On Thu 12 Dec 2019 at 22:39:13 -0500, Celejar wrote:
> On Thu, 12 Dec 2019 23:29:28 +
> Brian wrote:
>
> > On Thu 12 Dec 2019 at 21:13:06 +0100, l0f...@tuta.io wrote:
> >
> > > Hi,
> > >
> > > 10 déc. 2019 à 23:11 de a...@cityscape.co.uk:
> > >
> > > > On Tue 10 Dec 2019 at 22:34:07
On Thu, 12 Dec 2019 23:29:28 +
Brian wrote:
> On Thu 12 Dec 2019 at 21:13:06 +0100, l0f...@tuta.io wrote:
>
> > Hi,
> >
> > 10 déc. 2019 à 23:11 de a...@cityscape.co.uk:
> >
> > > On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote:
> > >
> > >> 9 déc. 2019 à 19:13 de
On Thu 12 Dec 2019 at 21:13:06 +0100, l0f...@tuta.io wrote:
> Hi,
>
> 10 déc. 2019 à 23:11 de a...@cityscape.co.uk:
>
> > On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote:
> >
> >> 9 déc. 2019 à 19:13 de a...@cityscape.co.uk:
> >>
> >> > How about not having to remember (or write
Hi,
10 déc. 2019 à 23:11 de a...@cityscape.co.uk:
> On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote:
>
>> 9 déc. 2019 à 19:13 de a...@cityscape.co.uk:
>>
>> > How about not having to remember (or write down) any passwords for
>> > the places you log in to?
>> >
>> >
On Wed, 11 Dec 2019 11:07:48 -0500
Stefan Monnier wrote:
> > I use full disk encryption (cryptsetup / LUKS), so the password file
> > is secure at rest, and when I'm actually using the system, if
> > gpg-agent is used, then anyone with access to the machine can access
> > the password file
On Wed, 11 Dec 2019 01:49:14 -0300
riveravaldez wrote:
> On 12/10/19, Celejar wrote:
> > On Sun, 8 Dec 2019 06:48:12 +0100
> > wrote:
> >
> > ...
> >
> >> One example for the other side of the pond is riseup.net -- but they
> >> don't offer nextcloud, afaik; mail, mailing lists, wikis,
On Wed, 11 Dec 2019 06:41:29 +0100
wrote:
> On Tue, Dec 10, 2019 at 09:57:14PM -0500, Celejar wrote:
> > On Sun, 8 Dec 2019 06:48:12 +0100
> > wrote:
> >
> > ...
> >
> > > One example for the other side of the pond is riseup.net -- but they
> > > don't offer nextcloud, afaik; mail, mailing
> I use full disk encryption (cryptsetup / LUKS), so the password file
> is secure at rest, and when I'm actually using the system, if
> gpg-agent is used, then anyone with access to the machine can access
> the password file anyway.
That assumes a single-user situation. But in case someone
On Tue, Dec 10, 2019 at 09:57:14PM -0500, Celejar wrote:
> On Sun, 8 Dec 2019 06:48:12 +0100
> wrote:
>
> ...
>
> > One example for the other side of the pond is riseup.net -- but they
> > don't offer nextcloud, afaik; mail, mailing lists, wikis, pastebin,
> > off the top of my head.
>
> And
On 12/10/19, Celejar wrote:
> On Sun, 8 Dec 2019 06:48:12 +0100
> wrote:
>
> ...
>
>> One example for the other side of the pond is riseup.net -- but they
>> don't offer nextcloud, afaik; mail, mailing lists, wikis, pastebin,
>> off the top of my head.
>
> And they have a .. very particular
On Sun, 8 Dec 2019 06:48:12 +0100
wrote:
...
> One example for the other side of the pond is riseup.net -- but they
> don't offer nextcloud, afaik; mail, mailing lists, wikis, pastebin,
> off the top of my head.
And they have a .. very particular ideology they're pushing:
"Our purpose is to
On Tue, 10 Dec 2019 21:43:55 +
Brian wrote:
> On Mon 09 Dec 2019 at 18:35:46 -0500, Celejar wrote:
>
> > On Mon, 9 Dec 2019 19:34:29 +
> > Brian wrote:
> >
> > > On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote:
> >
> > ...
> >
> > > > Although I almost always use it with its
On Tue 10 Dec 2019 at 22:11:33 +, Brian wrote:
> On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote:
>
> > 9 déc. 2019 à 19:13 de a...@cityscape.co.uk:
> >
> > > How about not having to remember (or write down) any passwords for
> > > the places you log in to?
> > >
> > >
On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote:
> 9 déc. 2019 à 19:13 de a...@cityscape.co.uk:
>
> > How about not having to remember (or write down) any passwords for
> > the places you log in to?
> >
> > https://masterpassword.app/
> >
> > Not in Debian, unfortunately.
