Have You Been Pwned? Do you have a working cross-platform PASSWD database for Windows, Linux, Mac, iOS, & Android on your home LAN?

[arlen holder]

What prompted this is the news today that 773 million emails are pwned.

Please _improve_ our tribal knowledge on the three issues:
A. How to check if you've been pwned.
B. What software to use to encrypt your passwd database.
C. What sync method to use to synchronize on the home LAN.

QUESTION:
Do you have a working cross-platform PASSWD database for Windows, Linux,
Mac, iOS, & Android on your home LAN?

REQUEST:
If so, can you explain what you found that works well to sync the db?

DETAILS:
As you're likely aware, a researcher kindly consolidated a pwned db:
<http://haveibeenpwned.com>

Where I won't delve into the details which are in the news recently:
<https://www.consumerreports.org/privacy/consumers-had-email-and-passwords-exposed/>

My suggestion is two steps, the second of which prompted this question.
STEP 1: Check if you've been pwned.
The "safest" way I know to check is to use the official Tor Browser.
And only check a single email address per session (for obvious reasons).
(If you use any other browser - then you already lost the privacy game.)

STEP 2: Set up some kind of encrypted password database mechanism:
I already have KeePass PC setup but I don't yet sync it across the LAN.
I also don't use it on Android/iOS but I will start so that's why I ask.

Hence this question has a few parts:
PART1: Software for each of the common consumer platforms
PART2: Sync methods across all common consumer platforms

For PART1, the software, here's my first pass at the best freeware:
(Please add _better_ alternatives as I make no claim of expertise.)
(These are simply from a Google search so I ask for your knowledge.)
*Linux*:
o <https://sourceforge.net/projects/keepass/files/latest/download?
o ?
*Windows*:
o <https://keepass.info/download.html>
o ?
*Mac*:
o https://sourceforge.net/projects/keepass/files/latest/download
o ?
*Android*:
o <https://play.google.com/store/apps/details?id=com.android.keepass>
o <https://play.google.com/store/apps/details?id=keepass2android.keepass2android>
*iOS*:
o <https://itunes.apple.com/us/app/keepass-touch/id966759076>
o <https://itunes.apple.com/us/app/minikeepass/id451661808>

For Part2, the "sync", I'll post a followup as I need to look up how.

SUMMARY:
*Please _improve_ our tribal knowledge on the three issues:*
A. How best to check if you've been pwned.
B. What software to use to encrypt your passwd database.
C. What sync method to use to synchronize on your home LAN.

[Jasen Betts]

On 2019-01-20, someone making the false claim to be
arlen holder <ar...@arlen.com> lied thusly:

> What prompted this is the news today that 773 million emails are pwned.

Slow news day.

> QUESTION:
> Do you have a working cross-platform PASSWD database for Windows, Linux,
> Mac, iOS, & Android on your home LAN?

I have no idea what you mean. that question can be taken at-least three
different ways.




--
When I tried casting out nines I made a hash of it.

[arlen holder]

On Sun, 20 Jan 2019 06:19:12 -0000 (UTC), Jasen Betts wrote:

>> What prompted this is the news today that 773 million emails are pwned.
> Slow news day.

Hi Jasen Betts,

That's kind of funny ... but expected ... since we know you rather well.
That comment indicates you missed what's _different_ about that news.

Look at it again. Read it. Read it twice. Maybe even three times.
Let us know if you figured it out on your own, Jason.
(If not, come back here to ask for compressive help - we'll clue you in.)

Even so, the key unresolved question for this thread is (IMHO),
not how to check if you've been pwned (since I provided how to check);
nor is the key unanswered question how to maintain an electronic
database on any common consumer OS (I suggested KeePass).

In both those questions, all I ask is for IMPROVEMENTS to the
answer I already provided, where those improvements can only
come from intelligent & experienced people (i.e., not you, Jason).

The most important UNANSWERED question, though, Jason, is
how intelligent knowledgeable experts on these newsgroup
devised a reasonable method to sync the passwd.kdbx file on
the local LAN without placing that passwd file on the Internet.

If you, Jason Betts, or anyone else who reads this, has both the
intelligence and experience to figure out a nice mechanism
for syncing that file on the home databsae - then THAT is what
this thread aims to resolve.

Again, you, Jason Betts, didn't even comprehend the problem set,
so I doubt you will be able to help us - but SOMEONE else who
reads this will not only comprehend the problem set, but they
might also be intelligent enough to have devised a working solution
to the main unanswered problem:

*HELP: What is a good way for the average user to sync the*
*passwd.kdbx file on their local LAN comprised of Windows,*
*Linux, Mac, iOS, and Android devices?*

>> Do you have a working cross-platform PASSWD database for Windows, Linux,
>> Mac, iOS, & Android on your home LAN?
>
> I have no idea what you mean. that question can be taken at-least three
> different ways.

Hi Jason,
Since you didn't comprehend how the news today is _different, then it's
obvious that you can't possibly comprehend the questions asked.

For one, I've already chosen "KeePass" as my electronic passwd database;
but others might not have already chosen their preferred tool.

Hence part of the question was asking experienced people (i.e., not you),
what intelligent experienced people prefer as their vipw command.

For example, on the PC (Windows or Linux), to edit the password file, I
simply type "vipw" and press the ENTER key.

For example, on Windows:
o Start > Run > vipw <ENTER>

That brings up KeePass with the database, since I use the "App Paths" key:
o HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vipw.exe
Which simply points to my KeePass executable or to the database, e.g.,
o Default = c:\app\editor\passwd\keepass\KeePass.exe
Or...
o Default = c:\data\editor\passwd\keepass\passwd.kdbx
NOTE: Either way works the same if you have only one password file.

The question becomes a bit more difficult to answer (i.e., you won't be
able to help us, Jason. It's not an insult. It's stating facts bluntly)
when you consider that a user wishes to automatically synchronize that
PC-based password file with the mobile devices and other desktops.

Most (dumb, IMHO) mechanisms use a Dropbox-like synchronization, which,
IMHO, is about as sophomoric as can be devised (particularly when it's a
password file we're talking about).

Obviously, the more intelligent approach is to maintain the single database
file on the users personal LAN.

While you don't comprehend something as simple as that, Jason,
most other readers probably will.

Hence, the question that is the hardest to adequately answer (IMHO),
is how to synchronize the passwd.kdbx file on all platforms on the users'
personal LAN?

For example, this sophomoric (IMHO) mechanism suggests DropBox:
o How to Use KeePass on Android and iOS
<https://www.guidingtech.com/51929/use-keepass-android-ios/>

And this just-as-sophomoric (IMHO) mechanism suggests Google Drive:
o KeePass on Android and Windows Synced Using Google Drive
<https://www.youtube.com/watch?v=-txzWZhZm9c>

The more intelligent way to sync a file on the local LAN, IMHO,
is to use a mechanism that does NOT place your passwd file
on the Internet.

That's the key unanswered question for this thread to resolve.

[arlen holder]

On Sat, 19 Jan 2019 22:50:32 -0800, Junco wrote:

> I had a peanut butter & blackberry taco today.

Hi Junco,

*Do you have experience with the inherent KeePass sync method, Junco?*

The key question that is the hardest to adequately answer (IMHO),

is how to synchronize the passwd.kdbx file on all platforms on the users'

personal LAN.

_Only people with both intelligence & experience can answer that question._

I will devise a working solution - which I will explain to others once I
devise it - but I can't be the first person on this newsgroup with the
intelligence to realize that it's a "good idea" to be able to synchronize a
password.kdbx file across Windows, Linux, Mac, iOS, & Android devices on
the personal LAN.

The first step, perhaps, is to try to use the *native* KeePass sync method:
o KeePass Synchronization of multiple copies of a database.
<https://keepass.info/help/v2/sync.html>

*Do you have experience with that native KeePass sync method, Junco?*

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:

> What prompted this is the news today that 773 million emails are pwned.
>
> Please _improve_ our tribal knowledge on the three issues:

> A. How to check if you've been pwned.

There is a drawback for that pwned passwords check,
that it checks only the ID, but does not list the platform where
it is used.

I am registered on multiple sites, where I regularly or
occasionally actively contribute.
Many sites require as ID a valid email address.
I often use the same ID
( my nickname or my email dedicated to internet registration)
but different passwords to each of them.

In such a case, such a pwned check does not tell, what credentials
are compromised.

> B. What software to use to encrypt your passwd database.

Here we are on the same boat I guess.
We both use KDBX encrypted people database, a native database of
KeePass 2 on Windows platform.

On Android, I use the same Keepass2Android as you.

Both SW support full bidirectional syncing of KDBX file on pw
record level.

On Linux I used KeepassXC, what is a community fork of KeepassX v 2.
That latter is rarely maintained
and does not support KDBX sync.
KeepassXC supports for now at least undirectional sync.
(Open A, sync with B, open B, sync with A )

The impressive list of KeePass ports or compatible packages is here
https://keepass.info/download.html

Note the KeePass 2 Ports for various Linux distributions I was not
aware before.
(Aside of KeepassX based apps and KeePass under Mono)

I do not use either Mac either iPhone, nor I am familiar with them.
But there are listed some Mac/iOS compatible SW.

> C. What sync method to use to synchronize on the home LAN.
>

The easiest would be to share KDBX file on Windows/Linux/Mac
machine as a LAN file sharing.
Next would be running a local (S)FTP(S) server or WebDAV server.
But the the catch can be to use a method supported by all used
software.

I personally use cloud syncing via WebDAV, as some my devices are
never on the same LAN.
But it is not what you want.

--
Poutnikl


----Android NewsGroup Reader----
http://usenet.sinaapp.com/

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:

> On Sun, 20 Jan 2019 06:19:12

> The more intelligent way to sync a file on the local LAN, IMHO,
> is to use a mechanism that does NOT place your passwd file
> on the Internet.
>

Sure, why to put it on internet for exclusive LAN only syncing ?

But not all sync scenarios can be limited to a single LAN .

If the pw DB cannot withstand internet exposure, its encryption
is weak and such DB should not be used at all.


--
Libor Striz aka Poutnik ( a pilgrim/wanderer/wayfarer)

"Humour is the only effective weapon against stupidity."
Miloš Forman

[arlen holder]

On Sun, 20 Jan 2019 09:17:04 +0100 (GMT+01:00), Libor Striz wrote:

> There is a drawback for that pwned passwords check,
> that it checks only the ID, but does not list the platform where
> it is used.

Hi Poutnik,
I appreciate your purposefully helpful experienced input!

Thanks for providing advice on that part of the pwned lookup mechanism, as
I didn't even _check_ the website section of that pwned database. For me,
whether a website account is compromised is less important than whether an
email account is compromised.

So I had only checked the email/password part of that lookup mechanism.
But, there was also a web site part that I ignored - so it's good you bring
it up.

You bring up a good point that this site (which appears to be the most
comprehensive of its kind), doesn't necessarily handle pwned
website logins well. Thanks for that astute input.

>> B. What software to use to encrypt your passwd database.

> On Android, I use the same Keepass2Android as you.

On Android, I tested today 3 different "keepass" clones
(all of which seemed to works similarly on the master db file):
o *Keepass2Android* <https://github.com/PhilippC/keepass2android>
o *KeePassDroid* <http://www.keepassdroid.com>
<https://f-droid.org/en/packages/com.android.keepass/>
o *KeepPass DX* <https://github.com/Kunzisoft/KeePassDX/>
<https://f-droid.org/en/packages/com.kunzisoft.keepass.libre/>

Of those, KeePass2Android "seems" to be robust, where it will
be useful to hear from other experienced users.

I haven't looked yet for iOS because I've learned after decades of
experience that everything is harder to interface with Apple products, so
the iOS solution, as always, will be the last one done (if ever done).

> Both SW support full bidirectional syncing of KDBX file on pw
> record level.

The question is HOW to sync the files, automatically if possible,
on the users private LAN (i.e., sans DropBox-like solutions).

There are three fundamental approaches that come to mind:
1. A personal DropBox-like OwnCloud with FolderSync to autosync.
2. A WebDAV or FTP server for the master file a URI to autosync.
3. Manually merging separate files (which KeePass is designed to do).

I kind of prefer the _simplest_ most reliable method.
But which method is that?

> On Linux I used KeepassXC, what is a community fork of KeepassX v 2.
> That latter is rarely maintained
> and does not support KDBX sync.
> KeepassXC supports for now at least undirectional sync.
> (Open A, sync with B, open B, sync with A )

This is _great_ information, Poutnik. Very nice.
<https://keepassxc.org/blog/2017-10-25-ubuntu-ppa/>
o sudo add-apt-repository ppa:phoerious/keepassxc
o sudo apt install keepassxc

The "sync" of the "master file" over the LAN is the key conundrum.
Luckily, the keypass clones contain sync software inside of them.

> The impressive list of KeePass ports or compatible packages is here
> https://keepass.info/download.html

I agree with you that, for cross-platform use, KeePass variants
seem to be the easy freeware choice on all common platforms.

We still need to figure out what type of "sync" we'll end up using:
o Manual merge from inside of kee pass itself
o Automatic sync on the users LAN (e.g., OwnCloud DropBox-like solution)
o Manual load of a single master file (e.g., FTP, WebDAV, etc.)

>> C. What sync method to use to synchronize on the home LAN.
>>
> The easiest would be to share KDBX file on Windows/Linux/Mac
> machine as a LAN file sharing.

Hi Poutnik,
Thanks for that helpful hint, Poutnik!
In general, that makes sense - but - the specifics are what matter.

That's the conundrum.
o How to best share a file across a users' personal LAN?

I'm a bit confused which method below you mean by "Lan File Sharing".

The _simplest_ solution won't work, which is SMB, simply because
Android (and I think, maybe iOS?) won't use ports lower than 1024
without rooting, while Windows (unfortunately) won't let SMB
share on ports higher than 1024. A Catch 22 it is.

If we give up on Samba SMB sharing, what do we have left?
o FTP or WebDAV or HTTP servers (these work on all platforms)
o DropBox-like OwnCloud or NextCloud servers (Linux only essentially)
o Manual file merges (which the keepass clones seem adept at)

> Next would be running a local (S)FTP(S) server or WebDAV server.
> But the the catch can be to use a method supported by all used
> software.

Thanks for that additional suggestion, Poutnik!

