Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
Dale wrote: J. Roeleveld wrote: On Monday, July 20, 2015 05:05:44 PM Dale wrote: Now I'm only left wondering about mkvtoolnix package. It still fails. Going to see what depends on that and remove it if I can. Thanks much. Thanks to Alan as well. Dale :-) :-) Dale, When I check mkvtoolnix, I only see a 6.x version and a 8.x version. There is no 7.x version available: $ eix mkvtool [I] media-video/mkvtoolnix Available versions: 6.6.0{tbz2} ~8.2.0-r1 {curl debug pch qt4 qt5 wxwidgets} Installed versions: 6.6.0{tbz2}(06:03:38 PM 07/20/2015)(qt4 wxwidgets - debug -pch) Homepage:http://www.bunkus.org/videotools/mkvtoolnix Description: Tools to create, alter, and inspect Matroska files -- Joost This is what I get here: root@fireball / # qlop -s | tail Fri Jun 26 18:58:36 2015 gentoo Sun Jun 28 18:27:47 2015 gentoo Wed Jul 1 18:02:05 2015 gentoo Sun Jul 5 20:59:22 2015 gentoo Tue Jul 7 18:15:26 2015 gentoo Thu Jul 9 06:19:03 2015 gentoo Sat Jul 11 12:45:14 2015 gentoo Sun Jul 12 18:27:27 2015 gentoo Mon Jul 13 19:30:28 2015 gentoo Sun Jul 19 20:29:01 2015 gentoo root@fireball / # equery list -p mkvtoolnix * Searching for mkvtoolnix ... [-P-] [ ] media-video/mkvtoolnix-6.6.0:0 [IP-] [ ] media-video/mkvtoolnix-7.3.0:0 [-P-] [ ~] media-video/mkvtoolnix-7.4.0-r1:0 [-P-] [ ~] media-video/mkvtoolnix-7.5.0:0 [-P-] [ ~] media-video/mkvtoolnix-7.6.0:0 [-P-] [ ~] media-video/mkvtoolnix-7.7.0:0 [-P-] [ ~] media-video/mkvtoolnix-7.8.0:0 [-P-] [ ~] media-video/mkvtoolnix-8.1.0:0 [-P-] [ ~] media-video/mkvtoolnix-8.2.0:0 root@fireball / # I synced just a few days ago and I have several 7.* versions available here. I'm pretty sure I don't have any layman stuff in use here either. I haven't used one of those in ages. I wonder why we have something different? Oh, I did manage to get this to work. I just disabled qt5 USE flag and then it built fine. Dale :-) :-) Ahh. I see now. You had synced since I had synced a few days ago. Now I get this: root@fireball / # equery list -p mkvtoolnix * Searching for mkvtoolnix ... [-P-] [ ] media-video/mkvtoolnix-6.6.0:0 [-P-] [ ~] media-video/mkvtoolnix-8.2.0-r1:0 root@fireball / # Changelog mentions removing BROKEN ebuilds. No kidding Sherlock. ROFL I also get this now. [ebuild UD ] media-video/mkvtoolnix-6.6.0::gentoo [7.3.0::gentoo] USE=qt4%* wxwidgets -debug -pch (-qt5%) 0 KiB So, after fighting to get it to build, they remove it and it wants to go back to the old version I had that worked. ROFLMBO Dale :-) :-)
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
On Wednesday 22 Jul 2015 01:32:10 Dale wrote: Mick wrote: On Tuesday 21 Jul 2015 18:35:27 Dale wrote: From what I recall about Lasspass, it does encrypt the data locally then uploads it. I recall reading that if you lose your master password, they can't get in it either. All they get is encrypted data. Of all the things I read about when looking for a password manager, Lastpass was the only thing that came close to what I wanted. After using it a while, it is all I need. https://lastpass.com/how-it-works Right, your data may be encrypted locally, but if you use a browser to decrypt it (after it is downloaded to your PC) then there are attack vectors (e.g. XSS) for the decrypted data to be leaked out of your machine. Well, couldn't the same be said if it is encrypted on a USB stick? Anytime you encrypt something, you have decrypt it to use it and that has to be done somewhere. Of course, but if it is done using an application which its main purpose is not to connect to the Internet (i.e. your browser) the real estate exposed to a potential attack reduces significantly. I've had USB sticks break before. They are also easy to lose. I'd prefer not to store something that important on a USB stick. Dale :-) :-) I didn't clarify that you should use something like gpg to encrypt your file(s) on the USB stick, as I do this with all sensitive files not just passwords. I more or less assumed that it is the done thing. Broken USB sticks you can drive a drill through, or throw in a fire. Stolen USB sticks will at least be encrypted. If you are really paranoid you could also use dm-crypt to additionally encrypt the whole USB partition. My point is, if you put the info on a USB stick and lose it, you have now lost all your passwords. If it fails, same problem. In either of these failure modes your solution is to forget about your first USB stick and go dig out your second USB stick. The way Lastpass works, even if your computer dies from say a house fire, once you login to Lastpass with your new puter, you are back in business. Dale In the case of a house fire we are in a DR scenario. You head straight to your brother's place. You'll need a place to stay anyway, if your house burnt down, you might as well check that back up USB you left there. ;-) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
