Re: Can't find informatin on passwdqc, pwqcheck or cracklib
On Fri, Mar 22, 2024 at 01:16:13PM +1100, n...@linearg.com wrote: > I'm wanting to upgrade my security, and like to use some of the suggested > tools. I've installed some of the tools, but can't find man pages on them. > Similarly there's no results to be had from googling. > I must be missing something.. As far as I can see [1], cracklib comes with man pages... Cheers [1] https://packages.debian.org/bookworm/amd64/cracklib-runtime/filelist -- t signature.asc Description: PGP signature
Please, don't feed the trolls [was: ...]
On Thu, Mar 21, 2024 at 09:28:11PM -0400, Paul M Foster wrote: > On Thu, Mar 21, 2024 at 06:47:10PM +, jmax wrote: > > > Dear Brothers and Sisters: [...] > I'm not your brother or sister [...] This was an obvious troll [1]. Don't feed them or they'll come back Cheers [1] https://en.wikipedia.org/wiki/Internet_troll "... a troll is a person who posts deliberately offensive or provocative messages online" -- t signature.asc Description: PGP signature
Re: Can't find informatin on passwdqc, pwqcheck or cracklib
On Fri, 2024-03-22 at 13:16 +1100, n...@linearg.com wrote: > I'm wanting to upgrade my security, and like to use some of the > suggested tools. I've installed some of the tools, but can't find man > pages on them. Similarly there's no results to be had from googling. > I must be missing something.. Information, basically. What 'tools'? Cheers!
Re: Can't find informatin on passwdqc, pwqcheck or cracklib
On Fri, 2024-03-22 at 13:16 +1100, n...@linearg.com wrote: > I'm wanting to upgrade my security, and like to use some of the > suggested tools. I've installed some of the tools, but can't find man > pages on them. Similarly there's no results to be had from googling. > I must be missing something.. In short: cracklib? cracklib2? Not all pkgs are covered by man pages, but there are plenty of other information sources. Cheers!
Can't find informatin on passwdqc, pwqcheck or cracklib
I'm wanting to upgrade my security, and like to use some of the suggested tools. I've installed some of the tools, but can't find man pages on them. Similarly there's no results to be had from googling. I must be missing something.. NC
Re: debian-niggers and debian-lgbt projects.
On Thu, Mar 21, 2024 at 06:47:10PM +, jmax wrote: > Dear Brothers and Sisters: > > I am interested in starting some debian projects. As a homosexual, > debian-using, black, I am surprised at the low numbers of black and/or LGBT > members of the debian community. I believe that starting debian-niggers, and > debian-gay or debian-lgbt projects would help to increase participation of > the respective parties in the debian community. I'm not your brother or sister, and not part of your demographic, and I really don't care whether you do or don't start a SIG on black or LGBT Debian interests. However, the word "nigger" is plainly offensive. It's been offensive for decades, and most recently, whites have been entirely prohibited from using the word, upon pain of death, while blacks readily use it with impunity. If you're going to start a SIG for black/LGBT Debianistas, I'd politely request you do so without resorting to inflammatory language. I imagine the term "debian-blacks" would serve just as well without aggravating an already strongly divided world. In fact, I suspect the less we pay attention to skin color, the better off we all will be. Paul -- Paul M. Foster Personal Blog: http://noferblatz.com Company Site: http://quillandmouse.com Software Projects: https://gitlab.com/paulmfoster
Re: Dependency meaning
On 2024-03-21 10:02 +0100, Detlef Vollmann wrote:
> This is essentially a follow-up on my question about the
> 64bit time_t transition.
> I'm trying to upgrade some packages manually.
> For this, I'm trying to understand the dependencies.
>
> 'apt-cache showpkg libssl3t64' gives me this:
>> Dependencies: 3.1.5-1.1 - libc6 (2 2.34) libssl3 (3 3.1.5-1.1)
>> openssh-client (3 1:9.4p1) openssh-server (3 1:9.4p1)
>> python3-m2crypto (3 0.38.0-4) libssl3 (0 (null)) libssl3:i386 (3
>> 3.1.5-1.1) libssl3:i386 (0 (null)) openssh-client:i386 (3 1:9.4p1)
>> openssh-server:i386 (3 1:9.4p1) python3-m2crypto:i386 (3 0.38.0-4)
>> libssl3t64:i386 (35 3.1.5-1.1) libssl3t64:i386 (38 3.1.5-1.1)
>
> I'm trying to understand, what the numbers in parentheses mean.
> The second numbers are obviously version numbers.
> I guess the first numbers are dependency types, but I have no idea,
> what they mean.
> The man page says "For the specific meaning of the remainder of the
> output it is best to consult the apt source code."
> I'd like to avoid this. Can anybody point me to a list what these
> numbers mean?
