Compose key superiority be like "A Ñandú went from Wrocław to Bøur."
ISO keyboards were a mistake. Compose key is all we need. Change my mind ☕
[#]keyboard #composeKey #MechanicalKeyboards
=> More informations about this toot | View the thread
https://mini-rack.jeffgeerling.com/
[#]SelfHosting #mini-rack #minirack
=> More informations about this toot | View the thread
This is the way I config PAM to authenticate with my USB keys in NetBSD.
I type a password to decrypt the disk, and that's it.
No passwords to log-in, unlock the screen or run doas. Only the key.
https://vsis.online/posts/2025-01-14-pam-u2f/
[#]NetBSD #U2F #fido2
=> More informations about this toot | View the thread
Once again I have to work on Windows Server machines. WS 2016, no less!
Fun! /s
Please don't tell my relatives. "I know nothing about Windows" is my phrase to avoid doing tech support.
=> More informations about this toot | View the thread
https://luke8086.dev/netbsd-on-thinkpad-380z.html
[#]NetBSD #thinkpad
=> More informations about this toot | View the thread
So, it has been like three months using FIDO/U2F keys instead of passwords. Both in my NetBSD and Arch systems.
I use a "medium" quality password to decrypt the filesystems and other one to decrypt the password manager. And that's it.
No password to log-in, to unlock screen, to run doas/sudo, etc. Just this little penguin and press its button.
Also, I'm using this as 2FA for all websites that support it. Lemmy doesn't. It's the only place where I don't use it, yet.
Because U2F uses the domain name, this is a strong protection against phishing. A similar domain may trick my eyes, but not the key.
I'm very bad at memorizing passwords, and worse at typing them. Unlocking the screen without typing my password like 3 times is a bless.
The problems: if my laptop is decrypted anybody with this penguin is root. It's kinda my Horcrux. Also, I need a second one stored safely as a backup.
So I officially have two horcruxes. Destroy both and I can't log-in anywhere.
[#]fido #u2f #infosec #NetBSD #arch #keepass #password #horcrux
=> More informations about this toot | View the thread
Question for trackball users: Should I get a trackball mouse? I need a mouse that doesn't move.
I have never used one. I'm willing to deal with the learning curve.
Most of the time I'm a keyboard-only user, but I like to work on photography from time to time. Photo processing software is, of course, very mouse intensive.
My desk is very small and the mouse with its mouse-pad don't fit very well, specially when a notepad, a cellphone or camera is part of the workflow and it's on the desk too, next to the mouse. But, on the other hand, a trackball doesn't move.
I'm trying to do my own research, but the paid reviews are getting in my way, and I can't always differentiate between a genuine user reporting the benefits of a trackball or a "review".
Trackball users, will it solve the "my desk is too small" problem?
[#]trackball #mouse #computerMouse #ergonomics #fediAsk #AskFedi
=> More informations about this toot | View the thread
IMO hardware-based attestation have more to do with vendor lock-in rather that security.
In paper it's a good idea, actually. But in reality it does more to enforce vendor-approved software rather than protect the user in case the OS get compromised.
We should avoid to depend on hardware-based trust or attestation.
https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
[#]GrapheneOS #attestation #vendorLockIn #tpm #foss
=> More informations about this toot | View the thread
Maybe next year Google will be forced to not pay Mozilla's income for the default search engine deal.
With the death of Mozilla, what will be the recommended browser?
I assume, without real knowledge of the matter, that Firefox forks don't focus on bugfixes and security patches.
And alternatives like Servo engine or Ladybird don't seem ready yet.
[#]Firefox #mozilla #librewolf #google #servo #ladybird
=> More informations about this toot | View the thread
Imagine being a "tech" journalist, and by no means be skeptical of "reports" of an OS being 40 times faster.
=> More informations about this toot | View the thread
There aren't more than like 10 people on fedi. The rest is just bots. Watch me post this from my other accounts
=> More informations about this toot | View the thread
https://www.surveillancewatch.io/
[#]surveillance #SurveillanceAds #privacy
=> More informations about this toot | View the thread
Of course, anyone with the key in their hands is root if my laptop drive is already decrypted.
Something that may not look too secure. I have to think a bit more if this is the setup I really want.
It's just like "anyone can be the driver if they found the bike keys"
=> More informations about this toot | View the thread
After some pam configs, I can use the USB keys to authenticate login and doas instead of password.
[#]u2f #pam #fido #fido2 #NetBSD
=> More informations about this toot | View the thread
I've just used one of these to log in here!
I just installed security/libfido2 from #pkgsrc and restarted Firefox.
I was mentally prepared for a lot of troubleshooting that never happened lol
[#]NetBSD #fido #passkeys #u2f #libfido2
=> More informations about this toot | View the thread
I ordered two FIDO2 USB keys.
I want to know how (in)convenient are they.
If I can use them, I will have KeepassXC with passwords only, and a separated second factor.
Plus, this second factor won't be as attractive as smartphones to thefts. So, less chances to lost it.
I've read that a good strategy is to have a USB key for everyday use, and a second one stored in a safe place as a backup, just in case the primary one is lost or damaged.
If I understood correctly what I've read, they will be compatible with NetBSD. One can only hope xD
[#]fido #keepass #2fa #NetBSD #infosec
=> More informations about this toot | View the thread
I just discovered that KeepassXC with the browser extension can use Passkeys to authenticate without password+2FA.
[#]keepass #keepassxc #passkey #fido #infosec
=> More informations about this toot | View the thread
I have a question about #infosec
Is it bad practice store 2FA TOTP seed inside a password manager?
I've seen that some people consider that 2FA TOPT in the same place where passwords are stored, is not really a second factor and should be avoided.
Personally speaking, I see phones as an easy target for thefts, so storing the 2FA seed there is not a great idea.
And, for the sake of convenience, it may be stored in the same database where passwords are.
The more I read about this topic, the more it seems like there's little consensus on how bad is to store 2FA TOPT among the passwords.
[#]passwordManager #2fa #totp #itsec #keepass
=> More informations about this toot | View the thread
Oh, no!
=> More informations about this toot | View the thread
This is awesome news!
https://blog.cloudflare.com/patent-troll-sable-pays-up/
[#]patentTroll #patent #cloudflare
=> More informations about this toot | View the thread
=> This profile with reblog | Go to release_candidate@bsd.cafe account This content has been proxied by September (ba2dc).Proxy Information
text/gemini