similar to: MFA 2FA TOTP razz-ma-tazz!

On Mon, 20 Feb 2023 at 20:03, Jochen Bern <Jochen.Bern at binect.de> wrote: > A quick question, if I may: Today, I heard a rumour that "ssh" can be > used as a TOTP *token* (i.e., accept or generate a secret for a > configuration and generate TOTP codes from there on out, to be entered > into some *other* software requesting them for 2FA). I'm not aware of any way

A quick question, if I may: Today, I heard a rumour that "ssh" can be used as a TOTP *token* (i.e., accept or generate a secret for a configuration and generate TOTP codes from there on out, to be entered into some *other* software requesting them for 2FA). All I could find on the web so far are how-tos to a) make ssh*d* request and verify TOTP codes (usually with the help of PAM)

Hello all, I'm trying to get a properly working MFA solution working with our ssh servers. I have it working wonderfully well with duo until ssh keys are added to the mix. As I understand it, using keys results in the PAM stack not getting called and thus something like pam_duo never get's a chance to work in that scenario. I'm aware that I can use something like "ForceCommand

I would have to also hack the email client since I don't enter my 20 character high entropy password when I send or retrieve email. You really need an email standard to integrate TOTP. To be realistic, you need Gmail to use it. Whatever Gmail wants is essentially a defacto standard. I live in the real world, so whatever Google wants, I comply. ? Original Message ? From: jtam.home at

Hi Gavin, I can't work through this right now, but I would start by looking at the 'hetcor' package to get the correlations, or if they are already in the return object, build a plot from these. Jim On Wed, Feb 22, 2023 at 4:24 AM gavin duley <gduley at gmail.com> wrote: > > Hi! > > Apologies if this is not the correct place to ask. I am attempting a > MFA

And which email clients can do this? A defacto standard needs to be adopted. If I don't provide SPF or DKIM, I am likely to be deemed spammy, hence a defacto standard has been established. I don't see this with TOTP. I'm all for TOTP, but I'm not going to code my own. ? Original Message ? From: sebastian at sebbe.eu Sent: October 27, 2020 5:56 PM To: dovecot at

Hi! Apologies if this is not the correct place to ask. I am attempting a MFA analysis of a dataset based on wine chemical and sensory analysis, based on the STHDA tutorial [1]. (I am using this dataset here too, as an example dataset to work on without posting my actual data. I've tried this with both my data and the example data, with the exact same results.) The only issue I am having is

I installed a Promise SuperTrak SX6000 ATA RAID controller on 4.8-RELEASE. The following message is logged when the device is under load (equivalent of make release): pst: timeout mfa=0x00327b90 cmd=WRITE Should I be concerned? Does the I/O fail and the driver simply not report the failure to the application? -- Scott

Dear gavin, I think that it's likely that Jim meant the hetcor() function in the polycor package. Best, John -- John Fox, Professor Emeritus McMaster University Hamilton, Ontario, Canada web: https://socialsciences.mcmaster.ca/jfox/ On 2023-02-21 5:42 p.m., gavin duley wrote: > Hi Jim, > > On Tue, 21 Feb 2023 at 22:17, Jim Lemon <drjimlemon at gmail.com> wrote: >>

To radically cut down on SSH log spam you can also hide it completely behind a firewall, and allow access only by some port knocking sequence. I quite like having a process listen on port 53 and wait for a dns query containing a totp string to grant (temporary) access; that's a 2fa, and doing a "host 123456. my-ip" is easily automated in a shell script as well...

If I got poison propagation right, it's probably only by luck! Hopefully, the funnel shift bug is fixed here: https://reviews.llvm.org/rL354905 Nuno, IIUC this means that you do *not* need to change the funnel shift semantics in Alive. So I think that means we're still on track to go with John's suggestion that only select and phi can block poison? (I don't know of any

Wouldn't a branch funnel open the door to a type 1 attack? E.g. if the code looks like this, then a branch funnel basically turns into a standard type 1 pattern AFAICT: struct Base { virtual int f(long) = 0; }; struct A : Base { int f(long x) override { return 0; }; }; struct B : Base { int f(long x) override { // As in listing 1 in

Hi, Sean Silva via llvm-dev wrote: > Wouldn't a branch funnel open the door to a type 1 attack? Only if the code looks exactly as you wrote it. If I understand this correctly the problem with indirect branches is that the "gadget", the code leaking the data, could be *anywhere* in the binary, giving the attacker much more freedom. So restricting these calls to one of the

Don't we need to distinguish funnel shift from the more specific rotate? I'm not seeing how rotate (a single input op shifted by some amount) gets into trouble like funnel shift (two variables concatenated and shifted by some amount). Eg, if in pseudo IR we have: %funnel_shift = fshl %x, %y, %sh ; this is problematic because either x or y can be poison, but we may not touch the poison when

We have these transforms from funnel shift to a simpler shift op: // fshl(X, 0, C) -> shl X, C // fshl(X, undef, C) -> shl X, C // fshl(0, X, C) -> lshr X, (BW-C) // fshl(undef, X, C) -> lshr X, (BW-C) These were part of: https://reviews.llvm.org/D54778 In all cases, one operand must be 0 or undef and the shift amount is a constant, so I think these are safe.

The proposed mitigation for variant 2 of CVE-2017-5715, “branch target injection”, is to send all indirect branches through an instruction sequence known as a retpoline. Because the purpose of a retpoline is to prevent attacker-controlled speculation, we also end up losing the benefits of benign speculation, which can lead to a measurable loss of performance. We can regain some of those benefits

Version 2.0-0 of meta (an R package for meta-analysis) is now available on CRAN. Changes are described below. Yours, Guido Major revision R package meta linked to R package metafor by Wolfgang Viechtbauer to provide additional statistical methods, e.g. meta-regression and other estimates for tau-squared (REML, ...) New functions: - metareg (meta-regression) - metabias

Version 2.0-0 of meta (an R package for meta-analysis) is now available on CRAN. Changes are described below. Yours, Guido Major revision R package meta linked to R package metafor by Wolfgang Viechtbauer to provide additional statistical methods, e.g. meta-regression and other estimates for tau-squared (REML, ...) New functions: - metareg (meta-regression) - metabias

On Tue, 27 Oct 2020, Sebastian Nielsen wrote: > Kind of stupid that there doesn't exist some common standard for 2FA that > works in email clients. You can bodge it for HOTP/TOTP hardware token generators. Dovecot allows custom plugins to check passwords. The plugin can take passwords of the form {password}+{2fa-token}, then split each part to check against authentication systems to

There's a question about the behavior of funnel shift [1] + select and poison here that reminds me of previous discussions about select and poison [2]: https://github.com/AliveToolkit/alive2/pull/32#discussion_r257528880 Example: define i8 @fshl_zero_shift_guard(i8 %x, i8 %y, i8 %sh) { %c = icmp eq i8 %sh, 0 %f = fshl i8 %x, i8 %y, i8 %sh %s = select i1 %c, i8 %x, i8 %f ; shift amount is 0