I agree. The good news is that the keepass clones are adept at
both (a) finding the database file, and (b) merging the database file.

For example, when I open up keepass2android, it *asks* me
if I want to access the file locally, or via a WebDAV or FTP server.

The question is how best should one set up file sharing
on the personal LAN that _all_ platforms easily access?

> I personally use cloud syncing via WebDAV, as some my devices are
> never on the same LAN.

Thanks for that advice, Poutnik!

Personally, I'd love if SMB worked - but unfortunately, sans rooting,
SMB seems to be out of the question.

The manual method works, but it requires connection via USB.

What's left is the "server" solution, as far as I can tell.
To me, once the decision is to keep the master database on a server, then
the "protocol" isn't all that critical to me.

That is, if the solution is a server, then whether it's a WebDAV or FTP
server isn't all that meaningful to me (both work just fine).

> But it is not what you want.

What I "want" is what everyone would want, which is for us to have a method
to share a folder on the personal LAN among all devices.

The only feasible way I know of doing that is the solution that we nixed
in this thread on CalDAV servers for calendaring sans the Internet.
o Can we come up with a free, ad free, cloud-free calendaring system that works with Windows and Linux and mobile devices?
< https://groups.google.com/forum/#!topic/alt.os.linux/ydQ9sG-8Y08>

This is a similar question, only the answer for the passwd.kdbx file is a
lot simpler because the keepass clones all have better built-in sync
capabilities than do 24 out of 25 of the freeware calendaring clones tested
in that thread.

[arlen holder]

On Sun, 20 Jan 2019 09:31:56 +0100 (GMT+01:00), Libor Striz wrote:

> Sure, why to put it on internet for exclusive LAN only syncing ?

Hi Poutnik,

Thank you for your advice - which is very helpful!

I know you, from years of experience, to be purposefully helpful.
I don't know what you mean by that sentence above.

To clarify, I _know_ most people would opt to sync over the Internet.
They'd use, for example, a Dropbox-like solution such as "iCloud".

Then, they'd automate that with something like, oh, say, FolderSync:
o <https://www.tacit.dk/foldersync/>
<https://play.google.com/store/apps/details?id=dk.tacit.android.foldersync.lite>

We _could_ do the same using our personal LAN, but it turns out,
unfortunately, most of the servers only work on Linux.

That's fine if you have Linux running full time, or if you set up a $35
raspberry pi as your cloud server as we discussed in this recent thread:

o Can we come up with a free, ad free, cloud-free calendaring system that works with Windows and Linux and mobile devices?
< https://groups.google.com/forum/#!topic/alt.os.linux/ydQ9sG-8Y08>

But most people won't set up their own $35 cloud server on their home LAN.

> But not all sync scenarios can be limited to a single LAN .

Hi Poutnik,

I agree - but - let's restrict the INITIAL solution to the typical
home LAN, which generally has desktops and mobile devices
all connected over Ethernet & WiFi tied together at a SOHO router.

> If the pw DB cannot withstand internet exposure, its encryption
> is weak and such DB should not be used at all.

Hi Poutnik,
I agree with you that KeePass needs to have secure encryption, but I also
point out that there's a HUGE difference between protecting a passwd file
and protecting, oh, say, a photo or a contact list.
o For a photo, most of us wouldn't care all that much about the security
o For a personal calendar, the security needs might go up a bit
o But for a passwd file - the security needs are pretty high

What I'm saying is that I agree with you that the encryption that keepass
uses "should" be robust - but - still - there's nothing bad about getting
into the habit of keeping your private information OFF the Internet.

In general, I keep personal files OFF the Internet - where - to me - a
passwd file has no business being ON the Internet.

The only rationale I can see for putting a passwd file on the Internet is
laziness.

That is, coming up with a private LAN sharing solution takes effort.
That's what this thread is (mostly) about.

*How to share a single master passwd.kdbx file on the users network.*

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:
>
>

>> Sure, why to put it on internet for exclusive LAN only syncing ?
>
>

> I don't know what you mean by that sentence above.

it is easy.
Syncing over LAN > keep it on LAN.
Syncing over WAN > keep it (eventually just temporarily for sync
session) on WAN.

>
> To clarify, I _know_ most people would opt to sync over the Internet.
> They'd use, for example, a Dropbox-like solution such as "iCloud".
>
> Then, they'd automate that with something like, oh, say, FolderSync:
> o <https://www.tacit.dk/foldersync/>

Such solutions provide just file syncing,
what is different to PW record synching for KDBX files.

>
> We _could_ do the same using our personal LAN, but it turns out,
> unfortunately, most of the servers only work on Linux.

If just LAN file sharing is set, no need for a server .

>
>> But not all sync scenarios can be limited to a single LAN .
>

>let's restrict the INITIAL solution to the typical
> home LAN, which generally has desktops and mobile devices
> all connected over Ethernet & WiFi tied together at a SOHO router.

I would go for LAN file sharing. It is IMHO the most available method.
If direct access to LAN resources is not possible, I would go for
a LAN file sync utility and do DB Syncing against local
copy.
For Android, my favourites are SyncMe Wireless
Total Commander LAN access.

> In general, I keep personal files OFF the Internet - where - to me - a
> passwd file has no business being ON the Internet.

If you need not it to be there, then it is true.

> The only rationale I can see for putting a passwd file on the Internet is
> laziness.

What is indeed valid for LAN only reducible scenarios.

But if you have a workstation you are not allowed to connect any
portable storage, it is not laziness.

>
> *How to share a single master passwd.kdbx file on the users network.*

The same way as any other file.

But would rather avoid *single* shared file for 2 reasons.

1/data security in case of curruption. Even if it would be
regularly backed up, it is easy to be done too late, especially
for backups to independent storage device.

2) possible write access conflicts over a single file.
I prefer star-like configuration of multiple local DB file instances,
all synced to a "central" file.
.
In LAN scenario, the central file would be just an extra file at
one of location on desktop,
so 2 files, local and central file would be on such a machine.

In my case, the central file is permanent or temporary cloud
WebDAV location.

[nospam]

In article <q21aq3$ldk$1...@dont-email.me>, Libor Striz

<poutnik4R...@CAPITALSgmail.com.INVALID> wrote:

> > A. How to check if you've been pwned.
>
> There is a drawback for that pwned passwords check,
> that it checks only the ID, but does not list the platform where
> it is used.

that doesn't matter. if your password is in the list, you should change
it wherever it's used.

that *should* only be one place but most people reuse passwords so it's
probably more.

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:

> On Sun, 20 Jan 2019 09:17:04 +0100 (GMT+01:00), Libor Striz wrote:

>
> Hi Poutnik,
> I appreciate your purposefully helpful experienced input!
>
> Thanks for providing advice on that part of the pwned lookup mechanism, as
> I didn't even _check_ the website section of that pwned database.
>

Thanks.
OTOH, thank you for pointing me out I may have missed
that's are 2 sections for check,
I reviewed the site only briefly on the phone browser.
In my original understanding, I had thought you could not even
distinguish
if email credentials were compromised,
or if just some accounts using that email address as an ID.

>
> Of those, KeePass2Android "seems" to be robust, where it will
> be useful to hear from other experienced users.

I remember ending at K2A as Iiked this option the most few years
ago, not exactly remembering why.

>
>> Both SW support full bidirectional syncing of KDBX file on pw
>> record level.
>
> The question is HOW to sync the files, automatically if possible,
> on the users private LAN (i.e., sans DropBox-like solutions).
>
> There are three fundamental approaches that come to mind:
> 1. A personal DropBox-like OwnCloud with FolderSync to autosync.
> 2. A WebDAV or FTP server for the master file a URI to autosync.
> 3. Manually merging separate files (which KeePass is designed to do).

Here is very important to stress for general audience,
to avoid regular, target filesyncing,
unless one knows what one is doing.

Any file distribution over the LAN
must have as the final step
the PW record level syncing between kbdx files (automatic or manual).

Unless there is primary-secondary configuration of PW DB files,
where only 1 file gets updated by the user,
and the secondary files are overwritten by syncing.

But I see this scenario as very uncomfortable. IMHO, any KDBX
instance should be able to initiate an update and update flow
should be bidirectional.

That is the reason for a central file. Not a master file, but
rather a man-in-the-middle file.
So all devices sync their local KDBX files with the same
central file.

>
> I kind of prefer the _simplest_ most reliable method.
> But which method is that?

I have the KDBX file in a shared folder in Windows .
Android SyncMe Wireless
https://play.google.com/store/apps/details?id=com.bv.wifisync
(well configurable) performs bidirectional file syncing between a
dedicated Android folder and this shared folder.
No fiddling with ports nor rooting.
I guess there is more such utilities.

> We still need to figure out what type of "sync" we'll end up using:
> o Manual merge from inside of kee pass itself
> o Automatic sync on the users LAN (e.g., OwnCloud DropBox-like solution)
> o Manual load of a single master file (e.g., FTP, WebDAV, etc.)

I still think the path bellow is good:

direct KeePass sync of a local and LAN KDBX files ( in r/w LAN
shared folder,
or a combo of LAN file sync + local syncing of kbdx files.

>


>
> That's the conundrum.
> o How to best share a file across a users' personal LAN?

Shared folder.

>
> I'm a bit confused which method below you mean by "Lan File Sharing".

>
> The _simplest_ solution won't work, which is SMB, simply because
> Android (and I think, maybe iOS?) won't use ports lower than 1024
> without rooting, while Windows (unfortunately) won't let SMB
> share on ports higher than 1024. A Catch 22 it is.

I have not tested total commander LAN shared folder access yet,
but at least the syncme wireless utility
does access without rooting or port hassles.

--
Libor Striz aka Poutnik ( a pilgrim/wanderer/wayfarer)

"Humour is the only effective weapon against stupidity."
Miloš Forman

[Libor Striz]

nospam <nos...@nospam.invalid> Wrote in message:

>
>> There is a drawback for that pwned passwords check,
>> that it checks only the ID, but does not list the platform where
>> it is used.
>
> that doesn't matter. if your password is in the list, you should change
> it wherever it's used.
>
> that *should* only be one place but most people reuse passwords so it's
> probably more.
>

It is not about a password reuse,
but an ID reuse.
If I knew the platform,
there would be no need to change passwords everywhere the ID is used.

--
Libor Striz aka Poutnik ( a pilgrim/wanderer/wayfarer)

"Humour is the only effective weapon against stupidity."
Miloš Forman

[Libor Striz]

Libor Striz <poutnik4R...@CAPITALSgmail.com.INVALID> Wrote
in message:

>
>
> Thanks.
> OTOH, thank you for pointing me out I may have missed
> that's are 2 sections for check,
> I reviewed the site only briefly on the phone browser.
> In my original understanding, I had thought you could not even
> distinguish
> if email credentials were compromised,
> or if just some accounts using that email address as an ID.
>>

Hm, I have reviewed the page
https://haveibeenpwned.com
And Unless I am blind, there is no distinguishing
for seaching
breached email accounts
And
Breached email-as-ID accounts.

[arlen holder]

On Sun, 20 Jan 2019 11:15:35 +0100 (GMT+01:00), Libor Striz wrote:

> If just LAN file sharing is set, no need for a server .

Hi Poutnik,

Thanks for the purposefully helpful experience and advice...

I agree if we can eliminate a server, that' good because once we decide on
a server ,it has to run "full time" on the personal LAN in order to be
useful at all times to all machines on the personal LAN.

So better to NOT need a server, if we can.

> I would go for LAN file sharing. It is IMHO the most available method.

I agree.
SMB is "problematic" though.
So if you have a solution where the Windows machine is the
SMB server, _that_ would be fantastic.

To my knowledge, _nobody_ has that solution yet.
(It seems so simple, but the problem is the SMB port catch22).

> If direct access to LAN resources is not possible, I would go for
> a LAN file sync utility and do DB Syncing against local
> copy.
> For Android, my favourites are SyncMe Wireless
> Total Commander LAN access.

Thanks Poutnik for that suggestion using SyncMe Wireless.

I already had Total Commander but never found it to be a useful file
manager utility.
o Total Commander <https://www.ghisler.com/android.htm>
<https://play.google.com/store/apps/details?id=com.ghisler.android.TotalCommander>

As per your suggestion, I installed SyncMe Wireless to test:
o SyncMe Wireless
<https://play.google.com/store/apps/details?id=com.bv.wifisync>

The "Welcome" message says to make sure there is a shared folder on the
computer, presumably that's an SMB share, e.g., on Windows (or on Linux via
Samba).
o You press "Add computer" which ask for four pieces of information:
o Computer Name, Domain, User, Password.

That should have worked but it failed for me.
No matter what combination I tried, it said: "Connection Reset".
It kept referring me to:
o How to find Local Security Policy
<https://answers.microsoft.com/en-us/windows/forum/all/how-to-find-local-security-policy/6cccf15f-2ecd-4f92-86a2-0e14f121fb26>
o Which says to to go "Start > Run > control"
o Control Panel\System and Security\Administrative Tools\
o Local Security Policy
o Security Settings -> Local Policies -> Security Options
o Double-click Accounts: Limit local account use of blank passwords to console logon only
o Set to Disabled and click OK.
o Close the Local Security Policy window

However, no matter what I tried, it said "Connection Reset".
(I never did understand Windows networking - it never works over NETBIOS
for me, mainly because my access point blocks netbios broadcasts; but in
this case, I even used the IP address as the computer name, so NETBIOS
broadcasts should not be needed. For example, a ping works fine.)

Anyway, SyncMe "should" have worked so I think it's a good idea for a
general solution. I suspect it's simply an SMB client but then how does it
work on ports lower than 1024 (which Windows uses for SMB)?

> But would rather avoid *single* shared file for 2 reasons.
>
> 1/data security in case of curruption. Even if it would be
> regularly backed up, it is easy to be done too late, especially
> for backups to independent storage device.

I agree the data management issues come up when there is a single master
kbdx password file.

A nice advantage of Keepas software is that it "merges" separate files,
which means we can come up with a process that merges multiple files, one
for Android device, another for the iOS devices, etc. (if we want that).

> In my case, the central file is permanent or temporary cloud
> WebDAV location.

I am familiar with setting up both WebDAV and FTP servers on Android, but
is _that_ what you're speaking about?

