Hi all
I think I missed a prompt somewhere... here's a quick message to introduce myself (http://tilde.club/~bupkes).
My name's Matt. I am in my mid-forties and I live in a town called Lewes just near Brighton on the south coast of the UK.
I'm married and we have a 12yo kid and a cat.
I've had a few jobs in the past, most of my twenties in a record shop but now I work for a charity.
My job is basically working with blind people (generally older people) explaining how to use various bits of technology.
Many people I work with have never used a computer before and can't see what I am talking about, so it can be tricky :)
For fun at work I play with VR stuff which - surprisingly, I guess - works really well with people who have poor vision.
At home I enjoy playing with Python and doing cryptic crosswords. Every week my wife and I do a twitch stream (https://www.twitch.tv/bupkes_)where we (and a bunch of people in chat) do a puzzle.
Anyway that's me, or at least a bit of me.
I'm here to meet people and learn new things.
See you around.
Matt / ~bupkes
You're the perfect group of people to turn to for help with this.
I'm working on a video where a significant prop is an old box of 3.5" HDD
disks. I managed to get an old unopened box of pristine disks and labels.
Now I need to write on the labels and make them look like someone has
actually been using these disks, circa 1990-2000 or so.
All the labels should feel real, but they can't use trademarks. So they
can't say "AOL installer" for example.
I've got up to 50 of these, and I'm open to ideas. The gist of what I've
got so far is:
Term Papers
Personal Letters
Mouse Driver 1.1
Fax/Modem Software
Soundcard Driver
NEW Soundcard Driver
Mom's Spaghetti
Pixel Racer Man
Shoehorn DB
PCI Bus Ethernet Drvr
CD-ROM Device Driver
Installers
Very Important Data
BBS SysOp
1337 Warez
You get the idea. Send me your suggestions!
David
Just looked. From what I read the phishing attack would really only work for accounts that someone would have to goto a web page for login (which could be faked) and get the details. But for ssh login there is not the same risk.
Thanks
> On Feb 26, 2020, at 11:34 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>
> The phished credentials are generally used immediately to take over the account.
>
> --
> Jeffrey Paul
> sneak(a)sneak.berlin
>
>> On Wed, Feb 26, 2020, at 10:26 AM, deepend wrote:
>> Would be interested in hearing more information on how someone is
>> phishing a code that is only valid for like 30 seconds? Is there more
>> to that story then just phishing?
>>
>> Thanks
>>
>>
>>>> On Feb 26, 2020, at 11:09 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>>>
>>> Note that for U2F you also need ssh client support, so this would require a lot of people to recompile their ssh client.
>>>
>>> Due to the fact that those six digit numeric 2FA codes (TOTP) are phishable, I recommend sticking with a split-key system like U2F or plain ol’ ssh keys. The latter is widely supported, even on things like iPads and the like, and needs no special client support.
>>>
>>> If you are using a full Yubikey for U2F (and not the cheaper blue U2F-only Yubikey), you can use the Yubikey in a smart card mode to generate and store an old-style SSH keypair. This is what I do and it works great.
>>>
>>> Best,
>>> -sneak
>>>
>>> --
>>> Jeffrey Paul
>>> +1 312 361 0355 (voice, sms, Signal)
>>> This message content should be treated as confidential, and if you are an attorney, should be handled as privileged.
>>>
>>>
>>>>> On Feb 26, 2020, at 09:58, ngp <ngp(a)tilde.club> wrote:
>>>>>
>>>>> On Wed Feb 26, 2020 at 10:50 AM, deepend wrote:
>>>>> Found a file mentioning that Fido/U2F auth being available in 8.1. But
>>>>> some websites say it came in 8.2. Not sure who to believe.
>>>>>
>>>>> Tilde club currently runs Fedora 30.
>>>>
>>>> Fedora 30 appears to be up to OpenSSH 8.0p1, so either way it's not
>>>> available :/
>>>
>>
I understand that. But I what way is someone phishing a code that is available for 30 seconds? That would still allow it to be useable
Sent from my iPhone
> On Feb 26, 2020, at 11:34 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>
> The phished credentials are generally used immediately to take over the account.
>
> --
> Jeffrey Paul
> sneak(a)sneak.berlin
>
>> On Wed, Feb 26, 2020, at 10:26 AM, deepend wrote:
>> Would be interested in hearing more information on how someone is
>> phishing a code that is only valid for like 30 seconds? Is there more
>> to that story then just phishing?
>>
>> Thanks
>>
>>
>>>> On Feb 26, 2020, at 11:09 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>>>
>>> Note that for U2F you also need ssh client support, so this would require a lot of people to recompile their ssh client.
>>>
>>> Due to the fact that those six digit numeric 2FA codes (TOTP) are phishable, I recommend sticking with a split-key system like U2F or plain ol’ ssh keys. The latter is widely supported, even on things like iPads and the like, and needs no special client support.
>>>
>>> If you are using a full Yubikey for U2F (and not the cheaper blue U2F-only Yubikey), you can use the Yubikey in a smart card mode to generate and store an old-style SSH keypair. This is what I do and it works great.
