Re: dropbox security situation
On Tue, Dec 10, 2019 at 09:57:14PM -0500, Celejar wrote: > On Sun, 8 Dec 2019 06:48:12 +0100 > wrote: > > ... > > > One example for the other side of the pond is riseup.net -- but they > > don't offer nextcloud, afaik; mail, mailing lists, wikis, pastebin, > > off the top of my head. > > And they have a .. very particular ideology they're pushing: Fine by me. If you don't like them -- just ignore them. We're all grown-ups, ain't we? Cheers -- t signature.asc Description: Digital signature
Re: dropbox security situation
On 12/10/19, Celejar wrote: > On Sun, 8 Dec 2019 06:48:12 +0100 > wrote: > > ... > >> One example for the other side of the pond is riseup.net -- but they >> don't offer nextcloud, afaik; mail, mailing lists, wikis, pastebin, >> off the top of my head. > > And they have a .. very particular ideology they're pushing: > > "Our purpose is to aid in the creation of a free society, a world with > freedom from want and freedom of expression, a world without oppression > or hierarchy, where power is shared equally. We do this by providing > communication and computer resources to allies engaged in struggles > against capitalism and other forms of oppression."" > > Celejar > > "Free society", "freedom", "freedom of expression", "without oppression"..., seems pretty "debian ideology" to me. Not so "very particular"... Anyway, "ideology" is being misused, btw.
Re: dropbox security situation
On Sun, 8 Dec 2019 06:48:12 +0100 wrote: ... > One example for the other side of the pond is riseup.net -- but they > don't offer nextcloud, afaik; mail, mailing lists, wikis, pastebin, > off the top of my head. And they have a .. very particular ideology they're pushing: "Our purpose is to aid in the creation of a free society, a world with freedom from want and freedom of expression, a world without oppression or hierarchy, where power is shared equally. We do this by providing communication and computer resources to allies engaged in struggles against capitalism and other forms of oppression."" Celejar
Re: [OT] Google security
The Wanderer writes: > Hmm. In my lexicon, crimes are defined by statute. How does your > definition differ? Crimes are acts that intentionally harm people (with a few exceptions and special cases). Statute violations are acts or states (e.g, possession of certain substances or objects) that a government has decided to punish people for. Often they coincide. Often they don't (see Andrei's example of it being a "crime" to listen to certain radio stations). -- John "When I use a word it means just what I choose it to mean" Hasler jhas...@newsguy.com Elmwood, WI USA
Re: dropbox security situation
On Tue, 10 Dec 2019 21:43:55 + Brian wrote: > On Mon 09 Dec 2019 at 18:35:46 -0500, Celejar wrote: > > > On Mon, 9 Dec 2019 19:34:29 + > > Brian wrote: > > > > > On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote: > > > > ... > > > > > > Although I almost always use it with its --secure option, since I > > > > don't try to memorize passwords, but instead record them (in a plain > > > > text file) - who can remember hundreds of passwords? > > > > > > Indeed. Memorising is part of the password problem. I've indicated a > > > possible solution that does not rely on the fallibility of memory in > > > another mail. > > > > > > Your plain text storage method would benefit immensley from using the > > > scrypt package. > > > > I understand that many recommend encrypting the password store, but I > > haven't yet done this. 'pass', recommended by Jonas in another message > > in this thread, uses gpg to do this, and your recommendation of scrypt, > > IIUC, would serve a similar goal. > > Except is does not bring with it all the baggage of full disk encryption > and gpg and does one thing very well. Baggage of FDE? I'm using it anyway, so there is literally zero additional baggage involved. There isn't really much baggage involved to begin with - it's not too difficult to set up, and it requires no maintenance once set up, beyond either backing up the LUKS header material (I don't bother with that) or having good backups of your data (which you need anyway). If you aren't using FDE, then you have to start worrying about every single piece of software that stores sensitive data on disk (or whose sensitive data may get cached somewhere on disk). It seems to me that just using FDE actually involves much less baggage than tracking down all such cases and integrating something like scrypt on a case by case basis. Celejar
Re: dropbox security situation
On Tue 10 Dec 2019 at 22:11:33 +, Brian wrote: > On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote: > > > 9 déc. 2019 à 19:13 de a...@cityscape.co.uk: > > > > > How about not having to remember (or write down) any passwords for > > > the places you log in to? > > > > > > https://masterpassword.app/ > > > > > > Not in Debian, unfortunately. > > > > > Interesting. > > However, I presume that a specific password modification should not be very > > easy because it seems you rely on a rather fixed encryption seed... > > Modifying a password with the masterpassword app is simplicity > itself. There is no fixed encryption seed. > > We have had comments about the difficulty of remembering passwords, > complex or not and writing down passwords and storing and accessing > them has been touched on. The masterpassword app gets all of these > issues. "gets round". Not "gets". -- Brian.
