=== tester is now known as bobweaver [04:11] Could I use a NTSF partition for home? [04:11] can someone help me learn how to compile software? [04:12] i need to compile something [04:12] truepurple: No. the home should be ext [04:12] ext3 or ext4 [04:13] philipballew: what language? [04:13] M0hi: What would happen if you tried? [04:13] not sure. its a tar.gz M0hi [04:13] I think I tried once and It showed that the home partition should be an extended version [04:14] philipballew: you can see the codes through archive manager [04:14] alright, ill open that up. [04:14] M0hi: You mean it recommended ext, but you could have used NTSF if you had wanted to? [04:15] It wont permit you to set NTFS [04:15] (upto my knowledge) [04:16] M0hi, how can i see i in archive manager. i already tar-jxf the tarball [04:17] goto the target folder that you extracted to and open it and see the extension of each files [04:18] M0hi: But I could set up something that allows windows to see and use ext3, and then share /home between them that way, right? [04:19] AUTHORS evalrev LICENSE.OpenSSL packages README test [04:19] ChangeLog INSTALLING Makefile patchchk scripts VERSION [04:19] common.mak LICENSE manpages patches src [04:19] is all i see M0hi [04:20] truepurple: M$ wont recognize ext3. I dont know whether there is an application for that. Kindly check about that [04:20] philipballew: readme didn't help you? [04:22] M0hi: If there is, would it work? [04:23] yeah it will. but I dont know whether there is any application like that. google about "applications to make windoze recognize ext3" [04:26] no. M0hi but this is what the installing file says [04:26] http://pastebin.ubuntu.com/647840/ [04:28] lemme see [04:29] Use your package manager to download aircrack-ng [04:29] thats saying you to download it from synaptic [04:30] yeah, but i want the newest version [04:31] check whether synaptic is giving the recent one [04:31] or goto synaptic, select this package and install it [04:33] well the terminal says its 1.1 [04:33] Okay!! whats the current version you downloaded? [04:33] 1.1 as well [04:34] So the installed version is 1.1? [04:35] heya tenach [04:35] i can apt-get 1.1 i'm curious if though its still the same version it still has new features online [04:36] you have downloaded the package right? [04:37] if bu package you mean i did sudo apt-get install aircrack-ng then no [04:38] https://help.ubuntu.com/community/SynapticHowto#To%20Upgrade%20a%20Package [04:38] yeah I know you downloaded the package separately [04:38] but is it trusted? [04:39] I prefer letting synaptic to upgrade from its trusted sites [04:41] i trust compiling manually [04:43] i just didnt see a make file [04:43] https://help.ubuntu.com/community/CompilingEasyHowTo [04:44] I believe in reading and doing so that it will be helpful in future =] [04:44] philipballew: you have time to read it? [04:44] i have all the time i need :) [04:45] (: [04:46] thanks! ill get on this [04:47] philipballew: ping us and we will help if you need [04:49] alright. i will be on here as well, i try and help the people whenever needed to [04:50] ;) [04:55] hiya M0hi [04:56] I ll brb. going for a coffee [05:56] hey tenach. what's up? === M0hi is now known as IAmNotThatGuy [06:10] IAmNotThatGuy: not a whole lot. talking with some ladies who are keeping me up way too late, but i don't mind. [06:11] hmmm! okay carryon ;) [07:15] Do files being under /home provide them with some security they would not receive in a different partition under NTFS or something? [07:16] what [07:16] Please elaborate in that question [07:16] I dont get that question [07:18] For the purposes of keeping data private and protected from viruses (from window) and what not, does having say a word document with information in it under /home make it more secure then in a whole different partition using NTFS [07:19] And I mean data private as in protected from remote hacking and what not [07:20] bioterror: Understand me better now? [07:20] yes [07:21] Do you know the answer? [07:21] the idea of having home on separate partition, or even drive is becouse of re installation [07:22] it has actually nothing to do with security as you need to mount that partition to access it [07:22] and NTFS file system does not support same kind of permissions like *nix filesystems [07:25] if I had the drives, I would make mirrored /home ;) [07:26] bioterror: But most of my important information, like saves and stuff, would not even be in /home [07:26] where they are? [07:26] bioterror: I have yet to set it up, but on a separate shared partition to share with windows for general data [07:27] put that separate partition into fstab and make symlink to your home folder [07:27] NEXT! [07:27] So having it there, rather then at /home, cause me any kind of security trouble? I am having trouble interpreting your earlier words [07:27] what security? [07:28] Any kind of security that /home might provide [07:28] Is there none? [07:28] why /home gives you security trouble? [07:28] can you explain it to me [07:28] I didn't say "trouble" [07:29] Are files more secure in /home then on NTFS elsewhere? [07:29] secure from what? [07:29] I already said what [07:29] and it's than [07:29] thank you [07:29] I often mix those up [07:29] then means time ;) [07:30] nothing is secure unles you encrypt them [07:30] your only security problem with Linux is that you run remote exploits [07:30] like trojan horses [07:31] and that requires root priviledges [07:31] but you wont run them if you use only packages from Ubntu repositories [07:31] So in short, files are just as secure on the independant NTFS partition as they are in /home, as the security comes from the OS, not the FS or location, right? [07:31] your Linux installation is safe from what ever you have in your Windows [07:32] I was told NTFS lacked the permission stuff found in linux, so I was worried that data there would be less secure from the likes of remote hacking and such [07:32] if you're worried about that your computer get stolen or police officers takes your computer [07:32] encrypted /home is secure [07:33] REMOTE hacking I am talking about [07:33] then it does not matter [07:33] k [07:33] your system should be pretty much in safe [07:33] as long as you have complicated password with upper case letters and numbers [07:33] and your username is not just first name [07:34] Why is it important to have a username that is encryptic? [07:34] and you have not enabled root password [07:34] I would think password should be enough [07:34] truepurple, becouse of bruteforce [07:35] A good password makes a complex user name unnecessary, no? [07:35] that a name of a program or what are you talking about? [07:35] "bruteforce" [07:36] I dont have my sshd logs anymore [07:36] but if you leave your sshd open, you will see some attacks that takes hours [07:38] Most of the time most people are not being attacked and would see nothing in this sshd, right? [07:42] bioterror: [07:52] bioterror: YOu still there? [07:58] Anyone here? [08:34] truepurple: got a issue? [08:35] bioterror: hours?? psshhh...ive been attacked for weeks before [08:35] stlsaint: Hi [08:35] truepurple: question about ssh or something? [08:36] stlsaint: bioterror Was telling me there was a reason to use a more complex handle and not just password [08:36] stlsaint: Can you confirm and elaborate or deny? [08:36] handle=user name [08:37] truepurple: well in terms of a bruteforce attack a more complex username will be effective [08:38] truepurple: most attackers are gonna go with handle "root" [08:39] How does it work, this brute force [08:40] Like if your password is apple654, does it learn the first letter is a, then the second is p, then the third is p, then the person might guess apple, and go from there? [08:42] stlsaint: [08:42] truepurple: brute force takes a password/username list and pretty much tries all possible combinations [08:42] based off the hash (from my understanding) [08:42] with a simple password and username it is not a matter of IF you will be hacked but WHEN [08:43] this attack can be drastically made faster if using a database table [08:43] what is a database table? And I don't feel like that answered my question [08:44] You mean it has a list of the most commonly used password/usernames and tries them, that is what the database table is? [08:44] stlsaint: [08:47] truepurple: ok what specifically is it you are wanting to know [08:47] I asked what I specifically wanted to know already [08:47] Like if your password is apple654, does it learn the first letter is a, then the second is p, then the third is p, then the person might guess apple, and go from there? [08:48] yes [08:48] http://en.wikipedia.org/wiki/Brute-force_attack [08:49] although a person isnt sitting there guessing each one, they setup the computer with the hash and let it rip against username/password list [08:50] a database or table figures out all the possible combinations prior to the attack being made which makes it twice as fast (how it works with wifi hack as well) [08:50] Yes I looked at that webpage, but it doesn't tell me that [08:51] Does brute force solve each latter 1 by 1? Or is it all or nothing? [08:51] I mean each character, 1 by 1 [08:51] yes [08:51] one by one, i said yes to that earlier [08:52] Then why couldn't they use human logic to decipher from the part already figured out? [08:53] why would they need to when the computer