
|
#
?
Jan 9, 2020 19:15
|
|
|
Wheany posted:That doesn't help with keepass. Yeah, but I assume the government would be more interested in your emails, or chat messages than your rear end collection. I guess 1password used to be the ideal password manager in that respect, considering they used to store all metadata unencrypted.
|
|
#
?
Jan 9, 2020 19:19
|
|
|
|
| # ? Apr 18, 2024 16:41 |
|
|
Ola posted:That's not guaranteed, everything can be tip top apart from using a salted hash. Lots of sites have otherwise competent engineers that think they've made the a good solution, but aren't quite up to date on the present best practice. One example is using very strong encryption algorithms instead of hashing, where the password itself is also the password of the encryption, perhaps with a common salt. The output effectively becomes a rainbow attackable hash since two similar passwords will have the same output. This is a scenario that doesn't exist. I wouldn't worry about problems that aren't going to exist. Ola posted:But do you advocate generating passwords that make sense? Or not using a manager? I have 100+ passwords in my manager now, I wouldn't be able to remember all of those without some degree of reuse. It is indeed a pain in the rear end to enter manually on the extremely rare occasion copy/paste doesn't work, perhaps it would be easier if the manager generated diceware ones. But it's such a rare and minuscule problem that it's hardly an argument against managers or their common workflow. I absolutely advocate against reuse. I generally try to go for pronounceable strings for passwords, 12-24 chars depending on how much a poo poo I give about the site. A few actually important sites are on physical tokens in a lockbox, indeed using a "these will eventually turn into the password if you can remember the route" setup. Klyith posted:The NSA would not be able to break my Keepass database, unless they have top-secret quantum computers or backdoors in cryptography or have discovered math that collapses factoring. My keepass takes about a second of CPU time to decrypt. Even if the NSA has computers 100 billion times faster than mine, it would take years to centuries. This is exactly why I said that. By the time you're dealing with state actors it's absolutely not your password manager that's the target or a meaningful component of your data leaving your possession.
|
|
#
?
Jan 9, 2020 19:28
|
|