>>>
>>> Best,
>>> -sneak
>>>
>>> --
>>> Jeffrey Paul
>>> +1 312 361 0355 (voice, sms, Signal)
>>> This message content should be treated as confidential, and if you are an attorney, should be handled as privileged.
>>>
>>>
>>>>> On Feb 26, 2020, at 09:58, ngp <ngp(a)tilde.club> wrote:
>>>>>
>>>>> On Wed Feb 26, 2020 at 10:50 AM, deepend wrote:
>>>>> Found a file mentioning that Fido/U2F auth being available in 8.1. But
>>>>> some websites say it came in 8.2. Not sure who to believe.
>>>>>
>>>>> Tilde club currently runs Fedora 30.
>>>>
>>>> Fedora 30 appears to be up to OpenSSH 8.0p1, so either way it's not
>>>> available :/
>>>
>>
Would be interested in hearing more information on how someone is phishing a code that is only valid for like 30 seconds? Is there more to that story then just phishing?
Thanks
> On Feb 26, 2020, at 11:09 AM, Jeffrey Paul <sneak(a)sneak.berlin> wrote:
>
> Note that for U2F you also need ssh client support, so this would require a lot of people to recompile their ssh client.
>
> Due to the fact that those six digit numeric 2FA codes (TOTP) are phishable, I recommend sticking with a split-key system like U2F or plain ol’ ssh keys. The latter is widely supported, even on things like iPads and the like, and needs no special client support.
>
> If you are using a full Yubikey for U2F (and not the cheaper blue U2F-only Yubikey), you can use the Yubikey in a smart card mode to generate and store an old-style SSH keypair. This is what I do and it works great.
>
> Best,
> -sneak
>
> --
> Jeffrey Paul
> +1 312 361 0355 (voice, sms, Signal)
> This message content should be treated as confidential, and if you are an attorney, should be handled as privileged.
>
>
>>> On Feb 26, 2020, at 09:58, ngp <ngp(a)tilde.club> wrote:
>>>
>>> On Wed Feb 26, 2020 at 10:50 AM, deepend wrote:
>>> Found a file mentioning that Fido/U2F auth being available in 8.1. But
>>> some websites say it came in 8.2. Not sure who to believe.
>>>
>>> Tilde club currently runs Fedora 30.
>>
>> Fedora 30 appears to be up to OpenSSH 8.0p1, so either way it's not
>> available :/
>
Hey ~clubbers.
I know some people are not fans of public key authentication. So here is a poll I’d like to see if we can improve things since password only auth will not be returning.
http://www.strawpoll.me/19445663
Look forward to the result :)
Hello Everyone!
I will first like to welcome everyone that has joined since we brought tilde.club back from idle. As well would like to welcome back many users that have returned.
We have been working hard in the background to keep things going in a positive direction and hopefully users like the direction things are going. (Feedback is always good and welcome if any of you have thoughts on this)
This was mostly a post to let you know that for awhile now we have had a mastodon account and up to this point it has been fairly quiet. I am going to start posting more information and updates regarding the state of tilde.club and things we add or improve. If you would like to follow and keep informed please go to
https://tilde.zone/@tildeclub
Otherwise I will also try to post on the mailing list for those who don’t want mastodon.
Hope to see you all on the server and continue this journey forward.
Thanks
~deepend
Dear ~club:
Just to give myself some breathing room, I'm going to reduce these
workshops to one ever two weeks. I hope at least some of you are enjoying
them. They're moderately fun to write, in any case.
I have a different sort of idea for this workshop. Rather than all going
off and doing our own thing on our own pages, let's use this mailing list
to work collaboratively on something.
Yesterday's xkcd[0] was about putting some effort into a response to a pun
or similarly repellent joke by forming a sentence out of place names and
linking them together with driving directions. (And if you think that was
easy to explain in text, then you're wrong.) I think this is a great idea,
but I don't happen to have a list of word-to-place-names ready at hand.
How am I supposed to make witty comebacks without a list?
(Incidentally, you might call this list that links words to place names
a... map.)
My first thought was to try to come up with this list myself, but that's a
lot of work. Then I thought that lots of other readers of xkcd might want
a list, too. Why not distribute the work amongst us so that we all may
benefit? I'm sure there are already groups out there who are doing this
exact thing, but I say we give it a shot anyway.
~club, your challenge this bi-week is to reply to this message with some
common words or phrases expressed as place names. I'll start:
friend ---> Friend, Nebraska[1]
I'll keep track of the mappings we come up with---feel free to do the
same---and I'll post them on my tilde.club page. Also: bonus points if
you've been to any of the places you reply with or know something neat
about them!
If you're looking for ideas on what words to use, consider drawing from
the most common English words[2]. They'll be the most useful.
Good luck, ~club, and happy mapping,
Bradley
[0]: https://xkcd.com/2260/
[1]: https://en.wikipedia.org/wiki/Friend,_Nebraska
[2]: https://en.wikipedia.org/wiki/Most_common_words_in_English