Or is the WebDAV server on the desktop in your setup?

[nospam]

In article <q21kon$9ff$1...@dont-email.me>, Libor Striz

<poutnik4R...@CAPITALSgmail.com.INVALID> wrote:

> >> There is a drawback for that pwned passwords check,
> >> that it checks only the ID, but does not list the platform where
> >> it is used.
> >
> > that doesn't matter. if your password is in the list, you should change
> > it wherever it's used.
> >
> > that *should* only be one place but most people reuse passwords so it's
> > probably more.
>
> It is not about a password reuse,

yes it is. people reuse passwords and often use easy to guess
passwords, therefore multiple accounts are likely at risk if *one*
password has been compromised.

> but an ID reuse.

email addresses are unique.

> If I knew the platform,
> there would be no need to change passwords everywhere the ID is used.

the platform doesn't matter.

if your email or password is in their list, you're at risk for being
pwned if you haven't been already. change passwords *now* and enable
real 2fa, not the sms crap.

[arlen holder]

On Sun, 20 Jan 2019 12:15:59 +0100 (GMT+01:00), Libor Striz wrote:

> Hm, I have reviewed the page
> https://haveibeenpwned.com
> And Unless I am blind, there is no distinguishing
> for seaching
> breached email accounts
> And
> Breached email-as-ID accounts.

Hi Poutnik,

I think we misunderstood each other.

As I mentioned in the OP, the "main" check is email passwords.
<https://haveibeenpwned.com/>

But there is also a "Domain Search" mechanism which I didn't try:
<https://haveibeenpwned.com/DomainSearch>

I had thought _that_ domain search mechanism was what you were originally
complaining about when I mentioned web sites. If it wasn't _that_ domain
search, then I'm not sure _what_ you were talking about. Sorry.

There is also a "Who has been Pwned" link at that site:
<https://haveibeenpwned.com/PwnedWebsites>

And a list of pwned passwords:
<https://haveibeenpwned.com/Passwords>

I think we simply miscommunicated. It happens.
I am not sure what you were talking about if it's not one of those links.
:)

[arlen holder]

On Sun, 20 Jan 2019 06:29:12 -0500, nospam wrote:

> email addresses are unique.

> the platform doesn't matter.

Hi nospam,

This may be one of the rare cases where you know more than I do
since I don't understand WHAT the heck Poutnik is asking about.

So you may have to help him (or someone else who understands
why he is asking about a "platform" and what "id" he's asking about.

That web site is pretty simple <https://haveibeenpwned.com/>

o You enter in an email address and hit the "pwned?" button.
o It tells you whether you've been pwned.

o Note: It told me about 10 out of about 50 email accounts were pwned,
o Which is interesting because some were Google & Google doesn't know it

I don't see anything about a "platform", which I presume he means to be iOS
or Android or Linux or Window or Mac - where - an email address is
independent of the platform.

There _is_ another link (at the top) for a "Domain search".
<https://haveibeenpwned.com/DomainSearch>
Maybe he means that? I don't know.

I tried to use the domain search for Poutnik, but it's for administrators
of specific domains, so I didn't proceed as it want's us to prove we're the
domain admin (which is a legit desire).

There's also a link (at the top) for a list of Pwned Passwords:
<https://haveibeenpwned.com/Passwords>
But I don't think Poutnik is asking about that.

I typed in "mypassword" which said it was used 38,621 times
(which seems kind of low for 774 million pwned accounts).

In short, I can't answer Poutnik's question because I don't understand why
he talks about "Platforms" since there's no concept of a "platform" needed.

If you can help him - that would be great ... as I don't understand his
questions about "domains" and "ids" (they don't appear to be relevant to
what that site does).

PS: I just belatedly realized, just before I closed down my edit session,
that maybe he's trying to see if the first part of the unique email address
is re-used?

The site tells us if a password is unique, but not the user-id portion of
the email address.

For example, if my email on Gmail is "ar...@gmail.com" and if it is, on
Yahoo, "ar...@yahoo.com", both are unique in their entirety - but the
"arlen" part isn't unique.

Maybe Poutnik wants a search engine to see if that 'arlin' part is unique?

[Dan Purgert]

arlen holder wrote:
> On Sun, 20 Jan 2019 11:15:35 +0100 (GMT+01:00), Libor Striz wrote:
>
>> If just LAN file sharing is set, no need for a server .
>
> Hi Poutnik,
>
> Thanks for the purposefully helpful experience and advice...
>
> I agree if we can eliminate a server, that' good because once we decide on
> a server ,it has to run "full time" on the personal LAN in order to be
> useful at all times to all machines on the personal LAN.
>
> So better to NOT need a server, if we can.

You would have a better time of things by using a server with the
"master(tm)" copy, as the main problem with any manual-update based tool
is remembering to send the file to the other devices.

Nextcloud / Owncloud (or similar "cloud storage" software that has sync
clients for all* platforms) is a relatively easy solution to that
problem. If you didn't want to include phones, cronjobs would be
perfectly fine as well.

* Well, Owncloud has windows / linux / mac / android / iOS. Keep
meaning to read up on nextcloud as a replacement, but it's not the
highest priority right now.

>
>> I would go for LAN file sharing. It is IMHO the most available method.
>
> I agree.
> SMB is "problematic" though.
> So if you have a solution where the Windows machine is the
> SMB server, _that_ would be fantastic.

SMB / CIFS / samba is doable on a linux-based server as well. And tends
to behave better when dealing with cross-platform setups; at least in my
experience.

Granted, the last time I _needed_ a samba share was years ago; Windows
mya have gotten less sucky since 8/8.1.

>> [...]

>> In my case, the central file is permanent or temporary cloud
>> WebDAV location.
>
> I am familiar with setting up both WebDAV and FTP servers on Android, but
> is _that_ what you're speaking about?

I doubt he's running a "server" application on his phone.


--
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281

[Dan Purgert]

nospam wrote:
> In article <q21kon$9ff$1...@dont-email.me>, Libor Striz
><poutnik4R...@CAPITALSgmail.com.INVALID> wrote:

>> [...]

>> but an ID reuse.
>
> email addresses are unique.

I believe he's making the argument that if he finds
"nos...@example.invalid" has been compromised, he has no way of knowing
whether it's

* the email address at "example.invalid"
* the userID (when User=emailAddress) at some website somewhere.

>
>> If I knew the platform,
>> there would be no need to change passwords everywhere the ID is used.
>
> the platform doesn't matter.
>
> if your email or password is in their list, you're at risk for being
> pwned if you haven't been already. change passwords *now* and enable
> real 2fa, not the sms crap.

I agree entirely on this point. The trouble becomes when you've
forgotten that you were a member of $webForums and now seeing that your
email address got compromised, but not knowing it was on _that_ site; so
your compromised account continues to be, well, compromised there.

[arlen holder]

On Sun, 20 Jan 2019 12:03:56 +0100 (GMT+01:00), Libor Striz wrote:

> I have the KDBX file in a shared folder in Windows .
> Android SyncMe Wireless
> https://play.google.com/store/apps/details?id=com.bv.wifisync
> (well configurable) performs bidirectional file syncing between a
> dedicated Android folder and this shared folder.
> No fiddling with ports nor rooting.
> I guess there is more such utilities.

Hi Poutnik,
I appreciate the suggestion to maintain a "shared" kdbx file inside a
Windows share for all the other platforms to access.

I think that's a good suggestion as it will always be a "copy".

The fact that KeePass variants on all the platforms can "merge" files is a
bonus in this case of using a copy, because each platform will have the
superset set of passwords.

The only problem now is "sharing" the copy over the personal LAN.
If we store the copy on a Windows share - all the platforms _should_ be
able to access that kdbx copy.

That's easy for Linux, for example, using "smbclient", which can easily
access Windows CIFS/SMB shares. It's also easy for Windows, which uses the
network sharing feature \\192.168.1.100\sharename\passwd.kdbx

For Android, you'd _think_ it would be easy using, oh, say, an AndSMB
client on the mobile device to access the SMB share on Windows.
o <https://play.google.com/store/apps/details?id=lysesoft.andsmb>

In fact, I think your "syncme wireless" is, perhaps, nothing different than
that AndSMB client is, is it not?
<https://play.google.com/store/apps/details?id=com.bv.wifisync>

What's frustrating to me is that I lack the networking debugging skills to
figure out why _neither_ Android tool will connect to my PC shares.

I can easily ping the Windows machines over WiFi from Android using Termux,
which is a Linux-like emulation tool:
o Termux <https://f-droid.org/packages/com.termux/>

But neither the AndSMB nor the SyncMe Wireless will connect to the shared
folders on Windows. :(

Here's my situation by way of explanation:
1. I have two Windows 10 PCs on the network - both over WiFi.
2. There are many access points in between - and a few routers.
3. What that means is that NETBIOS broadcasts are blocked (by default).
(As an aside, I never figured out how to unblock them on the radios.)

Even so, it's _easy_ to have the two PC's communicate:
A. I can easily copy the shared files back and forth between PCs:
copy \\192.168.1.100\sharename\passwd.kdbx c:\tmp\passwd.kdbx
B. That works fine and, in fact, I'm doing that right now.
C. So I can definitely share the kdbx file between the two PCs.

That should also easily work on Linux using smbclient commands.
o <https://askubuntu.com/questions/749070/copy-file-with-smbclient-and-path-to-directory>

And yet, Android, which is also on the same network, can't *see*
the Windows shares using either "AndSMB" or "Syncme wireless".

Both Android client descriptions insist they don't need to be root on
Android. And yet, neither works for me.
A. Windows has no problem copying the shared kdbx file.
B. But neither SMBClient nor SyncMe Wireless will see the shared folder!

Do they work for you without you being rooted on Android?

[Libor Striz]

nospam <nos...@nospam.invalid> Wrote in message:

>:

>
>
>>
>> It is not about a password reuse,
>
> yes it is. people reuse passwords and often use easy to guess
> passwords, therefore multiple accounts are likely at risk if *one*
> password has been compromised.

Yes, I am aware of it,
but it is not my case.

>
>> but an ID reuse.
>
> email addresses are unique.

I do not say they are not.

>

>
> the platform doesn't matter.
>
> if your email or password is in their list, you're at risk for being
> pwned if you haven't been already. change passwords *now* and enable
> real 2fa, not the sms crap.

I do not speak about email accounts.

E.g my registration dedicated email id was found on 10 breached sites.
There cannot be 10 sites to breach email password, the can be
only the site carrying my email account .

[Jasen Betts]

On 2019-01-20, arlen holder <ar...@arlen.com> wrote:
> On Sun, 20 Jan 2019 06:19:12 -0000 (UTC), Jasen Betts wrote:
>
>>> What prompted this is the news today that 773 million emails are pwned.
>> Slow news day.
>
> Hi Jasen Betts,
>
> That's kind of funny ... but expected ... since we know you rather well.
> That comment indicates you missed what's _different_ about that news.

773 accounts exposed 2 years ago... not exactly current events.

>>> Do you have a working cross-platform PASSWD database for Windows, Linux,
>>> Mac, iOS, & Android on your home LAN?
>>
>> I have no idea what you mean. that question can be taken at-least three
>> different ways.

you come here abusing technical terms like "passwd" which is not a
pure synnonym for password, and then further confuse things uppercase
it like it might be something different, and then mis-use the word
database.

> For one, I've already chosen "KeePass" as my electronic passwd database;

whateva.

> That's the key unanswered question for this thread to resolve.

tldr.

[Dan Purgert]

arlen holder wrote:
> [...]

> What's frustrating to me is that I lack the networking debugging skills to
> figure out why _neither_ Android tool will connect to my PC shares.

Likely incompatible SMB versions. E.g. your win 10 box only allows
SMBv3; but the android client is SMBv2.

> Here's my situation by way of explanation:

> [...]

> 2. There are many access points in between - and a few routers.

Assuming a properly configured (flat) network; between any two wireless
clients, there should be:

* Zero routers (yes, I know the thing your ISP gives you is called "a
router", but LAN-to-LAN stuff never passes through the routing stack)
* One or two APs
* If clients are on separate APs, one or more switches.

> 3. What that means is that NETBIOS broadcasts are blocked (by default).
> (As an aside, I never figured out how to unblock them on the radios.)

If you're using *routers* as wireless APs, there are a few possibilities
that immediately spring to mind. The simplest would be that you've set
up every router/AP combo unit to route, rather than turning that
functionality off.

>
> Even so, it's _easy_ to have the two PC's communicate:
> A. I can easily copy the shared files back and forth between PCs:
> copy \\192.168.1.100\sharename\passwd.kdbx c:\tmp\passwd.kdbx

In this case, is the client _also_ part of the same subnet? (Presumably
192.168.1.0/24)

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:

> On Sun, 20 Jan 2019 06:29:12 -0500, nospam wrote:
>
>> email addresses are unique.
>> the platform doesn't matter.
>
> Hi nospam,
>
> This may be one of the rare cases where you know more than I do
> since I don't understand WHAT the heck Poutnik is asking about.
>
> So you may have to help him (or someone else who understands
> why he is asking about a "platform" and what "id" he's asking about.

By platform( not limited to OS platform), I mean a particular
place ( not limited to web sites)
where email address is used as the id.

>
> That web site is pretty simple <https://haveibeenpwned.com/>
>
> o You enter in an email address and hit the "pwned?" button.
> o It tells you whether you've been pwned.

I used just search by email address on the home page.

But there is not explicitly stated it is for the email accounts.

It just checks email id.

It is IMHO not possible for an mail account to be breached on 10
places, unless it means published on 10 sites by
hackers.

But accounts using the same email id could be.

[Libor Striz]

Dan Purgert <d...@djph.net> Wrote in message:
> arlen holder wrote:
>> [...]

>>
>
> Likely incompatible SMB versions. E.g. your win 10 box only allows
> SMBv3; but the android client is SMBv2.
>

You may hit the head of the nail here.

I do remember that after some updating my Windows Vista (I know, I
know..) some years ago,
SyncMe wireless stopped working.

By googling I realized the app author said the same, that windows
insisted on higher SMB version than SyncMe was able to
manage.

There was suggested a workaround, ( I guess it was a registry
tweak), forcing Windows to fallback or directly use the lower
SMB version, and than it works.

I am not sure, what SMB version is used by the mentioned Total
Commander for LAN access.

