ideally run your apps with a crippled version — that is no sudo for the user...just a simple, unprivileged user.

the problem is, that it's kinda unpractical for a casual user to do it like that

the problem is, that it's kinda unpractical for a casual user to do it like that

No...it's not.

No...it's not.

do you run your applications in separate users?

not running as root is other thing and I hope it is obvious to everybody that it should never be done

do you run your applications in separate users?

No, but i ensure they have access to only what they need...remember file permissions exist

normal, unprivileged users can't access the whole disk...nor can they make system calls necessary..

and also @michalrud in a production server, yes I do.

and also @michalrud in a production server, yes I do.

yeah production server is a different thing and there I do so too

but on my desktop... I guess everything has access to my ssh private key, whether I like it or not

if it's running as you — yes.

as it's owned by me, the same user that runs the applications

Know what you're running.

and I don't really feel to sudo to a limited user every time I'm starting something else ;)

I kinda know, but it's always a risk

yeh

https://fedoramagazine.org/gnu-nano-minimalist-console-editor/

I decided to shift to fedora from kubuntu .. I want to know if anyone tried KDE on fedora ..what is ur review ?.. And what do u think is better : KDE or gnome ? ..

It depends... if you love configuring and changing everything, KDE is your choice. If you prefer simplicity then Gnome Shell is your cup of tea. If you install it with Gnome Tweak Tool, it can be beautiful.

any program on your computer has access to your whole hard drive

Access to read maybe, access to write... not so.

Access to read maybe, access to write... not so.

Reading is all it needs though lol

Why don't you keep your keys encrypted is the question. :)

Why don't you keep your keys encrypted is the question. :)

How does that fix the issue.

Get keylogged, and you're done.

Why do you have keylogger running? :)

But anyway, we discussed that yesterday.

...what?

?

I would go for a smartcard.

"Why do you have your password stolen?"

same thing...

Why people get so paranoid? 100% security doesn't exist. Never did, never will.

Why people get so paranoid? 100% security doesn't exist. Never did, never will.

Yes, this is very obvious. But MORE security is objectively better than LESS security.

MORE security can be achieved through multiple means, some easy, some difficult.

OK, lian, soon I won't have a smartphone. :)

Yes, this is very obvious. But MORE security is objectively better than LESS security.

Yes, of course but you're all behaving as if working for the MI5

And that app of yours won't be usable for me.

I don't think so TBH

That's why a smartcard.

Yes, smartcards are more secure than the app.

The app is still more secure than saving your keyfiles in your filesystem.

2-3 smartcards and 2 readers that can support more than 1024 byte keys.

linuxmodder: **** F25-20170428 Updated lives available (4.10.12-200 kernel) @ [ http://tinyurl.com/live-respins2 ]. A big thank you to the Respins SIG. Questions/Requests ? [[ #fedora-respins ]] ****

linuxmodder: what app ?

linuxmodder: @Rustiful learn to make partitions that are layered in security measures if you must use them on the disk

linuxmodder: and learn some OPSEC geez

linuxmodder: hash your keyfiles and or their respective passwords/passphrases

linuxmodder: some like chmod -Rv 700 ~/ and chmod -Rv 600 ~/.ssh | chmod 700 ~/.gnupg|~/.ssh

linuxmodder: ^^ compliant with CIS / STIG / HIPPA even

Huh?

I already know how

I don't see how that fixes anything.

Hardware crypto is always superior to software crypto. Sorry pal.

Hardware crypto is always superior to software crypto. Sorry pal.

I'm not sure whether the crypto you can't audit is better than the one you can

Hardware crypto is always superior to software crypto. Sorry pal.

I disagree , a software crypto could be superior to a hardware crypto , in fact there are crypto that could'nt be broken even by a quantum computer

I disagree , a software crypto could be superior to a hardware crypto , in fact there are crypto that could'nt be broken even by a quantum computer

Uh... What?

Quantum cryptography is not exclusive to software.

I know , but i mean

You can replicate by hardware a software algorithm, and you can replicate the hardware by software

So, both can be

hardware encryption is usually faster, and can store secrets thich would not be accessible by software, but the only doubt I have is that it's basically a black box, that you don't know what happens inside

I would and I do use it, but I know about it and use it with caution

that's why I started to think that this android private key thingy is pretty cool, as private keys can be disposable, if in doubt - remove from authorized_keys and done

hardware encryption is usually faster, and can store secrets thich would not be accessible by software, but the only doubt I have is that it's basically a black box, that you don't know what happens inside

Not even by assembly ?

Not even by assembly ?

I'd say if done correctly, then chip would store secrets and only allow to perform operations on it, not disposing the secrets themselves

just like credit cards work, they have secrets inside, terminals use them to sign stuff using private keys so they can check if the key is okay, but the key itself never leaves the card

...but as those are black boxes, you never know if there are any hidden features, so yeah.

Not even by assembly ?

If the chip is adequately assembled, trying to open, destroys it.

ERROR: S client not available

For example, Yubikeys are encased in plastic, to open it you need to melt them, melting them, you destroy the chips.

If using knives you risk destroying the chip, too.

I mean assembly code

wat :3

That's not how it works.

The chip exposes a few operations to the outside, and nothing else.

It doesn't matter what programming language you use.

In this case, these operations would be, "create a new key" and "sign X with Y key"

Oh, and of course, "delete Y key"

There's no "give me the private key of Y" operation, etc

But that would be different from an encryption program of which you dont have the code, so you must do reverse engineering?

wat

That's software, nothing to do with hardware.

Hi can I use python instead of bash scripting for sys administration

Yes you can use anything

Hi can I use python instead of bash scripting for sys administration

Yes, it's possible. Can I ask why?

Yes, it's possible. Can I ask why?

Coz I'm already django web developer so I am good in python and don't wanna learn something new

Yes you can use anything

Thank you

Coz I'm already django web developer so I am good in python and don't wanna learn something new

I recommend you not have fear to learn new stuff. We IT people must keep up with the new technologies.

Coz I'm already django web developer so I am good in python and don't wanna learn something new

Good

But being a developer switching to sysadmin means that you HAVE to learn new things

But being a developer switching to sysadmin means that you HAVE to learn new things

This

You might find Ansible useful too

Its me or ads in Linux arent so annoying as they are on windows? If yo dont have adblock and similiar

And believe me, you are going to use bash, even if you don't want to

It's basically Python

I recommend you not have fear to learn new stuff. We IT people must keep up with the new technologies.

I learnt angular 2, django, ccna and I'm learning red hat administration, I'm afraid that too much for my brain

I learnt angular 2, django, ccna and I'm learning red hat administration, I'm afraid that too much for my brain

Never too much IMHO

Its me or ads in Linux arent so annoying as they are on windows? If yo dont have adblock and similiar

Probably just you

Its me or ads in Linux arent so annoying as they are on windows? If yo dont have adblock and similiar

I don't know how to answer this