lotuspsychjegood morning02:40
leftyfb"Enter a valid password with a max of 12 characters."02:51
leftyfbthese places drive me nuts02:51
arraybolt3Lets them provide reasonable NVIDIA stress-testing services on the side? :P02:52
arraybolt3"Audit our customers' security and get paid for your compute power!"02:52
leftyfbwhat gets me more is the banks that have other limitations with passwords02:52
leftyfbyou would think they would want MORE secure passwords02:52
leftyfbI've contacted every one of them recently and complained and left feedback02:52
arraybolt3"Sorry, that PIN is invalid. Please make sure there are exactly 4 digits." >_<02:52
oerheks4 digit pin code only :-(02:52
oerheksThis is so 199902:53
arraybolt3Who knows, maybe this is why people *really* hate COBOL.02:53
leftyfbdon't even get me started with the places that still ask for me pin when I use apple pay02:53
arraybolt3I think one time there was a password dialog box I ran into that *wouldn't* accept symbols.02:54
leftyfboh, those still exist02:55
arraybolt3Like what, are you storing this in plaintext in a flat file with a special parser?02:55
arraybolt3If you're hashing the password, surely the characters in it don't matter.02:56
leftyfbI'm doing this because I've spent the past few weeks moving off of Lastpass02:56
JanC4-digit PIN codes are pretty safe if you use them for the right things02:56
arraybolt3JanC: A bank is not the right thing for that.02:57
leftyfbI think I had about 12 or 1300 passwords stored in it. A lot of duplicates because websites are stupid. I'm down to about 400 or so left to go and 224 stored in the new password manager02:57
JanCthey are; most bank cards will block your card after 3 failed attempts02:57
arraybolt3Think about it - 4 digits, that's exactly 10,000 possible codes. If you get locked out after 3 attempts, that means that one out of every 3334 bank cracking attempts succeeds.02:58
leftyfbI'm going through each site in lastpass, logging in, updating my email address if applicable, updating password, enabling MFS if available, adding it to my new password manager and removing it from last pass. It's going a lot slower than I expected 02:58
arraybolt3So if there's one million attempted PIN guesses, about 300 of them work.02:58
JanCyou would usually also be filmed while trying to enter that PIN02:59
arraybolt3That's easier than winning the lottery.02:59
JanCso your chances of doing that successfully (as in getting away with it) aren't very big03:00
arraybolt3JanC: Meh, valid point, but I'm sure that doesn't deter everybody.03:00
JanCmost money that gets stolen with a card & PIN is where people wrote their PIN down or were forced to give it03:01
arraybolt3(You could probably narrow down the codes too - 0000, 9999, 1234, etc. probably aren't in use.)03:02
JanCmy guess is that those are probably used a lot  :P03:03
JanCthat and birthdays, etc.03:03
arraybolt3...I wish I had the faith in humanity to say that I thought you were wrong XD03:03
JanCthe same applies to passwords, of course03:04
arraybolt3oh my gosh that reminds me of a "lifehack" I read once.03:04
arraybolt3It was in a book, "Handy Household Hints from Heloise". It had a password creation scheme in it that was horrifically insecure.03:04
arraybolt3Something like, "Pick four digits, like your birthday, then put the first two at the start, the name of the company in the middle, and the last two at the end."03:04
arraybolt3I wonder how many compromised accounts that resulted in.03:05
JanCwell, that's much better than _some_ alternatives, of course  :)03:05
arraybolt3/msg nickserv identify arraybolt3 Password!12303:06
arraybolt3:P (obviously fake)03:06
JanCbetter than a bare password, and certainly better than "password"03:06
JanCbetter than a bare *birthday*03:06
arraybolt3To make this slightly more on-topic, there used to be (might still be) a GNOME Disks bug where it will truncate your LUKS passphrase if you make it too long.03:07
JanCwhich might or might not be a problem  :)03:08
JanCI guess it gets really fun when you try to unlock it in another way03:09
arraybolt3Oh it's definitely a problem, you give it a passphrase, it "successfully" applies it, and then you can't get back in later :-/03:10
arraybolt3(One assumes you eventually figure it out and try successively longer truncated versions of the passphrase until it works.)03:10
JanCwouldn't it still work when you use GNOME Disk to unlock it?03:12
JanCor does it only truncate on creation?03:12
arraybolt3Not if you've used it to change your main drive's password and it's Plymouth asking you for it.03:12
JanCwell, yeah, so depends on how you try to unlock it03:13
arraybolt3It's probably even more of a problem if you have encrypted /boot and so only get one shot at unlocking the partition before being dropped to a GRUB shell.03:14
arraybolt3leftyfb: 12-1300?! How on earth do you have that many accounts?03:15
JanCshould be possible to unlock it from a live image (that still has the broken version)03:15
lotuspsychjemeanwhile their database grows tons03:15
leftyfbarraybolt3: I've been on the internet since roughly 199303:16
arraybolt3JanC: Hopefully true. It's not impossible to get back in (I hope!), just tricky,03:16
arraybolt3leftyfb: Hmm. I've only been on for a couple of years, and have a very small list of accounts.03:17
arraybolt3and most of those are mailing list subscriptions.03:17
JanCmailman will mail you your password anyway  :P03:17
arraybolt3Ubuntu's mailman doesn't seem to do that oddly.03:17
JanCI mean, it will mail you on request03:18
arraybolt3I have them all in Chrome anyway, so it doesn't really matter. It probably wouldn't matter if I just discarded the password entirely03:18
arraybolt3JanC: Oh, didn't know that.03:18
JanCthe monthly mails are just an option03:18
leftyfbarraybolt3: I'm actually deleting the passwords stored in chrome as well03:19