Re: dropbox security situation
On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote: > 9 déc. 2019 à 19:13 de a...@cityscape.co.uk: > > > How about not having to remember (or write down) any passwords for > > the places you log in to? > > > > https://masterpassword.app/ > > > > Not in Debian, unfortunately. > > > Interesting. > However, I presume that a specific password modification should not be very > easy because it seems you rely on a rather fixed encryption seed... Modifying a password with the masterpassword app is simplicity itself. There is no fixed encryption seed. We have had comments about the difficulty of remembering passwords, complex or not and writing down passwords and storing and accessing them has been touched on. The masterpassword app gets all of these issues. -- Brian.
Re: dropbox security situation
On Mon 09 Dec 2019 at 18:35:46 -0500, Celejar wrote: > On Mon, 9 Dec 2019 19:34:29 + > Brian wrote: > > > On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote: > > ... > > > > Although I almost always use it with its --secure option, since I > > > don't try to memorize passwords, but instead record them (in a plain > > > text file) - who can remember hundreds of passwords? > > > > Indeed. Memorising is part of the password problem. I've indicated a > > possible solution that does not rely on the fallibility of memory in > > another mail. > > > > Your plain text storage method would benefit immensley from using the > > scrypt package. > > I understand that many recommend encrypting the password store, but I > haven't yet done this. 'pass', recommended by Jonas in another message > in this thread, uses gpg to do this, and your recommendation of scrypt, > IIUC, would serve a similar goal. Except is does not bring with it all the baggage of full disk encryption and gpg and does one thing very well. -- Brian. > I don't want to have to constantly enter a master password to access my > passwords. pass recommends using gpg-agent, but then how much does one > really gain by the encryption? I use full disk encryption (cryptsetup / > LUKS), so the password file is secure at rest, and when I'm actually > using the system, if gpg-agent is used, then anyone with access to the > machine can access the password file anyway. I guess one gets some > additional security in the case where one walks away from > the machine and leaves it running (and an attacker doesn't get there > before gpg-agent evicts the password from the cache), and similar cases. > > I admit that I'm not that familiar with gpg-agent, and am no expert in > the topics under discussion. Please feel free to explain / remind > me of aspects of the issues that I'm missing. > > Celejar >
Re: dropbox security situation
Hi, 9 déc. 2019 à 15:56 de charlescur...@charlescurley.com: > There is a handy password generator available on Debian, called APG > (Automated Password Generator), which will generate passwords for you. > The default settings yield a fairly strong password, but you can modify > those to make the results even stronger. > Thanks, didn't know so much about CLI password managers. Personnally, I like GUI ones, especially, I've been using KeePassXC for 1,5 year and I'm very satisfied with it. Previsoulsy, I used KeePassX but I changed because it wasn't maintained... And before that it was KeePass. => In short, I've always been loyal to "KeePass*" family ;p 9 déc. 2019 à 19:13 de a...@cityscape.co.uk: > How about not having to remember (or write down) any passwords for > the places you log in to? > > https://masterpassword.app/ > > Not in Debian, unfortunately. > Interesting. However, I presume that a specific password modification should not be very easy because it seems you rely on a rather fixed encryption seed... 9 déc. 2019 à 21:17 de jhas...@newsguy.com: > Bruce Schneier recommends writing passwords down and then keeping the > document containing them secure. > I see at least one main drawback, especially in private life/context: you need to have your "document" with you at any time while being secure. 10 déc. 2019 à 00:35 de cele...@gmail.com: > I don't want to have to constantly enter a master password to access my > passwords. pass recommends using gpg-agent, but then how much does one > really gain by the encryption? I use full disk encryption (cryptsetup / > LUKS), so the password file is secure at rest, and when I'm actually > using the system, if gpg-agent is used, then anyone with access to the > machine can access the password file anyway. > I think it's part of defense in depth (onion model). Best regards, l0f4r0
Re: Previous versions of Debian GNU/Linux
I think you meant to say releases. You can check Debian Releases [0], which all stable, and oldstables in that page. [0]: https://www.debian.org/releases/ -- Please excuse any tpyos as it was sent from my Android. Berkhan Berkdemir www.berkhanberkdemir.com On Tue, Dec 10, 2019, 12:11 PM Davide Lombardo wrote: > I would like to download and test the previous versions of Debian for > historical reason, is it possible to safely download such versions > somewhere ? >
Re: Previous versions of Debian GNU/Linux
On Tue, Dec 10, 2019 at 07:55:41PM +, Davide Lombardo wrote: > I would like to download and test the previous versions of Debian for > historical reason, is it possible to safely download such versions somewhere ? https://cdimage.debian.org/cdimage/archive/
Previous versions of Debian GNU/Linux
I would like to download and test the previous versions of Debian for historical reason, is it possible to safely download such versions somewhere ?
