@JaredBusch said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

Time to change all of my passwords and get rid of LastPass

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Time to replace Lastpass was years ago when they started tracking everyone.

Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.

Read the article.

I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"

Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.

@Obsolesce is right - read it.

but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.

Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.

Try understanding the facts of the technology.

Assuming you are not some idiot with a weak and/or reused master password, your vault is basic bulletproof. You have years to reset anything in the vault that you want reset.

Even the article linked by @Obsolesce does not say you need to change all your passwords, assuming you have your vault setup securely to LP recommended defaults.

I've read a number of other articles saying to go change all your passwords right away, so sounds like this one actually got it right.

This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.

Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.

I had been meaning to move since LogMeIn added the tracking junk in, and the cost compared to the competition finally got me to switch.

@Dashrender said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

Time to change all of my passwords and get rid of LastPass

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Time to replace Lastpass was years ago when they started tracking everyone.

Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.

Read the article.

I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"

Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.

@Obsolesce is right - read it.

but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.

Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.

I agree with Obsolesce - it's time to reset all passwords. The question for me is - is it time to change password managers?

I'm probably going to change - which also means changing many people at my company - ug damn I'm going to have a lot of people saying - "see - told you having all of your passwords in a one place was bad" /sigh.

I had already started transitioning to Bitwarden, so doesn't change much for me.

I know they got the backups of the encrypted blobs. Again it comes down to 1: Do you have a good master password and 2: Do you trust LastPass' implementation of their code?

@Obsolesce said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

@Obsolesce said in What Are You Doing Right Now:

Time to change all of my passwords and get rid of LastPass

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Time to replace Lastpass was years ago when they started tracking everyone.

Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.

Read the article.

I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"

Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.

@Obsolesce said in What Are You Doing Right Now:

Time to change all of my passwords and get rid of LastPass

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Time to replace Lastpass was years ago when they started tracking everyone.

Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.

@scottalanmiller said in Non-IT News Thread:

I've always taken a lot of flack for being "anal" about keeping toilet lids closed. New study shows what people should have known all along because it is obvious...

https://www.cnn.com/videos/health/2022/12/19/flush-toilet-no-lid-lbb-cprog-orig.cnn

Mythbusters proved this YEARS ago. @Obsolesce yes, with standard home toilets.

@gjacobse said in What Are You Doing Right Now:

Way to quiet,.. I’m gonna go over and unplug something,…

I'll trade you!

@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:

AFAIK, Even VNC doesn't work on Wayland yet.

Nor does MeshCentral

Really? Now I need to go try that when I have a minute.

I just confirmed that mine is working on the default Fedora 37 desktop using both Firefox and Chromium.

Wayland with MeshCentral?

You SURE you are on Wayland?

Isn't Wayland the default for Fedora now? I'm using the stock Fedora, so I'm thinking I am.

Double check that. Maybe you updated from something with X.org.

Fresh install. Wiped root before installing (it was way behind, no point in upgrading).

Do you have NVIDIA drivers on the system? Those will revert you back to X.Org

Yep, sure do. Guess it's not wayland then.

You can check with

loginctl

and

'''
loginctl show-session -p Type <sessionid>

loginctl show-session -p Type 2
Type=wayland

Well shoot, are my Nvidia drivers not working? The more I find out, the more things I need to look at/fix.

@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:

AFAIK, Even VNC doesn't work on Wayland yet.

Nor does MeshCentral

Really? Now I need to go try that when I have a minute.

I just confirmed that mine is working on the default Fedora 37 desktop using both Firefox and Chromium.

Wayland with MeshCentral?

You SURE you are on Wayland?

Isn't Wayland the default for Fedora now? I'm using the stock Fedora, so I'm thinking I am.

Double check that. Maybe you updated from something with X.org.

Fresh install. Wiped root before installing (it was way behind, no point in upgrading).

Do you have NVIDIA drivers on the system? Those will revert you back to X.Org

Yep, sure do. Guess it's not wayland then.

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:

AFAIK, Even VNC doesn't work on Wayland yet.

Nor does MeshCentral

Really? Now I need to go try that when I have a minute.

I just confirmed that mine is working on the default Fedora 37 desktop using both Firefox and Chromium.

Wayland with MeshCentral?

You SURE you are on Wayland?

Isn't Wayland the default for Fedora now? I'm using the stock Fedora, so I'm thinking I am.

Double check that. Maybe you updated from something with X.org.

Fresh install. Wiped root before installing (it was way behind, no point in upgrading).

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:

AFAIK, Even VNC doesn't work on Wayland yet.

Nor does MeshCentral

Really? Now I need to go try that when I have a minute.

I just confirmed that mine is working on the default Fedora 37 desktop using both Firefox and Chromium.

Wayland with MeshCentral?

You SURE you are on Wayland?

Isn't Wayland the default for Fedora now? I'm using the stock Fedora, so I'm thinking I am.

@travisdh1 said in Running X11 - Ubuntu 22.10 - Should I care?:

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:

AFAIK, Even VNC doesn't work on Wayland yet.

Nor does MeshCentral

Really? Now I need to go try that when I have a minute.

I just confirmed that mine is working on the default Fedora 37 desktop using both Firefox and Chromium.

@scottalanmiller said in Running X11 - Ubuntu 22.10 - Should I care?:

@dafyre said in Running X11 - Ubuntu 22.10 - Should I care?:

AFAIK, Even VNC doesn't work on Wayland yet.

Nor does MeshCentral

Really? Now I need to go try that when I have a minute.

Finally updated my laptop. Now running Fedora 37, and have a few Steam games installing. So much easier than previous versions of Fedora I tried Steam on.

@siringo said in What Are You Doing Right Now:

@travisdh1 that's a good idea.

I know it's a shipt topic, but ....

I can remember the trouble my mum had when dad passed away & there's been a few folks who are friends of friends who have died suddenly, just makes you think....

For sure.

We kind of have to consider these things professionally, I just used the easiest method of dealing with things in my personal life as well.

@siringo said in What Are You Doing Right Now:

i've been thinking of some not so happy stuff.

been thinking about all my accounts for this n that, that are secured by 2FA and even just passwords.

why? well been thinking about how people that need to, will be able to access my email (mostly) should I get by that bus.

everything goes to my email, bills, insurance, superannuation, contracts blah blah blah.

2FA has made this very hard.

EG, you get hit by a bus, grief and sorrow abound. People that need access, need to get info about your insurances, it gets sent to your email. They don't know your password, your cell/mobile phone has been smashed so they can't use your auth app, if they even know about that stuff.

What a bloody nightmare.

You can make this simpler, but even simple isn't simple enough when you're in mourning.

I'm starting to wind back my 2FA security on some things, life and the devices we take for granted, is becoming way too complex IMO.

My Lastpass vault automatically passes access on after 30 days of inactivity on my part, which includes the key for my Authy 2FA app.

@EddieJennings said in What Are You Doing Right Now:

Watching Ansible Automates presentations.

I'm taking another look at AWX, I'm told it's made huge leaps in usability since I last tried it out.

@travisdh1 said in Weekend Plans:

I just got a ticket for Ohio Linux Fest. I'll only be able to attend Saturday, but looks like some interesting things happening.

https://olfconference.org/ if anyone else is interested.

Well, after the conference, I think it's time to give tower another look. A lot has changed, and it should be stable now.

@dbeato said in What Are You Doing Right Now:

@travisdh1 Sophos XG or XGS firewalls have it that way as well with no GUI.

Yuck!