Pi-gap is a brilliant well-liked challenge, perhaps give that a try.> or requiring me to understand pointersMaybe learn to do some old-college stack smashing? https://insecure.org/stf/smashstack.htmlThere are a bunch of CTFs out there you'll be able to play with that help construct skills.> I feel like I'm pointing a flashlight round a cave with Linux techniques. Any advise for some systemic learning?Feels like you're on the precise path :)Maybe strive doing http://www.linuxfromscratch.org/lfs/learn.html if you actually want a deep understanding of how Linux works.Also, simply browsing the Linux documentation is beneficial: https://www.kernel.org/doc/html/latest/

I've just a few years muscle memory with basic vim. I'm not the best yet, principally limited to hjkl, :wq, and %s//, however I do know enough to edit a file on a remote system in vi and I think that's near all I need. I take advantage of evil in emacs because I hate and don't want to study vimscript, and because I just like the idea of literate programming in org mode and need to be taught it (lately tried literate programming hacky wifi config setup, discovered it diminished repetition and confusion).I'll take a look at your links, but I don't assume RTFMing will likely be tremendous useful to me proper now. I wish to learn the sort of questions I needs to be asking. For example, I recently heard the phrases "selinux" and "apparmour". Now that I know them I can Google around and ultimately work out how to make use of apparmour, but I'm extra nervous about what other gotchas I've never considered. Any advise for something less comprehensive than the docs, with more of a concentrate on what works nowadays?Thank you!

anon9001 on Dec 12, 2019 | root | mother or father | next [-]

I didn't imply RTFM precisely, what I imply is that if you are interested in how SELinux suits into the system, verify where it's in the docs: https://www.kernel.org/doc/html/newest/admin-guide/LSM/index...You can see that both AppArmor and SELinux are a part of the "Linux Security Module" framework.If you realize what's in the table of contents on the left, significantly "The Linux kernel user’s and administrator’s guide", you may have a pretty good thought of how Linux hangs collectively: https://www.kernel.org/doc/html/newest/admin-guide/index.htm...

I'll have a look. Thanks for the pointers.

lizmat on Dec 13, 2019 | root | guardian | prev | next [-]

Or Raku https://raku.org:raku -e 'say lines.decide(4).join' < /usr/share/dict/words

majewsky on Dec 12, 2019 | root | guardian | prev | subsequent [-]

You may be serious about https://github.com/laerling/xkcdget, the correcthorsebatterystaple-sort model of my very own https://github.com/majewsky/pwget.

iudqnolq on Dec 12, 2019 | root | dad or mum | next [-]

It appears cool, but I'd moderately use fully unbiased random passwords. You appear like a pleasant person, however I do not trust you you to have gotten your crypto completely proper. Someday I'll describe how an enormous flaw in my understanding of gpg and cross let me recuperate from loosing my gpg key.One small comment: the password I remember is the password I sort, or I run into points. If the sentence has "the" and plurals, so will the password.(This password I generated was only used as a grasp and for a handful of key providers)

majewsky on Dec 12, 2019 | root | dad or mum | next [-]

> You seem like a nice particular person, however I don't trust you you to have gotten your crypto totally proper.That's the correct place to hold. Note that my readme makes you learn via huge fats warnings and security issues before getting to installation and usage directions.

iudqnolq on Dec 13, 2019 | root | father or mother | next [-]

I did notice that, and that i agree you're completely right to disclaim I should not use your work if I'd hB relying on its security. I selected to take heed to you :)

archgoon on Dec 12, 2019 | mum or dad | prev | next [-]

When you get "tr: Illegal byte sequence" you may prepend 'LC_ALL=C ' earlier than the 'tr' to stop tr from attempting to deal with the stream as a unicode sequence.

aarreedd on Dec 12, 2019 | guardian | prev | subsequent [-]

This isn't an ideal site or something and you are right that password must be generated shopper-aspect. But not everyone is one Linux or Mac and sometimes it's simply simpler to Google "password generator" than remembering that command.Your remark jogs my memory of the infamous Dropbox comment: https://information.ycombinator.com/item?id=9224

There are many actually secure and usable password generators, such as the one integrated with keepass / 1password / and many others.I'm certain there are safe websites to do it too. This isn't it though.The dropbox comment is not related. It's a bias to say "I remember this thing was criticized in an identical way but succeeded" and map that on to "so different criticisms aren't legitimate".It's way more often than issues appear unlikely to succeed to critics, and then quietly fail than that things appear unlikely to succeed to critics, however then succeed. After all, virtually the whole lot ever made would not see widespread success.Our mind does remember the latter circumstances more, and that results in the bias.I see it most commonly with the phrase "X started out small too" as a defence for why one thing small will grow to one thing big, when in reality that is cherry choosing massively.