On Wed, 22 Jul 2015 12:56:41 -0500, Dale wrote: So, after fighting to get it to build, they remove it and it wants to go back to the old version I had that worked. ROFLMBO And today's lesson is: If an ebuild fails, re-sync and try again (or search Bugzilla which may well tell you to re-sync and try again). -- Neil Bothwick Ralph's Observation - It is a mistake to allow any mechanical object to realize that you are in a hurry. pgpywXN_MTN1j.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Re: yubikeys
On 22.07.2015 09:48, Stefan G. Weichinger wrote: btw I have 2 keys at hand already, thanks. I am considering to get some of the tiny nano-keys for my thinkpads. learning and testing goes on. As I try setting this up with 2 keys on 3 physical machines, with 2 distros (fedora and gentoo) and 5 installations ... this gets quite complex ;-) (customer servers not counted ... sure) I try to put all my steps into a separate ansible playbook to automate it. This should be a boildown of dozens of howtos and blog entries I read and sourced over the last weeks. For example I set up local authentication via challenge-response today: to login to my system you need to have a correct password AND one of my yubikeys has to be plugged into the box. This leads to thinking about what kind of protection this provides and which it does not ... but it raises the overall level. (for laptops: a Neo-N plugged in all time? convenient .. but .. ? ) One has to think of a emergency routine how to access the own system if the key gets lost etc etc - In general I have to say that playing with Yubi-Keys and using LastPass helped me to think about several weak points in my overall setup.
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
Mick wrote: On Wednesday 22 Jul 2015 01:32:10 Dale wrote: Mick wrote: On Tuesday 21 Jul 2015 18:35:27 Dale wrote: From what I recall about Lasspass, it does encrypt the data locally then uploads it. I recall reading that if you lose your master password, they can't get in it either. All they get is encrypted data. Of all the things I read about when looking for a password manager, Lastpass was the only thing that came close to what I wanted. After using it a while, it is all I need. https://lastpass.com/how-it-works Right, your data may be encrypted locally, but if you use a browser to decrypt it (after it is downloaded to your PC) then there are attack vectors (e.g. XSS) for the decrypted data to be leaked out of your machine. Well, couldn't the same be said if it is encrypted on a USB stick? Anytime you encrypt something, you have decrypt it to use it and that has to be done somewhere. Of course, but if it is done using an application which its main purpose is not to connect to the Internet (i.e. your browser) the real estate exposed to a potential attack reduces significantly. So, don't use something that is within your browser but then go and type that password . . . in your browser? Yea, that'll work. Heck, if I really wanted something that secure, I'd unplug the ethernet cable and turn off my modem. Then I might be secure. I've had USB sticks break before. They are also easy to lose. I'd prefer not to store something that important on a USB stick. Dale :-) :-) I didn't clarify that you should use something like gpg to encrypt your file(s) on the USB stick, as I do this with all sensitive files not just passwords. I more or less assumed that it is the done thing. Broken USB sticks you can drive a drill through, or throw in a fire. Stolen USB sticks will at least be encrypted. If you are really paranoid you could also use dm-crypt to additionally encrypt the whole USB partition. My point is, if you put the info on a USB stick and lose it, you have now lost all your passwords. If it fails, same problem. In either of these failure modes your solution is to forget about your first USB stick and go dig out your second USB stick. Just how many of these sticks do I need? Are we looking at a dozen or more which will have to be all kept up to date as well? Come on, be realistic here. I doubt anyone is going to spend the time to do all that. The way Lastpass works, even if your computer dies from say a house fire, once you login to Lastpass with your new puter, you are back in business. Dale In the case of a house fire we are in a DR scenario. You head straight to your brother's place. You'll need a place to stay anyway, if your house burnt down, you might as well check that back up USB you left there. ;-) But with Lastpass, I don't have to worry about that. I can go to my brothers house, put my email and password in Lastpass and carry on with life. No need for a USB stick at all or having to wonder when was the last time I updated the passwords on it either. I'm trying to be realistic here. I try to be as secure as I can but within REASON. As I mentioned above, if I really need and must be that secure, I'd unplug the ethernet cable and turn off my modem. Then I wouldn't have to worry about it unless someone broke into my home. Of course, I wouldn't have the benefit of using the internet either. Dale :-) :-)
