MystikIncarnate

joined 1 year ago
[–] MystikIncarnate@lemmy.ca 1 points 7 minutes ago

My pleasure. I regularly put notes in my password manager about stuff like this.

Have a good day.

[–] MystikIncarnate@lemmy.ca 1 points 9 minutes ago (1 children)

I prefer security keys. At work I use a yubikey, and I have Google's security keys for my personal stuff. I tend to use totp as a backup.

For everything not banking, it's great, I agree. I still prefer my security keys to everything. It's hard to duplicate a digital key when it only exists on protected storage on a physical device, where that key never exists outside of that physical device.

In case anyone doesn't know: FIDO works using a pair of asymmetric digital keys, the public key is sent to the remote site, and only the private key can decrypt anything encrypted by the public key. So a challenge (usually some mathematical calculation, not sure), is encrypted by the site/service that is handling the login, it sends over the encrypted request, which is passed, in it's entirety to the fob. The fob requires a physical activation to process the challenge (usually a touch, but some require a fingerprint). The challenge is then decrypted, processed, the response is encrypted, and sent to the site for login, which decrypts the response with the public key, and compares the result to the result of the challenge that was sent.

There's no part of this that can really be compromised. An eavesdropper can obtain the encrypted challenge (unable to be decrypted in any reasonable manner), and the response/public key... The public key isn't useful, and the response is only valid for that specific login because there are aspects of the challenge that are unique per login.

All information in flight is unreadable nonsense. The only unique information to the key that is sent anywhere is the public key, which is supposed to be public.

Totp has the vulnerability of needing to relay the seed, usually by QR code. The only vulnerability there is when you set it up and the seed is shared to you, it can be intercepted. If that seed is stored anywhere that becomes compromised, then it becomes meaningless. It can be mined from an authenticator, or captured in flight.

Both of these are better than alternatives. Email/sms codes can be intercepted, either by an administrator or by an internet relay, or by sim duplication, etc. You know that already.

I don't hate totp, I just recognize the faults in it.

There's problems with physical security keys too, mainly in the fact that, if you lose the fob, you're screwed. So it's recommended to have a backup. Either in the form of a second fob, which is setup for all the same accounts which is stored securely, or in the form of another authentication method like totp.

Personally, I use a backup FIDO key for my accounts whenever possible. I also have a password manager that can store my totp so everything is in a single vault. If the vault is compromised then I'm screwed though... 90% of my accounts use a password reset email which is not stored in my vault. Only two things are not in my manager: that recovery email login (secured by my Fido key) and my bank (obviously also the vault login).

At work, I use the yubikey for everything that supports it, with totp as backup in my work's duo authenticator account (duo is also setup to use my yubikey). So it's all Fido/totp.

The only service I really want to use my security keys with that doesn't support it, is my bank account.... I suppose, also my government stuff, but almost all of that is informational. I can't really make changes to my government stuff from their webpages. It's generally just the government telling me things about my tax returns and whatnot (all SMS secured).

I hate the trend of companies requiring an app for 2FA... Something that's not totp, but similar. You have a specific authenticator app for a single service on your phone only and it's not great.... Obvious examples include steam and Blizzard. Fuck that. I hate it. Go away. Give me normal MFA options.... Dick.

I've ranted enough. Back to work for me.

[–] MystikIncarnate@lemmy.ca 1 points 1 hour ago (2 children)

Can you maybe add a note to the account in your password manager to remind yourself of the limitation? I dunno, I'm just some guy

[–] MystikIncarnate@lemmy.ca 1 points 1 hour ago (3 children)

Well, I have no arguments with what you've said. I think security keys/FIDO tokens should be more prevalent too. Otherwise this is 100% correct and I feel the exact same way.

[–] MystikIncarnate@lemmy.ca 4 points 23 hours ago (7 children)

I dunno about this analogy. I think the doctor proved that with enough time, anything can become a door.

[–] MystikIncarnate@lemmy.ca 25 points 1 day ago (5 children)

Your story reminds me of something that my bank started doing. I got a robocall about something to do with my credit card, and the voice said to verify using x and y using my keypad, I think it was day/month/year of birth or something and I immediately noped out of the call. I hit all the wrong buttons until it got me to a person and I ripped them apart, and their supervisor for basically training their userbase to answer security questions given by an automatic voice on the other end of the line with no way to verify who is calling.