[Libor Striz]

Libor Striz <poutnik4R...@CAPITALSgmail.com.INVALID> Wrote
in message:

>
>
>
>

> It is IMHO not possible for an mail account to be breached on 10
> places, unless it means published on 10 sites by
> hackers.

P.S.: it would be paste accounts, if I understand well their
terminology,
but there was no paste account found.

[arlen holder]

On Sun, 20 Jan 2019 12:12:53 -0000 (UTC), Dan Purgert wrote:

> You would have a better time of things by using a server with the
> "master(tm)" copy, as the main problem with any manual-update based tool
> is remembering to send the file to the other devices.

Hi Dan,
I agree with you that a "master" passwod.kdbx file makes sense.
(A copy is fine also ... where it's only a minor philosophical difference.)

The three approaches, as I understand the problem set, are:
1. Maintain a local (partial) copy of the master passwd file on each device
2. Maintain a Master passwd file on some kind of local cloud share
3. Same as #2 with the only difference being it's a copy of the Master file

All three approaches hinge on the ability to pass "a file" back & forth.

Since Apple products generally have the most cross-platform issues,
I've tested the non-Apple products & only have a problem with Android.

That is:
a. Linux can use smbclient to copy the passwd file from a Windows share
b. Windows can use "copy" to copy the passed file from a Windows share
c. Android _should_ be able to do the same thing but fails.

Right now I'm trying to figure out why Android can't access a Windows
network share using either the SyncMe Wireless or AndSMB clients.

> Nextcloud / Owncloud (or similar "cloud storage" software that has sync
> clients for all* platforms) is a relatively easy solution to that
> problem. If you didn't want to include phones, cronjobs would be
> perfectly fine as well.

Networking is a LOT easier if we ignore the mobile devices.
But they are critical to the problem set.

The main problem, as I see it, with NextCloud/OwnCloud, is what we
discussed earlier this week about needing a 100% Linux server.

Yes, with heroics, they can be made to work on Windows, but it's my
understanding that you literally must be an expert to be successful.

If folks disagree, then I'll simply ask them for the exact steps, so that I
can cut and paste them, to get them to work on Windows.

A viable option, of course, is a $35 Raspberry Pi that can act as the
full-time Linux server - but that takes expertise also.

> * Well, Owncloud has windows / linux / mac / android / iOS.

We have to differentiate between *servers* & *clients*.
The _client_ is never the problem when owncloud solutions are discussed.
The problem is the server.

It's my understanding that the only viable server is a Linux server.
that means Linux has to be running 24/7.
In my network, it's Windows that runs 24/7 - not Linux.

Linux runs about 20% of the time on my network.

So while Linux is always important (it's the portal to iOS for example),
Linux is only used when it's needed.

> meaning to read up on nextcloud as a replacement, but it's not the
> highest priority right now.

Philosophically, it seems OwnCloud is a "bad choice" for now, except for
legacy setups, based on the sour business issues, so it would be NextCloud
for anyone starting fresh (as I recall the conversation).

Even so, it's my understanding only a Windows hero could get it to work.
Maybe that's not the case - but that's my understanding.

Anyone who disagrees could easily post a step by step tutorial for setting
it up on Windows and I'd be glad to test it out - but I doubt anyone will
write that tutorial. I'ver personally written extremely many tutorials, so
I know how difficult step-by-step tutorials are to write.

> SMB / CIFS / samba is doable on a linux-based server as well.

Again, we have to mention "clients" or "servers", although I agree that
smbclients and samba servers are extremely robust on Linux.

So I'm not in the least worried - as I used to network the old Macs of the
90's era using columbia appletalk (caps) and the old SunOS machines (maybe
it was Solaris by then) with Windows (probably Win95 or Win2K).

Samba servers and smbclient clients are robust on Linux, so that's never
going to be the problem. Linux is easy. It's just not running full time on
most networks - so that's the only reason that Linux isn't the central
server for this home-network situation.

That's too bad that Linux doesn't run full time as a full-time Linux server
would solve most of the networking problems, given how robust Linux is
compared to the other platforms.

> to behave better when dealing with cross-platform setups; at least in my
> experience.

I agree with you that Linux behaves best cross platform as both server and
client.

The problem is simply that there is no dedicated Linux server 24/7 on most
home networks, including mine.

Some day I'll set up a $35 raspberri Pi as a dedicated 24/7 Linux server.

> Granted, the last time I _needed_ a samba share was years ago; Windows
> mya have gotten less sucky since 8/8.1.

Windows actually sucks at SMB (IMHO) due to the inability to change ports.
Other than that, SMB is the "native" solution for Windows.
SMB works just fine on Linux.

It's Android that has the problem with the ports not being the same as the
ports for Windows. As I recall (Frank Slootweg knows this better than I do)
o Android (non root) won't allow you to use ports below 1024
o Windows won't allow you to use the ports above 1024

So it's a catch 22.
I don't know how the SyncMe Wireless and AndSMB clients are supposed to
work non root.

Maybe someone on this newsgroup knows more than I do about this, because I
don't know ANYTHING about this type of networking, and, as proof, it's not
working for me to connect from Android to Windows.

Windows to Windows works fine, so we know the Windows setup is fine.

> I doubt he's running a "server" application on his phone.

I agree with you.

I _think_ the server should be the Windows box because it's 24/7 on the
network.

Just in case, though, we could easily run a server on Android.
In fact, running a WebDAV or FTP server on Android is trivial.

If folks want to try, here are the free software tools I'd recommend:
o Free WebDAV Servers on Android
<https://play.google.com/store/apps/details?id=com.zq.webdav.app_free>
<https://play.google.com/store/apps/details?id=com.theolivetree.webdavserver>

o Free FTP Servers on Android
<https://f-droid.org/en/packages/be.ppareit.swiftp_free/>
<https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver>

The main problem with putting the MASTER passwd.kdbx file on Android
using a WebDAV or FTP server is simply that the Android device also
isn't on the network 24/7.

The only device on "most" home networks (at least on mine) that is on
24/7 is the router itself (which has a USB slot) and the Windows machines.

(As an aside, I should figure out how to use that empty USB port in the
back of the SOHO router - maybe it can host the Master kdbx file?)

[arlen holder]

On Sun, 20 Jan 2019 12:15:25 -0000 (UTC), Jasen Betts wrote:

> 773 accounts exposed 2 years ago... not exactly current events.

Hi Jason Betts,

By now you should have re-read that article a few times.
Maybe the point of that article will have sunk in by the third read.
But it doesn't seem like the information _has_ sunk in to your brain.

The problem is that I can't make you comprehend the obvious.
I just can't.

Your brain is going to have to perceive what is "new" in that database.
You can claim it's old information - but it contains new information.

I'm not sure I have the skills to explain something that obvious to you.

I'm not sure where you got your data from, but the article I referred to
was dated January 17 (which is a couple days ago) and I also read other
articles which provided more information, all of which is current news.

What's new is a "series" of events, some of which are certainly old,
but others of which are stated in the article as being new occurrences
(such as the momentary exposure), and others of which are the access for
free to all of us (the web site for the search).

Nonetheless, you can continue to act like a child, Jason Betts.
By you acting like a child - we all have to suffer your idiocy.
But explaining the obvious to you gets us nowhere, Jason Betts.

You _always_ act like a child - and I am confronting you frontally on that.

I chose that particular article out of many simply because it was from a
highly respected entity (i.e., Consumers Union), where I clearly said in
the opening post that there was no need to "delve into the details".

You have to remember, Jason Betts, that your post added zero value.
Your post seemed, to me, to be ill intended - with malice on your part.
Your post seemed, to me, to be intended to be a waste of our time.

Hence I responded to your purposefully unhelpful post as I did.
If you want to CHANGE your attitude - then please do.

I will respond, as always, as if I'm a mirror of your perceived intent.

> you come here abusing technical terms like "passwd" which is not a
> pure synnonym for password, and then further confuse things uppercase
> it like it might be something different, and then mis-use the word
> database.

Hi Jason Betts,

I know you and I know something about you.
o You _always_ act like a child, Jason Betts.
o You _never_ intend anything but malice, Jason Betts.

You never add a single iota of technical value to any thread, Jason Betts.
You _love_ to play childishly silly semantic games, Jason Betts.

*With that in mind, you now say I'm _abusing_ the term" "passwd".*

Jesus Christ, Jason Betts.
Do you have any other silly semantic games you want to play?

If I mail you a child's coloring book - will that keep you occupied enough?
(Anything to keep you off of Usenet will benefit everyone else.)

> whateva.

What a child you prove to be, Jason Betts.
I don't have to prove that - you prove it yourself.

> tldr.
What a child you prove to be, Jason Betts.
Your own words prove that you own the mind of a child, Jason Betts.

Look Jason Betts,
If you want to bully a thread, then expect to be confronted, Jason Betts.
You act, always, like a child, Jason Betts.

Don't blame me for simply pointing out two things, Jason Betts:
1. You _never_ post with purposefully helpful intent, Jason Betts.
2. Hence, you always _waste_ everyone's time with your drivel.

What you don't like, Jason Betts, is that I confront you bullies.
Go and play your silly childish semantic games elsewhere.

We are actually trying to accomplish something with this thread.
1. People can see whether they've been pwned
2. People can set up an encrypted database on all platforms
3. What we're working on now, is passing the MASTER file

This solution of being able to share a shared file on a home network
(whether that shared file is a copy or not is immaterial), is a very useful
capability which almost all home networks would benefit from.

Your purposefully unhelpful posts, Jason Betts, detract from that goal.

[arlen holder]

On Sun, 20 Jan 2019 13:55:34 +0100 (GMT+01:00), Libor Striz wrote:

> You may hit the head of the nail here.

I think Dan is almost certainly correct.
Especially if you, Poutnik, say that SyncMe stopped working.

It may be that SMB clients just do not work on Android to Windows
(unless rooted).

I suspect that the SyncMe Wireless app is just another SMB client
(although the description doesn't seem to outright say that it is).

I have never really understood SMB (client/servers) on Android.

I will re-read the excellent information Frank Slootweg posted here:
o What's the best way to forward SMB TCP port 445 to something higher than 1024 on Windows?
<https://groups.google.com/d/msg/comp.mobile.android/3QQ8bAZeXNI/p7yqvwHrBQAJ>

BTW, I never claim to be an expert in networking.
In fact, I'm a networking noob.

The way I get networking "to work" is by rote empirical testing.
o I try stuff.
o If that doesn't work - I try more stuff.

It would be nice if someone who knows networking can test if they can get
either SyncMe Wireless or the AndSMB client to work with a Win10 share.

What' VALUABLE is being able to share files without having to start a
SERVER on the mobile device. We can all start servers on the mobile device
and we all know that works.

But what I've never seen a good tutorial on is how to NOT start a server on
the mobile device and _still_ share a file, over WiFi, on the home network.

[Paul]

Dan Purgert wrote:
> arlen holder wrote:
>> [...]
>> What's frustrating to me is that I lack the networking debugging skills to
>> figure out why _neither_ Android tool will connect to my PC shares.
>
> Likely incompatible SMB versions. E.g. your win 10 box only allows
> SMBv3; but the android client is SMBv2.

Not true.

Out of the box, Windows 10 does SMBV3 and SMBV2.

In Win10, via Control Panels : Programs and Features : Windows Features
there are two SMBV1 items you can "tick" and they will install.
This allows sharing with WinXP and any other OS having that
limitation (my old Mac perhaps, which seldom does file sharing
at the best of times - race condition on authentication dialog).

There are still plenty of nuances and bugs out there though.
Because it has "versions" and "dialects" or something. And
it has error messages such as "Need more information", which
is really really explicit about exactly what's missing
and what flavoring it might be (40 bit versus 128 bit encryption?).

I tried to use Wireshark once, but there was one bitfield at
the time, which the dissector would not handle, and I didn't
feel sufficiently motivated to track down some header file
and start decoding it. You could in principle use Wireshack
to gather additional info about a file sharing problem,
if the dissector was sufficiently featureful. And for something
like SMB, that would likely be a ton of work for someone.

Paul

[arlen holder]

On Sun, 20 Jan 2019 12:39:10 -0000 (UTC), Dan Purgert wrote:

> If you're using *routers* as wireless APs, there are a few possibilities
> that immediately spring to mind. The simplest would be that you've set
> up every router/AP combo unit to route, rather than turning that
> functionality off.

Hi Dan,
My "network" is both simple and complex at the same time.
(It's early in the morning so I won't snap photos - you'll have to believe
me.)

It's simple because it's all 192.168.1.x/24 (i.e., netmak 255.255.255.0).

But it's complex in that it contains a few routers, switches, and a dozen
access points, which aren't your "normal" access points (these go for
miles, instead of just feet).

My APs are mostly Ubiquiti & Mikrotik transceivers, where I'll
re-use some pics I posted long ago on the net of just one here):
<https://u.cubeupload.com/EZvpx3.jpg>

I also have a handful of Mikrotick and Netgear switches in the network.

On my roof I have a radio which is my Internet feed (via WISP) from about
30 miles away by road, but only about 3 or so miles as the crow flies.
(There is no cable where I live since I live high up in the mountains.)

In fact, the cellular signal is so bad that the carrier gave me _both_ a
femtocell and a cellular repeater for my (rather large) home.
<https://u.cubeupload.com/RJ3cs6.jpg>
<https://u.cubeupload.com/RU3rGl.jpg>
<https://u.cubeupload.com/sSOph0.jpg>
<https://u.cubeupload.com/jqV5cR.jpg>
<https://u.cubeupload.com/RLxLv5.jpg>
<https://u.cubeupload.com/RUsTGy.jpg>
etc.

The point is that the network is both nothing like your "normal" network
with a cable modem and a router, but it's kludged together, where the
Mikrotick transceiver blocks NETBIOS broadcasts by default which is why I
have to use the IP address to connect via SMB.

However, it's "just" a normal network in the end, no matter the kludges.

In short, as long as I use the IP address (and not the computer name),
everything normally works fine desktop to desktop.

[Libor Striz]

arlen holder <ar...@arlen.com> Wrote in message:

> On Sun, 20 Jan 2019 13:55:34 +0100 (GMT+01:00), Libor Striz wrote:
>
>>
> It may be that SMB clients just do not work on Android to Windows
> (unless rooted).
>
> I suspect that the SyncMe Wireless app is just another SMB client
> (although the description doesn't seem to outright say that it is).