Re: [Solved] iptables firewall and web sites not loading
Le 10/12/2019 à 20:13, nektarios a écrit : Pascal Hambourg wrote: Maybe a "MTU black hole" issue with PPPoE. Workarounds : - lower the MTU on the client side to 1492 - add a "TCPMSS --clamp-to-pmtu" iptables rule on the router (...) The tip you gave me really did the job! I found this page in tldp.org describing the mtu issue http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/mtu-issues.html and the I simply ran the iptables command ``` iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ``` and it was fixed! Please note that - It's a hack. It does not fix the actual issue (inbound packets bigger than the PMTU are silently dropped). - It works only for TCP. - This rule works only for IPv4. If you have IPv6 connectivity, you must add a similar ip6tables rule. - It does not work inside VPNs and tunnels which hide the actual PMTU.
[Solved] iptables firewall and web sites not loading
On Tue, 10 Dec 2019 09:26:46 + Nektarios Katakis wrote: > On Tue, 10 Dec 2019 07:22:05 +0100 > Pascal Hambourg wrote: > > > Le 10/12/2019 à 00:01, Nektarios Katakis a écrit : > > > > > > I am running an iptables firewall on an openwrt router I ve got. > > > Which acts as Firewall/gateway and performs NATing for my internal > > > network - debian PCs and android phones. > > > > > > All good but specific web sites are not loading for the machines > > > that are sitting behind the home router. > > > > > > When attempting on the browser (firefox but tried different ones) > > > the browser stays at `Performing a TLS handshake to > > > bitbucket.org`. wget has similar results: > > > ``` > > > wget https://bitbucket.org > > > --2019-12-09 22:07:32-- https://bitbucket.org/ > > > Resolving bitbucket.org (bitbucket.org)... 18.205.93.0, > > > 18.205.93.1, 18.205.93.2, ... Connecting to bitbucket.org > > > (bitbucket.org)|18.205.93.0|:443... connected. > > > ``` > > > When doing a tcpdump on the router side I can see some initial TCP > > > session establishment and then nothing: > > (...) > > > Of course doing a wget from the router itself works fine as it > > > also works fine on my desktop if I do dynamic port-forwarding > > > with eg. `ssh -D 1050 router` (and configure of course firefox to > > > use it). > > > > Maybe a "MTU black hole" issue with PPPoE. > > Workarounds : > > - lower the MTU on the client side to 1492 > > - add a "TCPMSS --clamp-to-pmtu" iptables rule on the router > > > > Interesting. I m not a network engineer and actually didnt think of > that. I ll give it a shot and update. > > Thanks. > The tip you gave me really did the job! I found this page in tldp.org describing the mtu issue http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/mtu-issues.html and the I simply ran the iptables command ``` iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ``` and it was fixed! Thanks again! --- Nektarios Katakis
Re: xdm config
On Mon, 9 Dec 2019, didier.gau...@gmail.com wrote: Perhaps wdm would be of interest for you: https://packages.debian.org/buster/wdm Bingo! This is exactly what I was looking for, and more. The install was like butter, even offering a selection of which display manager was to be default. Thanks (and an honorable mention to tomas for also chiming in). :-) -- These are not the droids you are looking for.