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
Neil Bothwick n...@digimed.co.uk wrote: On Tue, 21 Jul 2015 22:05:57 -0400, cov...@ccs.covici.com wrote: Have you tried KeePass? It doe what you are doing but with a decent interface and the ability to type the details into web pages for you. But does it store the data on someone's server? Where they could have a data breech? It stores it in a single, encrypted file, wherever you put it. You can put the file on a cloud server if you wish, but it's just a file, useless without the decryption key. Is there a command line interface to keepasss? I don't want to be tied down to some gui which may or may not work for me. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
Neil Bothwick wrote: On Wed, 22 Jul 2015 12:56:41 -0500, Dale wrote: So, after fighting to get it to build, they remove it and it wants to go back to the old version I had that worked. ROFLMBO And today's lesson is: If an ebuild fails, re-sync and try again (or search Bugzilla which may well tell you to re-sync and try again). Well, I'm pretty sure I had re-synced at least a couple times. I usually update about twice a week. I posted about this problem on the 16th and had been seeing it for at least a few days before that. It doesn't seem that a re-sync would really have solved the problem. This is my sync history: Sat Jul 11 12:45:14 2015 gentoo Sun Jul 12 18:27:27 2015 gentoo Mon Jul 13 19:30:28 2015 gentoo Sun Jul 19 20:29:01 2015 gentoo Wed Jul 22 12:43:43 2015 gentoo Since I synced three days in a row, I suspect the problem started on the 11th. I posted a thread on the 16th here. Before I posted about it, I had already re-synced a couple times. It was the removal of the old and broken ebuilds that fixed it but there was a decent lag before it was done. Well over a week it seems. While it is possible to sync and catch the tree at a bad time, this doesn't seem to be the case here. It seems there was just a lag between some updates and removals of broken ebuilds. Dale :-) :-)
[gentoo-user] Re: [OT] Very recent change in behavior of gmail imap/smtp servers
On 22/07/2015 04:34 πμ, walt wrote: Google has just introduced a 120-second delay before allowing login to their email servers. Just in the last day or two, literally. No delay here with POP3. Login is instant.
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
J. Roeleveld wrote: On Monday, July 20, 2015 05:05:44 PM Dale wrote: Now I'm only left wondering about mkvtoolnix package. It still fails. Going to see what depends on that and remove it if I can. Thanks much. Thanks to Alan as well. Dale :-) :-) Dale, When I check mkvtoolnix, I only see a 6.x version and a 8.x version. There is no 7.x version available: $ eix mkvtool [I] media-video/mkvtoolnix Available versions: 6.6.0{tbz2} ~8.2.0-r1 {curl debug pch qt4 qt5 wxwidgets} Installed versions: 6.6.0{tbz2}(06:03:38 PM 07/20/2015)(qt4 wxwidgets - debug -pch) Homepage:http://www.bunkus.org/videotools/mkvtoolnix Description: Tools to create, alter, and inspect Matroska files -- Joost This is what I get here: root@fireball / # qlop -s | tail Fri Jun 26 18:58:36 2015 gentoo Sun Jun 28 18:27:47 2015 gentoo Wed Jul 1 18:02:05 2015 gentoo Sun Jul 5 20:59:22 2015 gentoo Tue Jul 7 18:15:26 2015 gentoo Thu Jul 9 06:19:03 2015 gentoo Sat Jul 11 12:45:14 2015 gentoo Sun Jul 12 18:27:27 2015 gentoo Mon Jul 13 19:30:28 2015 gentoo Sun Jul 19 20:29:01 2015 gentoo root@fireball / # equery list -p mkvtoolnix * Searching for mkvtoolnix ... [-P-] [ ] media-video/mkvtoolnix-6.6.0:0 [IP-] [ ] media-video/mkvtoolnix-7.3.0:0 [-P-] [ ~] media-video/mkvtoolnix-7.4.0-r1:0 [-P-] [ ~] media-video/mkvtoolnix-7.5.0:0 [-P-] [ ~] media-video/mkvtoolnix-7.6.0:0 [-P-] [ ~] media-video/mkvtoolnix-7.7.0:0 [-P-] [ ~] media-video/mkvtoolnix-7.8.0:0 [-P-] [ ~] media-video/mkvtoolnix-8.1.0:0 [-P-] [ ~] media-video/mkvtoolnix-8.2.0:0 root@fireball / # I synced just a few days ago and I have several 7.* versions available here. I'm pretty sure I don't have any layman stuff in use here either. I haven't used one of those in ages. I wonder why we have something different? Oh, I did manage to get this to work. I just disabled qt5 USE flag and then it built fine. Dale :-) :-)
Re: [gentoo-user] Re: [OT] Very recent change in behavior of gmail imap/smtp servers