You can spoof your caller ID, you can get a text to speech robocall bot with DTMF recognition and just spam call a whole area where the bank operates and gather a bunch of personal information because it sounds just like the bank and there's no way to prove who called.

What a crock of shit. It's a security nightmare.

I did call my bank after at a known valid number, verified them as they verified me, and there was something going on, so the call was legit, and totally unacceptable.

These clowns want us to trust them completely, and give us no reason to do so, but they want us to bend over backwards to validate ourselves. Fuck that.

[–] MystikIncarnate@lemmy.ca 1 points 3 days ago

Interestingly, most countries have a rudimentary system for giving people identifiers. Like a SSN.

[–] MystikIncarnate@lemmy.ca 1 points 3 days ago

I think this is fairly well explained by others, but the root object is immutable. That would be the human object that represents a unique person. The properties/parameters applied to that object are entirely mutable.

Even after death, your person object still exists, it's just given the property of being disabled/dead (and/or, the "living" property is removed).

[–] MystikIncarnate@lemmy.ca 8 points 3 days ago

That was two hours ago. How did it go?

[–] MystikIncarnate@lemmy.ca 32 points 3 days ago (15 children)

I've spent too much time on computers.

I don't see people as their age, gender, color, name, whatever. To me, a person is a construct, that construct is immutable. You, as a person, exist, only your variables change. Your name, age, gender, sex, personality, political views, culture, race, skin color, etc, are all properties of the immutable object that represents you.

In this way, your name, gender, age, political views, etc, can all change, and the human object that is you, never changes.

Technology does this already. A good example is with user accounts for something like active directory (the windows domain login thing). Your user object isn't assigned by name, or login ID or whatever. You have, what is referred to as a UUID inside of the system. To that UUID, you have parameters like your name, email, phone number, etc, attached to it. When permissions are given, they're given to your UUID, not to your name.

Because of this, the administrators like me, can update your name, phone number, login, email, etc, without changing what you have access to. Your email account is tied to your UUID as well, so your user object has permission to access that mailbox, and it's listed in the parameters as your primary mailbox (for stuff like auto configure).

It's all very basic object oriented stuff.

[–] MystikIncarnate@lemmy.ca 5 points 4 days ago

As a long time player since update 6? Or so....

I took time off work because I knew I wouldn't be able to get anything done at work, because I'd be thinking about my factory all day long.

I have all day today, tomorrow, and all weekend to get the initial hype out of my system before I go back to work.

 

This is probably more of a Lemmy specific thing than what's normal on this community, but I posted on a community from lemmy.ml and the mods there banned me from the community.

They didn't remove my post or message me about it. I only found out because when I was going through replies, I couldn't reply and I noted that my account is banned from that community.

I wasn't saying anything untoward or encouraging anyone to do anything illegal or anything like that. It was a comment about systems of government. I don't believe I put any emphasis on whether one was better than another, but the post was in a non-political community; so it should not lean one way or the other on the matter, and the post I was replying to introduced the political discussion, so I was on-topic.

The specifics aren't super important. What I want to know is whether there's a built-in system to inquire with the mods or something to try to get an official reply as to what rules they believe I had broken to deserve a ban, and whether that ban is permanent or not. I tried simply messaging one of the mods, but it's been hours with no reply.

Is there any way to find the information? Previously on Reddit, I would almost always get a message from the subreddit about what happened, what violation caused it, and allowed me to message the mods to try to argue my case, though, me getting banned on that platform was quite rare. This is my first time knowingly being removed like this and I don't understand the process here.

Can anyone enlighten me about how these things are supposed to work on Lemmy?

 

The 1.0 release date was officially announced as September 10th!

Also something about a toilet.

Mark your calendars!

 

So, I just need to rant for a minute about what's just happened. It's made me feel fairly disposable as a worker. I work in I.T. support. I help people who can't operate technology with highly complicated issues. I am highly skilled, well trained and I have a diverse set of understanding for technical issues.

Last year I took a new job. The old job was an MSP, or Managed Service Provider; if you don't know what that is; an MSP is the IT department for companies too small to have an IT department. That's the summary. The new company is both an MSP and an ISP as well as just about everything else you can imagine for IT.... hosting webpages, and all the associated nonsense, phones/VoIP, colocation (Datacenter stuff).... everything. Basically, when someone was signed onboard with this employer, we did it all.