> >
>
On Mon 09 Dec 2019 at 18:35:46 -0500, Celejar wrote:
> On Mon, 9 Dec 2019 19:34:29 +
> Brian wrote:
>
> > On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote:
>
> ...
>
> > > Although I almost always use it with its --secure option, since I
> > > don't try to memorize passwords, but
Hi,
9 déc. 2019 à 15:56 de charlescur...@charlescurley.com:
> There is a handy password generator available on Debian, called APG
> (Automated Password Generator), which will generate passwords for you.
> The default settings yield a fairly strong password, but you can modify
> those to make the
On Tue, Dec 10, 2019 at 06:56:15AM -0600, John Hasler wrote:
> I wrote:
> > Bruce Schneier recommends writing passwords down and then keeping the
> > document containing them secure.
>
> Andrei writes:
> > Not everybody has the luxury of typing password without danger of
> > someone taking a peek
On Tue, 10 Dec 2019 06:56:15 -0600
John Hasler wrote:
> I wrote:
> > Bruce Schneier recommends writing passwords down and then keeping the
> > document containing them secure.
>
> Andrei writes:
> > Not everybody has the luxury of typing password without danger of
> > someone taking a peek over
I wrote:
> Bruce Schneier recommends writing passwords down and then keeping the
> document containing them secure.
Andrei writes:
> Not everybody has the luxury of typing password without danger of
> someone taking a peek over the shoulder.
True but the admonition isn't "Don't write down
On Lu, 09 dec 19, 14:17:39, John Hasler wrote:
> Jonas Smedegaard writes:
> > I dislike APG because it generates passwords difficult to remember -
> > without aiding in how to deal with that, which has a high risk of
> > passwords getting stored on physical notes in the top drawer...
>
> Bruce
On Lu, 09 dec 19, 18:35:46, Celejar wrote:
>
> I understand that many recommend encrypting the password store, but I
> haven't yet done this. 'pass', recommended by Jonas in another message
> in this thread, uses gpg to do this, and your recommendation of scrypt,
> IIUC, would serve a similar
On Mon, 9 Dec 2019 19:34:29 +
Brian wrote:
> On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote:
...
> > Although I almost always use it with its --secure option, since I
> > don't try to memorize passwords, but instead record them (in a plain
> > text file) - who can remember hundreds of
Quoting John Hasler (2019-12-09 21:17:39)
> Jonas Smedegaard writes:
> > I dislike APG because it generates passwords difficult to remember -
> > without aiding in how to deal with that, which has a high risk of
> > passwords getting stored on physical notes in the top drawer...
>
> Bruce
Quoting John Hasler (2019-12-09 20:40:06)
> Charles Curley writes:
> > There is a handy password generator available on Debian, called APG
> > (Automated Password Generator), which will generate passwords for you.
> > The default settings yield a fairly strong password, but you can
> > modify
Jonas Smedegaard writes:
> I dislike APG because it generates passwords difficult to remember -
> without aiding in how to deal with that, which has a high risk of
> passwords getting stored on physical notes in the top drawer...
Bruce Schneier recommends writing passwords down and then keeping
Charles Curley writes:
> There is a handy password generator available on Debian, called APG
> (Automated Password Generator), which will generate passwords for you.
> The default settings yield a fairly strong password, but you can
> modify those to make the results even stronger.
Considering
On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote:
> On Mon, 09 Dec 2019 16:31:35 +0100
> Jonas Smedegaard wrote:
>
> > Quoting Charles Curley (2019-12-09 15:56:26)
> > > On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> > > wrote:
> > >
> > > > Usual advice : use strong passwords (i.e. long enough
On Mon, 09 Dec 2019 16:31:35 +0100
Jonas Smedegaard wrote:
> Quoting Charles Curley (2019-12-09 15:56:26)
> > On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> > wrote:
> >
> > > Usual advice : use strong passwords (i.e. long enough with high
> > > entropy => generated in a dedicated password manager)
On Mon 09 Dec 2019 at 16:31:35 +0100, Jonas Smedegaard wrote:
> Quoting Charles Curley (2019-12-09 15:56:26)
> > On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> > wrote:
> >
> > > Usual advice : use strong passwords (i.e. long enough with high
> > > entropy => generated in a dedicated password
Quoting Charles Curley (2019-12-09 15:56:26)
> On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> wrote:
>
> > Usual advice : use strong passwords (i.e. long enough with high
> > entropy => generated in a dedicated password manager) AND 1
> > different per service, never the same.
>
> There is a handy
On Mon, 9 Dec 2019, Charles Curley wrote:
> Date: Mon, 9 Dec 2019 09:56:26
> From: Charles Curley
> To: debian-user@lists.debian.org
> Subject: Re: dropbox security situation
> Resent-Date: Mon, 9 Dec 2019 14:57:02 + (UTC)
> Resent-From: debian-user@lists.debian.org
>
On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
wrote:
> Usual advice : use strong passwords (i.e. long enough with high
> entropy => generated in a dedicated password manager) AND 1
> different per service, never the same.
