Re: How do I read result of a QR Code

[Tim via users]

On Sun, 2024-01-21 at 16:39 -0800, ToddAndMargo via users wrote:
> I needed a password eight characters long
> I picked "Snow White and the Seven Dwarfs".
> 
> Okay, that was a "Dad Joke" but it probably is a really
> strong password and easy to remember.  I recommend run on
> phrases to my customers.  When I make them up for them,
> I often use a phrase that flatters their business.
> Those they never forget.

I had to pick one for a store credit card when they forced us to do
something on-line with it (after many years of having it without any
on-line services), and went with something along the lines of "this
service really sucks."

Then, when it went haywire one day I had to tell telephone support the
password to sort things out.  Embarrassing, and quite satisfying at the
same time.

Services should really have two passwords, one for you to use online
and another for you to say to technical support to prove it's you. 
Technical support SHOULD NEVER identify person by date of birth and
phone number or street address.

We really need some agency we can report services to who have such crap
security that you just know they're going to be hacked and it's going
to compromise you.  Maybe then we'd have far less bulk data thefts if
there actually were consequences for being slack, consequences before
it's too late, and they were forced into doing things better.  It seems
like there's a huge one every month around here.
 
-- 
 
uname -rsvp
Linux 3.10.0-1160.105.1.el7.x86_64 #1 SMP Thu Dec 7 15:39:45 UTC 2023 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How do I read result of a QR Code

[Joe Zeff]

On 1/21/24 17:39, ToddAndMargo via users wrote:

Okay, that was a "Dad Joke" but it probably is a really
strong password and easy to remember.  I recommend run on
phrases to my customers.  When I make them up for them,
I often use a phrase that flatters their business.
Those they never forget.



Yes.  A well-known SF author and computer columnist I used to know used 
thisisaverylongpassword on his router.

--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How do I read result of a QR Code

[ToddAndMargo via users]

On 1/21/24 06:22, Jeffrey Walton wrote:

On Sun, Jan 21, 2024 at 6:31 AM Tim via users
 wrote:


On Sun, 2024-01-21 at 02:56 -0800, ToddAndMargo via users wrote:

This all goes back to using easy passwords.  And the
same passwords on different sites:

https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/multi-factor-authentication

   "In fact, databases of known breached account information
   reveal the actual passwords in use around the world, and
   we can see that people typically fail to choose sufficiently
   long, complex, and unique passcodes. A study of the most
   common passwords used globally has “123456”, “qwerty”
   (six consecutive keys on a keyboard) and “password” among
   the top 5."


Password construction rules were always a crock of crap.  Must have one
capital, symbol, number, etc just gave a series of clues to crackers.
While making it harder for you to come up with a code you can remember
and type (and just watch dyslexic people try to get these things right,
illiterate people who can't spell, or anybody on a mobile phone touch
screen).  Then have to go through it again and again on forced periodic
changes.


Password complexity requirements are still a load of crap. No one
knows where the crap came from. Searching for the history of
complexity requirements seems to point to Microsoft NT 3.5. And we
know complex passwords result in weaker passwords from Security
Usability studies.


I thought so.



Another load of crap is password rotation policies. You never throw
away a good secret unless there's evidence of misuse or breach. And
forcing users to gratuitously change their password results in users
choosing weaker and weaker passwords over time as they are constantly
grinded on to change good passwords. We know this from Security
Usability studies.


I can personally attest to this from my travels as
a computer consultant


Anyone designing an authentication system would be well served to read
Peter Gutmann's Engineering Security,
. Chapter 7
covers Passwords.

Jeff



I needed a password eight characters long
I picked "Snow White and the Seven Dwarfs".

Okay, that was a "Dad Joke" but it probably is a really
strong password and easy to remember.  I recommend run on
phrases to my customers.  When I make them up for them,
I often use a phrase that flatters their business.
Those they never forget.
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[389-users] 389ds connection not successful

[Jaehwan Kim]

Hello.

I use FreeIPA and encountered a 389ds connection problem when new hosts was 
added to FreeIPA server with the rate of 14 hosts per min.
I don't know how many times FreeIPA server actually accesses LDAP in this 
scenario.
Can you give us advice to resolve my problem, with regard to following logs?
I'd like to find out configuration to fix this error.

