Language:

en_US

switch to room list switch to menu My folders
Go to page: 1 2 3 4 [5] 6 7 8 9 ... Last
[#] Wed Sep 04 2019 05:10:14 UTC from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Sure... in AD&D, they call them "cants," like a "thieves cant". Ingroup language. Both sides use it. Religious people do it too. I had a worker once who referred to God as "Heavenly Father." It was strange.

"When I feel challenged, I ask Heaveny Father for guidence, and Heavenly Father gives me direction. If I listen, I am usually rewarded."

Turns out this language is Mormonism. Jesus Christ, Mother of Mary...

[#] Wed Sep 04 2019 13:50:40 UTC from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Probably not just Mormon, as I've heard it used by other Christians.

[#] Thu Sep 05 2019 02:11:03 UTC from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

It has to do with how it is used. Most "Christian" denominations will refer to "The Heavenly Father." It isn't used as a proper noun so much as a descriptive one. They'll call him God, the Lord, the Lord God, Jehovah, Yaweh... and "The Heavenly Father."

Mormons call him, "Heavenly Father," as a proper noun. Like, if they met Him, they would address Him that way. "Heavenly Father, I beseech you to have mercy on me!" I'm not quite getting it right here, but it is in the manner of speech in how they use it. If you hear a person say something like, "If I am in doubt, I ask Heavenly Father for guidence, and He grants it to me in His wisdom," you're not talking to a Catholic or a Protestant. We recognize it as something *different* than us, and they're using it that way for that reason. It is a special language that conveys in-group membership.

[#] Fri Sep 06 2019 14:09:31 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

That kind of usage is specifically a mormon thing. It's a slightly different take, because mormon is not mainline Christianity.

[#] Mon Sep 09 2019 05:26:13 UTC from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

 

Fri Sep 06 2019 10:09:31 EDT from IGnatius T Foobar
That kind of usage is specifically a mormon thing. It's a slightly different take, because mormon is not mainline Christianity.

Yup. It definitely conveys a different, more direct relationship with God Himself than say, a Protestant or Catholic would express. 

We would refer to the Lord... God... 

Jesus is kind of our go-between - as Protestants - and Mary, if you're a Catholic. But both kind of operate on an assumption that God is busy and although He doesn't miss *anything* - you better only invoke him personally if your car is about to go over a cliff. 

 

 

 



[#] Mon Sep 09 2019 14:53:04 UTC from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


By which time it's probably too late.

[#] Wed Sep 25 2019 16:24:39 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

As long as you're alive, it's never too late to call on God. You may only have seconds to live, but that final moment of faith could have a significant effect on what happens next.

But you knew that.

[#] Mon Feb 17 2020 17:12:00 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Has anyone experience or thoughts on various password manager schemes


Funny that this was the inaugural message in this room in 2015, because I have the same question now.

I'm giving some consideration towards letting the browser generate and remember my passwords to various sites, instead of keeping track myself and letting the browser remember it merely as a convenience.

What's trustworthy these days? What's reliable? Sig, did you have any luck with the hardware token? Like most people these days, I'm using Chrome, but there's always the concern that anything tied to Google is problematic. Lastpass?
Keepass? Something else?

[#] Tue Feb 18 2020 13:49:50 UTC from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

I'm giving some consideration towards letting the browser generate and

remember my passwords to various sites, instead of keeping track myself

and letting the browser remember it merely as a convenience.

I would not let my web browser administrate my password.

For less important stuff, I have pass (I think it is packaged as password-store for debian), which is a CLI password manager. I have it on a self-hosted shell account. This way I can access my password manager from anywhere I have a secure terminal for sshing into my server.

The compromising stuff lives in a Tails intance and is stored in Keepassxc. So ti is encryted twice: once at filesystem level, anothe at application level.


The really important stuff I learn by heart. I have some of those passwords noted down in a notebook and stored in a safe just in case I am put to pressure one day and cannot remember a password.

[#] Fri Feb 21 2020 19:08:31 UTC from athos-mn

[Reply] [ReplyQuoted] [Headers] [Print]

KeePass is still good, with the benefit of not being stored in a central location for someone to scoop up a-mission-and-one users' passwords. Not perfect security, but does a nice balance between security and convienance.

[#] Fri Feb 28 2020 19:21:16 UTC from Freakdog

[Reply] [ReplyQuoted] [Headers] [Print]

I use LastPass. It is centralized but also locally stored in an encrypted store. I'm able to sync across multiple browsers/machines, plus I can use it on my phone. The phone app also pops up options to autofill for other apps on my phone, which is convenient.



