[gentoo-user] yubikey
Anyone using that (with gentoo) ? Experience? I consider getting one to test and use it .. flameeyes didn't get one: https://blog.flameeyes.eu/2012/01/how-not-to-sell-me-something-why-i-won-t-be-maintaining-yubikey-software-directly-in-gentoo maybe since then they changed their policies etc Stefan
Re: [gentoo-user] yubikey
On Wed, 18 Jun 2014 14:21:27 +0200, Stefan G. Weichinger wrote: Anyone using that (with gentoo) ? I got one a few days ago to check out. It's basically a USB keyboard, so it works with Gentoo exactly the same way it works with anything else. I've only tried the static password part so far, but my hard drive is not encrypted with a ridiculously long key that I would never use if I had to type it manually. Experience? I consider getting one to test and use it .. flameeyes didn't get one: https://blog.flameeyes.eu/2012/01/how-not-to-sell-me-something-why-i-won-t-be-maintaining-yubikey-software-directly-in-gentoo maybe since then they changed their policies etc It's weird. They list prices in dollars, PayPal converts that to Pounds Sterling, then the device is posted for a UK address. The VAT thing is even weirder. -- Neil Bothwick Found my .sig, it was in behind the cushion on the settee. signature.asc Description: PGP signature
Re: [gentoo-user] yubikey
On Wed, Jun 18, 2014 at 3:50 PM, Neil Bothwick n...@digimed.co.uk wrote: On Wed, 18 Jun 2014 14:21:27 +0200, Stefan G. Weichinger wrote: Anyone using that (with gentoo) ? I got one a few days ago to check out. It's basically a USB keyboard, so it works with Gentoo exactly the same way it works with anything else. I've only tried the static password part so far, but my hard drive is not encrypted with a ridiculously long key that I would never use if I had to type it manually. Right, I use it, and it working fine. I use single HOTP. The sdk/tools also build friendly, there was no problem to build in order to perform the initial enrolment. Experience? I consider getting one to test and use it .. flameeyes didn't get one: https://blog.flameeyes.eu/2012/01/how-not-to-sell-me-something-why-i-won-t-be-maintaining-yubikey-software-directly-in-gentoo maybe since then they changed their policies etc It's weird. They list prices in dollars, PayPal converts that to Pounds Sterling, then the device is posted for a UK address. The VAT thing is even weirder. -- Neil Bothwick Found my .sig, it was in behind the cushion on the settee.
Re: [gentoo-user] yubikey
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 18.06.2014 14:50, schrieb Neil Bothwick: On Wed, 18 Jun 2014 14:21:27 +0200, Stefan G. Weichinger wrote: Anyone using that (with gentoo) ? I got one a few days ago to check out. It's basically a USB keyboard, so it works with Gentoo exactly the same way it works with anything else. I've only tried the static password part so far, but my hard drive is not encrypted with a ridiculously long key that I would never use if I had to type it manually. cool ... I'd like to use it for * plain login * unlocking ssh-keys * maybe even unlocking my LUKS-partitions ... and the NFC-part for combining it with a password safe on my android phone It's weird. They list prices in dollars, PayPal converts that to Pounds Sterling, then the device is posted for a UK address. The VAT thing is even weirder. I consider I won't get a correct invoice .. in terms of taxes .. S -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJToY3LAAoJEClcuD1V0PzmNeMP/iKez25Dt8BiZNyJKW2uyVTh caoW0Co8eo509LkLeuD3/GypWAc2ASkz/Qo6M/Kuoz+tN0jYPIkdoMQCRDcLltOt o8/VXjTjtdMIRVt3LEJ4gtMaoh4CE/dP/aRUMWflDamCy2UgR1tKp2tDe2BpluG9 FHQCkSQeoWpf5UsYddLp9MHCQqyWBN5jpB3s3sgYPdFz9JERt84zdDvMTYgeiHLM bYD+StdIXwnNAP63mWIXueTSF7yl9hTJSc62/R4F+SOEF7Et7RGyj1LmYYy4Pxrz eVIbZ7jS/uBBW+pp8MtbLF6m6J5XiA4VripHNbQa+pkx1zzrRSEe3lhN9zzR3xZq 83hLUMYUw1uCgiHo7AQxFjNWee/xei5QuZMND44bkJNRsMOjnrlmLxNFOyi2E9bq VNehz58caBkyiqwusMUaM6BfVs4dt5XLk5LhaWDqzjN59Q6XoR92Gi1BExLL5IAA /YhVvBXARc5qFYHZn0/fOGr/lskG/8kpwELlXYE8tVcimdLrSmcOzr8Q7zEJCtnn twkX08RM0taadiQ9ZFJ80Lcc8SZgxMVHHJwFyu+8nUoifvFkn1WSt642IZSn5aVN 3oTQhom8vf4fNjI64TaklOQfp+8NZECtIwBVnS6yyjg0yyQTPiKAebvPigaJyai1 8YJdE0f/85vrm0CVBJKc =MDt1 -END PGP SIGNATURE-
Re: [gentoo-user] yubikey
Am 18.06.2014 14:54, schrieb Alon Bar-Lev: Right, I use it, and it working fine. I use single HOTP. The sdk/tools also build friendly, there was no problem to build in order to perform the initial enrolment. good to hear, thanks!
