Language Selection

English French German Italian Portuguese Spanish

HowTos

Technical Posts: Master Password in Firefox or Thunderbird, FakeIt, Rspamd, Feh, Vim and More

Filed under
HowTos
  • Master password in Firefox or Thunderbird? Do not bother!

    There is a weakness common to any software letting you protect a piece of data with a password: how does that password translate into an encryption key? If that conversion is a fast one, then you better don’t expect the encryption to hold. Somebody who gets hold of that encrypted data will try to guess the password you used to protect it. And modern hardware is very good at validating guesses.

    Case in question: Firefox and Thunderbird password manager. It is common knowledge that storing passwords there without defining a master password is equivalent to storing them in plain text. While they will still be encrypted in logins.json file, the encryption key is stored in key3.db file without any protection whatsoever. On the other hand, it is commonly believed that with a master password your data is safe. Quite remarkably, I haven’t seen any articles stating the opposite.

  • Power.Fake.It: PowerFake + FakeIt

    As I said in the introduction, PowerFake lacked the features of a complete mocking framework, and I was hoping to be able to integrate it with one or more mocking frameworks. So, I decided to try integrating it with FakeIt as the first target.

  • Install and integrate Rspamd
  • Feh: The Image Viewer For Your Terminal

    The Feh image viewer for Linux is a powerful utility that can display your images in a variety of ways. It runs in the X display server from the command line and uses modes to prepare the layout of one or multiple files. If you are looking for a lightweight image viewer that can be accessed from the terminal, Feh is the one for you.

  • 10 Tips for Using Vim Text Editor

    Vim is one of the best and commonly used text editor and could be used as IDE on Linux and MAC OS X. There are many Vim tips could help you to get your work done much more quicker and efficient if you are using Vim as your text editor. So, let’s check some of Vim Tips that could be helpful for your daily usage.

  • How to Install osTicket on Ubuntu 16.04
  • PHP Arrays Tutorial

Anarchy Linux: Arch Linux Made Easy

Filed under
Reviews
HowTos

Anarchy Linux isn’t so much its own distribution as it is a wrapper around Arch Linux. If you’re familiar with Linux Mint’s relationship with Ubuntu, you should have a good idea of what Anarchy is.

The main feature of Anarchy Linux is its installer. Arch Linux itself doesn’t have a proper installer. Anarchy fixed that. It provides a simple, yet powerful, terminal-based installer that walks you through the entire install process just as easily as a mainstream distribution like Ubuntu.

Anarchy does something else to set itself apart, too. It doesn’t install the “conventional” defaults. Instead, Anarchy sets up your system the way most people customize theirs. Anarchy gives you ZSH by default. Your browser is Chromium. The out-of-the-box text editor is Vim. Anarchy also doesn’t waste your time with nonsense apps that you won’t use. It gives you what you need, and that’s about it.

Read more

today's howtos

Filed under
HowTos
Syndicate content

More in Tux Machines

Security: VPNFilter, Encryption in GNU/Linux, Intel CPU Bug Affecting rr Watchpoints

  • [Crackers] infect 500,000 consumer routers all over the world with malware

    VPNFilter—as the modular, multi-stage malware has been dubbed—works on consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link, and on network-attached storage devices from QNAP, Cisco researchers said in an advisory. It’s one of the few pieces of Internet-of-things malware that can survive a reboot. Infections in at least 54 countries have been slowly building since at least 2016, and Cisco researchers have been monitoring them for several months. The attacks drastically ramped up during the past three weeks, including two major assaults on devices located in Ukraine. The spike, combined with the advanced capabilities of the malware, prompted Cisco to release Wednesday’s report before the research is completed.

  • Do Not Use sha256crypt / sha512crypt - They're Dangerous

    I'd like to demonstrate why I think using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why I think the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2.

  • Intel CPU Bug Affecting rr Watchpoints
    I investigated an rr bug report and discovered an annoying Intel CPU bug that affects rr replay using data watchpoints. It doesn't seem to be hit very often in practice, which is good because I don't know any way to work around it. It turns out that the bug is probably covered by an existing Intel erratum for Skylake and Kaby Lake (and probably later generations, but I'm not sure), which I even blogged about previously! However, the erratum does not mention watchpoints and the bug I've found definitely depends on data watchpoints being set. I was able to write a stand-alone testcase to characterize the bug. The issue seems to be that if a rep stos (and probably rep movs) instruction writes between 1 and 64 bytes (inclusive), and you have a read or write watchpoint in the range [64, 128) bytes from the start of the writes (i.e., not triggered by the instruction), then one spurious retired conditional branch is (usually) counted. The alignment of the writes does not matter, and it's not related to speculative execution.

In Memoriam: Robin "Roblimo" Miller, a Videographer and Free Software Champion

Videographer Robin Roblimo Miller

Robin "Roblimo" Miller was a clever, friendly, and very amicable individual who everyone I know has plenty of positive things to say about. I had the pleasure of speaking to him for several hours about anything from personal life and professional views. Miller was a very knowledgeable person whose trade as a journalist and video producer I often envied. I have seen him facing his critics in his capacity as a journalist over a decade ago when he arranged a debate about OOXML (on live radio). Miller, to me, will always be remembered as a strong-minded and investigative journalist who "did the right thing" as the cliché goes, irrespective of financial gain -- something which can sometimes be detrimental to one's longterm health. Miller sacrificed many of his later years to a cause worth fighting for. This is what we ought to remember him for. Miller was - and always will be - a FOSS hero.

May everything you fought for be fulfilled, Mr. Miller. I already miss you.

Today in Techrights

Tux Machines Privacy Statement

Summary: Today, May 25th, the European General Data Protection Regulation (GDPR) goes into full effect; we hereby make a statement on privacy AS a matter of strict principle, this site never has and never will accumulate data on visitors (e.g. access logs) for longer than 28 days. The servers are configured to permanently delete all access data after this period of time. No 'offline' copies are being made. Temporary logging is only required in case of DDOS attacks and cracking attempts -- the sole purpose of such access. Additionally, we never have and never will sell any data pertaining to anything. We never received demands for such data from authorities; even if we had, we would openly declare this (publicly, a la Canary) and decline to comply. Privacy is extremely important to us, which is why pages contain little or no cross-site channels (such as Google Analytics, 'interactive' buttons for 'social' media etc.) and won't be adding any. Google may be able to 'see' what pages people visit because of Google Translate (top left of every page), but that is not much worse than one's ISP 'seeing' the same thing. We are aware of this caveat. Shall readers have any further questions on such matters, do not hesitate to contact us.