[#] Fri Jul 17 2020 16:32:10 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Interesting development in the world of consumer-grade VPNs.

https://blog.mozilla.org/blog/2020/07/15/mozilla-puts-its-trusted-stamp-on-vpn/

Mozilla has rolled out a VPN service of its own. The interesting part is not that it's from Mozilla, but that it's based on WireGuard. I've been watching the WireGuard project very closely and have been considering setting up a VPN of my own with it.

WireGuard is *very* lean compared to IPSEC.

[#] Sun Aug 09 2020 07:30:06 UTC from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Now now. Report to your CCNA reeducation center for AnyConnect training.

[#] Wed Sep 23 2020 13:21:53 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Now now. Report to your CCNA reeducation center for AnyConnect
training.

@#$%$^&&*^^%$#@$ AnyConnect.

${WORK} decided to enable two-factor authentication on our AnyConnect. I'm totally ok with that, except they did it in a way that displays an HTML screen from the 2FA provider. This breaks start-before-login, and breaks third party clients.

"Security is an illusion. Data security, doubly so." -- Ford Prefect

[#] Fri Sep 25 2020 21:04:14 UTC from Ragnar Danneskjold

[Reply] [ReplyQuoted] [Headers] [Print]

That's pretty common with MFA providers.....

[#] Wed Oct 28 2020 13:27:15 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


Sooo ... we might have some trouble.

I received an email from DDoS extortion scammers, announcing that www.citadel.org (the Citadel project web site, not Uncensored) is going to get DDoSed starting November 2, unless they are paid off with a large amount of bitcoin.

Obviously I don't have the kind of money they are asking for, because I operate the project as a hobby. The email says they are doing a half hour warning shot today to prove they're for real, but I may have missed it. I am less concerned with the site being offline for a couple of days, and more thinking about where I might move it out of the way so it hits someone else's network.

The attackers claim to be the Russian hacking group "Cozy Bear" but a web search brings up articles suggesting that the people doing DDoS attacks are impostors using the name.

Anyway, if we go dark on November 2, just wait a couple of days and come on back.

[#] Sun Nov 01 2020 18:21:57 UTC from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


You're right to call their bluff, and ignore their emails.

I think I'd just the plug on citadel.org DNS--delete the www A record--and wait for them to get bored and go away. Their ability to DDoS someone, even with a botnet of hacked devices, is a finite resource that they will only use if they expect to get paid.

If they're unusually persistent, send us a raw IP address to log into :)

[#] Sun Nov 01 2020 18:22:48 UTC from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]

I think I'd just the plug on citadel.org DNS--delete the www A

(only if they actually attack, I mean)

[#] Sun Nov 01 2020 20:09:08 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Well, here's why I was concerned. I wasn't able to say this before but I can now.

As some of you might remember, in 2007 I moved all of the Citadel sites (including this one) from my home server, which was attached to 1 Mbps DSL, to a server at a real hosting company -- one that I happen to work for. At the time, we were a company of about 20 people. Since then, we have grown to 40+ locations and 1000+ people. So even if the risk of a real DDoS was small, I had to deal with the threat, because if it happened, the question "Which customer was attacked?" would be asked, even if we successfully mitigated the attack.

Less than two years ago, someone from my department (but in another part of the country) was fired for having a personal server that got attacked -- but in his case, the server was attached to both the public Internet and the corporate network, it let some malware into both our network and some customers, and he was warezing and torrenting on it. I explained to our boss that my server was strictly Internet only, and that I was using it to host an open source project and an associated community bulletin board. So he was ok with it, but he advised me that if it was the target of a DDoS attack that had collateral damage, his ability to protect me might not be sufficient.

So as of this weekend, all of the citadel.org sites are once again hosted from my home. But this time, instead of DSL, I obtained a VPN tunnel service from the very same company I had DSL with in the past -- Ace Innovative Solutions.
They are super friendly to people like me. Check out the "I Want Broadband Everything" room to see a more detailed description of the service.

Bottom line, the likelihood of the attack materializing is very small, but the consequences to me if it did happen would have been significant. Although ... it would have been ironic to have lost my job over my work on Citadel, considering that my work on Citadel is part of what got me this job nearly 20 years ago.

[#] Mon Nov 02 2020 15:26:21 UTC from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Yeah. Figures. Good luck with the new (old) arrangements.

Go to page: 1 2 3 4 [5] 6 7 8 9 ... Last