Note that after the workaround applied it started working again.

And, I do think SyncMe wireless is a SMB client.

This link may provide useful info
About detecting and tweaking allowed SMB version on various
Windows OSs. It looks familiar, it is possible I used in past
this one:

https://support.microsoft.com/en-us/help/2696547/how-to-detect-ena
ble-and-disable-smbv1-smbv2-and-smbv3-in-windows-and

>
> I have never really understood SMB (client/servers) on Android.
>
> I will re-read the excellent information Frank Slootweg posted here:
> o What's the best way to forward SMB TCP port 445 to something higher than 1024 on Windows?
> <https://groups.google.com/d/msg/comp.mobile.android/3QQ8bAZeXNI/p7yqvwHrBQAJ>
>
> BTW, I never claim to be an expert in networking.
> In fact, I'm a networking noob.
>
> The way I get networking "to work" is by rote empirical testing.
> o I try stuff.
> o If that doesn't work - I try more stuff.
>
> It would be nice if someone who knows networking can test if they can get
> either SyncMe Wireless or the AndSMB client to work with a Win10 share.
>
> What' VALUABLE is being able to share files without having to start a
> SERVER on the mobile device. We can all start servers on the mobile device
> and we all know that works.
>
> But what I've never seen a good tutorial on is how to NOT start a server on
> the mobile device and _still_ share a file, over WiFi, on the home network.
>

[Dan Purgert]

arlen holder wrote:
> On Sun, 20 Jan 2019 12:12:53 -0000 (UTC), Dan Purgert wrote:
>
>> You would have a better time of things by using a server with the
>> "master(tm)" copy, as the main problem with any manual-update based tool
>> is remembering to send the file to the other devices.
>
> Hi Dan,
> I agree with you that a "master" passwod.kdbx file makes sense.
> (A copy is fine also ... where it's only a minor philosophical difference.)

One copy ultimately should always be the one all others are compared
against, else the copies will start to drift (e.g forget to update the
tablet when you update a password, then add things there ...)

>
> The three approaches, as I understand the problem set, are:
> 1. Maintain a local (partial) copy of the master passwd file on each device

Well, i never said "partial" ...

> 2. Maintain a Master passwd file on some kind of local cloud share
> 3. Same as #2 with the only difference being it's a copy of the Master file

Er .. you seem to be confusing terms here.

>
> All three approaches hinge on the ability to pass "a file" back & forth.

Yup, there aren't any database-driven managers. Could be nice, but
security becomes an issue.

> Since Apple products generally have the most cross-platform issues,
> I've tested the non-Apple products & only have a problem with Android.

> [...]

> Right now I'm trying to figure out why Android can't access a Windows
> network share using either the SyncMe Wireless or AndSMB clients.

See Message <slrnq48qv...@xps-linux.djph.net> .

>
>> Nextcloud / Owncloud (or similar "cloud storage" software that has sync
>> clients for all* platforms) is a relatively easy solution to that
>> problem. If you didn't want to include phones, cronjobs would be
>> perfectly fine as well.
>
> Networking is a LOT easier if we ignore the mobile devices.
> But they are critical to the problem set.

Good thing I didnt ignore them then.

>
> The main problem, as I see it, with NextCloud/OwnCloud, is what we
> discussed earlier this week about needing a 100% Linux server.

Then you misunderstood why I was telling you to use just one OS as the

server.
>
> Yes, with heroics, they can be made to work on Windows, but it's my
> understanding that you literally must be an expert to be successful.

No, but it is a fight, because Microsoft's way of doing things is pretty
bad. Seems that they ultimately run in docker containers or Linux VMs
on a Win host.

>
> If folks disagree, then I'll simply ask them for the exact steps, so that I
> can cut and paste them, to get them to work on Windows.

https://doc.owncloud.org/server/10.0/admin_manual/installation/docker/index.html

https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#installing-on-windows-virtual-machine

>
> A viable option, of course, is a $35 Raspberry Pi that can act as the
> full-time Linux server - but that takes expertise also.

If you count "follow the instructions" as "expertise", I guess.

>
>> * Well, Owncloud has windows / linux / mac / android / iOS.
>
> We have to differentiate between *servers* & *clients*.
> The _client_ is never the problem when owncloud solutions are discussed.
> The problem is the server.
>
> It's my understanding that the only viable server is a Linux server.
> that means Linux has to be running 24/7.
> In my network, it's Windows that runs 24/7 - not Linux.

So use a VM / Docker / a RPi, as pointed out above.

>
> Linux runs about 20% of the time on my network.
>
> So while Linux is always important (it's the portal to iOS for example),
> Linux is only used when it's needed.

Well, looks like "it's needed" has just jumped quite a bit (at least on
some spare box / VM / whatever).

>
>> meaning to read up on nextcloud as a replacement, but it's not the
>> highest priority right now.
>
> Philosophically, it seems OwnCloud is a "bad choice" for now, except for
> legacy setups, based on the sour business issues, so it would be NextCloud
> for anyone starting fresh (as I recall the conversation).

Everyone is always mad about something. My understanding was that Frank
(the original dev) didn't like the way tgey went corporate.

>
> Even so, it's my understanding only a Windows hero could get it to work.
> Maybe that's not the case - but that's my understanding.

takes a windows hero to install a VM?

>
> Anyone who disagrees could easily post a step by step tutorial for setting
> it up on Windows and I'd be glad to test it out - but I doubt anyone will
> write that tutorial. I'ver personally written extremely many tutorials, so
> I know how difficult step-by-step tutorials are to write.

Funny, both Next- and Owncloud have them. Granted, they start with "so
Microsoft is stuck in 1999 and only allowing 32 bit for PHP .. and
they're not so fast with the uptake of PHP7, so ... use Docker or a VM".

>
>> SMB / CIFS / samba is doable on a linux-based server as well.
>
> Again, we have to mention "clients" or "servers", although I agree that
> smbclients and samba servers are extremely robust on Linux.
>
> So I'm not in the least worried - as I used to network the old Macs of the
> 90's era using columbia appletalk (caps) and the old SunOS machines (maybe
> it was Solaris by then) with Windows (probably Win95 or Win2K).
>
> Samba servers and smbclient clients are robust on Linux, so that's never
> going to be the problem. Linux is easy. It's just not running full time on
> most networks - so that's the only reason that Linux isn't the central
> server for this home-network situation.
>
> That's too bad that Linux doesn't run full time as a full-time Linux server
> would solve most of the networking problems, given how robust Linux is

> compared to the other platforms.A

Good news! We have virtual machines.

>
>> to behave better when dealing with cross-platform setups; at least in my
>> experience.
>
> I agree with you that Linux behaves best cross platform as both server and
> client.
>
> The problem is simply that there is no dedicated Linux server 24/7 on most
> home networks, including mine.
>
> Some day I'll set up a $35 raspberri Pi as a dedicated 24/7 Linux server.

Why not a $0 VM? If the host PC is already turned on all the time,
you've got the fix right there.

>
>> Granted, the last time I _needed_ a samba share was years ago; Windows
>> mya have gotten less sucky since 8/8.1.
>
> Windows actually sucks at SMB (IMHO) due to the inability to change ports.
> Other than that, SMB is the "native" solution for Windows.
> SMB works just fine on Linux.

Well, SMB does have defined ports that're supposed to be used if you
expect "plug and play" (aka "zero config").

>
> It's Android that has the problem with the ports not being the same as the
> ports for Windows. As I recall (Frank Slootweg knows this better than I do)
> o Android (non root) won't allow you to use ports below 1024
> o Windows won't allow you to use the ports above 1024

Android should _never_ need to be running servers.

>
> So it's a catch 22.
> I don't know how the SyncMe Wireless and AndSMB clients are supposed to
> work non root.

connect some ephemeral port to the server's defined port. Same as how
nearly every other comm protocol works.

>
> Maybe someone on this newsgroup knows more than I do about this, because I

> [...]

> Windows to Windows works fine, so we know the Windows setup is fine.

See that post I mentioned above.

>
>> I doubt he's running a "server" application on his phone.
>
> I agree with you.
>
> I _think_ the server should be the Windows box because it's 24/7 on the
> network.
>
> Just in case, though, we could easily run a server on Android.
> In fact, running a WebDAV or FTP server on Android is trivial.

Ugh, i hate the idiots who keep writing server applivations for phones.
That's not the right way to do things.

> The main problem with putting the MASTER passwd.kdbx file on Android
> using a WebDAV or FTP server is simply that the Android device also
> isn't on the network 24/7.

Precisely why running a server application on a client device is daft.

>
> The only device on "most" home networks (at least on mine) that is on
> 24/7 is the router itself (which has a USB slot) and the Windows machines.
>
> (As an aside, I should figure out how to use that empty USB port in the
> back of the SOHO router - maybe it can host the Master kdbx file?)

That's usually the point ... unless it can only be a printserver.

[Dan Purgert]

arlen holder wrote:
> On Sun, 20 Jan 2019 13:55:34 +0100 (GMT+01:00), Libor Striz wrote:
>
>> You may hit the head of the nail here.
>
> I think Dan is almost certainly correct.
> Especially if you, Poutnik, say that SyncMe stopped working.
>
> It may be that SMB clients just do not work on Android to Windows
> (unless rooted).

That is not the case at all.

> [...]

> BTW, I never claim to be an expert in networking.
> In fact, I'm a networking noob.

That explains kind of a lot ...

>
> The way I get networking "to work" is by rote empirical testing.
> o I try stuff.
> o If that doesn't work - I try more stuff.
>
> It would be nice if someone who knows networking can test if they can get
> either SyncMe Wireless or the AndSMB client to work with a Win10 share.

Sure does. Have to enable SMBv1 on win10.

>
> But what I've never seen a good tutorial on is how to NOT start a server on
> the mobile device and _still_ share a file, over WiFi, on the home network.

andFTP, using the sftp option.
easysshfs or sshfsandroid, if sshfs is more your thing.

Granted, neither of those are "to windows" solutions, because win doesnt
have the requisite servers. Then again, perhaps WSL could help.

[Frank Slootweg]

arlen holder <ar...@arlen.com> wrote:
[...]

> Windows actually sucks at SMB (IMHO) due to the inability to change ports.
> Other than that, SMB is the "native" solution for Windows.
> SMB works just fine on Linux.
>
> It's Android that has the problem with the ports not being the same as the
> ports for Windows. As I recall (Frank Slootweg knows this better than I do)
> o Android (non root) won't allow you to use ports below 1024
> o Windows won't allow you to use the ports above 1024
>
> So it's a catch 22.
> I don't know how the SyncMe Wireless and AndSMB clients are supposed to
> work non root.

Non-root Android is only a problem for SMB-*servers*. As you say,
SyncMe Wireless and AndSMB are SMB-*clients* and there is no port-range
problem for clients.

As to your problem of SyncMe Wireless and AndSMB not working with your
Windows Network Share, Libor Striz may be on to something: SyncMe
Wireless (probably) using SMB1 protocol and SMB1 not being enabled by
default on your Windows platform. See my response to Libor Striz.

[...]

[Frank Slootweg]

Libor Striz <poutnik4R...@capitalsgmail.com.invalid> wrote:
> Dan Purgert <d...@djph.net> Wrote in message:
> > arlen holder wrote:
> >> [...]
> >
> > Likely incompatible SMB versions. E.g. your win 10 box only allows
> > SMBv3; but the android client is SMBv2.
> >
> You may hit the head of the nail here.
>
> I do remember that after some updating my Windows Vista (I know, I
> know..) some years ago,
> SyncMe wireless stopped working.
>
> By googling I realized the app author said the same, that windows
> insisted on higher SMB version than SyncMe was able to
> manage.
>
> There was suggested a workaround, ( I guess it was a registry
> tweak), forcing Windows to fallback or directly use the lower
> SMB version, and than it works.

AFAICT, from the SyncMe Wireless 'forum' (Google+ Community), SyncMe
Wireless indeed uses SMB1 protocol and only SMB1.

I can't remember having to do anything special for letting SyncMe
Wireless access the Network Shares of my Windows 8.1 system, so I can
not relate to your comment about Windows Vista.

But for my (Synology DS115j) NAS, I *did* have to change the 'Minimum
SMB protocol' from SMB2 to SMB1.

If Arlen confirms he indeed uses Windows 10 (and Windows 10 only),
perhaps someone can tell whether or not SMB1 is enabled by default on
Windows 10 that version, and if not, how to enable it.

[...]

[Libor Striz]

Dan Purgert <d...@djph.net> Wrote in message:

> Android should _never_ need to be running servers.

Sometimes it is useful
to have a temporary server,
e.g a file server plugin of Total Commander,
when one phone acts over a wifi
as a file server
and the other as a client.


Or, some server components of remote control software like TeamViewer.

[Dan Purgert]

arlen holder wrote:
> On Sun, 20 Jan 2019 12:39:10 -0000 (UTC), Dan Purgert wrote:
>
>> If you're using *routers* as wireless APs, there are a few possibilities
>> that immediately spring to mind. The simplest would be that you've set
>> up every router/AP combo unit to route, rather than turning that
>> functionality off.
>
> Hi Dan,
> My "network" is both simple and complex at the same time.
> (It's early in the morning so I won't snap photos - you'll have to believe
> me.)
>
> It's simple because it's all 192.168.1.x/24 (i.e., netmak 255.255.255.0).
>
> But it's complex in that it contains a few routers, switches, and a dozen
> access points, which aren't your "normal" access points (these go for
> miles, instead of just feet).

Use those all the time. Theres nothing in your description that
warrants more than one router though.

If you've done it right, the nanostations (whatever) are all set WDS
Transparent, and unless the signal is bad, don't come into play with
your problems.

> [...]

> The point is that the network is both nothing like your "normal" network
> with a cable modem and a router, but it's kludged together, where the
> Mikrotick transceiver blocks NETBIOS broadcasts by default which is why I
> have to use the IP address to connect via SMB.

It shouldn't; unless you've misconfigured it.

