|
BlankSystemDaemon posted:The question is, what is a daemon doing in the kernel? Whatever it pleases. Literally.
|
# ? Dec 23, 2022 02:34 |
|
|
# ? May 30, 2024 09:04 |
|
BlankSystemDaemon posted:The question is, what is a daemon doing in the kernel? performance, apparently it apparently had a bunch of security issues found after being merged https://lwn.net/Articles/871866/
|
# ? Dec 23, 2022 03:21 |
|
BlankSystemDaemon posted:The question is, what is a daemon doing in the kernel? Drugs has always been my theory
|
# ? Dec 23, 2022 04:52 |
|
klosterdev posted:Joke's on me for being too lazy to change away from lastpass https://blog-lastpass-com.cdn.amppr...ity-incident%2F Amazing.
|
# ? Dec 23, 2022 09:17 |
|
Thanks Ants posted:Let's see how quickly all the NAS vendors don't update their software Your average nas is on kernel 5.10 or lower, which doesn't include the ksmbd kernel module.
|
# ? Dec 23, 2022 09:22 |
|
ksmbd is GPL2 whereas Samba is now GPL3 so there's bound to be a lot of NAS oems who would like to switch to the option that has responsibilities.
|
# ? Dec 23, 2022 11:33 |
|
BlankSystemDaemon posted:The question is, what is a daemon doing in the kernel?
|
# ? Dec 23, 2022 11:39 |
|
quote:ksmbd kill six million billion daemons
|
# ? Dec 23, 2022 11:45 |
Arivia posted:You should ask them, daemon-to-daemon. Kazinsal posted:Whatever it pleases. Literally. Malloc Voidstar posted:https://github.com/namjaejeon/ksmbd#performance Isn't Linux supposed to have more eyes on the code than FreeBSD? Yet WireGuard got caught before going into FreeBSD, whereas this appears to have gone in without much review because it was committed by someone working at Samsung, which is part of the Linux Foundation. RFC2324 posted:Drugs has always been my theory Splicer posted:Compromising security, can't you read? Cup Runneth Over posted:kill six million billion daemons
|
|
# ? Dec 23, 2022 12:53 |
|
klosterdev posted:Joke's on me for being too lazy to change away from lastpass https://blog-lastpass-com.cdn.amppr...ity-incident%2F Can someone smart tell me why 1Password isn't susceptible/is more secure than LastPass? I still use and pay for 1Password but out of habit/inertia at this point.
|
# ? Dec 23, 2022 16:30 |
|
Boris Galerkin posted:Can someone smart tell me why 1Password isn't susceptible/is more secure than LastPass? I still use and pay for 1Password but out of habit/inertia at this point. Competence, mostly.
|
# ? Dec 23, 2022 16:43 |
|
Really looking forward to changing all the drat passwords because my husband didn't follow suit when I migrated everything to 1password.
|
# ? Dec 23, 2022 16:48 |
|
lastpass doesn't have anything particular wrong with it (other than the unencrypted url thing, i guess). but the quantity of incidents and vulnerabilities they've had, their lackluster response to remediation, and the fact that they don't seem to be getting better over time made a lot of people switch. it's not an architectural or technical issue - it's an organizational one
|
# ? Dec 23, 2022 17:18 |
Boris Galerkin posted:Can someone smart tell me why 1Password isn't susceptible/is more secure than LastPass? I still use and pay for 1Password but out of habit/inertia at this point.
|
|
# ? Dec 23, 2022 17:37 |
|
Use self hosted buttwarden, get compromised that way
|
# ? Dec 23, 2022 17:54 |
|
That or use Keepass and keep it to yourself.
|
# ? Dec 23, 2022 18:23 |
|
Boris Galerkin posted:Can someone smart tell me why 1Password isn't susceptible/is more secure than LastPass? I still use and pay for 1Password but out of habit/inertia at this point. secret key 1Password never gets your secret key, so there's an extra 128bits of entropy for your vaults when stored on their servers you need both the secret key and the password to unlock a vault, so attacking their servers would basically be pointless
|
# ? Dec 23, 2022 19:01 |
|
Buff Hardback posted:secret key
|
# ? Dec 23, 2022 19:57 |
|
From the description of the breach all the data about what site the password is for is in the clear, so you can at least get a list of all the services that someone used.
|
# ? Dec 23, 2022 20:01 |
|
wolrah posted:LastPass works the same way. The password vault is just an encrypted blob from the standpoint of their servers. If you ignore the years of incompetence, on paper they're doing all the same things as anyone else in the space. They just have a long history of doing those things worse than everyone else. no? the only thing needed to decrypt your lastpass vault is your password, 1p requires both your password and secret key
|
# ? Dec 23, 2022 20:08 |
|
Buff Hardback posted:no? the only thing needed to decrypt your lastpass vault is your password, 1p requires both your password and secret key I definitely would not put it past them to have some poor UI design or intentional dark patterns that encourage users to make them the same though. If I'm misremembering and they really don't even offer that capability then they're even worse than I thought.
|
# ? Dec 23, 2022 20:38 |
|
Hey goons. I came over from the C++ thread. Copy-paste of my question follows.quote:This is gonna start out sounding incredibly paranoid. Whether or not it remains looking incredibly paranoid by the end, we'll see. You'd think they'd put it in a FAQ somewhere, but four years on, they haven't addressed it on their website at all. But again, this is just a post-process injector. There aren't, or shouldn't be, any manner of functionality that pose any kind of risk or security exploit such that warrants "NO, YOU CANNOT HAVE INCREASED COLOR SATURATION OR GAUSSIAN BLUR BECAUSE THERE IS A NEW VERSION. GO DOWNLOAD IT." I dunno. I got worries there's a bitcoin miner or DDOS botnet functionality or something, because of how secretive and hostile the dev(s) are.