does it for them? [08:53] stlsaint: BTW sorry about that, I am very mentally tired [08:53] You mean the program sees the a, p, p and then tries l, e because of that? [08:53] truepurple: are you just asking about a brute force attack or does this pertain to a more specific issue? [08:54] truepurple: no [08:54] Well if I understand how this works, I can know how to device better passwords and usernames [08:54] the system will not guess on its own, unless told to which i have not used [08:54] truepurple: well are you talking about securing a server or something? [08:54] No, just what to use for a username and password for ubuntu [08:55] and other online stuff etc [08:55] on a laptop install? [08:55] no, desktop, why would that matter [08:55] because of wi-fi? [08:56] truepurple: i have a medium level password on my local install because i dont go installing programs from random locations, if dont compile it myself or install from repos than i dont install it [08:57] truepurple: that is the only real reason you would need to make a complex password is if you install random crap cause if a person gets physical access on your system than a password wont mean jack [08:57] Well my main concern is remote hacking [08:57] truepurple: do you have any open ports on your desktop? [08:58] I don't know, anyway the whole password permission thing is suppose to be linuxs main security feature AFAIK [08:59] password permissions? [08:59] If this brute force thing can verify each character one at a time, then it could crack any password lickety split [08:59] truepurple: do you understand how ports and security work? [09:00] You know where you have to enter a password to say, install something and so on, are you sure you've used ubuntu before that you dont know this... [09:01] truepurple: what you are speaking of is authentication not permission [09:01] Your talking symantics, please don't, just because I don't know all the terminology... [09:01] well its the terminology that gets the correct answer or response [09:02] authentication yes i know and that is a good feature yes [09:02] So why do you talk like the quality of the password for authentication doesn't matter? [09:03] that is out of personal use of linux [09:03] I don't know what you mean by that [09:04] you can make your password as strong as possible which is recommended overall, i just wanted to give you a explanation of why i dont [09:04] cause you asked about brute force [09:04] and you said a remote hack [09:04] There are 26 alphabit characters + another 26 for cap, and 10 numbers. So 62 for each character (if it accepts the misc stuff, a bit higher, but still) So this brute force tries 62 times for the first character, then 62 times for the second, and so on, why doesn't this brute force system rule unstoppably? [09:05] What against do you want to make that password as strong as possible? [09:05] truepurple: ^^ that is what i wanted to ask you? Why do you feel the need to make a complex password on a closed port system? [09:06] maybe this thread can help: http://ubuntuforums.org/showthread.php?t=510812 [09:06] "you can make your password as strong as possible which is recommended overall" recommended only for open port systems? [09:06] ^^Security on Ubuntu-a very comprehensive explanation [09:07] truepurple: at the ubuntu instal and fedora for that matter they guage you on your password strength, which is why is say it is recommended to make a strong one [09:08] But your saying password strength for authentication is immaterial on a closed port system? [09:09] truepurple: im saying do what you want, i was just offering a explanation of why i dont make a extreme complex password but that is not stopping you from doing one [09:10] I asked you a question, not requested for any kind of permission [09:10] Does password strength matter on a closed port system? [09:11] stlsaint: [09:11] yes, just make a strong password to be safe [09:11] What does it matter with? [09:12] truepurple: ok, here is all i have to say: if you are going to install from locations that are not specified within the ubuntu repository system then you need to set a strong password [09:12] truepurple: there is alot in security that i cannot explain in one time [09:13] truepurple: if you install a application that contains a trojan or keylogger than a strong password will be sent back to that attacker and they will have to open a port on your system to use as a backdoor [09:14] stay safe...dont install from untrusted locations and when opening ports use caution [09:14] Lets back up to something else i keep on asking about but you havent really responded to, what makes you so sure that ubuntu and other password systems have ways of verifying 