mchenier | 5 months ago | on: The Other Linux Logo
Don’t fix it if it ain’t broken!
mchenier's comments
mchenier | 9 months ago | on: OneDrive File Picker Flaw Provides Apps Full Read Access Entire OneDrive
One way to avoid this problem and considerably reduce the attack surface is to:
1- Create a dummy Onedrive account.
2- Share a folder on your main Onedrive to the dummy account.
3- In the dummy account, maps the shared link to a folder for easier access as if it was a normal folder. (May not be required for some apps).
4- Only lets third party apps access the dummy Onedrive account with its single folder.
This doesn’t give access to your main Onedrive account to any apps, just the files and folders under the shared folder you have shared with the dummy account.
mchenier | 1 year ago | on: It was online for 3 seconds before getting a 404 request for /.git/config
Port knocking may be a first line defense here with a port scan attack detector to ban IPs that try to find such ports. See Linux knockd and psad for references. This obscurity doesn’t protect again man-in-the-middle but at least protects from unwanted and opportunistic guests. It also gives more time to indirectly protect from 0-day on sshd (aka the fiasco that could have been the xz incident).
mchenier | 2 years ago | on: ChangeDetection, monitor any website change
https://visualping.io does a nice similar job and is free for moderate personal use.
mchenier | 3 years ago | on: Seriously, What is the best way to save passwords?
The problem is really to find a solution that allow sharing passwords between devices (computers, phones).
I think a solution like Keepass with an encrypted file shared on common cloud file services would be great if we could trust the third party versions for phones.
mchenier | 3 years ago | on: Passwordless Access to LastPass Vault
This looks less secure than current 2FA Master password + LastPass Authenticator existing solution. Or am I missing something?
mchenier | 3 years ago | on: Show HN: I built a simulator for personal finance
Thanks for replying. I am definitely in the camp of the no account linking feature. In fact, more in the camp where I don’t want to provide credentials to connect to bank institutions.
mchenier | 3 years ago | on: Show HN: I built a simulator for personal finance
Really nice! I like it a lot. One feature I miss there from my spreadsheet is the ability to track and get updated investment values automatically. I mean, it could be great to have a way to specify the number of stock for each investment account, the cost basis and then, have live record of the investment values. At the same time, it would give a better idea of capital gain tax implication.
mchenier | 4 years ago | on: Box – Python dictionary with dot notation
This looks like a duplicate of the existing Munch Python library.
https://github.com/Infinidat/munch
page 1