On 07/22/2015 01:11 PM, Nikos Chantziaras wrote: On 22/07/2015 04:34 πμ, walt wrote: Google has just introduced a 120-second delay before allowing login to their email servers. Just in the last day or two, literally. No delay here with POP3. Login is instant. Just logged in via IMAP - no delay for me. Dan
Re: [gentoo-user] Re: yubikeys
Am 2015-07-20 um 01:24 schrieb walt: Congratulations. Yubikeys don't look trivial to set up. I forgot to mention that Noah (the guy from the podcast) mentioned that he has two yubikeys, set up identically, in case he loses one of them. Seems that losing the only one you have would be like losing your wallet with all your credit cards inside. A nightmare. Mostly you set it up for 2-factor authentication: if you lose it the finder/thief/attacker only has one factor, the key, and not the 2nd factor, the passphrase (or master password, when you use it with Lastpass). So in that case you use your second yubikey to log in to the service(s) and remove the id of the lost key from the settings ... and that lost key is never able to be used to unlock your account there. With ssh-keys *on the yubikey it's a bit different, you have to revoke these (sub-)keys then but still your ssh-keyring should be protected by a 2nd factor, your passphrase. btw I have 2 keys at hand already, thanks. I am considering to get some of the tiny nano-keys for my thinkpads.
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
On Wed, 22 Jul 2015 13:00:10 +1000, wraeth wrote: KeePass is Qt based and has a client at least for Linux and Windows, as well as an Android app (DroidPass). There are several Android clients, I use Keepass2Android. -- Neil Bothwick A pessimist complains about the noise when opportunity knocks. pgpEvAp9i9lzL.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
On Tue, 21 Jul 2015 22:05:57 -0400, cov...@ccs.covici.com wrote: Have you tried KeePass? It doe what you are doing but with a decent interface and the ability to type the details into web pages for you. But does it store the data on someone's server? Where they could have a data breech? It stores it in a single, encrypted file, wherever you put it. You can put the file on a cloud server if you wish, but it's just a file, useless without the decryption key. -- Neil Bothwick God created the world in six days. On the seventh day he also decided to create England... just to try out his Practical Joke Weather Machine. pgpiHU7CV7gJ3.pgp Description: OpenPGP digital signature
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
On Monday, July 20, 2015 05:05:44 PM Dale wrote: Now I'm only left wondering about mkvtoolnix package. It still fails. Going to see what depends on that and remove it if I can. Thanks much. Thanks to Alan as well. Dale :-) :-) Dale, When I check mkvtoolnix, I only see a 6.x version and a 8.x version. There is no 7.x version available: $ eix mkvtool [I] media-video/mkvtoolnix Available versions: 6.6.0{tbz2} ~8.2.0-r1 {curl debug pch qt4 qt5 wxwidgets} Installed versions: 6.6.0{tbz2}(06:03:38 PM 07/20/2015)(qt4 wxwidgets - debug -pch) Homepage:http://www.bunkus.org/videotools/mkvtoolnix Description: Tools to create, alter, and inspect Matroska files -- Joost
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
Mike Gilbert wrote: On Mon, Jul 20, 2015 at 6:05 PM, Dale rdalek1...@gmail.com wrote: Mike Gilbert wrote: On Mon, Jul 20, 2015 at 4:45 PM, Dale rdalek1...@gmail.com wrote: As you say, this makes no sense. It's like running in circles or something. Mostly or something. If you need more info, let me know. I'm pretty much clueless here. What do you have in ACCEPT_KEYWORDS? Are you mixing arch and ~arch packages? If so, please make sure you have all of the following in pacakge.keywords: sys-fs/eudev virtual/libgudev dev-libs/libgudev For more information, see bug 552036. https://bugs.gentoo.org/show_bug.cgi?id=552036 That fixed it. I had eudev in there already. I had to because when it first came out, they were all keyworded. I didn't have the other two in there tho. I just wonder, why didn't portage figure that out? Oh well. Portage tries very hard not to install new packages when attempting to satisfy an || dep, especially when doing so would involve changing USE flags. When it has no other choice, it sometimes picks the wrong || dep to satisfy. In this case, it was trying to solve the conflict by switching from eudev to static-dev, instead of installing libgudev. By upgrading to virtual/libgudev-230, we remove that possibility from its set of possible solutions. I figured it had some reason for it. Based on my thinking, it can only present one option. Maybe one day some more can be added but in the meantime, I'm not complaining. Dale :-) :-)
[gentoo-user] Re: SDDM/KDE5: no sound card available?