1 character at a time? [09:15] Logically that seems very unlikely [09:15] Because as I said before, then anyone could easily hack any security code very fast using that method [09:15] If that was the case [09:16] thats because you are not understanding hashing [09:17] Well tell me the flaw in my logic then, my logic is very simple here so pointing out its flaw/s should also be simple [09:17] your biggest flaw is not understanding how an attacker would even get the chance to perform a brute force [09:18] again i am trying to explain how but you keep reverting back to brute force programming, every brute force application will be different but screw that, just keep them out to begin with!! [09:20] stlsaint, usually the brute force attack takes about few hours [09:20] stlsaint: That wikipage said that the brute force method becomes exponentially harder with each increase in password length, if it could verify each character independantly, then it wouldn't get exponentially harder with each additional character in length [09:20] bioterror: yes thats if an attacker can even get close to you! [09:20] actually bruteforce attack can be made worthless with knock [09:21] HELL brute force is COMPLETELY useless against key authentication!!! [09:21] no need for denyhosts or anything like that [09:21] truepurple: One can attack your system if and only if you let him enter your machine. Like if you install an application from an untrusted zone, the owner of the application might have added some hacking codes which will work after the install(this time you will use your machine password and they will get it). If you dont install from un trusted places, then dont worry about it [09:21] stlsaint: That would be good information to know much earlier in the conversation... [09:21] * stlsaint facepalms!!!!!! [09:21] :D [09:22] * IAmNotThatGuy hugs stlsaint [09:22] truepurple: dude/chick whatever, i asked you what were you trying to do and you just said understand brute force [09:22] with Linux you cant write to / without root permissions [09:22] like sudo [09:22] or with any *nix [09:22] unless you mess your system with chown ;) [09:22] lol [09:22] that's what makes *nixes secure [09:23] all the binaries and stuff like that are in a place which you cant modify [09:23] you as a normal user [09:23] Let me try this a different way, does it matter if I mix common words in my athentication password for the purposes of security? [09:23] truepurple: if you would have just told me you were looking for a secure way to operate a application i would have told you keys from the beginning [09:23] Does that matter log on purposes? [09:23] truepurple: NO [09:24] I mean logon to websites and stuff [09:24] Sorry about not being clear [09:24] truepurple: that is the websites job to keep you secure, you have on control over say googles webmail, but they will always suggest making a strong password [09:25] No, never use SUDO or something which asks your authentication from the untrusted instal [09:25] bioterror: all yours and mohis dude [09:25] But does whether I use common words within a password (assuming they arent guessable as a whole) for webmail or linux authentication matter? [09:26] see ya stlsaint [09:26] njaeh [09:26] I'm just peeping in [09:26] truepurple: so you are asking about ways to set effective strong password right? [09:26] I'm out soon with my daughter [09:26] and my mom, doing some wood works [09:27] lol :P [09:27] I am asking if I use a common word like apple, tree, cicuit etc within a password that also contains random characters, is that any more secure then a password containing only random characters [09:27] is it? [09:27] 4pPl3 [09:27] Assuming the common word has no personal meaning that one can guess at by knowing you [09:27] no, apple [09:28] see what bioterror told :D [09:28] thats apple =] [09:28] in a secured way [09:28] actually [09:28] you should use pincode + word [09:28] for example [09:28] 4 digits pincode before or after a word [09:28] then you can even write your passwords up [09:29] and it's still secure [09:29] Is 3apple45g4 any more secure then 2ws35ddsdf? [09:29] I mean any less secure [09:29] they are as secure [09:29] truepurple: you know capatcha right? [09:29] So common words don't jeopordize a passwords security, right? [09:29] but 3AppL335g4 is more secure [09:30] that is provided by Gmail to protect our login [09:30] capital letters makes it more secure [09:30] yeah, the "you are a human not a bot" system for signing in and up to things [09:31] What about it? [09:31] if they even use bruteforce, they cant try more than 3 times [09:31] so it is secure [09:32] bruteforce is by bot as it does 100 times faster than us. when we are supposed