=
access log
[18/Jan/2024:23:34:13.087718471 +] conn=788 fd=258 slot=258 connection from
52.78.30.18 to 34.84.136.11
[18/Jan/2024:23:34:13.088018506 +] conn=788 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="start_tls_plugin"
[18/Jan/2024:23:34:13.088053934 +] conn=788 op=0 RESULT err=0 tag=120 
nentries=0
wtime=0.000228592 optime=0.40018 etime=0.000268106
[18/Jan/2024:23:34:13.158931686 +] conn=788 TLS1.3 128-bit AES-GCM
[18/Jan/2024:23:34:13.159223459 +] conn=788 op=-1 fd=258 Disconnect - Bad 
Ber Tag or
uncleanly closed connection - B1

security log
{ "date": "[18\/Jan\/2024:23:34:13.159227408 +] ",
"utc_time": "1705620853.159227408", "event":
"TCP_ERROR", "client_ip": "52.78.30.18",
"server_ip": "34.84.136.11", "ldap_version": 3,
"conn_id": 788, "msg": "Bad Ber Tag or uncleanly closed
connection - B1" }
=

I tested with FreeIpa fedora-39-4.11.0 docker with the recent version of 389ds.

ldapsearch -V
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.6.6 (Jul 31 2023 00:00:00) $

Thank you.
JHK
--
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How do I read result of a QR Code

[Jeffrey Walton]

On Sun, Jan 21, 2024 at 6:31 AM Tim via users
 wrote:
>
> On Sun, 2024-01-21 at 02:56 -0800, ToddAndMargo via users wrote:
> > This all goes back to using easy passwords.  And the
> > same passwords on different sites:
> >
> > https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/multi-factor-authentication
> >
> >   "In fact, databases of known breached account information
> >   reveal the actual passwords in use around the world, and
> >   we can see that people typically fail to choose sufficiently
> >   long, complex, and unique passcodes. A study of the most
> >   common passwords used globally has “123456”, “qwerty”
> >   (six consecutive keys on a keyboard) and “password” among
> >   the top 5."
>
> Password construction rules were always a crock of crap.  Must have one
> capital, symbol, number, etc just gave a series of clues to crackers.
> While making it harder for you to come up with a code you can remember
> and type (and just watch dyslexic people try to get these things right,
> illiterate people who can't spell, or anybody on a mobile phone touch
> screen).  Then have to go through it again and again on forced periodic
> changes.

Password complexity requirements are still a load of crap. No one
knows where the crap came from. Searching for the history of
complexity requirements seems to point to Microsoft NT 3.5. And we
know complex passwords result in weaker passwords from Security
Usability studies.

Another load of crap is password rotation policies. You never throw
away a good secret unless there's evidence of misuse or breach. And
forcing users to gratuitously change their password results in users
choosing weaker and weaker passwords over time as they are constantly
grinded on to change good passwords. We know this from Security
Usability studies.

Anyone designing an authentication system would be well served to read
Peter Gutmann's Engineering Security,
. Chapter 7
covers Passwords.

Jeff
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How do I read result of a QR Code

[Tim via users]

ToddAndMargo via users wrote:
>> Multi-Factor Authentication is a technique to try to get around
>> the users response to the obnoxious nature of passwords.
>> Whether or not it improves things or just manages to
>> further annoy the poop out of the users is up for debate.

& this:
> Certain people should not drink; certain people should
> not drive; and I wonder sometimes if certain users
> should consider that they really should not be using
> computers, and considering the poor nature of the security,
> starting with Windows users.

I'm inclined to feel it's just another level of useless annoyance.  I
don't see it stopping fishing when people just respond to hackers as if
they were a legit company, following all the instructions from the
hacker to compromise themselves.

I've also said for a long time that computing is not many people's
forte, they don't have the aptitude for it, and they shouldn't be
forced into it.  Don't make seniors have to keep their pension,
banking, medical data, etc, organised on-line.

I was always surprised when people who could barely read would ask me
to fix their computer for them, which they were doing a lot of reading-
related activities on.  Don't know why they wanted to do something they
clearly hated.