On 22/07/2015 04:34 πμ, Jonathan Callen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2015-07-21 14:12, Nikos Chantziaras wrote: I upgraded to KDE 5 recently, and was using LightDM as the display manager. It seems that KDE 5 prefers SDDM though and offers a config module for it in System Settings. So I installed SDDM. However, when I log in with SDDM, I get no sound. My sound card just... disappears. alsamixer -c0 says: invalid card index: 0. [...] Are you using systemd? Nope. I'm on OpenRC. If not, did you build sddm with USE=consolekit and read the warning printed by portage? This display manager doesn't have native built-in ConsoleKit support. In order to use ConsoleKit pam module with this display manager, you should remove the nox11 parameter from pm_ck_connector.so line in /etc/pam.d/system-login Your issue is most likely that your X session is not being treated as a login session by logind/ConsoleKit, and therefore your user is not being added to the ACLs on the various devices under /dev, including all sound devices, certain input devices, any CD/DVD/BR devices you may have, and certain video devices. I had tried that already. Didn't mention it because I thought this only affects graphics. Anyway, it changes nothing. Still no sound card, even after reboot.
Re: [gentoo-user] installing gentoo with a systemd profile
On Tue, Jul 21 2015, Peter Humphrey wrote: But this conversation touches on a more general point: which profile is best at each stage of an installation? I've had to rebuild my KDE system a few times recently (at least I thought I did at the time, but that's another story). I settled on a vanilla profile in the early stages, with USE=-X in make.conf, then changed it to +X and installed xorg-server. Then I switched to the KDE desktop profile and installed KDE, finally adding all the bits and pieces that go to make up a complete system. Last of all, an emerge -e world tidied everything up neatly. The installation handbook could be clearer on this. Indeed. It would probably be too much to ask that it mentions each case separately, but it could include a general comment that taking a few smaller steps can be easier than going directly to the final profile. allan
[gentoo-user] gru2-mkconfig tries to read the extended partition ??