No, but I can point you to the source code. In cmdline/apt-cache.cc we
can find this passage where "Dependencies:" is printed:
,
| cout << "Dependencies: " << endl;
| for (pkgCache::VerIterator Cur = Pkg.VersionList(); Cur.end() != true;
++Cur)
| {
|cout << Cur.VerStr() << " - ";
|for (pkgCache::DepIterator Dep = Cur.DependsList(); Dep.end() != true;
++Dep)
| cout << Dep.TargetPkg().FullName(true) << " (" <<
(int)Dep->CompareOp << " " << DeNull(Dep.TargetVer()) << ") ";
|cout << endl;
| }
`
Don't worry if you do not understand everything, neither do I. The
mysterious first number is (int)Dep->CompareOp, so we need to figure out
what that is. The "Dep" structure is declared in apt-pkg/pkgcache.h:
,
|// These are all the constants used in the cache structures
|
|// WARNING - if you change these lists you must also edit
|// the stringification in pkgcache.cc and also consider whether
|// the cache file will become incompatible.
|struct Dep
|{
| enum DepType {Depends=1,PreDepends=2,Suggests=3,Recommends=4,
|Conflicts=5,Replaces=6,Obsoletes=7,DpkgBreaks=8,Enhances=9};
| /** \brief available compare operators
|
| The lower 4 bits are used to indicate what operator is being
specified and
| the upper 4 bits are flags. OR indicates that the next package is
| or'd with the current package. */
| enum DepCompareOp {NoOp=0,LessEq=0x1,GreaterEq=0x2,Less=0x3,
|Greater=0x4,Equals=0x5,NotEquals=0x6,
|Or=0x10, /*!< or'ed with the next dependency */
|MultiArchImplicit=0x20, /*!< generated internally, not spelled out in
the index */
|ArchSpecific=0x40 /*!< was decorated with an explicit architecture in
index */
| };
|};
`
Using that information it is possible to decipher the numbers. For
example, "libc6 (2 2.34)" means that libssl3t64 has a relationship with
libc6 (>= 2.34), "libssl3 (3 3.1.5-1.1)" means a relationship with
libssl3 (<< 3.1.5-1.1), and the strange numbers 35 and 38 for
libssl3t64:i386 appear because 0x20 (==32) is added (the
MultiArchImplicit flag).
How useful is all that? Probably not much, considering that we cannot
even tell the type of relation. It is probably better to just use
"apt-cache show".
Cheers,
Sven
Re: Root password strength
On 20.03.2024 20:28, Jan Krapivin wrote: I must mention that "32 characters" is only my guess. In the Handbook it is said: "The root user's password should be long (12 characters or more) and impossible to guess." Also, i must again say that in my case we speak just about a humble home desktop, without a ""ssh" access"" or whatever complicated. Thank you for your answers and tips. I will make a very strong password for root and a strong one for a user in the sudo group. This conclusion seems less than optimal to me. By condemning yourself to type 12+ character password every time you 'sudo' would really hurt accessibility and usability of your home computer and for no good reason. If we focus solely on your use case: a login security of a PC at home, without remote access, then password of your sudo user could be as short and simple as four numbers, of course unrelated to your date of birth, phone number, or any other easily guessable sequence of numbers, like '1234'. And to prevent guessing password by "bruteforce" you will need to restrict number of allowed login attempts. This could be done by enabling and configuring PAM module. ( man pam_faillock ) If configured correctly after a few failed login attempts user will be locked out for a configured amount of time and will be unlocked automatically once time passes. Also think about this scenario: a visitor or relative will get physical access to your PC and will be able to type on keyboard, reboot it, access USB ports, etc. If perpetrator could do all that, long passwords won't save you, because it is easy to reset passwords or add a new sudo user without knowing any passwords. This could be done by simply booting to live OS on USB drive and 'chroot' into filesystem of your OS. To defend from this scenario you need to have encrypted filesystem with a strong password and never leave your PC with logged in session. Logged in user session could be used by hackers in theory and practice to exploit a known (unpatched) or an unknown (0-day) vulnerability and escalate user privileges. Of course, these hackers have to come into your house first. :) -- With kindest regards, Alexander. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄
debian-niggers and debian-lgbt projects.