> there are secure web sites to do it too.Such websites should be audited every single time you utilize it. Even when I solely have a web browser and nothing else I might combine random.org and diceware.com instead of trusting some web site.

pvg on Dec 12, 2019 | root | mum or dad | prev | subsequent [-]

Password managers and browsers themselves can generate passwords. Generating passwords with a web site it a terrible idea, googling "password generator" and going to some random webpage is an even worse variant of the same thought.

pabletec on Dec 12, 2019 | root | mum or dad | subsequent [-]

this is not a random website, this is "the browxy" site

TheDong on Dec 12, 2019 | root | parent | next [-]

I discover it bizarre that you've exactly three comments in 5 years, all of which are on dbremmen's posts, who occurs to be the creator of browxy [0].Forgive me if I don't belief my password technology on the servers of somebody who's either sock-puppeting, or having a buddy do one thing that does not look all that different.Even when I trust the person who runs the browxy webpage and servers, I don't belief my password generation to a multi-tenet surroundings. Browxy is working this code in docker containers on a machine with many other docker containers operating arbitrary user-submitted code. The intel vulnerabilities over the previous 12 months or so have made it extremely clear that working delicate code on the identical CPU as totally untrusted and presumably malicious code is a harmful proposition and there are numerous potential aspect channels to exfiltrate data.Trusting password generation to an internet site that generates passwords on a shared machine is even worse than the same old password era website which at the least uses javascript/securerandom to do it on my CPU.[0]: https://news.ycombinator.com/merchandise?id=11719439

oefrha on Dec 12, 2019 | root | mother or father | subsequent [-]

When you have a look at submissions of these two accounts it’s even worse.

dbremmen on Dec 12, 2019 | root | parent | prev | subsequent [-]

Yes you right I simply created this password generator for fun within the browxy online compiler. The UI is auto-generated with a device that the site provide. I'm just curious why this instrument caused so many interest and questioning what different instruments may be constructed that cause this type of interest...

SomewhatLikely on Dec 12, 2019 | prev | next [-]

I'm a fan of the apg linux command as a result of it generates somewhat phonetically prounceable passwords and naturally runs locally. https://assist.ubuntu.com/community/StrongPasswords#APG

oeuviz on Dec 12, 2019 | prev | subsequent [-]

I created one thing comparable ~2 decades in the past in perl. It would spit out a protracted list of passwords in text format so you might chose one with out the server figuring out what you chose.Today, keepass does the job simply high quality.

oefrha on Dec 12, 2019 | mother or father | subsequent [-]

Instead of a search house of 1 you augmented it to N which is probably going <= 2^10. Still a pretty terrible idea to trust a password like that.

oeuviz on Dec 12, 2019 | root | mum or dad | next [-]

I agree, nonetheless, it ran on our own server so it was Ok-ish.

dbremmen on Dec 12, 2019 | parent | prev | subsequent [-]

That's a pleasant concept! I just created this password generator for fun like other utilities in java but I do not know simply this one generated so many interest. You'll be able to see the source code using the button to the bottom right (the one which has 1's and 0's)

ozgrozer on Dec 12, 2019 | prev | subsequent [-]

A better version of this is likely to be https://piper.gq/ that I made final month.

dbremmen on Dec 12, 2019 | prev | next [-]

Thanks for all of the good feedback which can be meant with good karma. What different function can I add to this password generator that is useful? I agree that utilizing linux is extra safe however for passwords that aren't as vital I believe this device works fantastic, additionally you don't want to recollect an enormous line of code and you'll execute it on your mobile phone

tobr on Dec 12, 2019 | parent | next [-]

It seems surprisingly difficult. Why is there a "start" and "stop" button? Why does it take so long for it to generate a random string? Why is there a "console" that just appears to point out the page template?

dbremmen on Dec 12, 2019 | root | parent | next [-]

You proper! Console and stop button are not necessary. The UI is generated with a UI creation tool that match program arguments with UI widgets (see: https://ibb.co/phQQFxr).

If you liked this write-up and you would such as to get additional info regarding super password generator kindly see our own internet site.