[Dan Purgert]

Frank Slootweg wrote:
> Libor Striz <poutnik4R...@capitalsgmail.com.invalid> wrote:
>> Dan Purgert <d...@djph.net> Wrote in message:
>> > arlen holder wrote:
>> >> [...]
>> >
>> > Likely incompatible SMB versions. E.g. your win 10 box only allows
>> > SMBv3; but the android client is SMBv2.
>> >
>> You may hit the head of the nail here.
>>
>> I do remember that after some updating my Windows Vista (I know, I
>> know..) some years ago,
>> SyncMe wireless stopped working.
>>
>> By googling I realized the app author said the same, that windows
>> insisted on higher SMB version than SyncMe was able to
>> manage.
>>
>> There was suggested a workaround, ( I guess it was a registry
>> tweak), forcing Windows to fallback or directly use the lower
>> SMB version, and than it works.
>

> [...]

> If Arlen confirms he indeed uses Windows 10 (and Windows 10 only),
> perhaps someone can tell whether or not SMB1 is enabled by default on
> Windows 10 that version, and if not, how to enable it.
>

As of fall 2017 (IIRC) it's forced off. You have to (re-)enable by hand
via control panel > programs > add / remove windows features.

NOTE: wording may be off, going from memory.

[Frank Slootweg]

Paul <nos...@needed.invalid> wrote:
> Dan Purgert wrote:
> > arlen holder wrote:
> >> [...]
> >> What's frustrating to me is that I lack the networking debugging skills to
> >> figure out why _neither_ Android tool will connect to my PC shares.
> >
> > Likely incompatible SMB versions. E.g. your win 10 box only allows
> > SMBv3; but the android client is SMBv2.
>
> Not true.
>
> Out of the box, Windows 10 does SMBV3 and SMBV2.
>
> In Win10, via Control Panels : Programs and Features : Windows Features
> there are two SMBV1 items you can "tick" and they will install.
> This allows sharing with WinXP and any other OS having that
> limitation (my old Mac perhaps, which seldom does file sharing
> at the best of times - race condition on authentication dialog).

Bingo! My Windows 8.1 system - with which the mentioned 'SyncMe
Wireless' Android app *does* work - has 'SMB 1.0/CIFS Sharing Support'
*ticked*.

Remains the question why Arlen apparently did not get a meaningfull
error message from SyncMe Wireless, while I apparently did get such a
message (because - as I mentioned in another response - I changed the
'Minimum SMB protocol' of my NAS from SMB2 to SMB1).

[...]

[Dan Purgert]

Because he did, but didn't understand the message. :)

[Mike Easter]

arlen holder wrote:
> Some day I'll set up a $35 raspberri Pi as a dedicated 24/7 Linux server.

I'm not crystal-clear on how your network exists in 'everyday life'.

I understand that you have a variety of devices running iOS, android,
Win, and linux; and that about 20% of the time you are in linux.

It might be helpful to know the percentages for the other devices, just
to get a sense of the balance of things.

What would be the MOST helpful (at least to me) would be to have a
clearer picture of exactly WHAT sort of device is running ALL the time
that provides a storage for various files which you want to be able to
access with all of the devices.

Presumably there is a router; maybe there is a network attached storage
device; and those two would have to be running all the time; but maybe
instead there is a Win device such as a desktop that is running 'all the
time' and its local storage is where the 'central' file is kept.

While I'm trying to imagine how your LAN's devices OSes are integrating
with each other, the first question that pops into my head is a need
some kind of picture of the LAN, because it seems that such as a Pi or
other similar system would be the best ingredient for the LAN.

--
Mike Easter

[Chris]

On 20/01/2019 12:23, Dan Purgert wrote:
> nospam wrote:
>> In article <q21kon$9ff$1...@dont-email.me>, Libor Striz
>> <poutnik4R...@CAPITALSgmail.com.INVALID> wrote:
>>> [...]
>>> but an ID reuse.
>>
>> email addresses are unique.
>
> I believe he's making the argument that if he finds
> "nos...@example.invalid" has been compromised, he has no way of knowing
> whether it's
>
> * the email address at "example.invalid"
> * the userID (when User=emailAddress) at some website somewhere.

Usually that's true. However, haveibeenpwned does give list of the
sources of where the email had been seen (e.g. linkedin) if it's seen a
specific site's breach. So, if you see that linkedin, myspace, etc have
been implicated then they'd be a good start to change.

>>> If I knew the platform,
>>> there would be no need to change passwords everywhere the ID is used.
>>
>> the platform doesn't matter.
>>
>> if your email or password is in their list, you're at risk for being
>> pwned if you haven't been already. change passwords *now* and enable
>> real 2fa, not the sms crap.
>
> I agree entirely on this point. The trouble becomes when you've
> forgotten that you were a member of $webForums and now seeing that your
> email address got compromised, but not knowing it was on _that_ site; so
> your compromised account continues to be, well, compromised there.

That is true. However, if you change the password for all those that you
*do* remember then you can guarantee that the unknown compromised site
won't be a vector to your other sites.

This is why I have an email address that I only use for sites that I
don't trust and it's never used for anything remotely important. If I
forget what sites I've used it for, it doesn't matter. Nowadays that's
unlikely as I use a password manager and I know exactly how many that is.

[Mike Easter]

Mike Easter wrote:
> arlen holder wrote:
>> Some day I'll set up a $35 raspberri Pi as a dedicated 24/7 Linux server.
>
> I'm not crystal-clear on how your network exists in 'everyday life'.
>

I now see the recent msg I hadn't before:

From: arlen holder
Date: Sun, 20 Jan 2019 13:58:59 -0000 (UTC)
Message-ID: <q21ur1$v14$1...@news.mixmin.net>

... which describes some AH LAN pieces&parts involving APs & WISP &
switches, but that msg doesn't address the two main issues in my
previous msg

- what is the general % of usage of the various OSes (on or off the lan)
- what is the 'nature' of the storage which is available 100% of the time

This is by way of building the case for some single board system such as
a Pi to become the continuous storage, because it would have the
advantage of being able to be a server as well as a storage.




--
Mike Easter

[arlen holder]

On Sun, 20 Jan 2019 14:02:33 -0000 (UTC), Dan Purgert wrote:

> Good news! We have virtual machines.

> Well, SMB does have defined ports that're supposed to be used if you
> expect "plug and play" (aka "zero config").

> Android should _never_ need to be running servers.

> Well, i never said "partial" ...

Hi Dan,

All good points.
I don't actually disagree with anything you wrote.

We just put different weights on the various proposed solutions.

Thank you for your purposefully helpful input - which I appreciate.
I think we have _different_ approaches to solving this problem.

I UNDERSTAND your approach (I really do - or - um - I think I do).
I think we differ mostly in PHILOSOPHY due to our experience levels.
o You are more experienced than I am (apparently),
o Hence, what you think is easy, I consider difficult (as a general solution)

I'm seeking a SIMPLER solution than that you offer (e.g., VMs).
I'm seeking a GENERAL solution (that will work for most people).

That's where we differ philosophically - as I see the situation...

Below is a bit more detail where we differ - but that's the summary:
o Your proposed solution _will_ work - I do not disagree it will work.
o I am simply seeking a more generic, simpler, KISS solution.

*On virtual machines:*
1. I've written tutorials on setting up VMs on Windows. VMs suck.
2. We're old men; (IMHO) Docker is no better (different - but not better).
3. We old men have used emulation forever (e.g., Wine).
4. I've installed Docker - & hate it - it won't even go where it belongs.
5. In short, this short post shows I have a disdain for VMs as solutions
<https://groups.google.com/d/msg/microsoft.public.windowsxp.general/BpPrLrSCza4/HCsPaHrOAQAJ>
6. And yet, I clearly relish posting cut-&-paste "tutorials" that work (for me):
<https://groups.google.com/d/msg/microsoft.public.windowsxp.general/BpPrLrSCza4/Mo4GQS_SAQAJ>
(Note: Those are consecutive posts in the same thread - as illustrations.)

BTW, to help _others_ (as always), here's a recent VM-related tutorial:
o Have you gotten Genymotion freeware to work on an older AMD CPU on Win10?
<https://groups.google.com/d/msg/comp.mobile.android/ix9empN-mxg/07ZmH2AWAQAJ>

I have _plenty_ of experience with VMs (and I _hate_ them, in general):
o I worked personally with VM Ware for years, by the way.
o And yet, if I were to use a VM today (as I do when I must), it's VirtualBox.

I prefer _this_ solution to work sans the requirement for a VM.
If I need Linux, I'll write a tutorial setting up the raspberry pi instead.
But that won't be a "general" solution - which is always my goal.

*On partial files:*
1. Luckily, Kee Pass clones are typically designed to handle "partial" files
2. Hence, partial file merging into a master file methods "can" work.

*On Nextcloud versus OwnCloud servers & their tutorials for setup:*
1. We're old men who have been burned many times with unsupported s/w.
2. The writing is on the wall (IMHO) for the demise of OwnCloud.
3. Hence a tutorial for OwnCloud can be (read "is") worthless for NextCloud.

*On the server choice:*
1. As with the CalDAV issue - the only reasonable server is Linux.
2. However, I strive for general solutions where Linux isn't usually it.
3. Linux plays a role though - and in fact a key role - but Windows is it.
4. Having said that, it's miserable to find server software for Windows.
5. As Poutnik noted, "sometimes" it's useful for Android/iOS servers
6. Some day, I'll learn how to set up a raspberry pi as my Linux server!
(I'll write a tutorial for you when I do - but all my tutorials work 1st!)

*On the concept of "instructions" versus a step-by-step "tutorial".
1. Oh God - I can't explain this to you if you have 0 computer experience
2. Suffice to give two examples that show the difference between them
3. These are instructions (hint - they work - but they suck for noobs):
<https://www.instructables.com/id/How-To-Create-An-Android-App-With-Android-Studio/>
4. These are step-by-step cut-and-paste tutorials
(hint - my only claim is that they worked exactly as posted, for me)
<https://groups.google.com/d/msg/comp.mobile.android/aW64zYeBtF0/1b5h3r3PBAAJ>

In summary, Dan, I thank you for your purposefully helpful advice.
Everything you suggest _will_ work.
o The main problem is that it requires a VM
o Or a full-time Linux box

I'm seeking a "more general" solution that doesn't require a VM
(that general solution may not exist - which is what makes this hard).

--
PS: Ignore the "avast" triple-dash sig - it's added by the VPN I'm using.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

[arlen holder]

On Sun, 20 Jan 2019 15:33:19 +0100 (GMT+01:00), Libor Striz wrote:

> Sometimes it is useful
> to have a temporary server,
> e.g a file server plugin of Total Commander,
> when one phone acts over a wifi
> as a file server
> and the other as a client.
>
> Or, some server components of remote control software like TeamViewer.

I think we all agree that a TEMPORARY mobile-device server is useful.

For example, it's what plenty of iOS users use to xfer files over WiFi.
o How to mount the entire mobile device file system on Windows
<https://groups.google.com/d/msg/comp.mobile.ipad/ix8xgTcexAY/dlY4nLMfAgAJ>

But, as we are all aware, Apple doesn't make simple things easy:
o Why doesn't Apple just let you manage your iOS file system natively on Windows?
<https://groups.google.com/d/msg/comp.mobile.ipad/ddcUPKpR7pc/E6gjXKb_DgAJ>

Yet, with diligence and perspiration, iOS can be made to xfer files too:
o What's the easiest way to just transfer a single file from iOS over to my laptop?
<https://groups.google.com/d/msg/comp.mobile.ipad/pzK3HrzQJ4E/TAyPuQyqCQAJ>

Meanwhile, Android make such things almost trivial over USB or WiFi:
o Tutorial to run any Windows command directly on Android over either USB or Wi-Fi
<https://groups.google.com/d/msg/comp.mobile.android/JrWLPRYO-TU/2gn6KqccBwAJ>

Once you know a few tricks:
o When you plug in your phone to usb on your computer, does your file system mount on Windows 10?
<https://groups.google.com/d/msg/comp.mobile.android/qxztHvQevDY/UBjlL-pGAAAJ>
o What do you use to copy text files from Windows XP to Android over WiFi?
<https://groups.google.com/d/msg/comp.mobile.android/OkDfuDN9fZU/mFAMnIPGFQAJ>

Meanwhile, on Linux, everything (pretty much) just works (even iOS r/w automount):
o How do we most easily set up a freeware network of Windows + Linux + iOS + Android file systems
<https://groups.google.com/d/msg/alt.os.linux/tKhwlZyOhf0/oc2gJAq7CAAJ>
o Simultaneously slide Windows Linux iOS Android files back and forth over USB at 7GB per minute speeds using 100% native devices (no proprietary software needed)
<https://groups.google.com/d/msg/alt.os.linux/WqIDiVbawRs/pwxzu7LMCAAJ>

The main point is agreement with Poutnik that, sometimes, a TEMPORARY
server on the mobile device (particularly when xferring files over WiFi)
has its merits.

--
I switched VPN (I have thousands) to eliminate that Avast triple-dash sig.

[arlen holder]

On 20 Jan 2019 14:31:46 GMT, Frank Slootweg wrote:

> Non-root Android is only a problem for SMB-*servers*. As you say,
> SyncMe Wireless and AndSMB are SMB-*clients* and there is no port-range
> problem for clients.
>
> As to your problem of SyncMe Wireless and AndSMB not working with your
> Windows Network Share, Libor Striz may be on to something: SyncMe
> Wireless (probably) using SMB1 protocol and SMB1 not being enabled by
> default on your Windows platform. See my response to Libor Striz.

Hi Frank,
Thanks for that helpful information as I _knew_ you know the most
about this particular unfortunate problem.

IMHO, it's one case where Android sort of acts like Apple.
They restrict you from doing what would otherwise be trivially simple!

Sigh.
I always defer to you & to Paul on the SMB complexities.
I simply wish that SMB would work - as it would be PERFECT if it did.

Sigh.

Anyway, I'm reading up on what Paul suggested, so I started an apnote
which is not even close to being written - but here's what I have so far...

*****************************************************************************
How to get Windows SMB shares to work with Android, iOS, & Linux clients
*****************************************************************************
WIP

From Frank Slootweg (the expert on such things):
a. Non-root Android SMB is only a problem for SMB-*servers*.
b. SyncMe Wireless & AndSMB are SMB-*clients*
c. There is no port-range problem for clients.