to enter capatcha, as it is dynamic, bruteforce fails. so your mail is safe [09:32] my friend has for his server SecureID kind of token ;) [09:32] actually, it was a usb dongle that needs to be inserted in :D [09:32] If bruteforce can verify each character independantly, why would it even take a couple hours to crack something? Why not 5 minutes or something? [09:32] when you take your machine, no one can use the authentication except from your physical keyboard(unless you share the desktop) [09:33] so all security to you machine is in your hands [09:33] truepurple: what you want to know exactly? brute force or secured password?? [09:33] truepurple, think about that if I come to your house, I take my gentoo or arch usb stick with me and I can chroot into your system and change your root's password and even your users password ;) [09:34] If a password is 10 characters long, and limited to letters and numbers,and brute force can verify each character independently as being correct or not, then brute force would need to only try 620 passwords or less, to break in [09:34] bioterror: wait! [09:34] truepurple: what you want to know exactly? brute force or secured password?? [09:35] to be honest, I dont even need that stick, all I need is just choose that Safe Mode from GRUB ;) [09:35] Well there is something I heard about bruteforce that is inconsistant, and I wish to resolve this inconsistancy [09:35] So please reply to what I asked about [09:36] truepurple: Let me clarify one thing first. Brute force is independant of your system. it is about your account in server. so do not compare with the system [09:36] Is brute force able to verify each character independantly? and if so, how do you explain that inconsistancy? Also the inconsistancy of the wiki saying that longer passwords are exponentially harder to crack [09:37] truepurple: open google and type "eleph" and see what happens [09:38] Ok Iam, but whatever it is for, do you believe brute force can verify each character independently? [09:38] it will autofil as elephant. this is a data present in a table which it suggests. similarly, bruteforce has tables with this maching words. so it will check character by character [09:38] for password, it verifies character by character [09:38] So it can verify a password starts with F and then 5, but not know the rest of the password? [09:39] when you send a password, the google mail also check character by character. Do you believe this? [09:40] When you send a password, you send a whole password, if you leave a character off, the system won't tell you you ALMOST had the password, it just tells you its wrong, but you are saying something very different for brute force [09:40] yeah but it check character by character right? [09:41] I would assume [09:41] the attack code will have a point which will help it know which letter got succeded [09:41] Then why doesnt it take minutes to work? And what about what the wiki said about longer passwords being exponentially harder? [09:42] minutes, hell seconds [09:42] each time, it sends pass to server and checks [09:42] 620 tries or less is nothing for any kind of modern system [09:43] so how can that happen in minutes? [09:43] capatcha [09:43] that wont let you [09:43] Not everything has a try limit chance [09:44] Ok what about what wiki says about longer passwords being exponentially harder though? [09:44] but it will communicate to server each time [09:44] It is not about long passwords. its about mixing alphabets [09:44] If it can verify each character independantly, it would be addition, not multiplication, difficulty/time wise [09:45] "The key length used in the encryption determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones." [09:45] when it check for each words, then it should check for 10 years to find a password which starts with z and has zzzzzzzzzzzzzzzzzzzzzz [09:46] http://en.wikipedia.org/wiki/Brute-force_attack [09:46] Are you saying that wiki is wrong? [09:47] so what do you want to prove or do? I am telling that mixing aphabets is secure. if you give as welcomecommittee thats long enough. but not that secure than WeLcomecOmmiTtee [09:47] and thats what I am trying to say [09:48] I didnt say that wiki says wrong [09:49] There is some inconsistancy between what you and the last person said, and what the wiki says about this, inconsistancies bug me, and when you can't even see the inconsistancy, that bugs me even more [09:49] make yourself tin foil that, plug your computer off from internet and lock your door and never leave your house [09:49] But this is getting to be too much work for a matter of curiosity, especially when I have some more important issues to deal with. [09:49] and remember