Starting out, everything seemed fairly normal, a bit more involved, since we do more than the last company, but nothing too crazy. The part that irked me, is that as MSP, we own a client, we do everything for them, including, but not limited to all their computer/server/network work (which I expected), but also their phones, internet service, hosting, email, etc. everything.... which is a bit more than I expected, but I was managing okay.

In March/April, things changed in my personal life, where I was having to drive my SO to work (she doesn't have her license, and we don't live in a place where she can reliably get a taxi/bus/other transportation), the problem is that her work is 3-11, where I work 9-5, in another city. So I tried to work with my workplace but they wouldn't let go of working from the office, so I ended up on an insane schedule of commuting to the office (over an hour drive each way), then leaving the office at 1PM, to be home for 2PM, to get her to work for 3PM, then GOING BACK TO WORK. I wasn't able to keep up with my workload.... in addition, I'm driving her home at 11, getting home at midnight, then getting up at 5-6AM to get a shower and do it all over again. I couldn't sustain that for any reasonable length of time, and I burned out. My doctor issued a notice to my workplace that I am unable to continue working for the time being, they accepted it and I went on disability as of early may, until now.

Currently, I feel much better, compared to when I was burning out in April, and I feel a lot better about going back. The SO has also been working on getting her license and her own car, so within a few months I won't have to even think about whether she can get to work or not, since she will have a car and her license to drive herself there. A week or two ago, I contacted my workplace to let them know I was ready to return. We had a few emails back and forth to resolve the matter of the doctors recommendation and disability diagnosis. Once all that was completed, I thought I was ready to go. Big nope.

I got word yesterday that instead of bringing me back, they're laying me off.

So not only did they have the callous attitude to force me to drive to the office and back several times a day to try to maintain a poor life scenario (I asked to WFH, which they absolutely could do, since they did it over COVID without significant issues).... but when I burned out as a result of their ridiculous demands, and took some time off, instead of welcoming me back and holding my position, they filled in the gap while I was out on disability, and laid me off when I was able to return.

I feel so abandoned. I won't complain about "where's the loyalty" because there's never been a time in my career where "loyalty" has ever been something I've felt that my workplace ever gave me; and all evidence I've seen says that companies have zero loyalty to anyone. Maybe one day in the past that was true, but it's definitely not been true for the entirety of my working career; but here I am, a highly skilled individual, with specific skills that will absolutely help the company succeed, that they know I have, that they're just going to throw away... and for what?

The excuse they gave me was financial downsizing, but it's a company of about 12-18 people, so it's not like my job was part of a larger dismissal of people, they've lost, laid off, or otherwise shed employees at a very slow rate. Some of my (now former) coworkers have said that several people who have voluntarily left their positions, have been replaced during my time away; but me? no. Apparently my knowledge isn't worth enough to them.

I'm currently on the hunt for a new employer. IMO, these guys are fools to throw away everything I know. The only challenge I face right now is finding someone who will see my value. IT support jobs are usually underpaid in my local area, and too many companies are going return to office and I'm not easily able to find remote (WFH) type employment. The jobs are there, but it's hard to find one that's worth my time. The core issue IMO, with the low pay, is that it's a non-union position, but if I can find a union job, I'm all in.

Wish me luck!

 

Looking for some advice here, I'm out to complete two things:

  1. restore saves from the games I played using the stock firmware to GarlicOS
  2. get two player/two controllers working for couch gaming over HDMI

Specifics: I picked up a 16G microSD for the OS, and a 64G for ROMs, pulled the original (kinda garbage) SD and replaced it with the 16G that I loaded with GarlicOS. I copied the relevant roms that I loaded onto the original SD to the new set and moved the save files ( .sav) over to the saves folder in the relevant subfolder. Launching the game results in a blank save. I can't continue the save.

For dual controller/two player, I haven't tested HDMI yet (on the list) I'm just trying to get controllers working at the moment; I have an Anker USB 3 hub. What works right now, is if I plug my Stadia controller in, it gets picked up, no problem. but my xbox controller will mess everything up. If I just do my OTG adapter to the stadia controller, it works, OTG to hub to stadia, no problem. If I either go OTG to the xbox controller, or OTG to hub to controller, it does not come up in GarlicOS. If I plug OTG to hub to both controller, neither shows up. I added waitForUSB (I also tried waitforUSB) file to the OS SD card, with no effect (the file still exists).

