similar to: Another Fedora decision

On Thu, February 5, 2015 9:06 am, James B. Byrne wrote: > > On Wed, February 4, 2015 16:55, Warren Young wrote: >>> On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: >>> >>> Again, the real bruteforce danger is when your /etc/shadow is >>> exfiltrated by a security vulnerability >> >> Unless you have misconfigured your

On 02/04/2015 02:08 PM, Lamar Owen wrote: > > 3.) Attacker uses a large graphics card's GPU power, harnessed with > CUDA or similar, to run millions of bruteforce attempts per second on > the exfiltrated /etc/shadow, on their computer (not yours). > 4.) After a few hours, attacker has your password (or at least a > password that hashes to the same value as your password),

On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > >> >> Yes, computers and the way people access them are pretty much a >> commodity now. If you are spending time building something exotic for >> a common purpose, isn't that a waste? > > Do I have to take that people who are not sysadmins themselves just hate > an

On Tue, Feb 3, 2015 at 12:24 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > Sounds so I almost have to feel shame for securing my boxes no matter what > job vendor did ;-) Yes, computers and the way people access them are pretty much a commodity now. If you are spending time building something exotic for a common purpose, isn't that a waste? > Just a simple

On 02/03/2015 03:44 PM, Always Learning wrote: > There should be a basic defence that when the password is wrong 'n' > occasions the IP address is blocked automatically and permanently > unless it is specifically allowed in IP Tables. As has been mentioned, fail2ban does this. However, the reason you want a password that is not easily bruteforced has nothing to do with this,

On Thu, 2015-02-05 at 09:27 -0600, Valeri Galtsev wrote: > .......... I feel like > there is brave new world of admins who feel it right to have > "iPad-like" everything, i.e. boxes cooked up and sealed by vendor, and > you have no way even to look inside, not to say re-shape interior to > your understanding [of security or anything else]. Am I the only one? Foolish

> On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: > > Again, the real bruteforce danger is when your /etc/shadow is exfiltrated by a security vulnerability Unless you have misconfigured your system, anyone who can copy /etc/shadow already has root privileges. They don?t need to crack your passwords now. You?re already boned.

On Tue, Feb 3, 2015 at 11:20 AM, Scott Robbins <scottro at nyc.rr.com> wrote: >> >> I don't think anybody is missing anything. "Palindrome" in this context >> may not be limited to real words; the author may be suggesting that you >> not pick your password by picking a real word and tacking on its >> reverse to make a palindrome, e.g.,

On Tue, Feb 3, 2015 at 11:48 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > >> I think the intent is: "Don't use a password likely to be included in >> the list that an attacker would try". Of course if services would >> rate-limit the failures > > Which sysadmins do for ages when they configure their machines. And I > don't think

On Wed, 2015-02-04 at 14:55 -0700, Warren Young wrote: > > On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: > > > > Again, the real bruteforce danger is when your /etc/shadow is exfiltrated by a security vulnerability > > Unless you have misconfigured your system, anyone who can copy /etc/shadow already has root privileges. They don?t need to

On Thu, 2015-02-05 at 16:39 -0600, Valeri Galtsev wrote: > >>> > >>> -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow > Be it me, I would consider box compromised. All done on/from that box > since probable day it happened compromised as well. If there is no way to > establish the day, then since that system originally build. With full > blown sweeping up

On Mon, Feb 2, 2015 at 4:17 PM, Warren Young <wyml at etr-usa.com> wrote: >> > Let?s flip it around: what?s your justification *for* weak passwords? > You don't need to write them down. Or trust some 3rd party password keeper to keep them. Whereas when 'not weak' is determined by someone else in the middle of trying to complete something, you are very likely to

On Mon, Dec 29, 2014 at 10:23 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > Welcome to ipad generation folks! Yes, but Apple knows enough to stay out of the server business where stability matters - and they are more into selling content than code anyway. Client side things do need to deal with mobility these days - reconnecting automatically after sleep/wakeup and

For the OP: Did you even try Google before asking the list? Google should always be your first choice. http://www.dedoimedo.com/computers/linux-iphone-6.html For Scott: If you install the VLC app on the iPad you can probably skip the transcoding and also having to add the video to iTunes first. You'll only need to transcode the audio if it uses AC3, which is proprietary and the owners

On Fri, Oct 18, 2019 at 09:23:38AM -0500, Valeri Galtsev wrote: > And last but not least: I got used to some way of interaction with computer, > and that way is most productive for me after very long use. I don't want to > blend in iPad generation, I want to stay productive which I am. So, I use > Mutt (on FreeBSD, which my workstation runs, it is so easy and > straightforward

On Fri, Oct 18, 2019 at 10:36:25AM -0500, Valeri Galtsev wrote: > > > > On Fri, Oct 18, 2019 at 09:23:38AM -0500, Valeri Galtsev wrote: > > > And last but not least: I got used to some way of interaction with computer, > > > and that way is most productive for me after very long use. I don't want to > > > blend in iPad generation, I want to stay

On Tue, February 3, 2015 14:01, Valeri Galtsev wrote: > > On Tue, February 3, 2015 12:39 pm, Les Mikesell wrote: >> On Tue, Feb 3, 2015 at 12:24 PM, Valeri Galtsev >> <galtsev at kicp.uchicago.edu> wrote: >>> >>> Sounds so I almost have to feel shame for securing my boxes no >>> matter what job vendor did ;-) >> >> Yes, computers and

On Thu, Jan 8, 2015 at 10:35 AM, Warren Young <wyml at etr-usa.com> wrote: >> > Would the world really be a better place if CDE had never been replaced? Me, I?ll take GNOME 3 and all its warts over CDE any day of the week. CDE never would have *evolved* to be the equal of GNOME; it had to be destroyed to make room. But it doesn't matter how pretty Gnome3 is on some other box.

On Fri, Oct 18, 2019 at 11:42:22AM -0500, Valeri Galtsev wrote: > > > > On Oct 18, 2019, at 11:34 AM, Scott Robbins <scottro11 at gmail.com> wrote: > > > > On Fri, Oct 18, 2019 at 10:36:25AM -0500, Valeri Galtsev wrote: > >> > >> > >>> On Fri, Oct 18, 2019 at 09:23:38AM -0500, Valeri Galtsev wrote: > >>>> And last but

On Thu, Feb 5, 2015 at 4:39 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > >> >> Yes, /etc/shadow would have always been readable only by root by >> default. The interesting question here is whether an intruder did >> it, clumsily leaving evidence behind, or whether it is just a local >> change from following some bad advice about things that