My new installation is running well, in particular it boots fine. However the grub2-mkconfig seems odd. It finds linux (all kernels) and the stub windows partition. But then I get messages that both ext4-fs and FAT-fs have trouble with /dev/sda4, which is the extended partition. Perhaps the fact that the windows partitions sda[23] don't really have windows on them yet is part of the answer?? Has anyone else seen something like this? thanks, allan
[gentoo-user] Re: [OT] Very recent change in behavior of gmail imap/smtp servers
On Tue, 21 Jul 2015 20:10:15 -0700 walt w41...@gmail.com wrote: On Tue, 21 Jul 2015 21:45:23 -0500 Dale rdalek1...@gmail.com wrote: walt wrote: On Wed, 22 Jul 2015 02:11:48 + (UTC) Grant Edwards grant.b.edwa...@gmail.com wrote: Google has just introduced a 120-second delay before allowing login to their email servers. Just in the last day or two, literally. I'm not seeing that with either of my gmail accounts. Same login times as always (1-2 seconds) on both IMAP and SMTP servers. That info amazes me, but gives me even more evidence for a conspiracy theory :) My ISP (att.com) may be responsible for this new delay. att is involved with the ongoing net-neutrality battles here in the US with netflix et alia, so why not add yet another fuzz-factor to the mix. I hope my email still works when I wake up tomorrow morning... Makes me wonder. Sometimes when I go to facebook, it doesn't come up on first or second try. I've seen that with other sites as well. Hm. When I get a error, it is instant. It seems to be so instant that it doesn't even have time to do a DNS lookup much less hit the website. By the way, I use ATT too. DSL after many years of dial-up. I just tried entering the number of the beast ;) 8.8.8.8 into /etc/resolv.conf and that reduced my waiting time from 120 seconds to 30 seconds (actual measurement by stopwatch). Nope. Wrong. I just changed my resolv.conf back to the IP address of the router that ATT forced me to upgrade to and the delay is *gone*. The delay I was seeing was apparently caused by something very local to me, and suddenly vanished after two days. The interwebz is a scary place :(
[gentoo-user] Re: [OT] Very recent change in behavior of gmail imap/smtp servers
On 23/07/2015 05:49 πμ, walt wrote: Nope. Wrong. I just changed my resolv.conf back to the IP address of the router that ATT forced me to upgrade to and the delay is *gone*. The delay I was seeing was apparently caused by something very local to me, and suddenly vanished after two days. The interwebz is a scary place :( A friend of mine had a problem where half the time he tried to browse to a URL, he would end up on a porn site. I thought it was some Windows malware. But when booting from a USB stick with SysRescueCd on it, even ping google.com would ping a porn site at first. His modem/router combo device was infected with something that hijacked the DNS setting. He was using a DSL-Modem/router from 2003. It *is* a scary place.
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
On Wednesday 22 Jul 2015 19:43:43 Dale wrote: So, don't use something that is within your browser but then go and type that password . . . in your browser? Yea, that'll work. Heck, if I really wanted something that secure, I'd unplug the ethernet cable and turn off my modem. Then I might be secure. LOL! No, I meant that you decrypt your passwd containing text file, sql file, localc file, or whatever file you use. Then you use something like cat, or less, or localc to view/search it. It can all be scripted so that you run a single command alias in a terminal and it asks you for your gpg passphrase, before it opens the file for you. A terminal is unlikely to suffer from XSS, javascript injection, sql injection, et al. but a browser could. Then you can copy paste whichever account passwd you needed into a browser, but this will NOT be your master passphrase. Even if the passwd you paste into a browser ends up being compromised, it will only be one passwd and a single account, rather than your master passphrase and all your accounts. Just how many of these sticks do I need? Are we looking at a dozen or more which will have to be all kept up to date as well? Come on, be realistic here. I doubt anyone is going to spend the time to do all that. You need more than one, if you want to keep your passwds file stored off your machine. I keep mine on a PC which is air-gapped and a second copy on a USB stick. You may need a third copy kept at different premises, if you want to guard against DR. But with Lastpass, I don't have to worry about that. I can go to my brothers house, put my email and password in Lastpass and carry on with life. No need for a USB stick at all or having to wonder when was the last time I updated the passwords on it either. I'm trying to be realistic here. I try to be as secure as I can but within REASON. As I mentioned above, if I really need and must be that secure, I'd unplug the ethernet cable and turn off my modem. Then I wouldn't have to worry about it unless someone broke into my home. Of course, I wouldn't have the benefit of using the internet either. Sure, security and convenience are not always best bedfellows. We are discussing about hypothetical risks here and different users' risk tolerances. If you encrypt the file separately with a strong key before you upload it, and this encryption key is different to your authentication key on the Lastpass website, then the risk of your encrypted file being cracked is rather low. When people discovered that their Lastpass account had been compromised, this did not necessarily mean that their encrypted file had been compromised too. However, I don't know exactly what the security architecture of Lastpass is to comment on the specifics. All I'm saying is that I wouldn't trust storing my passwds on the cloud for the sake of convenience. YMMV. :-) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