The client may be SMB1 protocol where SMB1 may not be enabled
by default on Windows.

o Windows SMB will only listen for SMB/CIFs traffic on TCP port 445.
o Non-root Android won't allow SMB server apps access ports 1-1024.

This no longer exists: 'SMB cifs samba file server'
o <https://play.google.com/store/apps/details?id=com.imperioustech.www.sambaserver>
o "Uses Standard port 445 for rooted devices and automatically selects a suitable port for non-rooted devices."

REFERENCES:

o What's the best way to forward SMB TCP port 445 to something higher than 1024 on Windows?

o <https://groups.google.com/d/msg/comp.mobile.android/3QQ8bAZeXNI/p7yqvwHrBQAJ>

o How to detect, enable & disable SMBv1, SMBv2, & SMBv3 in Windows & Windows Server
o <https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and>

Android SMB client:
o AndSMB <https://play.google.com/store/apps/details?id=lysesoft.andsmb>
o SyncMe Wireless <https://play.google.com/store/apps/details?id=com.bv.wifisync>

Linux SMB client:
o <https://askubuntu.com/questions/749070/copy-file-with-smbclient-and-path-to-directory>
o smbclient -U user%passwd //10.0.1.250/Home --directory Public/Offline -c 'put "test.txt"'

--
I must have hundreds of started, but unfinished apnotes ... this may be one more...

[nospam]

In article <q22r2d$fb8$1...@news.mixmin.net>, arlen holder

<ar...@arlen.com> wrote:

>
> I think we all agree that a TEMPORARY mobile-device server is useful.

as usual, you think wrong.

>
> For example, it's what plenty of iOS users use to xfer files over WiFi.

no it isn't.

>
> But, as we are all aware, Apple doesn't make simple things easy:

yes they do.

>
> Yet, with diligence and perspiration, iOS can be made to xfer files too:

where 'diligence and perspiration' is a tap.

>
> Meanwhile, Android make such things almost trivial over USB or WiFi:

actually, it doesn't.

>
> Once you know a few tricks:

no tricks needed.

> Meanwhile, on Linux, everything (pretty much) just works (even iOS r/w
> automount):

not always

[Dan Purgert]

arlen holder wrote:
> On Sun, 20 Jan 2019 14:02:33 -0000 (UTC), Dan Purgert wrote:
>
>> Good news! We have virtual machines.
>> Well, SMB does have defined ports that're supposed to be used if you
>> expect "plug and play" (aka "zero config").
>> Android should _never_ need to be running servers.
>> Well, i never said "partial" ...
>
> Hi Dan,
>
> All good points.
> I don't actually disagree with anything you wrote.
>
> We just put different weights on the various proposed solutions.
>
> Thank you for your purposefully helpful input - which I appreciate.
> I think we have _different_ approaches to solving this problem.
>
> I UNDERSTAND your approach (I really do - or - um - I think I do).
> I think we differ mostly in PHILOSOPHY due to our experience levels.
> o You are more experienced than I am (apparently),
> o Hence, what you think is easy, I consider difficult (as a general solution)
>
> I'm seeking a SIMPLER solution than that you offer (e.g., VMs).
> I'm seeking a GENERAL solution (that will work for most people).

Spare PC running a Linux distro of your choice. Done and done.

>
> That's where we differ philosophically - as I see the situation...
>
> Below is a bit more detail where we differ - but that's the summary:
> o Your proposed solution _will_ work - I do not disagree it will work.
> o I am simply seeking a more generic, simpler, KISS solution.
>
> *On virtual machines:*
> 1. I've written tutorials on setting up VMs on Windows. VMs suck.
> 2. We're old men; (IMHO) Docker is no better (different - but not better).
> 3. We old men have used emulation forever (e.g., Wine).

WINE Is Not an Emulator -- it's a translator between Windows and Linux
ABIs.

>
> I have _plenty_ of experience with VMs (and I _hate_ them, in general):
> o I worked personally with VM Ware for years, by the way.
> o And yet, if I were to use a VM today (as I do when I must), it's VirtualBox.

And ...? Vbox is perfectly fine for this task.

> I prefer _this_ solution to work sans the requirement for a VM.
> If I need Linux, I'll write a tutorial setting up the raspberry pi instead.
> But that won't be a "general" solution - which is always my goal.

This makes no sense. If "the solution(tm)" is "use a linux box", then
thats the solution. Same as "use Windows" may be a solution for
whatever problem.

>
> *On Nextcloud versus OwnCloud servers & their tutorials for setup:*
> 1. We're old men who have been burned many times with unsupported s/w.
> 2. The writing is on the wall (IMHO) for the demise of OwnCloud.
> 3. Hence a tutorial for OwnCloud can be (read "is") worthless for NextCloud.

You realize the two links were each project's approach to "but I wanna
use Windows", right?

>
> *On the server choice:*
> 1. As with the CalDAV issue - the only reasonable server is Linux.
> 2. However, I strive for general solutions where Linux isn't usually it.

This is where you're getting it wrong. Linux happens to be the right
tool for the job at hand.

You don't dry driving nails with a screwdriver, do you?

> 5. As Poutnik noted, "sometimes" it's useful for Android/iOS servers

I disagree with him in that regard.

> 6. Some day, I'll learn how to set up a raspberry pi as my Linux server!
> (I'll write a tutorial for you when I do - but all my tutorials work 1st!)

Just like your "universal file sliding", right?

> I'm seeking a "more general" solution that doesn't require a VM
> (that general solution may not exist - which is what makes this hard).

It doesn't. The sooner you grok that, the better off you'll be.

[Dan Purgert]

arlen holder wrote:
> On Sun, 20 Jan 2019 15:33:19 +0100 (GMT+01:00), Libor Striz wrote:
>
>> Sometimes it is useful
>> to have a temporary server,
>> e.g a file server plugin of Total Commander,
>> when one phone acts over a wifi
>> as a file server
>> and the other as a client.
>>
>> Or, some server components of remote control software like TeamViewer.
>
> I think we all agree that a TEMPORARY mobile-device server is useful.

No, we "all" don't.

[arlen holder]

On Sun, 20 Jan 2019 15:08:25 -0000 (UTC), Dan Purgert wrote:

> Because he did, but didn't understand the message. :)

THANK YOU ALL!

*This is a quick summary of the three goals that we've achieved!*

1. We have an apparently reliable method to check if we've been pwned
2. We have cross-platform software to manage an encrypted passwd db
3. We have a means to store the Master passwd kdbx file on Windows
(we can now access that single Master passwd kdbx file - or a copy)
(on any common consumer platform: iOS, Android, Linux, Win, & Mac)

You identified EXACTLY what the networking problem was!
o Good news for me (it works!)
<http://www.bild.me/bild.php?file=9491157smb_win10_default04.jpg>
o Good news for everyone (it works - if you know how!)
<http://www.bild.me/bild.php?file=4819399smb_win10_default05.jpg>

You were right - Frank - Paul - Dan - Poutnik!
o Luckily I said earlier I was an SMB noob - because I just proved it! :)

The problem was simply that both my Windows 10 machines (that are desktops
which are on full time) are set up by default, to NOT respect SMBv1!

Here's what one machine had as the defaults (and what I changed it to):
<http://www.bild.me/bild.php?file=2299279smb_win10_default01.jpg>

Here's the similar (slightly different) default on the other Win10 machine:
<http://www.bild.me/bild.php?file=3580897smb_win10_default02.png>

The difference in the default options for the two Win10 machines is slight:
o Machine 1:
[_]SMB 1.0/CIFS File Sharing Support
[_]SMB 1.0/CIFS Automatic Removal <=== I'm not sure what this is???
[_]SMB 1.0/CIFS Client
[_]SMB 1.0/CIFS Server
[x]SMB Direct
o Machine 2:
[_]SMB 1.0/CIFS File Sharing Support
[_]SMB 1.0/CIFS Client
[_]SMB 1.0/CIFS Server
[x]SMB Direct

As for the error message, here it is in all it's glory.
<http://www.bild.me/bild.php?file=5615405smb_win10_default03.jpg>

I should have known EXACTLY what that message said, as it said, literally:
"at jcifs.e.a.c.run(Unknown Source) at java.lang.Thread.run(Thread.java: 761)"
"Connecting, please wait ..."
"Cannot change directory to /pubpc2"

What that error meant - was cryptic to me ... but to you guys, you knew
it meant: "Error: The Android SMB client is SMBv1 but the Windows 10
SMB server defaults to NOT SMBv1 - so you need to enable SMBv1 in Win10!"

Thanks for your purposefully helpful advice.
I think we have the problem solved, in that we have three things now:

*This is a quick summary of the three goals that we've achieved!*

1. We have an apparently reliable method to check if we've been pwned
2. We have cross-platform software to manage an encrypted passwd db
3. We have a means to store the Master passwd kdbx file on Windows
(we can now access that single Master passwd kdbx file - or a copy)
(on any common consumer platform: iOS, Android, Linux, Win, & Mac)

[arlen holder]

On Sun, 20 Jan 2019 13:28:00 +0100 (GMT+01:00), Libor Striz wrote:

> E.g my registration dedicated email id was found on 10 breached sites.
> There cannot be 10 sites to breach email password, the can be
> only the site carrying my email account .

Hi Poutnik,
I apologize for misunderstanding your question.

I just received this email from a friend, which asks something similar:
"My email said 'Pwned on 2 breached sites and found no pastes'.
What exactly does that mean? What are "breached sites'?
One email comes up with says: "No breached accounts and no pastes"
What is a paste?
How do I know if an old password is listed that I longer use?"

For an example, let's assume that user has 1 email address:
o ema...@gmail.com with a passwd of "gmailpw".

Let's assume that four web sites used that email for verification
o Ebay.com with a username of "ebay1", password of "ebaypw"
o Amazon.com with a username of "amazon1", password of "amazonpw'
o Outlook.com with a username of "outlook1", password of "outlookpw"
o Yahoo.with a username of "yahoo1", password of "yahoopw"

Given _that_ situation, and given the result of:
o 'Pwned on 2 breached sites and found no pastes'

*Does anyone yet know what exactly _that_ message literally tells us?*

[arlen holder]

On Sun, 20 Jan 2019 14:37:46 -0000 (UTC), Dan Purgert wrote:

> As of fall 2017 (IIRC) it's forced off. You have to (re-)enable by hand
> via control panel > programs > add / remove windows features.

Hi Dan,

Thanks for your purposefully helpful and correct advice on SMBv1.

The whole point of this thread is to improve capabilities & knowledge.
o Mine
o And that of the tribe

There is no other purpose for these types of Q&A threads.
(i.e., we're not here for chit-chat amusement).

Hence I appreciate that your advice was 100% on the mark.
As was that of Paul, Poutnik, & Frank Slootweg.

Thanks to you, I know a lot more now than I did this morning.

You are correct that Windows 10, by default, disables SMBv1 connections.
That's almost certainly because SMBv1 is said to be 'full of holes'.

*What that means is that we should only use SMBv2/v3 clients!*

*To that end, here's a test I just successfully ran to find a good client:*

1. I installed these three free SMB clients on Android Nougat 7.0
o AndSMB <https://play.google.com/store/apps/details?id=lysesoft.andsmb>
o SyncMe WiFi <https://play.google.com/store/apps/details?id=com.bv.wifisync>
o GhostCommander + SMB plugin <https://f-droid.org/packages/com.ghostsq.commander/>

2. I set up Windows 10 to allow SMBv1 (in addition to SMBv2, & SMBv3):
o Start > Run > control > OK
o Programs > Programs and Features > Turn Windows Features on or off >
o Change from:

[_]SMB 1.0/CIFS File Sharing Support
[_]SMB 1.0/CIFS Automatic Removal <=== I'm not sure what this is???
[_]SMB 1.0/CIFS Client
[_]SMB 1.0/CIFS Server
[x]SMB Direct

o Change to:
[x]SMB 1.0/CIFS File Sharing Support

[_]SMB 1.0/CIFS Automatic Removal <=== I'm not sure what this is???

[x]SMB 1.0/CIFS Client
[x]SMB 1.0/CIFS Server
[x]SMB Direct
o Reboot

3. All three free Android SMB clients work to connect to the PC share.

4. I then ran step #2 above to remove SMBv1 from Windows 10 & rebooted.

5. All three clients fail to connect, each giving different errors:
o ERROR for AndSMB: "at jcifs.e.a.c.run(Unknown Source) at java.lang.Thread.run(Thread.java: 761)" "Connecting, please wait ..." "Cannot change directory to /pubpc2"
o ERROR for SyncMe: "Connection Reset"
o ERROR for Ghost: "Alert. An exception occurred with code c0000001. Failed to connect to 0.0.0.0<00>/192.168.1.10"

6. Rooting around, I found that the free Android AndSMB client (version
4.0.1) has the option to connect using SMBv2/v3, which, when tested, works.

7. I don't see any such SMBv2/v3 option in SyncMe WiFi, which fails with
the error "Connection Reset".

8. Likewise with Ghost Commander + SMB plugin, which threw the error
"Alert. An exception occurred with code c0000001. Failed to connect to
0.0.0.0<00>/192.168.1.10"

My tentative conclusion?
a. The only known free SMBv2/v3 client for Android appears to be AndSMB.
b. There may be others; but don't use SyncMe WiFi or GhostCommander.
c. *If you know of a free SMBv2/v3 client for Android - let us know!*

--
Ignore the avast triple-dash sig; it's added by the VPN provider.

[arlen holder]

On Sun, 20 Jan 2019 13:59:19 +0100 (GMT+01:00), Libor Striz wrote:

> P.S.: it would be paste accounts, if I understand well their
> terminology, but there was no paste account found.

Hi Poutnik,
I apologize for not understanding your original question.

A friend asked me the same question as you did.
o If 2 of 4 of my accounts were breached, which ones were they?
o What is a "paste account"?

To figure the answer to those two questions out, I first looked here:
o The 773 Million Record "Collection #1" Data Breach (Jan 17)
<https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/>

Scroll down until you see the sentence:
o "But what many people will want to know is what password was exposed. "

The author explains that he never stores the passwd next to the email addy.
<https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/>

So let's say you have 1 email address, used in 4 places with 4 different
passwds, then you can type in each of the 4 passwds, and from that result,
you can determine which passwords were breached - but not whether YOUR
specific email/passwd combination was breached.
<https://haveibeenpwned.com/Passwords>

Here's what he says about that:
"Whilst I can't tell you precisely what password was against your own
record in the breach, I can tell you if any password you're interested in
has appeared in previous breaches Pwned Passwords has indexed."