Re: [OT] Google security
On 2019-12-10 at 08:07, John Hasler wrote: > Andrei writes: > >> "Criminals" are what the law defines them to be. Laws can be >> created and / or changed as needed. > > In my lexicon criminals are people who commit crimes, not people who > violate statutes. Hmm. In my lexicon, crimes are defined by statute. How does your definition differ? -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: dropbox security situation
On Tue, Dec 10, 2019 at 06:56:15AM -0600, John Hasler wrote: > I wrote: > > Bruce Schneier recommends writing passwords down and then keeping the > > document containing them secure. > > Andrei writes: > > Not everybody has the luxury of typing password without danger of > > someone taking a peek over the shoulder. > > True but the admonition isn't "Don't write down passwords if you cannot > read them back securely". It's "Never, ever, ever write down a password > no matter what!" This violates my preferred maxim: "all generalizations suck". Yeah, I know it's self-referential and contains (kinda) a negation in it. The most interesting advances in last century's maths and computer science happened in this vein ;-) Cheers -- tomás signature.asc Description: Digital signature
Re: dropbox security situation
On Tue, 10 Dec 2019 06:56:15 -0600 John Hasler wrote: > I wrote: > > Bruce Schneier recommends writing passwords down and then keeping the > > document containing them secure. > > Andrei writes: > > Not everybody has the luxury of typing password without danger of > > someone taking a peek over the shoulder. > > True but the admonition isn't "Don't write down passwords if you cannot > read them back securely". It's "Never, ever, ever write down a password > no matter what!" In the current environment bad passwords are a far > greater threat than that of friends or co-workers sneakily reading them. > Common sense applies. Writing down passwords doesn't mean you have to > read them aloud while sitting at a hotel bar. Arnold Reinhold (the Diceware creator) agrees with Schneier: Should I write down my passphrase? This is a very important question. Much advice says never write down your passphrase under any circumstances. I strongly disagree, as do may other security experts. Most people are more afraid of forgetting their own passphrase than they are of having it stolen. As a result they tend to pick passphrases that are far too weak. I actually did a small survey on this question and the results support my view. See http://world.std.com/~reinhold/passphrase.survey.asc Also many people need dozens of passwords or passphrases for different programs and web sites. Remembering them all can be difficult, particularly those that are used infrequently. For most people it is better to pick strong passphrases, write them down and keep them in a very safe place. There may be legal advantages to memorizing your key, however. http://world.std.com/%7Ereinhold/dicewarefaq.html Celejar
Re: [OT] Google security
Andrei writes: > "Criminals" are what the law defines them to be. Laws can be created > and / or changed as needed. In my lexicon criminals are people who commit crimes, not people who violate statutes. Not restricting my emailing to sending encrypted messages to people in my web of trust and doing all my Web surfing via trusted Tor nodes does not imply that I approve of government data trawling. -- John Hasler jhas...@newsguy.com Elmwood, WI USA
Re: dropbox security situation
I wrote: > Bruce Schneier recommends writing passwords down and then keeping the > document containing them secure. Andrei writes: > Not everybody has the luxury of typing password without danger of > someone taking a peek over the shoulder. True but the admonition isn't "Don't write down passwords if you cannot read them back securely". It's "Never, ever, ever write down a password no matter what!" In the current environment bad passwords are a far greater threat than that of friends or co-workers sneakily reading them. Common sense applies. Writing down passwords doesn't mean you have to read them aloud while sitting at a hotel bar. -- John Hasler jhas...@newsguy.com Elmwood, WI USA
Re: iptables firewall and web sites not loading
On Tue, 10 Dec 2019 07:22:05 +0100 Pascal Hambourg wrote: > Le 10/12/2019 à 00:01, Nektarios Katakis a écrit : > > > > I am running an iptables firewall on an openwrt router I ve got. > > Which acts as Firewall/gateway and performs NATing for my internal > > network - debian PCs and android phones. > > > > All good but specific web sites are not loading for the machines > > that are sitting behind the home router. > > > > When attempting on the browser (firefox but tried different ones) > > the browser stays at `Performing a TLS handshake to bitbucket.org`. > > wget has similar results: > > ``` > > wget https://bitbucket.org > > --2019-12-09 22:07:32-- https://bitbucket.org/ > > Resolving bitbucket.org (bitbucket.org)... 18.205.93.0, 18.205.93.1, > > 18.205.93.2, ... Connecting to bitbucket.org > > (bitbucket.org)|18.205.93.0|:443... connected. > > ``` > > When doing a tcpdump on the router side I can see some initial TCP > > session establishment and then nothing: > (...) > > Of course doing a wget from the router itself works fine as it also > > works fine on my desktop if I do dynamic port-forwarding with eg. > > `ssh -D 1050 router` (and configure of course firefox to use it). > > Maybe a "MTU black hole" issue with PPPoE. > Workarounds : > - lower the MTU on the client side to 1492 > - add a "TCPMSS --clamp-to-pmtu" iptables rule on the router > Interesting. I m not a network engineer and actually didnt think of that. I ll give it a shot and update. Thanks. -- Nektarios Katakis