leftyfbit's not something I can use easily on other devices unless I sign in to the browser with my chrome profile since I encrypted the passwords03:20
arraybolt3What password manager are you migrating to?03:20
leftyfband it doesn't always keep in sync with other password managers03:20
arraybolt3Never heard of them.03:20
JanCarraybolt3: see e.g. https://lists.ubuntu.com/mailman/options/ubuntu-announce → enter your email address & hit the button at the bottom03:20
JanCassuming you are subscribed, of course  :)03:21
leftyfbarraybolt3: I didn't care for it at first, but it's grown on me. It does several things better than Lastpass03:23
arraybolt3leftyfb: For me, all my devices are either Chrome-compatible or don't need my passwords or I can just pull them from a Chrome-enabled device if I really need them elsewhere.03:23
leftyfbarraybolt3: if you encrypt your password store in chrome, you can't access your password remotely using the google password manager03:24
arraybolt3(As an aside, my suspicion that Chrome was more lightweight than Firefox was confirmed by a Phronix benchmark the other day - it's not just faster at most things, it's sometimes *way* faster.)03:24
arraybolt3leftyfb: I always just access it from within the browser.03:24
leftyfbwith browsers, the grass is always greener. Also, going to a new browser will ALWAYS be faster since you haven't loaded it up with a bunch of addons, plugins, themes, bookmarks, passwords, cookies, cache, etc03:25
JanClastpass isn't even worth the name "password manager", it's basically a password wide distribution manager03:26
arraybolt3I've been using Chrome for a good while and it's still noticably faster.03:26
arraybolt3Also I can access my encrypted passwords from within passwords.google.com.03:26
arraybolt3Although I don't use on-device encryption, that's probably waht you meant.03:26
leftyfbJanC: I wouldn't go that far. The "breach" wasn't as bad as everyone is making it out to be. My account didn't actually get breached. But this isn't the first time they've had an issue and they handled this very poorly. Even if your backup vault was part of the breach, they still need to get your master password to unlock it03:27
JanCarraybolt3: last time I tried it (now long ago), Chromium got *unuseably* slow once I opened a lot of tabs03:28
arraybolt3Maybe things got better, or maybe Chromium and Chrome are different.03:29
JanCdo you use it with >100 tabs loaded?03:30
arraybolt3Hmm, no, I have 45 at the moment.03:30
JanCor did Phoronix test that?03:30
leftyfbarraybolt3: ^03:30
arraybolt3Once I get much higher than that though, it gets so hard to find what I'm looking for that I start cleaning them up.03:30
leftyfbJanC: I put tabs into groups these days. I have maybe 20 or so tabs outside of groups at any given moment03:31
JanCTreeStyleTab FTW  :P03:31
arraybolt3Hmm... on-device encryption scares me a bit :P03:32
leftyfbIt’s not per device encryption03:32
leftyfbIt’s just locked with a pass phrase03:32
arraybolt3True, but I do change my Google password every so often, and I dread the day I lose all my devices, especially if it happens just after a password change... probably irrational, but still...03:33
leftyfba proper password manager allows you to share sets of passwords as well and have multiple "vaults"03:35
arraybolt3I mean I see what you're saying, and for some stuff that makes sense, but I don't know I'd ever bother with actually using that feature.03:39
arraybolt3Maybe that's a problem with me though :P03:39
leftyfbI do a lot03:41
leftyfbrequires a lot of management03:41
arraybolt3JanC: I suspect the problem with Chromium you were hitting is probably fixed, since Chrome recently started making tabs that you weren't using much go to "sleep" or something similar - basically it has to reload the tab next time you click on it. Probably a good feature, though it does keep stealing free member-only Medium articles from me :P03:51
arraybolt3(Sometimes you don't want to burn two free articles on one article when you were just looking up how to do something in Python or whatnot.)03:52
JanCI don't want tabs to be unloaded without my permission03:52
JanCFirefox can do that too03:52
JanCsome sites will not restore "state" when reloaded03:53
arraybolt3That makes sense. The day I lose a massive Reddit post or comment will probably be the day I turn that feature off.03:53
arraybolt3Though hopefully it knows better than to sleep those tabs.03:54
JanCit's mostly old sites (that don't use local storage) that do interactive search results or changes03:55
=== ledeni_ is now known as ledeni
=== JanC_ is now known as JanC
=== pizzaiolo is now known as pizza
=== Maik6 is now known as Maik
=== leftyfb_ is now known as leftyfb
lotuspsychj3leftyfb: https://www.goto.com/blog/our-response-to-a-recent-security-incident17:03
leftyfblotuspsychj3: ?17:04
leftyfbI don't use anything by GoTo17:04
lotuspsychj3just showing on my rss news17:05
lotuspsychj3lastpass related a bit17:05
leftyfbyeah, if anything, it's just more of the same17:05
leftyfbI'm not more concerned17:06
leftyfball of my important passwords have been changed. I have about 400 or so to still go through but they're mostly dupes, outdated services or stuff I don't really care about17:06
leftyfbthey would still need to get my master password to unlock the vault17:07
=== pizzaiolo is now known as pizza
leftyfbwow, the ubuntu 22.04 installer is REALLY broken if you don't have DHCP17:11
ravagethe statement is true in general17:19
leftyfbI don't see how this passed any sort of QA17:47
enigma9o7What is wrong with this picture? https://itsfoss.com/content/images/wordpress/2013/07/install-gambas-ubuntu-linux.jpg21:54
enigma9o7from https://itsfoss.com/install-gambas-ubuntu/21:54
daftykinsno T!22:05
daftykinsoh they left22:05
sarnolduwu ubunu!22:15
arraybolt3Attack of the killer lobster?22:15

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!