On Wed, Mar 20, 2024, 11:28 AM Jesper Dybdal
wrote:
> I have now done the following:
> * Checked the RAID array - no problems found.
> * Run fsck. It found three cases of the block count being incorrect. I
> don't know which the other two affected files are.
> * Run one pass of memtest86+. Not
On Wed, Mar 20, 2024 at 3:50 PM Pierre-Elliott Bécue wrote:
>
> De : Lee
> À : Pierre-Elliott Bécue
> Cc : Debian Users ML
> Date : 20 mars 2024 20:40:52
> Objet : Re: Root password strength
>
> > On Wed, Mar 20, 2024 at 1:47 PM Pierre-Elliott Bécue wrote:
> >>
> >> Brad Rogers wrote on 20/03/202
On Wed, Mar 20, 2024 at 2:34 PM Pierre-Elliott Bécue wrote:
>
> Jeffrey Walton wrote on 20/03/2024 at 19:16:16+0100:
>
> [...]
> >> Noone asks someone to remember more than two or three passwords. The
> >> rest belongs to a password manager.
> >
> > Huh? This is discussed in detail in Peter Gutm
De : Lee
À : Pierre-Elliott Bécue
Cc : Debian Users ML
Date : 20 mars 2024 20:40:52
Objet : Re: Root password strength
> On Wed, Mar 20, 2024 at 1:47 PM Pierre-Elliott Bécue wrote:
>>
>> Brad Rogers wrote on 20/03/2024 at 18:39:30+0100:
>>> On Wed, 20 Mar 2024 17:09:31 +0100
>>> Pierre-Ellio
On Wed, Mar 20, 2024 at 1:47 PM Pierre-Elliott Bécue wrote:
>
> Brad Rogers wrote on 20/03/2024 at 18:39:30+0100:
> > On Wed, 20 Mar 2024 17:09:31 +0100
> > Pierre-Elliott Bécue wrote:
> >
> > Hello Pierre-Elliott,
> >
> >>Most of the time, writing down a password is a very bad idea.
> >
> > Not
John Hasler wrote on 20/03/2024 at 19:35:42+0100:
> Pierre-Elliott Bécue writes:
>> My home sees plenty different people coming in. Some I trust, some I
>> trust less. Also videocalls is a nice way to get a paper password
>> recorded (and yes it happens).
>
> I keep my passwords in a small book t
tomas writes:
> Actually, I use between pwgen -n 8 (user pw) and pwgen -n 16 (LUKS
> encryption).
-n is the default for pwgen. Note that this slightly reduces the size
of the search space. Unfortunately many sites require it.
> I memorize the most important of them.
I memorize the ones I use m
Brad Rogers wrote on 20/03/2024 at 19:03:48+0100:
> [[PGP Signed Part:No public key for 0F3EE001F02A3E20 created at
> 2024-03-20T19:03:48+0100 using RSA]]
> On Wed, 20 Mar 2024 18:46:04 +0100
> Pierre-Elliott Bécue wrote:
>
> Hello Pierre-Elliott,
>
>>You have a rather bad cybersecurity approac
Pierre-Elliott Bécue writes:
> My home sees plenty different people coming in. Some I trust, some I
> trust less. Also videocalls is a nice way to get a paper password
> recorded (and yes it happens).
I keep my passwords in a small book the size of a passport and I secure
it the same way I secure
Jeffrey Walton wrote on 20/03/2024 at 19:16:16+0100:
> On Wed, Mar 20, 2024 at 1:45 PM Pierre-Elliott Bécue wrote:
>>
>>
>> Jeffrey Walton wrote on 20/03/2024 at 18:30:34+0100:
>>
>> > On Wed, Mar 20, 2024 at 12:51 PM Pierre-Elliott Bécue
>> > wrote:
>> >>
>> >> Jeffrey Walton wrote on 20/03
On Wed, 20 Mar 2024 18:46:04 +0100
Pierre-Elliott Bécue wrote:
Hello Pierre-Elliott,
>You have a rather bad cybersecurity approach.
I use password generators and vaults for all my passwords. Nothing
wrong with my cyber-security.
Also note that I put 'written down' in single quotes - it was me
Michael Kjörling <2695bd53d...@ewoof.net> wrote on 20/03/2024 at 19:04:10+0100:
> On 20 Mar 2024 18:46 +0100, from p...@debian.org (Pierre-Elliott Bécue):
Most of the time, writing down a password is a very bad idea.
