Just got the notice this morning as well. So far, 2 out of the 4 potentially affected laptops of ours are in the clear. Trying to get in contact with the other 2 employees, who likely won't be able to make it in to the office until next week.

@bnrstnr said in Asterisk Usage Survey:

If this survey was a test, I think I failed :frowning_face:

Wow - yep, a ton of functions I don't know or use specifically.

@Dashrender said in WebAuthn now a standard:

@stacksofplates said in WebAuthn now a standard:

@Dashrender said in WebAuthn now a standard:

@stacksofplates said in WebAuthn now a standard:

@scottalanmiller said in WebAuthn now a standard:

@Dashrender said in WebAuthn now a standard:

but how do you use a YubiKey on your phone?

Screenshot from 2019-03-05 10-05-44.png

That's exactly how I do it. You can also use the Yubiauth app on both the phone and Windows to hold OTP codes for stuff that doesn't support u2f.

So there's a way to export the private key out of the YubiKey? or the sites allows for multiple public keys?

Huh? You scan the QR code like you normally would but it stores it on the Yubikey instead. Then when you need the code you either tap it to your phone and it shows you all of the one time codes or you do it on your computer. Just like how Google authenticator works. For the u2f stuff, it works the same on Android as on your pc. The browser needs to support u2f and it does the challenge response.

I've never used a YubiKey - I assumed the private code inside the YubiKey was there and no where else.

It depends on the type of authentication.

@wrx7m said in Anti-cheat software causing big problems for Windows 10 previews:

Which anti-cheat software is it? I must have missed it in the article.

I figured it was 3rd party. Just wondering if it is from the games that I play.

@scottalanmiller said in Nadella: Microsoft will sell war tech to democracies to “protect freedoms”:

A growing number of employees feel that the military project crosses a line.

Speaking to CNN Business, Nadella defended the decision to enter the contract, saying, "We made a principled decision that we're not going to withhold technology from institutions that we have elected in democracies to protect the freedoms we enjoy," adding, "We were very transparent about that decision and we'll continue to have that dialogue [with employees]."

I can get behind this statement. Don't we all want the best tech to help us perform our job? Individuals protecting one's homeland deserve no less than the best offered.

@jmoore said in Backblaze Hard Drive Stats for 2018:

@LilAng Like 20 years ago I thought they were the best.

Twenty years ago, they were.

This is getting lost in the news today with everything else going on. This is incredibly important.

@DustinB3403 said in Windstream Files for Bankruptcy:

@DarienA said in Windstream Files for Bankruptcy:

You mean all the gobbling up of disparent phone companies wasn't good for them?

Kind of like a corn dog eating competition.

It's not going to be good for anyone once the festivities end.

But unlike WindStream, there is a point at which eating corn dogs is nice.

@scottalanmiller said in WordPress 5.1 "Betty" Release:

@Obsolesce said in WordPress 5.1 "Betty" Release:

I was really surprised by the editor change too. Dislike it at first, but it works.

Didn't take me long to get used to it, I like it a lot better now.

I’m in this boat. It was different, but way better.

@dbeato said in Connectwise Purchased:

@wrx7m said in Connectwise Purchased:

@dbeato said in Connectwise Purchased:

@wrx7m said in Connectwise Purchased:

@travisdh1 said in Connectwise Purchased:

@Nic said in Connectwise Purchased:

@EddieJennings said in Connectwise Purchased:

Does Thoma Bravo own LogMeIn? If not, then this might not be terrible.

Here's the full list:
https://www.thomabravo.com/companies

They just bought LogRhythm, where I worked, this summer, and then did layoffs. I left as it wrecked the culture. I'm now at Ping Identity which is safely post-acquisition 🙂

Did HP dump Sonicwall?

I didn't know that HP bought Sonicwall. I knew about Dell.

They are on neither, Sonicwall doesn't belong to Dell like since 2016...

Who is it now?

Francisco Partners and Elliot Management

Oh. Those guys.

@dafyre said in TurboTax Hit with Cyberattack, Tax Returns Compromised:

@JaredBusch said in TurboTax Hit with Cyberattack, Tax Returns Compromised:

@wrx7m said in TurboTax Hit with Cyberattack, Tax Returns Compromised:

@dafyre Yes. Exactly. That is why I use different random passwords from a generator for anything of any importance.

My random password generator of choice (http://correcthorsebatterystaple.net) :
3fc1f8b0-afea-415d-a25d-3ac4a50257f7-image.png

I just use Bitwarden's generator if I need one.

I like this because, when I rarely actually need to type one in, I can easily do so.

Mixing up the special characters (see separator box) makes it more than just words.
Separator: 213456789!@#$%
b2acbe68-5cf5-4aa9-8a8e-9a38413db100-image.png

@IRJ said in Microsoft culls secret Flash whitelist after Google points out its insecurity:

@scottalanmiller said in Microsoft culls secret Flash whitelist after Google points out its insecurity:

Others seemed more peculiar; a Spanish hair salon, for example, was listed.*

Wtf

I wonder if it was always a Spanish hair salon or if someone else owned it.

@scottalanmiller said in REDIS changes its open-source license again:

Looks like it is only some modules...

https://redis.io/modules

This is all the previous change was also.

In 1974, the formula was sold to Beckton-Dickinson to make football helmet linings. But we don't claim that the technology was developed by football players.

@gjacobse said in The Verge briefly censored YouTubers who mocked its bad PC building advice:

Just goes to show, that while there is good information on the internet, YouTube and other outlets, you must realize that some or most is done with some creative license.

YouTube videos can be used as a ‘guide’ and should not be (always) used as the rule.

But hell, if you use that video as a "guide", you'll be ruining your components quickly.

Another day, another security breach/problem.
Note to myself: Am I getting used to that?

@scottalanmiller said in Roll20.net breached:

Sucks when a site / business like that gets hit. Just people looking to have fun 😞

Yeah. But at least they didn't store the passwords in clear text!

@scottalanmiller said in Ajit Pai orders phone companies to adopt new anti-robocall tech in 2019:

Pai threatens "regulatory" action if carriers don't use Caller ID authentication.

The Federal Communications Commission will consider "regulatory intervention" if major phone companies fail to adopt a new anti-robocall technology this year.

FCC Chairman Ajit Pai has been pressuring phone companies to implement the "SHAKEN" and "STIR" robocall-blocking protocols, which perform Caller ID authentication. Most major providers have committed to doing so, but Pai issued a warning to laggards yesterday.

"I applaud those companies that have committed to deploy the SHAKEN/STIR framework in 2019," Pai said in his statement yesterday. "This goal should be achievable for every major wireless provider, interconnected VoIP operator, and telephone company—and I expect those lagging behind to make every effort to catch up. If it appears major carriers won't meet the deadline to get this done this year, the FCC will have to consider regulatory intervention."

I’ll need to reread the standard for this. I vaguely recall something in that not being all that helpful.