On Wed, Jul 22, 2015 at 04:15:30PM -0400, cov...@ccs.covici.com wrote: Neil Bothwick n...@digimed.co.uk wrote: On Tue, 21 Jul 2015 22:05:57 -0400, cov...@ccs.covici.com wrote: Have you tried KeePass? It doe what you are doing but with a decent interface and the ability to type the details into web pages for you. But does it store the data on someone's server? Where they could have a data breech? It stores it in a single, encrypted file, wherever you put it. You can put the file on a cloud server if you wish, but it's just a file, useless without the decryption key. Is there a command line interface to keepasss? I don't want to be tied down to some gui which may or may not work for me. I mentioned in the other part of this subthread that there is a python-based utility for using it: dev-python/keepassx This provides the utility `kp` which allows for using the kdb file. There is one issue I've logged upstream with this utility where it's attempting and failing to copy the password to clipboard, but I don't know the scope of this issue yet. -- wraeth wra...@wraeth.id.au GnuPG Key: B2D9F759 pgpYxAFysFafU.pgp Description: PGP signature
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
Mick wrote: On Wednesday 22 Jul 2015 19:43:43 Dale wrote: So, don't use something that is within your browser but then go and type that password . . . in your browser? Yea, that'll work. Heck, if I really wanted something that secure, I'd unplug the ethernet cable and turn off my modem. Then I might be secure. LOL! No, I meant that you decrypt your passwd containing text file, sql file, localc file, or whatever file you use. Then you use something like cat, or less, or localc to view/search it. It can all be scripted so that you run a single command alias in a terminal and it asks you for your gpg passphrase, before it opens the file for you. A terminal is unlikely to suffer from XSS, javascript injection, sql injection, et al. but a browser could. Then you can copy paste whichever account passwd you needed into a browser, but this will NOT be your master passphrase. Even if the passwd you paste into a browser ends up being compromised, it will only be one passwd and a single account, rather than your master passphrase and all your accounts. You seem to miss my point. I still have to type my passwords into a browser. If as you say, that is not secure, then what point is there to having a password or accessing my bank or other sites via the internet? I have to put that password in my browser to access my bank, credit card or other websites. The point is, that exact same browser has to have that exact same password typed into it. I might also add, copy paste would then leave my password in my Klipper program that manages copy paste unencrypted. Click on the Klipper icon and there sits my password in PLAIN text. How secure is that exactly? Lastpass already encrypts the password ON MY MACHINE not on their end. Why would I want to disable and stop using Lastpass just to do the same thing but harder and more time consuming locally and lose the ability to use Lastpass while I am somewhere else? I would also lose the ability to access that info in the case of say a computer meltdown. I might add, if I do it your way and lose that USB stick or whatever, I'm still toast. Heck, I may be in even worse shape than I would be by losing my Lastpass password. Just how many of these sticks do I need? Are we looking at a dozen or more which will have to be all kept up to date as well? Come on, be realistic here. I doubt anyone is going to spend the time to do all that. You need more than one, if you want to keep your passwds file stored off your machine. I keep mine on a PC which is air-gapped and a second copy on a USB stick. You may need a third copy kept at different premises, if you want to guard against DR. Sorry, I have had USB sticks go bad to much for me to trust with this sort of thing, not to mention the ones I have lost. I'm not going out and buy a whole bunch of those things and then depending on them to hold the keys to my financial and every other password. I also don't have time to make sure they are all kept up to date and such either. But with Lastpass, I don't have to worry about that. I can go to my brothers house, put my email and password in Lastpass and carry on with life. No need for a USB stick at all or having to wonder when was the last time I updated the passwords on it either. I'm trying to be realistic here. I try to be as secure as I can but within REASON. As I mentioned above, if I really need and must be that secure, I'd unplug the ethernet cable and turn off my modem. Then I wouldn't have to worry about it unless someone broke into my home. Of course, I wouldn't have the benefit of using the internet either. Sure, security and convenience are not always best bedfellows. We are discussing about hypothetical risks here and different users' risk tolerances. If you encrypt the file separately with a strong key before you upload it, and this encryption key is different to your authentication key on the Lastpass website, then the risk of your encrypted file being cracked is rather low. When people discovered that their Lastpass account had been compromised, this did not necessarily mean that their encrypted file had been compromised too. However, I don't know exactly what the security architecture of Lastpass is to comment on the specifics. All I'm saying is that I wouldn't trust storing my passwds on the cloud for the sake of convenience. YMMV. :-) Well again, if I am not going to trust my passwords anywhere then I need to unplug from the internet all together and tell my bank, credit card company, social sites and everything else that requires a password to be disabled all together. Then, I would be secure because even I can't access my info, password or not. That would make it so that I am not at risk and secure. Thing is, that's not a situation that I plan to be in if I can help it. I actually went through this with my brother many years ago. He didn't