to pull your teeth off too ;) [09:49] bioterror: LOL [09:50] and remove battery from your cell phone! [09:50] murdoch, arch enemy of MacGyver can listen your calls [09:50] truepurple: can you see the difference between welcomecommittee and WeLcomecOmmiTtee????? [09:50] bioterror: Me: Inconsistancies bug me You:So be paranoid -> that reply was very inconsistant [09:51] bioterror: quiet [09:51] truepurple: answer me [09:51] IAmNotThatGuy: What is the question? [09:52] Wed12:51 <+IAmNotThatGuy> truepurple: can you see the difference between welcomecommittee and WeLcomecOmmiTtee????? [09:52] I thought that was rhetorical, since the difference is obvious [09:52] [15:20] <+IAmNotThatGuy> truepurple: can you see the difference between welcomecommittee and WeLcomecOmmiTtee????? [09:53] the second is more secured. do you believe that? [09:53] Sure, why not [09:53] What is your point? [09:53] the length and mixing aplhabets makes it secured [09:53] zzzzzzzzzzzzzzzzzz might be more secure then zzzzzz too [09:53] got my point? [09:53] So? [09:54] so both are important [09:54] and thats what I tried to say [09:54] Ok... So...? [09:54] I know that [09:54] you have to sk the next question [09:54] then what you want to know? [09:54] I wrote it down, one moment [09:54] which you already have known? [09:55] Not what I was asking, but moving on [09:55] k tell us what you know first of all [09:55] if you dont have any other queries in particular [09:55] I want to share save files and other things between ubuntu and win7 [09:56] Wed10:27*<+bioterror> put that separate partition into fstab and make symlink to your home folder [09:56] why you want to do that? [09:56] bioterror: quiet [09:57] What is fstab? [09:57] I had "ln -s /media/Windows/Documents & Settings/username/ linked to my /home/user/Desktop [09:57] !fstab [09:57] The /etc/fstab file indicates how drive partitions are to be used or otherwise integrated into the file system. See https://help.ubuntu.com/community/Fstab and http://www.tuxfiles.org/linuxhelp/fstab.html and !Partitions [09:57] truepurple: ^ [09:57] now answer me why you wanted to do that truepurple [09:57] becouse of dual boot [09:58] linux can access your Windows files, but not vice versa [09:58] Why not visa versa? [09:58] you tell us, Windows boy ;) [09:58] ask in M$ channels and if you find answer, then please provide that to us [09:58] :) [09:58] we are also asking the same questions [09:59] So I guess I have to tell each program independently that I want to save it on the NTFS shared partition, rather then /home, only option, right? And if I fresh install ubuntu to update, it is very complex to save those settings for save locations? [09:59] bioterror: wait [09:59] truepurple: answer me. why you want to do that? [10:00] The answer should be so obvious and I find myself explaining this over and over, and the reason is immaterial really to how to get it done, but fine [10:00] hi there [10:00] hi! [10:01] why you want to do that? you can creata separate NTFS partition in which you can save any documents and can access from a M$ machine [10:01] why saving it in HOME? [10:01] If I can not load saves from one to the other, whether game saves or wordpad saves or graphics saves or whatever, I have to recreate my efforts on each OS, effectively my dualboot system is two systems, rather then one [10:01] IAmNotThatGuy, no point in that [10:01] I am not trying to save it in home [10:01] IAmNotThatGuy, correctly mounted windows partition does that job with symlinks [10:01] why you want to save it in home? [10:01] truepurple: ^ [10:01] I DON'T! [10:01] actually [10:02] hmm! then you can save it in an NTFS partition right? [10:02] I would symlink Documents folder of Windows account to linux system's Documents [10:02] So I guess I have to tell each program independently that I want to save it on the NTFS shared partition, rather then /home, only option, right? And if I fresh install ubuntu [10:02] IAmNotThatGuy: Exactly what I was talking about! [10:03] please provide me some documents that will automatically get saved in home [10:03] applications [10:03] example/sample [10:04] Don't most every program under linux save to home, that is why if you reinstall ubuntu fresh you keep all your saves [10:04] I might save them into /tmp or even /var/tmp/ [10:04] lol [10:04] depends how dangerous I feel myself at the moment [10:04] That is the whole point of putting /home in a separate partition, right? [10:05] truepurple: so you want the applications you installed and not the documents [10:05] Because /home has stuff like saves in it, right? [10:05] IAmNotThatGuy: No, the saves etc. [10:05] home is to save user saving documents and not the applications [10:05]