-- 
 
NB:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the list.
 
The following system info data is generated fresh for each post:
 
uname -rsvp
Linux 6.2.15-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 16:51:53
UTC 2023 x86_64
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How do I read result of a QR Code

[Tim via users]

On Sun, 2024-01-21 at 02:56 -0800, ToddAndMargo via users wrote:
> This all goes back to using easy passwords.  And the
> same passwords on different sites:
> 
> https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/multi-factor-authentication
> 
>   "In fact, databases of known breached account information
>   reveal the actual passwords in use around the world, and
>   we can see that people typically fail to choose sufficiently
>   long, complex, and unique passcodes. A study of the most
>   common passwords used globally has “123456”, “qwerty”
>   (six consecutive keys on a keyboard) and “password” among
>   the top 5."

Password construction rules were always a crock of crap.  Must have one
capital, symbol, number, etc just gave a series of clues to crackers. 
While making it harder for you to come up with a code you can remember
and type (and just watch dyslexic people try to get these things right,
illiterate people who can't spell, or anybody on a mobile phone touch
screen).  Then have to go through it again and again on forced periodic
changes.

I favour passphrases of several words.  And I think rule enforcement
ought to be along the lines of auto-reject "qwerty"-like passwords and
other forbidden words.


You have no clue if my password is 898d4 or sixgorillaswillnotletmego,
not at any stage of the game.  You don't get any "you've guessed half
of it right," like in the movies.  You just get pass or fail, and
multiple fails ought to trigger defensive methods.  Any service that
lets someone hammer away at it is manifestly incompetent.

 
-- 
 
NB:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the list.
 
The following system info data is generated fresh for each post:
 
uname -rsvp
Linux 6.2.15-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 16:51:53
UTC 2023 x86_64
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How do I read result of a QR Code

[ToddAndMargo via users]

On 1/21/24 02:56, ToddAndMargo via users wrote:

Multi-Factor Authentication is a technique to try to get around
the users response to the obnoxious nature of passwords.
Whether or not it improves things or just manages to
further annoy the poop out of the users is up for debate.


Certain people should not drink; certain people should
not drive; and I wonder sometimes if certain users
should consider that they really should not be using
computers, and considering the poor nature of the security,
starting with Windows users.
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How do I read result of a QR Code

[ToddAndMargo via users]

On 1/20/24 22:52, Tim via users wrote:

On Sat, 2024-01-20 at 17:54 -0800, ToddAndMargo via users wrote:

c) Something you are, such as a biometric. This method
involves verification of characteristics inherent to the
individual, such as via retina scans, iris scans, fingerprint
scans, finger vein scans, facial recognition, voice
recognition, hand geometry, and even earlobe geometry


The problem with biometrics, is that if you're identified by data about
you, that data is stolen, and someone can provide it on demand without
your presence, you can't change your authentication data.  If someone
can fake your biodata, they can do it forever.

Fingerprints lifted from the glossy surface of your phone, a
compromised service that held your data, a fraudulent service that gets
you to log into them...



Yikes!  The bad guys can just use a "keystroke" logger
stye malware to intercept your biometric data and then
they can repeat it at will.

This all goes back to using easy passwords.  And the
same passwords on different sites:

https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/multi-factor-authentication

 "In fact, databases of known breached account information
 reveal the actual passwords in use around the world, and
 we can see that people typically fail to choose sufficiently
 long, complex, and unique passcodes. A study of the most
 common passwords used globally has “123456”, “qwerty”
 (six consecutive keys on a keyboard) and “password” among
 the top 5."

Add to that the foolish security sites that ask you to constantly
change your password all the time.  If the bad buys have not
figured out how to crack your password the first time, lets
give them another change every two weeks!  I have seen customers
with passwords on sticky notes on the bottom of the monitors:
abc!, abc!!, abc!!!, abc, etc. to revolve through their
passwords.  The revolving passwords silliness has been proven
time and again to lessen security.

Multi-Factor Authentication is a technique to try to get around
the users response to the obnoxious nature of passwords.
Whether or not it improves things or just manages to
further annoy the poop out of the users is up for debate.



--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue