Notices by menherahair (menherahair@eientei.org), page 26
-
menherahair (menherahair@eientei.org)'s status on Friday, 17-Nov-2023 20:07:07 JST 
menherahair
@Zerglingman we used to be a real card game -
menherahair (menherahair@eientei.org)'s status on Friday, 17-Nov-2023 04:17:13 JST
menherahair
@dcc @kirby @mint @Kirino
> you should only make ssh accessible on the local net anyways
if this keeps up gonna start believing this unironically -
menherahair (menherahair@eientei.org)'s status on Friday, 17-Nov-2023 00:26:40 JST
menherahair
@kirby
https://www.schneier.com/blog/archives/2023/11/new-ssh-vulnerability.html
some guy claims it's literally nothing
> Since some of the affected implementations still support SSHv1 they’ve (a) got bigger problems than a one-in-a-million fault and (b) probably haven’t been updated since Windows 98 was state of the art. So it’s not “New SSH attack” it’s “Ancient never-updated SSH implementations still vulnerable to equally ancient attack”. -
menherahair (menherahair@eientei.org)'s status on Thursday, 16-Nov-2023 02:45:44 JST
menherahair
In the previous episode: Steam requires 2FA for some features, and only provides it through few valve's apps, also it'll only tell you about the phone one. However, it really just uses good old TOTP. People are ripping the secrets left and right and using third party apps. Here's a good CLI one I've found: https://github.com/dyc3/steamguard-cli
I'd like to get my codes from pass(1) as I do with everything else. I managed, but it's silly.
pass already has an excellent OTP extension, but when fed the otp URI extracted with the above tool it spews wrong codes. It's nothing wrong with the underlying implementation, steam just moves some numbers around for no reason and the extension won't entertain it at this time.
I moved to try and hack it somewhere onto the extension. A pass extension is just a file of bash. In this case, it wraps external oathtool(1) and merely provides handy pass commands for installing the secrets in the password store.
Right now it seems there's no way to have oathtool spew valid steam codes without hacking into it's code, and it's C so it's a pain to deploy such hack later.
It's probably possible to recode the code inside the bash script, but I'm not doing that.
By far the easiest way to do this is to replace oathtool in the bash script, perhaps conditionally just for steam secrets. It's well written so it's not unpleasant to do either.
For replacement, I thought I'd use perl, maybe inline the whole thing inside the pass extension. I looked at what tooling's there on cpan - lo and behold, Pass::OTP is a sensible lib with few lines dedicated just to handling cases of issuer=Steam. The whole thing comes to just this:
use Pass::OTP qw/otp/;
use Pass::OTP::URI qw/parse/;
print otp(parse('$otp_uri'));
Included files are the patch, and the whole thing if you'd rather take that. Dump the extension either in /usr/lib/password-store/extensions/ or your .password-store/.extensions/. In the latter case, you also need to set PASSWORD_STORE_ENABLE_EXTENSIONS=true in your env. Pass::OTP is seldom packaged in distros so probably grab it from cpan. If your run uber minimool install with no perldoc it'll also fail because bad programming. And I can't attest to hotp working as expected because I don't care. -
menherahair (menherahair@eientei.org)'s status on Wednesday, 15-Nov-2023 02:07:47 JST
menherahair
@mint @pay yeah I stumbled into people ripping steam TOTP secrets with adb yesterday, I'm actually about to look into it -
menherahair (menherahair@eientei.org)'s status on Wednesday, 15-Nov-2023 02:02:49 JST
menherahair
@pay they're contractually obliged by talmud to sell your username and email connections for $20 so it doesn't work -
menherahair (menherahair@eientei.org)'s status on Wednesday, 15-Nov-2023 02:02:46 JST
menherahair
@pay it doesn't matter what I think when both steam and my bank require 2FA for full functionality. In case of my bank I can't even use the website without 2FA with their app, can't get a code in an email or anything now. I just wish I could use pass(1) like I do for everything else -
menherahair (menherahair@eientei.org)'s status on Wednesday, 15-Nov-2023 02:00:56 JST
menherahair
my white brothers and sisters I have a dream. a dream that steam and my bank lets us use open source TOTP implementations for 2FA -
menherahair (menherahair@eientei.org)'s status on Tuesday, 14-Nov-2023 03:14:20 JST
menherahair
>check on mom's pc after few weeks
>everything is exactly the same
I love not using windows -
menherahair (menherahair@eientei.org)'s status on Sunday, 12-Nov-2023 02:11:28 JST
menherahair
@Zerglingman @teknomunk @deVoid @Gerfand https://en.wiktionary.org/wiki/%E9%B4%A8%E3%81%8C%E8%91%B1%E3%82%92%E8%83%8C%E8%B2%A0%E3%81%A3%E3%81%A6%E6%9D%A5%E3%82%8B -
menherahair (menherahair@eientei.org)'s status on Saturday, 11-Nov-2023 23:48:26 JST
menherahair
your serial key is found on the back of the brochure inside the eientei enterprise suite cd case #1 -
menherahair (menherahair@eientei.org)'s status on Friday, 10-Nov-2023 01:41:52 JST
menherahair
I get to use my cool ratcheting screwdriver with set of 80 heads and I still end up making these shits into flatheads -
menherahair (menherahair@eientei.org)'s status on Friday, 10-Nov-2023 01:30:16 JST
menherahair
jewish screws -
menherahair (menherahair@eientei.org)'s status on Friday, 10-Nov-2023 00:05:00 JST
menherahair
@Zerglingman ah, sorry. it says who imports the thing right there, but I think the address doesn't exist -
menherahair (menherahair@eientei.org)'s status on Friday, 10-Nov-2023 00:03:51 JST
menherahair
@Zerglingman
couldn't be me. I excusively use nondescript chinese brand cases my pc parts place gets from an undisclosed vendor for next to nothing -
menherahair (menherahair@eientei.org)'s status on Thursday, 09-Nov-2023 23:49:42 JST
menherahair
assembling my fucking tower in my fucking case made for ants -
menherahair (menherahair@eientei.org)'s status on Thursday, 09-Nov-2023 22:53:15 JST
menherahair
@iska @MK2boogaloo
>if she doesn't she's either wife or a fed
we've gone over this already -
menherahair (menherahair@eientei.org)'s status on Thursday, 09-Nov-2023 22:36:22 JST
menherahair
@Zerglingman the not rotten one -
menherahair (menherahair@eientei.org)'s status on Thursday, 09-Nov-2023 22:11:18 JST
menherahair
@Zerglingman
> Alternate scenario: Someone else has the apples and is offering you one.
I SHOOT THE GUY AND EAT THEM -
menherahair (menherahair@eientei.org)'s status on Tuesday, 07-Nov-2023 22:23:33 JST
menherahair
@Zerglingman finally https://youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com/ can get a dedicated cert
All 076萌SNS content and data are available under the