Korthrun

I’m not even interested in the username of the person I’m responding to. I tend to ignore it completely unless there’s a comment like “lol, username checks out”.

There are very few times I will bother to check someones profile. They have to either say something so awesome that I want to see more, or have given a take so hot I want to see if they’re trolling or if this is standard behaviour for them.

While it looks like the whole Jerboa/“miscommunication” thing has been sorted out here I want to chime in to say that no, I don’t think that checking profiles for anything is a reasonable expectation.

Crypta

I must have been way out of it late last night. I totally missed that you were asking why people do it and not looking for recommendations. Sorry for the spammy nonsense response to your OP.

To the latter question, I’ve seen devices that do OTP and FIDO in addition to basically storing arbitrary strings (e.g. your cc number).

I get harassment scolding me for using Lemmy to advertise when I mention any of the products by name, despite having no affiliation with any of them outside of being a user, but they’re not hard to find if you look.

I’m curious why your listed options are all software that runs on the internet as opposed to a piece of hardware that you connect to your devices.

Is that just because this is the self hosting community?

Why not a piece of hardware instead of self hosting, cloud hosting, etc?

Seems like an appropriate place to share https://github.com/agarrharr/awesome-cli-apps

I’m a fan of ripgrep and lsd in particular.

Check out the fzf docs. It ships with helpers that offer better shell integration than you’re getting here.

It’s unbearably foggy and dreary like that 24/7 365. Would not recommend a visit let alone moving to Seattle.

Again: It’s terrible all the time, please stay away.

I saw the lack of arm and facepalmed but I was half asleep poo posting so got over it :p (fixed now!)

I’ve been using this device for ~5 years now, so my memory is a little hazy on it, but I’m pretty sure for the particular device I prefer (which is to say, I have nfc what the setup is for other vendors, which could be greatly superior) the AES-256 key used for encryption isn’t generated until you setup your first card.

How would any company, regardless of geography have the secret I generated? This is a stand alone hardware device. They seller is not involved at all once I’ve received my package.

Could a sophisticated/well resourced actor clone the smart card they stole or you lost? Sure, brute force attacks are brute force attacks. At least you’d know your device and card are stolen. Now you’re in a race to reset your passwords before they finish making 500 clones of the smart card they stole.

Hypothetically I could blackmail someone at LastPass and have a backdoor is installed for me.

Someone could bust down my door while I have it connected and unlocked and just login to all my things. ¯\_(ツ)_/¯

That will vary from vendor to vendor. In the case of the one I like there are a few relevant things.

The password db is stored encrypted on the device. Accessing the passwords requires all of:

• the device
• a smartcard with a particular secret on it
• the 4 digit hex pin to unlock the secret on said smartcard, which is what is used to decrypt the db

Three PIN failures and the smart card is invalidated.

That sort of covers “stolen” and “lost + recovered by a baddie”. Your bad actor would need to have their hands on both physical pieces and guessed the 4 digit hex code in 3 tries.

As far as a user recovering from a lost or failed device or smart card goes, you can export the encrypted version of the db for backups, which I do to a thumb drive I keep in my document safe. I do the same with a backup smart card. So that and a backup device or purchasing a new one if yours fails or is lost/stolen.

In the super “just in case” move, I also keep a keepassdb on said thumb drive. In case my device fails and it’s just not possible to get a new one. Kind of like keeping two cloud providers in case LastPass goes bankrupt or something.

I’m a pretty big fan of the mooltipass. They’re sold out and between iterations right now, but a new one is expected soon. One of my coworkers is pretty into their OnlyKey.

So many folks talking about which software they use, and how they sync it between devices etc.

You all know there are hardware password keepers right? They present to your devices as a usb and/or bluetooth keyboard and just type out the user/password that you select. They have browser plugins to ease the experience. Now your password is not even stored on the device you’re using to perform your login and it will work on any modern device even without internet access.

Oh and no subscription fee to cover the costs of cloud infrastructure.

E

Configuration management and build automation are definitely worth the time and effort of learning. It doesn’t have to be ansible, find which tool suits your needs.

Ah yes, the core definition of communism: a small farm offering a delusion of independence, which is run within a capitalist system.

The AJFA book is full of nothing but lies. Buy another blunt or something instead ;p

Same here. Reference, particularly sheet music and cooking recipes work fine for me digitally.

I can sit at the computer and read social/news media for hours with no problem, but the way ebooks are displayed tires my eyes very quickly for some reason.

While I don’t have this issue with the e-ink/e-paper stuff, I’ve never owned one. I also appreciate that physical books are often much harder to damage and will work without electricity.

I also have a small domain that is relatively low traffic. A lot of the “all in one” software on the list you linked looks pretty cool, I can’t deny.

What I found is that I make very few changes. I used to add mailbox aliases fairly often, but the fact is there are only two users and enabling the “+” syntax in addresses put a stop to me needing to make new aliases when I wanted a new address.

I just don’t feel like I need a management interface. Because of this I’ve just sort of frankensteined my own setup together and I love it. It operates how I expect it to, and enforces the standards I care about to the extent that I desire (e.g. which SPF result codes am I ok accepting?).

• Postfix as SMTP/Submission server. I chose to go w/PAM based for outbound SMTP auth.
• Courier for IMAPS
• Dovecot for LDA (sieve is delightful)
• Snappymail for webmail (served by apache httpd)

Bonus tip: Many distros make this info available on the cli by including a “hier” man page that you can read using the command “man hier”.