>>>
>>> Not in your own home. And in any event, it depends where one keeps
On Wed, Mar 20, 2024 at 1:45 PM Pierre-Elliott Bécue wrote:
>
>
> Jeffrey Walton wrote on 20/03/2024 at 18:30:34+0100:
>
> > On Wed, Mar 20, 2024 at 12:51 PM Pierre-Elliott Bécue
> > wrote:
> >>
> >> Jeffrey Walton wrote on 20/03/2024 at 17:19:46+0100:
> >>
> >> > On Wed, Mar 20, 2024 at 12:09
On 20 Mar 2024 17:07 +0100, from p...@debian.org (Pierre-Elliott Bécue):
> Let's stop to overcomplexify, the best course of action for passwords
> you need to remember are passphrases, and to this matter, Randall nailed
> the matter properly.
If you're referring to https://xkcd.com/936/ I believe
On 20 Mar 2024 18:46 +0100, from p...@debian.org (Pierre-Elliott Bécue):
>>> Most of the time, writing down a password is a very bad idea.
>>
>> Not in your own home. And in any event, it depends where one keeps that
>> 'written down' password.
>>
>> And if it *does* become an issue at home, you
On Wed, Mar 20, 2024 at 11:02:41AM -0500, John Hasler wrote:
> Use one of the password generating programs such as pwgen to produce a
> 12 character random password. Write it down.
Actually, I use between pwgen -n 8 (user pw) and pwgen -n 16 (LUKS encryption).
I memorize the most important of the
Brad Rogers wrote on 20/03/2024 at 18:39:30+0100:
> On Wed, 20 Mar 2024 17:09:31 +0100
> Pierre-Elliott Bécue wrote:
>
> Hello Pierre-Elliott,
>
>>Most of the time, writing down a password is a very bad idea.
>
> Not in your own home. And in any event, it depends where one keeps that
> 'written
Jeffrey Walton wrote on 20/03/2024 at 18:30:34+0100:
> On Wed, Mar 20, 2024 at 12:51 PM Pierre-Elliott Bécue wrote:
>>
>> Jeffrey Walton wrote on 20/03/2024 at 17:19:46+0100:
>>
>> > On Wed, Mar 20, 2024 at 12:09 PM Pierre-Elliott Bécue
>> > wrote:
>> >>
>> >> John Hasler wrote on 20/03/202
On Wed, 20 Mar 2024 17:09:31 +0100
Pierre-Elliott Bécue wrote:
Hello Pierre-Elliott,
>Most of the time, writing down a password is a very bad idea.
Not in your own home. And in any event, it depends where one keeps that
'written down' password.
And if it *does* become an issue at home, you've
Hi,
Max Nikulin wrote:
> I admit "dithering" may be incorrect term, [...]
> Consider 2 squares having size of 2.5×2.5 pixels. Non-even sizes and fuzzy
> lines variants:
> █████
> ██████
> ████ ██
>██ ██
>█████
> Second variant might have sense if an
On Wed, Mar 20, 2024 at 12:51 PM Pierre-Elliott Bécue wrote:
>
> Jeffrey Walton wrote on 20/03/2024 at 17:19:46+0100:
>
> > On Wed, Mar 20, 2024 at 12:09 PM Pierre-Elliott Bécue
> > wrote:
> >>
> >> John Hasler wrote on 20/03/2024 at 16:58:01+0100:
> >>
> >> > Pierre-Elliott Bécue writes:
> >>
On 20/03/2024 01:51, Thomas Schmitt wrote:
Max Nikulin wrote:
When vector graphics, that does not match device resolution, is rasterized,
the result is either non-even sizes of similar elements or fuzzy lines due
to dithering.
Nitpicking:
"Dithering" in raster graphics is emulation of color r
John Hasler wrote on 20/03/2024 at 17:21:20+0100:
> Pierre-Elliott Bécue writes:
>> Writing down a password is a bad idea.
>
> Why?
Because anyone falling on the paper with the password can do a lot of
harm. Because you can't control what this paper will become with
certainty, while it's easier
Jeffrey Walton wrote on 20/03/2024 at 17:19:46+0100:
> On Wed, Mar 20, 2024 at 12:09 PM Pierre-Elliott Bécue wrote:
>>
>> John Hasler wrote on 20/03/2024 at 16:58:01+0100:
>>
>> > Pierre-Elliott Bécue writes:
>> >> A phrase you will easily remember but that would be hardcore to guess
>> >> thro
On 20/03/2024 23:19, Jeffrey Walton wrote:
The network attacker cannot (yet) reach through a
monitor and read a sticky note.
It may be visible during a video call performed from a smartphone.
Detlef Vollmann wrote:
> Is there a description anywhere how the 64bit time transition works?