Re: [gentoo-user] Ifplugd breaks services
On 06/17/2014 10:59 PM, Mick wrote: I can't recall ever having heard a beep when the cable is disconnected. :-/ odd. i wish i knew with certainty where ifplug hooks in. if you # ps aux | grep ifplug do you have a -b on the line? such as /usr/sbin/ifplugd -b --iface=eth0 that's how you disable the beep, -b = nobeep
Re: [gentoo-user] yubikey
I went the google auth route for ssh with an app on a pebble watch - the watch is always with me :) Has an ebuild (keyworded), simple setup, just works. BillK On 18/06/14 20:54, Alon Bar-Lev wrote: On Wed, Jun 18, 2014 at 3:50 PM, Neil Bothwick n...@digimed.co.uk wrote: On Wed, 18 Jun 2014 14:21:27 +0200, Stefan G. Weichinger wrote: Anyone using that (with gentoo) ? I got one a few days ago to check out. It's basically a USB keyboard, so it works with Gentoo exactly the same way it works with anything else. I've only tried the static password part so far, but my hard drive is not encrypted with a ridiculously long key that I would never use if I had to type it manually. Right, I use it, and it working fine. I use single HOTP. The sdk/tools also build friendly, there was no problem to build in order to perform the initial enrolment. Experience? I consider getting one to test and use it .. flameeyes didn't get one: https://blog.flameeyes.eu/2012/01/how-not-to-sell-me-something-why-i-won-t-be-maintaining-yubikey-software-directly-in-gentoo maybe since then they changed their policies etc It's weird. They list prices in dollars, PayPal converts that to Pounds Sterling, then the device is posted for a UK address. The VAT thing is even weirder. -- Neil Bothwick Found my .sig, it was in behind the cushion on the settee.
Re: [gentoo-user] yubikey
On Wed, 18 Jun 2014 15:02:03 +0200, Stefan G. Weichinger wrote: I got one a few days ago to check out. It's basically a USB keyboard, so it works with Gentoo exactly the same way it works with anything else. I've only tried the static password part so far, but my hard drive is not encrypted with a ridiculously long key that I would never use if I had to type it manually. cool ... I'd like to use it for * plain login * unlocking ssh-keys * maybe even unlocking my LUKS-partitions It's the third I'm using it for at the moment. and the NFC-part for combining it with a password safe on my android phone I've got the standard Yubikey, although the Neo does lok a good bet for mobile usage too. It's weird. They list prices in dollars, PayPal converts that to Pounds Sterling, then the device is posted for a UK address. The VAT thing is even weirder. I consider I won't get a correct invoice .. in terms of taxes .. They don't appear to have a base in Austria, so it will probably be the same as any other overseas purchase for you. -- Neil Bothwick CONGRSS.SYS corruptd... Re-boot Washington D.C? (Y/N) signature.asc Description: PGP signature
[gentoo-user] Re: yubikey
Stefan G. Weichinger lists at xunil.at writes: Anyone using that (with gentoo) ? Experience? I consider getting one to test and use it .. Stefan I do not know where to start, so I just try to simplify things Near Field Communications, are a very bad idea, if you care about security. (ybikey) is based on NFC. In fact, it is compatible with RFID. So, you should know that millions of locations have RFID loops established, so that if you pass through the loop, folks can OWN your RFID (NFC) device information. The semiconductor companies have all established back doors into their hardware offering, for various reasons. There is a matrix of what owners of the loop antennae installations can gain access to depending on who they are, how much they pay, and which nation states they play ball with. Here in Floirda the most infamous RF loop antennaes are installed on