Korthrun

In addition to many of the fine points made in other comments I think it’s silly to overlook the power of celebrity worship and weird-ass parasocial relationships with famous people.

There exists a large number of people who aren’t really interested in discussing <topic_x>, they just want to know what <favourite celebrity whos life I have deluded myself into thinking is attainable by me> thinks about the topic so that they can regurgitate it and feel like they’re “the same”.

I’m sure if Chappell Roan or whatever “the kids” think is cool these days had jumped to Mastodon we’d be seeing something very different. TBH I’m mildly surprised that we didn’t see more record labels standing up instances. It’s always boggled me that people have just trusted the service desperately trying to be known as “X” as an authority on identity.

Well of course not, they want as many of the sequel dollars as they can possibly get. What, they’re to share the hype with filthy animators?!

I saw the lack of arm and facepalmed but I was half asleep poo posting so got over it :p (fixed now!)

I’ve been using this device for ~5 years now, so my memory is a little hazy on it, but I’m pretty sure for the particular device I prefer (which is to say, I have nfc what the setup is for other vendors, which could be greatly superior) the AES-256 key used for encryption isn’t generated until you setup your first card.

How would any company, regardless of geography have the secret I generated? This is a stand alone hardware device. They seller is not involved at all once I’ve received my package.

Could a sophisticated/well resourced actor clone the smart card they stole or you lost? Sure, brute force attacks are brute force attacks. At least you’d know your device and card are stolen. Now you’re in a race to reset your passwords before they finish making 500 clones of the smart card they stole.

Hypothetically I could blackmail someone at LastPass and have a backdoor is installed for me.

Someone could bust down my door while I have it connected and unlocked and just login to all my things. ¯\_(ツ)_/¯

That will vary from vendor to vendor. In the case of the one I like there are a few relevant things.

The password db is stored encrypted on the device. Accessing the passwords requires all of:

• the device
• a smartcard with a particular secret on it
• the 4 digit hex pin to unlock the secret on said smartcard, which is what is used to decrypt the db

Three PIN failures and the smart card is invalidated.

That sort of covers “stolen” and “lost + recovered by a baddie”. Your bad actor would need to have their hands on both physical pieces and guessed the 4 digit hex code in 3 tries.

As far as a user recovering from a lost or failed device or smart card goes, you can export the encrypted version of the db for backups, which I do to a thumb drive I keep in my document safe. I do the same with a backup smart card. So that and a backup device or purchasing a new one if yours fails or is lost/stolen.

In the super “just in case” move, I also keep a keepassdb on said thumb drive. In case my device fails and it’s just not possible to get a new one. Kind of like keeping two cloud providers in case LastPass goes bankrupt or something.

I’m a pretty big fan of the mooltipass. They’re sold out and between iterations right now, but a new one is expected soon. One of my coworkers is pretty into their OnlyKey.

So many folks talking about which software they use, and how they sync it between devices etc.

You all know there are hardware password keepers right? They present to your devices as a usb and/or bluetooth keyboard and just type out the user/password that you select. They have browser plugins to ease the experience. Now your password is not even stored on the device you’re using to perform your login and it will work on any modern device even without internet access.

Oh and no subscription fee to cover the costs of cloud infrastructure.

E

You’re absolutely right. For what it’s worth, it’s just the first part that’s important.

When you pick up a new concept from a “resource” such as a tutorial, take a minute to explore the concept and understand the semantics of what you’re doing. In the name of illustrating a concept tutorials can often be misleading in subtle ways.

An explanation of my “useless use of cat” example:

The command line has a concept called “piping”. This lets one command send output to a second command. It’s very handy. There is usually also a “cat” command, which will read a file and send the contents where you tell it. This is often your screen, or through a “pipe” to a second command. There is also a “grep” command that lets you search data for certain words.

Many “linux newbie” tutorials combine these tools to show how “piping” lets you send data from one command to another. “cat” some text file, then “pipe” the output to “grep” to search for your words. It usually looks something like cat ./my_address_book.txt | grep Giles to find lines in “./my_address_book.txt” that contain the word “Giles”. The thing is that “grep” can take a file name as an argument. You can just do grep Giles ./my_address_book.txt, and cat is for concatenating files into one. If you want to simply read a file there are more appropriate tools such as “less”. This by the way is the “useless use of cat”

When you’re a newbie though, it may be the first time you’re seeing either “grep” or “cat”. The tutorial is just trying to show you “pipes”. Along the way you’re picking up these “bad habits”. I’ve met professional sysadmins who didn’t know grep took a filename as an argument. It was always “cat blah | grep my_search”. I will see people type “cat /some/file | less” instead of “less /some/file”. It shows a lack of understanding of what these tools actually do, and IMO it just comes down to regurgitating tutorial actions without bothering to understand the semantics of what you’re being shown.

Don’t follow tutorials, understand them. I’m so tired of seeing useless uses of cat because some asshole writing a tutorial 20 years ago decided to illustrate how pipes work with a good ol cat file | grep string as if grep didn’t take a file name as an argument.

The more time I spend being mad about this the more I notice people using horrible practices in tutorials because they’re too lazy to setup a legit use case.

A new user sees this and thinks this is how grep works.

Loops are another common one. People going around not knowing you can pass a glob to a shell for loop. Because the tutorial they read was lazily written and they didn’t bother to understand the bits of what they were being shown, only how to reproduce/mangle the command until they manage to get close enough to what they want out of it.

Configuration management and build automation are definitely worth the time and effort of learning. It doesn’t have to be ansible, find which tool suits your needs.

I also have a small domain that is relatively low traffic. A lot of the “all in one” software on the list you linked looks pretty cool, I can’t deny.

What I found is that I make very few changes. I used to add mailbox aliases fairly often, but the fact is there are only two users and enabling the “+” syntax in addresses put a stop to me needing to make new aliases when I wanted a new address.

I just don’t feel like I need a management interface. Because of this I’ve just sort of frankensteined my own setup together and I love it. It operates how I expect it to, and enforces the standards I care about to the extent that I desire (e.g. which SPF result codes am I ok accepting?).

• Postfix as SMTP/Submission server. I chose to go w/PAM based for outbound SMTP auth.
• Courier for IMAPS
• Dovecot for LDA (sieve is delightful)
• Snappymail for webmail (served by apache httpd)

Bonus tip: Many distros make this info available on the cli by including a “hier” man page that you can read using the command “man hier”.

There is literally an image of it happening in the linked article. Followed by more pictures that help make this make sense. That’s how.

you can set the “FROM” address to literally anything.

Hey all, “that guy” chiming in.

You can set the “FROM” address to any string that meets the specifications of the “Address Specification” section of the relevant RFCs (5322 and 6854, maybe others). Which is SUPER FAR from “literally anything”.

I know this seems like some neck-beard bullshit, but we’re here answering the question for someone who clearly has little understanding of email internals. Hyperbole is bad in this context IMO.