> I'm currently stuck with a hard to maintain Sid system.
> It currently has "871 not upgraded" and it's nearly impossible to
> install new packages.
>
> I've looked e.g. into gnutls (on amd64), and libgnu
Pierre-Elliott Bécue writes:
> Writing down a password is a bad idea.
Why?
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
On Wed, Mar 20, 2024 at 12:09 PM Pierre-Elliott Bécue wrote:
>
> John Hasler wrote on 20/03/2024 at 16:58:01+0100:
>
> > Pierre-Elliott Bécue writes:
> >> A phrase you will easily remember but that would be hardcore to guess
> >> through social engineering is perfect.
> >
> > Better is a random s
John Hasler wrote on 20/03/2024 at 17:02:41+0100:
> Use one of the password generating programs such as pwgen to produce a
> 12 character random password. Write it down.
Most of the time, writing down a password is a very bad idea.
--
PEB
signature.asc
Description: PGP signature
John Hasler wrote on 20/03/2024 at 16:58:01+0100:
> Pierre-Elliott Bécue writes:
>> A phrase you will easily remember but that would be hardcore to guess
>> through social engineering is perfect.
>
> Better is a random string that you write down. When people try to
> generate phrases that meet t
Use one of the password generating programs such as pwgen to produce a
12 character random password. Write it down.
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
On 20 Mar 2024 10:58 -0500, from j...@sugarbit.com (John Hasler):
>> A phrase you will easily remember but that would be hardcore to guess
>> through social engineering is perfect.
>
> Better is a random string that you write down. When people try to
> generate phrases that meet those requirement
Pierre-Elliott Bécue writes:
> A phrase you will easily remember but that would be hardcore to guess
> through social engineering is perfect.
Better is a random string that you write down. When people try to
generate phrases that meet those requirements they usually fail.
--
John Hasler
j...@su
Michael Kjörling <2695bd53d...@ewoof.net> wrote on 20/03/2024 at 16:16:41+0100:
> On 20 Mar 2024 15:45 +0100, from p...@debian.org (Pierre-Elliott Bécue):
>>> it should be like 32 symbols with special symbols? Or this paragraph
>>> in a handbook is rather paranoid?
>>
>> It's not paranoid.
>
> F
I must mention that "32 characters" is only my guess.
In the Handbook it is said: "The root user's password should be long (12
characters or more) and impossible to guess."
Also, i must again say that in my case we speak just about a humble home
desktop, without a ""ssh" access"" or whatever comp
On 20 Mar 2024 15:45 +0100, from p...@debian.org (Pierre-Elliott Bécue):
>> it should be like 32 symbols with special symbols? Or this paragraph
>> in a handbook is rather paranoid?
>
> It's not paranoid.
For 82 symbols (mixed-case alphanumeric plus 20 special characters),
32 characters is equiv
On 20/03/24 at 09:15, Jesper Dybdal wrote:
[Sorry for the accidental Danish-language subject line :-( ]
On 2024-03-19 21:47, Franco Martelli wrote:
On 19/03/24 at 15:43, Jesper Dybdal wrote:
My plan is to boot a rescue disk and mount that partition read-only.
Then:
* If the file looks ok af
Jan Krapivin wrote on 19/03/2024 at 15:42:55+0100:
> I read Debian Administrator's handbook now. And there are such words:
>
> The root user's password should be long (12 characters or more) and
> impossible to guess. Indeed, any computer (and a fortiori any server)
> connected to the Intern
On Wed, Mar 20, 2024 at 09:23:58AM -0400, Jeffrey Walton wrote:
[...]
> > Also, are you saying that you do not let users rotate their keys
> > themselves; and if so, why on Earth not?
>
> Key continuity has turned out to be a better security property than
> key rotation. It is wise to avoid grat
On Wed, Mar 20, 2024 at 7:03 AM Michael Kjörling <2695bd53d...@ewoof.net> wrote:
>
> On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> > Regarding certificates, I issue VPN certificates to be installed on each
> > remote device. I don't use public key.
>
> What exactly is
I have now done the following:
* Checked the RAID array - no problems found.
* Run fsck. It found three cases of the block count being incorrect. I
don't know which the other two affected files are.
* Run one pass of memtest86+. Nothing found.
So it seems not to be a problem with the disks.
jeremy ardley wrote:
>
> On 20/3/24 19:03, Michael Kjörling wrote:
> > On 20 Mar 2024 15:46 +0800, fromjeremy.ard...@gmail.com (jeremy ardley):
> > > [users are locked out from uploading their public key using ssh-copy-id]
> > So the private keys aren't private, thereby invalidating a lot of
> >
On 20 Mar 2024 12:17 +0100, from to...@tuxteam.de:
>>> For ssh use I issue secret keys to each user and maintain matching public
>>> keys in LDAP servers [...]