the (toll) roadways: http://en.wikipedia.org/wiki/SunPass http://cybersecurity.mit.edu/tag/near-field-communication/ Many tables found in restuarants have RF* loop antennaes built into the table, and folks purchasing these tables are not even aware of them. They are difficult to detect. Digital information gathering is a few decades old. Signal Intercept (RF*) is over 60 years old and very, very successful. Most of that technology is clasified. There are many satelittes capable of picking up RFID signals, generated terrestrially, above the atmosphere. Using RF* to secure anything is like pulling down your panties at a Frat party full of horney teenage males. It's not a question of if, but what you are going to exchange energies with ! However that said, there are passive RF back doors built into most devices that cost over $20.00 usd now adays; so I guess it does not really even matter ? http://www.mouser.com/applications/rf_energy_harvesting/ caveat emptor. James
Re: [gentoo-user] Re: yubikey
On Wed, 18 Jun 2014 18:08:21 + (UTC), James wrote: Anyone using that (with gentoo) ? Experience? I consider getting one to test and use it .. Stefan I do not know where to start, so I just try to simplify things Near Field Communications, are a very bad idea, if you care about security. (ybikey) is based on NFC. The Yubikey NEO uses NFC, the standard models do not use it. -- Neil Bothwick RAM = Rarely Adequate Memory signature.asc Description: PGP signature
[gentoo-user] Re: yubikey
Neil Bothwick neil at digimed.co.uk writes: On Wed, 18 Jun 2014 18:08:21 + (UTC), James wrote: Anyone using that (with gentoo) ? Experience? I consider getting one to test and use it .. Stefan I do not know where to start, so I just try to simplify things Near Field Communications, are a very bad idea, if you care about security. (ybikey) is based on NFC. The Yubikey NEO uses NFC, the standard models do not use it. OK, lets skip any RF backdoors installed by the manufacturer, as those always exist, but are 'out of scope', for now. U see this? http://www.unrest.ca/evaluating-the-security-of-the-yubikey James
Re: [gentoo-user] Re: yubikey
On Wed, 18 Jun 2014 19:23:25 + (UTC), James wrote: OK, lets skip any RF backdoors installed by the manufacturer, as those always exist, but are 'out of scope', for now. U see this? http://www.unrest.ca/evaluating-the-security-of-the-yubikey I hadn't. At first glance it appears to relate to their OTP service, which I don't use. I use it with a static password as part of a two factor approach, so you would need to get physical access to the key for long enough to grab the password and know the other part of the password. -- Neil Bothwick When you go to court you are putting yourself in the hands of 12 people that were not smart enough to get out of jury duty. signature.asc Description: PGP signature
Re: [gentoo-user] Ifplugd breaks services
On Wednesday 18 Jun 2014 14:03:47 thegeezer wrote: On 06/17/2014 10:59 PM, Mick wrote: I can't recall ever having heard a beep when the cable is disconnected. :-/ odd. i wish i knew with certainty where ifplug hooks in. if you # ps aux | grep ifplug do you have a -b on the line? such as /usr/sbin/ifplugd -b --iface=eth0 that's how you disable the beep, -b = nobeep No, this is what it shows: /usr/sbin/ifplugd --iface=enp11s0 -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] [Gentoo-User] emerge --sync likely to kill SSD?
rsync is doing bunch of 4k ramdon IO when updateing portage tree, that will kill SSDs with much higher Write Amplification Factror. I have a 2year old SSDs that have reported Write Amplification Factor of 26. I think the only reason is that I put portage tree on this SSD to speed it up. what is the suggest way to reduce Write Amplification of a portage sync ?