With stock, I was able to use a controller (just the stadia controller), over USB OTG with HDMI, so I know that works, and it should still work. The Xbox Controller I'm using is almost brand new, it's an XBOX One controller, connected by a USB A to C cable, I picked up 10ft cables from Anker for the purpose. I'm fine with wired, but I also have a USB xbox wireless dongle for PC that I can't seem to find right now, and I'm wondering if that would do any better (and I would prefer this since it would be wireless).

Does anyone have any hits or tricks or information related to this that I can use to push this along? is the new series of xbox controllers not compatible? do I need to change the drivers or something to make it work better? I'm new to retroArch, and GarlicOS, and the 35xx is my first dedicated retro handheld. I'm refreshingly not new to linux or SBC's, so I'm very comfortable with making changes and taking chances. All my saves are archived on that original SD card, and I have a backup on my laptop, so I'm not worried about losing saves or data at all. If the controllers are not viable, I'm sure I can find something that works and pick that up, maybe something from 8bitdo.

Thanks in advance.

 

Two subreddits I used to be very active in were for techsupport and networking/home networking. Anyone know if there's Lemmy communities for the same?

Also, related, is there a way to list communities available from a specific instance? Like if I wanted to see all communities local to Lemmy.world or something (that's not my local instance), can I do that? If so, how?

I'm still getting used to the fediverse way of doing things, I love it here, I'm just having trouble getting myself up to speed relative to all that I was subscribed to on Reddit.

TIA

 

Hello Lemmings.

This is something I've been thinking about for a while; basically, I want to move my zwave node away from my main HomeAssistant system.

I'll try to be brief; my current config is a single mini/micro system (Dell, I believe), Core i5, 8G RAM and an SSD, it's a ton of power for HA and massive overkill, I know. The problem is that the system is located in a remote room of the house, so the signal isn't exactly the best and I have some nodes that are linked through 2-3 other devices; I'd like to move the USB Z-stick to a more central location, and I don't think a USB extension is going to cut it. I have ethernet wire which is far more viable to get a connection across to the HA computer. I don't want to move the HA computer away from where it is, since there's backup power where it is; so my idea would be to use something like a Raspberry Pi (now that availability seems to be improving), connected by Ethernet using PoE (for power availability from the UPS). Provided I can get a Raspberry Pi, and all the related and required parts together, which should be fairly trivial; how would I connect the zwave dongle on the Raspberry Pi to the computer running homeassistant?

I haven't considered this before due to the pi being so difficult to get since I put together the homeassistant system. Ideally, I would want several of these systems placed at key points around the house so that I wouldn't need any of the zwave nodes to relay communications, but that's future plans more than anything - I would need to source several zwave dongles and get them all on raspberry pi's and get them working together.... So going about it towards that end would be a bonus; but at least I want to do some research on it and figure out if I can even relocate the dongle at all first. Any infromation to that end is appreciated.

I'm currently using ZWaveJS UI.

 

Hello Lemmings! I've been thinking about testing CEPH in my homelab, but to do it right I kinda want to build a cluster of systems, preferrably using SBCs to handle a CEPH storage drive each. Specifically, a single SATA disk would be preferred.

A while back I came across the ODROID HC1, which was perfect but I wasn't ready to pull the trigger at the time; the only thing I'd want above and beyond what the HC1 was capable of, is PoE to simplify power delivery. Unfortunately the HC1 is discontinued (and rather dated at this point), and I have yet to come across anything remotely similar. There are other boards along the same lines, like the HC4 from odroid, and others (often involving adding a SATA HAT to the SBC), but I'm not keen on that.

Essentially, I just want one drive per SBC, and build them into external drive-like enclosures with a single HDD each (3.5" is most likely), and just have a fleet of them. The idea would be to have a pair of "gateway" systems that are more robust, that can pull from the CEPH and portray that data as CIFS or NFS or iSCSI or whatever. Each SBC wouldn't need to be more than 1Gbps linked, but the gateway systems would likely be 10G linked off the same switch to take advantage of the bandwidth of the cluster.

Does anyone know of an SBC that's newer and similar in design to the HC1? Something newer/faster would be important, and something with PoE to power itself and the drive would be a nice-to-have (otherwise I'll rig up a high amperage DC rail for all the nodes so I can use a single "PSU" thing for it. If someone knows a better community to place this question, let me know.... still getting used to lemmy.

view more: next ›