>
>> So the private keys aren't private, thereby invalidating a lot of
>> assumptions inherent in public key cryptography.
>
> We are usi
On 20 Mar 2024 19:21 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
>>> Regarding certificates, I issue VPN certificates to be installed on each
>>> remote device. I don't use public key.
>>
>> What exactly is this "certificate" that you speak of? In typical
>> usage, it means a public key p
On 20/3/24 19:03, Michael Kjörling wrote:
On 20 Mar 2024 15:46 +0800, fromjeremy.ard...@gmail.com (jeremy ardley):
Regarding certificates, I issue VPN certificates to be installed on each
remote device. I don't use public key.
What exactly is this "certificate" that you speak of? In typical
On Wed, Mar 20, 2024 at 11:03:16AM +, Michael Kjörling wrote:
> On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> > Regarding certificates, I issue VPN certificates to be installed on each
> > remote device. I don't use public key.
>
> What exactly is this "certificat
On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> Regarding certificates, I issue VPN certificates to be installed on each
> remote device. I don't use public key.
What exactly is this "certificate" that you speak of? In typical
usage, it means a public key plus some surr
Marco Moock wrote:
It currently has "871 not upgraded" and it's nearly impossible to
install new packages.
The libs will have a suffix of t64, so you need to use dist-upgrade to
upgrade the packages if they depend on the t64 libs.
No, only the package names have the 't64' suffix, the libra
Am 20.03.2024 um 09:29:12 Uhr schrieb Erwan David:
> Since I begin to have this in tetsing : and what should we do when a
> package tries to remove other (except wait) ?
>
> eg, now in testing upgrading nextcloud-desktop would remove
> plasma-discover, and fwbuilder would remove cups.
Be aware
Hi,
Marco Moock wrote:
> The libs will have a suffix of t64
I wonder whether those suffixes will go away at some stage of this effort.
(Further i wonder when the package tracker appearance of libisoburn
will become less ugly than currently:
https://tracker.debian.org/pkg/libisoburn
and how
Le 20/03/2024 à 09:09, Marco Moock a écrit :
Am 20.03.2024 um 08:22:16 Uhr schrieb Detlef Vollmann:
It currently has "871 not upgraded" and it's nearly impossible to
install new packages.
The libs will have a suffix of t64, so you need to use dist-upgrade to
upgrade the packages if they depend
On Wed, 20 Mar 2024 08:22:16 +0100
Detlef Vollmann wrote:
Hello Detlef,
>Is there a description anywhere how the 64bit time transition works?
I'm far from an expert, but from what I've read, this transition is
*huge*. Possibly the largest that has ever occurred in Debian. It's
going to take t
[Sorry for the accidental Danish-language subject line :-( ]
On 2024-03-19 21:47, Franco Martelli wrote:
On 19/03/24 at 15:43, Jesper Dybdal wrote:
My plan is to boot a rescue disk and mount that partition read-only.
Then:
* If the file looks ok after reboot, then I'll strongly suspect the
Am 20.03.2024 um 08:22:16 Uhr schrieb Detlef Vollmann:
> It currently has "871 not upgraded" and it's nearly impossible to
> install new packages.
The libs will have a suffix of t64, so you need to use dist-upgrade to
upgrade the packages if they depend on the t64 libs.
Although, carefully read
On 20/3/24 13:32, to...@tuxteam.de wrote:
How will a "VPN" with a "certificate" (whatever that means in this > context) be more secure than a SSH (assuming key pair
authentication, > not password)? > > They are doing the same dance (key
exchange, key pair validation, > session key establishme
Is there a description anywhere how the 64bit time transition works?
I'm currently stuck with a hard to maintain Sid system.
It currently has "871 not upgraded" and it's nearly impossible to
install new packages.
I've looked e.g. into gnutls (on amd64), and libgnutls30t64 (3.8.3-1.1)
as well as l
On Wed, Mar 20, 2024 at 02:01:44AM -0400, Jeffrey Walton wrote:
> On Wed, Mar 20, 2024 at 1:32 AM wrote:
> >
> > On Wed, Mar 20, 2024 at 04:22:29AM +0800, jeremy ardley wrote:
> >
> > > A 'safer' implementation will not even expose an ssh port. Instead there
> > > will be a certificate based VPN w
57 matches
Mail list logo