Dear Brothers and Sisters: I am interested in starting some debian projects. As a homosexual, debian-using, black, I am surprised at the low numbers of black and/or LGBT members of the debian community. I believe that starting debian-niggers, and debian-gay or debian-lgbt projects would help to increase participation of the respective parties in the debian community. The first step in achieving this goal is to start mailing lists, where fellow debian-using niggers and gays can communicate. It seems more and more niggers and fags are using ubuntu these days... It's time we got back to our roots! In hoping to achieve the success of debian-women, debian-lgbt (or debian-gay) and debian-niggers will be excellent additions to the debian community. Just as debian-women has brought together experts, and newbies alike, as equals in their womenhood, so shall debian-niggers and debian-lgbt (or debian-gay) bring all those willing together, as equals in their niggerness and homosexuality, in the spirit of free software. I'm sure if such great niggers as Doctor Martin Luther King Jr. or Juice WRLD were alive today, they would be GNU/Linux advocates! Heralds of free speech and free software! Please respond with haste, not hate! Jonathan Maxwell, Head of Free Speech at Gay Nigger Advocates of America, a division of SUKI (TM)
Re: Root password strength
> > You don't need a threat model to understand why writing a password on a > paper is generally a bad practice. > > But since you invest this much energy on defending a bad practice, I'll > let you keep the trend alone. > I have written down key passwords which I keep in my wallet. To get my wallet, you will have to shoot me dead (of course, you may very well be an expert pickpocket adept in the arcane arts of diversion). Anyhow, here in the Gallic regions where spring is busting out all over, this password question isn't even remotely related to the problem statement, as much of my personal data was revealed to unknown sources by a medical professional who fell for a phishing technique (my French SSN, name, DOB, and god know what else through no fault or foible of my own fell into nefarious hands). As a source of futile comfort, I can share my grief with nearly half of the French population. In more recent news, Pole Emploi, (which now goes by the moniker of 'France Travail'), suffered a similar a data breach. The only real remedy is to unplug yourself entirely from the system (Unibomber-style). À bon entendeur, salut ! --
Re: Dependency meaning
On 2024-03-21 at 05:02, Detlef Vollmann wrote: > This is essentially a follow-up on my question about the > 64bit time_t transition. > I'm trying to upgrade some packages manually. > For this, I'm trying to understand the dependencies. > > 'apt-cache showpkg libssl3t64' gives me this: You might also try 'apt-cache show libssl3t64', and compare the dependency-related parts of the results. >> Dependencies: >> 3.1.5-1.1 - libc6 (2 2.34) libssl3 (3 3.1.5-1.1) openssh-client (3 1:9.4p1) >> openssh-server (3 1:9.4p1) python3-m2crypto (3 0.38.0-4) libssl3 (0 (null)) >> libssl3:i386 (3 3.1.5-1.1) libssl3:i386 (0 (null)) openssh-client:i386 (3 >> 1:9.4p1) openssh-server:i386 (3 1:9.4p1) python3-m2crypto:i386 (3 0.38.0-4) >> libssl3t64:i386 (35 3.1.5-1.1) libssl3t64:i386 (38 3.1.5-1.1) > > I'm trying to understand, what the numbers in parentheses mean. > The second numbers are obviously version numbers. > I guess the first numbers are dependency types, but I have no idea, > what they mean. > The man page says "For the specific meaning of the remainder of the > output it is best to consult the apt source code." > I'd like to avoid this. Can anybody point me to a list what these > numbers mean? I don't think I even knew 'showpkg' was a verb for apt-cache, before this. That said, by comparing against the output of 'apt-cache show' for the same package name: it looks as if '2' is 'Depends:' and '3' is 'Breaks:'. I'm less sure about '35' and '38', but they might be 'Replaces:' and 'Provides" in some order. I was actually running the commands against the non-'t64' version of the package, because the one with that suffix isn't available in my configured repositories yet. That one doesn't include the '0' dependencies. Based on the fact that those dependencies are listed for the 't64' version of the package, my guess is that '0' is 'Conflicts:'. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Dependency meaning
This is essentially a follow-up on my question about the 64bit time_t transition. I'm trying to upgrade some packages manually. For this, I'm trying to understand the dependencies. 'apt-cache showpkg libssl3t64' gives me this: Dependencies: 3.1.5-1.1 - libc6 (2 2.34) libssl3 (3 3.1.5-1.1) openssh-client (3 1:9.4p1) openssh-server (3 1:9.4p1) python3-m2crypto (3 0.38.0-4) libssl3 (0 (null)) libssl3:i386 (3 3.1.5-1.1) libssl3:i386 (0 (null)) openssh-client:i386 (3 1:9.4p1) openssh-server:i386 (3 1:9.4p1) python3-m2crypto:i386 (3 0.38.0-4) libssl3t64:i386 (35 3.1.5-1.1) libssl3t64:i386 (38 3.1.5-1.1) I'm trying to understand, what the numbers in parentheses mean. The second numbers are obviously version numbers. I guess the first numbers are dependency types, but I have no idea, what they mean. The man page says "For the specific meaning of the remainder of the output it is best to consult the apt source code." I'd like to avoid this. Can anybody point me to a list what these numbers mean? Detlef