There is a handy password generator available on Debian, called APG
(Automated
On Sun 08 Dec 2019 at 13:09:10 -0500, Jude DaShiell wrote:
> No google now has a unique one now but didn't when the incidents
> happened.
I wish I understood what you mean. A "unique" what?
With the strong password that uou have (and the protections Google
provides) the balance of probability
No google now has a unique one now but didn't when the incidents
happened.
On Sun, 8 Dec 2019, l0f...@tuta.io wrote:
> Date: Sun, 8 Dec 2019 12:55:12
> From: l0f...@tuta.io
> To: John Hasler
> Cc: Debian User
> Subject: Re: dropbox security situation
> Resent-Date: Sun, 8
Hi,
8 déc. 2019 à 14:47 de jhas...@newsguy.com:
> Do you use the same username everywhere? It's common for criminals to
> collect lists of usernames and try them in combination with guessed
> passwords on as many services as possible. The yield is low but it's
> cost-effective for them because
Do you use the same username everywhere? It's common for criminals to
collect lists of usernames and try them in combination with guessed
passwords on as many services as possible. The yield is low but it's
cost-effective for them because the process is fully automated using
thousands of bots
On Sat, Dec 07, 2019 at 04:24:33PM -0700, Charles Curley wrote:
> On Sat, 07 Dec 2019 19:20:09 +0100
> Hans wrote:
>
> > maybe owncloud or nextcloud are interesting options for you. As the
> > name says: Your own cloud.
>
> Thank you for recommending those before I did. I run nextcloud here,
>
On Sat, Dec 07, 2019 at 11:39:42PM +, Brian wrote:
> On Sat 07 Dec 2019 at 18:23:27 -0500, Jude DaShiell wrote:
[Account of break in which we can't either prove or disprove, yet]
> There was no break-in.
That there was no break-in is a myth. You never provided any
evidence. That is enough
On Sat, 7 Dec 2019 16:24:33 -0700
Charles Curley wrote:
> On Sat, 07 Dec 2019 19:20:09 +0100
> Hans wrote:
...
> > But in the debian repo I only found the client stuff, however I might
> > to remember, the server site were also available in debian (I might
> > be wrong).
>
> I don't see the
On Sat, 07 Dec 2019 19:20:09 +0100
Hans wrote:
> maybe owncloud or nextcloud are interesting options for you. As the
> name says: Your own cloud.
Thank you for recommending those before I did. I run nextcloud here,
and prefer it over owncloud. It seems to have advanced considerably
over
On Sat 07 Dec 2019 at 18:23:27 -0500, Jude DaShiell wrote:
> I had to close my original account as a result of the break in, and you
> know what was really interesting? The account compromise happened after
> I set the account to two-step authentication. For a while it had been a
> lesser
enabled two-step
authentication I didn't know about setting up app-passwords for mua's
used to connect to the account, but I don't know for sure on that one.
On Sat, 7 Dec 2019, Brian wrote:
> Date: Sat, 7 Dec 2019 17:20:57
> From: Brian
> To: debian-user@lists.debian.org
> Subject:
On Sat 07 Dec 2019 at 16:45:34 -0500, Jude DaShiell wrote:
> One first-hand experience on google account hacking and contacting
> others who were not surprised when I described my situation in earlier
> email.
Widespread breaking into Google accounts is a myth. You and your
correspondents never
:28
> From: Brian
> To: debian-user@lists.debian.org
> Subject: Re: dropbox security situation
> Resent-Date: Sat, 7 Dec 2019 20:56:43 + (UTC)
> Resent-From: debian-user@lists.debian.org
>
> On Sat 07 Dec 2019 at 12:06:37 -0500, Jude DaShiell wrote:
>
> > Recently I
On Sat 07 Dec 2019 at 12:06:37 -0500, Jude DaShiell wrote:
> Recently I created a dropbox account with my gmail account. Very shortly
> after creation I was refused access since dropbox claimed someone tried
> to change the password on my account and they weren't sure it was me so
> got prompted
Hi Jude,
maybe owncloud or nextcloud are interesting options for you. As the name says:
Your own cloud.
But in the debian repo I only found the client stuff, however I might to
remember, the server site were also available in debian (I might be wrong).
Best
Hans
signature.asc
Description:
On Sat, 7 Dec 2019, Hans wrote:
> Date: Sat, 7 Dec 2019 12:49:17
> From: Hans
> To: debian-user@lists.debian.org
> Subject: Re: dropbox security situation
>
> Am Samstag, 7. Dezember 2019, 18:06:37 CET schrieb Jude DaShiell:
> Hi Jude,
>
> I know, there were several s
Am Samstag, 7. Dezember 2019, 18:06:37 CET schrieb Jude DaShiell:
Hi Jude,
I know, there were several security issues with dropbox in the past, that
frightened me. So dropbox would not be my first choice, although it is most
used by people. (Windows is also most used by people, think of your
48 matches
Mail list logo