|
# ? Dec 25, 2022 06:56 |
|
no, it’s not a sign of anything but people who want their product to work one way and have a lot of people complaining about it but if you’re worried about it harming you, why not use ReShade or just live without the extra saturation? it seems like even the slightest suspicion outweighs the significance of the functionality
|
# ? Dec 25, 2022 07:07 |
|
Well now you've got me wanting to run GShade through IDA Pro, thanks.
|
# ? Dec 25, 2022 07:12 |
|
Kazinsal posted:Well now you've got me wanting to run GShade through IDA Pro, thanks. Please and thank you? Like, this is the person I mentioned's screenshot of them asking. I asked as much four years earlier, and got almost exactly the same response back. A FAQ entry is *the least* they could do.
|
# ? Dec 25, 2022 07:47 |
|
I have no idea what gshade is but based on that short conversation I totally see where the developers are coming from. Sketchy sure but also understandable. E: think of it like this: - online game gets updated to detect poo poo like this better - gshade gets updated to evade said detections - user didn’t upgrade and gets banned from said game and starts up a storm blaming gshade for getting them banned edit2: Or even for offline games where there is zero risk of being banned for using this, without a version check every time a game gets updated and breaks gshade a ton of users are going to go complain about gshade breaking their game. That conversation you posted makes it sound like this has happened enough times that the (unpaid?) developer(s) just said gently caress it we’re doing this our way. Boris Galerkin fucked around with this message at 09:34 on Dec 25, 2022 |
# ? Dec 25, 2022 09:14 |
|
Long time lastpass user, decided it's time to change to something else since I'm going to be changing all my passwords anyways after this last incident. What's the alternative of choice? I see 1password mentioned a lot, as well as bitwarden. Security is always key, but UI/simplicity is also since my wife is not going to go jump through hurdles to both get passwords set up and fill in( with lastpass she can just use her fingerprint and it all just works automatically), so things like local storage only/no cloud/etc. are overkill for my purposes.
|
# ? Dec 25, 2022 19:07 |
|
1password
|
# ? Dec 25, 2022 19:41 |
|
I just started a vaultwarden instance up and couldn't be enjoying it more.
|
# ? Dec 25, 2022 20:23 |
|
Keeper
|
# ? Dec 25, 2022 20:40 |
|
My password manager opinions: If you want free: Bitwarden is the only option If you want to pay: 1Password has more creature comforts than Bitwarden does (SSH key agent, a full 1Password experience in Safari on iOS that's exactly like the desktop web extension, better UI, plus the Secret Key)
|
# ? Dec 25, 2022 21:02 |
|
Thanks! Tried 1Password but not off to a reassuring start. did the free trial for the family subscription, and an hour later it logs me out automatically and doesn't accept my master password anymore (I know, make sure it's the right password, it most definitely is), so not only can I not get in after transitioning everything over, but I can't even cancel my subscription or delete all THOSE passwords and my credit card from my account. Edit: Even if I wanted to try 1password again, I can't because there's already an account with my e-mail. Double edit: walked through some support threads on reddit and found how to delete my account. PageMaster fucked around with this message at 03:51 on Dec 26, 2022 |
# ? Dec 26, 2022 03:26 |
|
KeePass and a synced database
|
# ? Dec 26, 2022 03:28 |
|
CommieGIR posted:KeePass and a synced database If OP is struggling with 1Password setup this is not a more user friendly option. Maybe try Bitwarden to see if it's more intuitive.
|
# ? Dec 26, 2022 04:24 |
|
Ynglaur posted:If OP is struggling with 1Password setup this is not a more user friendly option. Maybe try Bitwarden to see if it's more intuitive. Basically yeah, I could probably figure it out, but I need something my wife would be able to maintain/manage without me once I've got it running. Maybe the most secure setup is to have randomly generated passwords for all my websites that even I don't know and reset my password everytime I want to log in (which is basically where I am right now until I get another password manager set up...)
|
# ? Dec 26, 2022 05:11 |
|
PageMaster posted:Basically yeah, I could probably figure it out, but I need something my wife would be able to maintain/manage without me once I've got it running. Maybe the most secure setup is to have randomly generated passwords for all my websites that even I don't know and reset my password everytime I want to log in (which is basically where I am right now until I get another password manager set up...) For what it’s worth, once you get set, 1Password should be pretty set it and forget it.
|
# ? Dec 26, 2022 06:29 |
|
PageMaster posted:Thanks! Tried 1Password but not off to a reassuring start. did the free trial for the family subscription, and an hour later it logs me out automatically and doesn't accept my master password anymore (I know, make sure it's the right password, it most definitely is), so not only can I not get in after transitioning everything over, but I can't even cancel my subscription or delete all THOSE passwords and my credit card from my account. I've never heard of someone having this much trouble with 1password. Even my senior citizen mom could set it up.
|
# ? Dec 26, 2022 06:40 |
|
Ynglaur posted:If OP is struggling with 1Password setup this is not a more user friendly option. Maybe try Bitwarden to see if it's more intuitive. It's true that original KeePass has that ridiculous trigger system to set up.
|
# ? Dec 26, 2022 06:52 |
|
CLAM DOWN posted:I've never heard of someone having this much trouble with 1password. Even my senior citizen mom could set it up. Yeah, don't forget to print and fill out your emergency kit PageMaster
|
# ? Dec 26, 2022 07:07 |
|
|
# ? May 30, 2024 09:04 |
|
Cup Runneth Over posted:Yeah, don't forget to print and fill out your emergency kit PageMaster cannot stress this enough if you lose all of your devices and don't have an emergency kit saved with your secret key, you are completely 100% out of luck, they can't recover your account
|
# ? Dec 26, 2022 07:14 |