Interestingly, he suggests this $ product to save all your passwds:
o 1Password <https://1password.com/>

He then says, interestingly, since we're "sort of" doing this with KeePass:
"I'm conscious that many people reading this won't be using a password
manager of any kind in the first place and that's an absolutely pivotal
part of how to deal with this incident so I'll come back to that a little
later."

Later on, he says it again:
"If you're in this breach and not already using a dedicated password
manager, the best thing you can do right now is go out and get one."

He says, essentially, you shouldn't use a password you can remember,
where he even suggests writing it down in a notebook (which makes
sense the way he means it).

Luckily, our "notebook" is KeePass (or equivalent).
And it's free.

But that was a bust on what a "paste account" means.
Googling, I find this from 2014 from the same author of the web site:
o Introducing paste searches and monitoring for Ą§Have I been pwned?Ą¨
<https://www.troyhunt.com/introducing-paste-searches-and/>

There's a section titled:
*"WhatĄŚs a paste and what does it have to do with pwned accounts?"*

"A paste is nothing more than text quite literally pasted onto a website
whereupon it receives its own unique URL so that it can then be shared with
others who may want to view the paste. The contents of a paste could be
anything ĄV a recipe, a block of code or of particular interest here, a dump
of breached accounts. "

The author says these "pastes" are often found on
o Pastebin <https://pastebin.com>
o Slexy <https://slexy.org>
o Pastie <http://pastie.org>

As for "breaches", he has an image later which explains it:
<https://www.troyhunt.com/content/images/2016/02/48704869image121.png>

So this is the difference between a breach & a paste:
o Paste: Someone pasted the email address & password to the net
o Breach: A site's data was hacked and then released publicly.

[Jasen Betts]

On 2019-01-20, arlen holder <ar...@arlen.com> wrote:
> On Sun, 20 Jan 2019 12:15:25 -0000 (UTC), Jasen Betts wrote:
>
>> 773 accounts exposed 2 years ago... not exactly current events.
>
> Hi Jason Betts,
>
> By now you should have re-read that article a few times.
> Maybe the point of that article will have sunk in by the third read.
> But it doesn't seem like the information _has_ sunk in to your brain.
>
> The problem is that I can't make you comprehend the obvious.

YOU DO NOT KNOW WHAT I AM THINKING.
YOU DO NOT KNOW WHAT I AM THINKING.
YOU DO NOT KNOW WHAT I AM THINKING.
TLDR.

>> you come here abusing technical terms like "passwd" which is not a
>> pure synnonym for password, and then further confuse things uppercase
>> it like it might be something different, and then mis-use the word
>> database.
>
> Hi Jason Betts,
>
> I know you and I know something about you.

Today you are misspelling my name. apparently you know less about me
today than you did yesterday.

> o You _always_ act like a child, Jason Betts.

You are Demonstrably unqualified to make that determination.

> o You _never_ intend anything but malice, Jason Betts.

I can't immagine why any logical person would think that.

> You never add a single iota of technical value to any thread, Jason Betts.

Maybe you can't understand it. that does not mean that is is not there.

> You _love_ to play childishly silly semantic games, Jason Betts.

I don't actually know what you're accusing me of.

> *With that in mind, you now say I'm _abusing_ the term" "passwd".*

No! Not with that in mind. I reject your inventions above, and
re-assert that "passwd" is not a synonym for "password".

> Jesus Christ, Jason Betts.
> Do you have any other silly semantic games you want to play?

that's not why I'm here.

> Look Jason Betts,
> If you want to bully a thread, then expect to be confronted, Jason Betts.
> You act, always, like a child, Jason Betts.

You asked aboout what I wrote, I answered. and now I'm some sort of
bully?

> Don't blame me for simply pointing out two things, Jason Betts:
> 1. You _never_ post with purposefully helpful intent, Jason Betts.

You have shown no effort to understand what I wrote. why should I make
an effort?

> 2. Hence, you always _waste_ everyone's time with your drivel.

> We are actually trying to accomplish something with this thread.

Yes, and it was initially unclear to me that by PASSWD you instead meant
password, I soon saw other peoples posts and presumably they were able
to guess what you meant. maybe they had never ecnountered passwd(1)
or passwd(7) that's unix speak and somewhat expected here on
alt.os.linux, I reaslise now that this is crossposed several different
ways. had I noticed the crossposting initially I would have discounted
the coincidental match for a technical tarm and exclusively looked for
a different meaning.

> Your purposefully unhelpful posts, Jason Betts, detract from that goal.

well, stop with the personal attacks.

--
When I tried casting out nines I made a hash of it.

[Libor Striz]

On 01/21/2019 05:46 AM, arlen holder wrote:

>
> The author explains that he never stores the passwd next to the email addy.
> <https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/>
>
> So let's say you have 1 email address, used in 4 places with 4 different
> passwds, then you can type in each of the 4 passwds, and from that result,
> you can determine which passwords were breached - but not whether YOUR
> specific email/passwd combination was breached.
> <https://haveibeenpwned.com/Passwords>

Hmmmmm .. but typyng a password anywhere else
than in the place to be used as a login credetial
is a security breach by itself.

>
> He says, essentially, you shouldn't use a password you can remember,
> where he even suggests writing it down in a notebook (which makes
> sense the way he means it).

But that does not apply to passphrases,
that are by principle easy to remember,
at expense of being long as there is low enthropey per character.

another exception are local passwords for login
to BIOS/disc encryption/OS, where PW managers do not help.But OTOH,
these passwords / PW hashes do not go to internet sites.


--
Libor aka The Wanderer

RFC parts violating laws by public exposing private information
cannot force me to fit them.

[Dan Purgert]

arlen holder wrote:
> On Sun, 20 Jan 2019 15:08:25 -0000 (UTC), Dan Purgert wrote:
>
>> Because he did, but didn't understand the message. :)
>
> THANK YOU ALL!
>
> *This is a quick summary of the three goals that we've achieved!*

"We". You keep using that word. I don't think it means what you think
it means.

[Dan Purgert]

arlen holder wrote:
> On Sun, 20 Jan 2019 14:37:46 -0000 (UTC), Dan Purgert wrote:
>
>> As of fall 2017 (IIRC) it's forced off. You have to (re-)enable by hand
>> via control panel > programs > add / remove windows features.
>
> Hi Dan,
>
> Thanks for your purposefully helpful and correct advice on SMBv1.
>
> The whole point of this thread is to improve capabilities & knowledge.
> o Mine
> o And that of the tribe

Except "the tribe(tm)" knew the information, and you did not.
Therefore, your assessment of the purpose seems flawed.

> [...]

> You are correct that Windows 10, by default, disables SMBv1 connections.
> That's almost certainly because SMBv1 is said to be 'full of holes'.

There's no "almost" about it. That's exactly the reason it got nuked
after wannacry.

> [...]

> My tentative conclusion?
> a. The only known free SMBv2/v3 client for Android appears to be AndSMB.

Sounds like.

[William Unruh]

On 2019-01-21, arlen holder <ar...@arlen.com> wrote:
> On Sun, 20 Jan 2019 13:59:19 +0100 (GMT+01:00), Libor Striz wrote:
>
>> P.S.: it would be paste accounts, if I understand well their
>> terminology, but there was no paste account found.
>
> Hi Poutnik,
> I apologize for not understanding your original question.
>
> A friend asked me the same question as you did.
> o If 2 of 4 of my accounts were breached, which ones were they?
> o What is a "paste account"?
>
> To figure the answer to those two questions out, I first looked here:
> o The 773 Million Record "Collection #1" Data Breach (Jan 17)
> <https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/>
>
> Scroll down until you see the sentence:
> o "But what many people will want to know is what password was exposed. "
>
> The author explains that he never stores the passwd next to the email addy.
><https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/>
>
> So let's say you have 1 email address, used in 4 places with 4 different
> passwds, then you can type in each of the 4 passwds, and from that result,
> you can determine which passwords were breached - but not whether YOUR
> specific email/passwd combination was breached.
><https://haveibeenpwned.com/Passwords>

So, you would type in one of your passwords into a random site which is
all about password theft? I presume that you would also hand your house
keys to a random person on the street who promises to tell you whether
your key is safe.



>
>
>

[Mike Easter]

Mike Easter wrote:
>  - what is the general % of usage of the various OSes (on or off the lan)
>  - what is the 'nature' of the storage which is available 100% of the time
>
> This is by way of building the case for some single board system such as
> a Pi to become the continuous storage, because it would have the
> advantage of being able to be a server as well as a storage.

Now I also see in another msg:

AH wrote:
> The problem was simply that both my Windows 10 machines (that are desktops
> which are on full time) are set up by default, to NOT respect SMBv1!

So the fact that you happen to leave 2 Win10s on continuously along with
their local storage must lead to your consideration that one of them
represents the heart or center of your LAN as a parking place for such
as caldav or passwd.

But, I think a 'better' center for ALL of your various devices would be
a singleboard such as Pi or other running a linux. Then it wouldn't
matter if you were on your Win10 or something else, and it also wouldn't
matter whether either, neither, or both of the Win10s were up.

That model would also mimic the concept of the web serving many
different devices in your LAN. That model also has the potential
'power' to be a more effective server system if you desired to improve
your structure from central storage to server with various types of clients.


--
Mike Easter

[Frank Slootweg]

Please no FUD! Being careful is of course very wise, but *this* is not
'a random site' by any stretch of the imagination.

[nospam]

In article <q2595i...@ID-201911.user.individual.net>, Frank Slootweg

<th...@ddress.is.invalid> wrote:

> > >
> > > So let's say you have 1 email address, used in 4 places with 4 different
> > > passwds, then you can type in each of the 4 passwds, and from that result,
> > > you can determine which passwords were breached - but not whether YOUR
> > > specific email/passwd combination was breached.
> > ><https://haveibeenpwned.com/Passwords>
> >
> > So, you would type in one of your passwords into a random site which is
> > all about password theft? I presume that you would also hand your house
> > keys to a random person on the street who promises to tell you whether
> > your key is safe.
>
> Please no FUD! Being careful is of course very wise, but *this* is not
> 'a random site' by any stretch of the imagination.

yep. haveibeenpwned is trustworthy, plus typing in *just* a password
gives no indication where it might be used, if at all.

[Dan Purgert]

Mike Easter wrote:
> Mike Easter wrote:
>>  - what is the general % of usage of the various OSes (on or off the lan)
>>  - what is the 'nature' of the storage which is available 100% of the time
>>
>> This is by way of building the case for some single board system such as
>> a Pi to become the continuous storage, because it would have the
>> advantage of being able to be a server as well as a storage.
>
> Now I also see in another msg:
>
> AH wrote:
>> The problem was simply that both my Windows 10 machines (that are desktops
>> which are on full time) are set up by default, to NOT respect SMBv1!
>
> So the fact that you happen to leave 2 Win10s on continuously along with
> their local storage must lead to your consideration that one of them
> represents the heart or center of your LAN as a parking place for such
> as caldav or passwd.

^^^^^^

Don't think you meant passwd there, Mike?

[Dan Purgert]

Until it turns out they're feeding dictionary lists with the input users
provide ;)

(I have no proof one way or the other, the above is tongue-in-cheek).

[Mike Easter]

Dan Purgert wrote:
> Mike Easter wrote:
>> Mike Easter wrote:
>>>  - what is the general % of usage of the various OSes (on or off the lan)
>>>  - what is the 'nature' of the storage which is available 100% of the time
>>>
>>> This is by way of building the case for some single board system such as
>>> a Pi to become the continuous storage, because it would have the
>>> advantage of being able to be a server as well as a storage.
>>
>> Now I also see in another msg:
>>
>> AH wrote:
>>> The problem was simply that both my Windows 10 machines (that are desktops
>>> which are on full time) are set up by default, to NOT respect SMBv1!
>>
>> So the fact that you happen to leave 2 Win10s on continuously along with
>> their local storage must lead to your consideration that one of them
>> represents the heart or center of your LAN as a parking place for such
>> as caldav or passwd.
> ^^^^^^
>
> Don't think you meant passwd there, Mike?
>

Well, I didn't mean the linux passwd command; I was being sloppy with
the string to address however he was going to go about synchronizing a
pw database, which was leaning toward kdbx at some point.

I understand that AH is partial to Win10 of the devices he is prone to
run, but he has sufficient familiarity with linux and awareness of such
as singleboard devices running linux that I think both of these projects
in recent threads, the caldev business, the keepass and smb business,
would do very nicely on a singleboard system running all the time.

Then he can spend however much time and electrical resources (and
hazards) he wants to with his Win10 systems, but the heart of the
synchronization system could be the little low cost low resource
solution of the linux singleboard.

I think I'm agreeing with your Message-ID:
<slrnq4a05...@xps-linux.djph.net>
http://al.howardknight.net/msgid.cgi?ID=154810454900

> This is where you're getting it wrong. Linux happens to be the right
> tool for the job at hand.

He wants a general solution for all those devices; android, ios, win,
linux; for which he is trying to mimic the synchronization functions
that many achieve on the internet with his own LAN. I think he should
choose a linux strategy which is so popular on that web for his lan; not
employ his Win10 system/s simply because he is using them the majority
of the time.

--
Mike Easter

[arlen holder]

On Mon, 21 Jan 2019 14:47:02 -0500, nospam wrote:

> yep. haveibeenpwned is trustworthy, plus typing in *just* a password
> gives no indication where it might be used, if at all.

*Q: What is the most _private_ way to enter your data into that site?*

The astute readers of this thread will note that in the Opening Post
I noted very briefly on this very topic that Poutnik, William Unruh,
Frank Slootweg, and nospam touch upon:

I suggested in the OP:
"The "safest" way I know to check is to use the official Tor Browser."
"And only check a single email address per session (for obvious reasons)."
"(If you use any other browser - then you already lost the privacy game.)"

The _reason_ for those recommendations was that, even if you _trust_ the
web site, it's still a "good idea" to NOT give that web site two
consecutive pieces of information.

1. You want your IP address to be obfuscated (e.g., VPN would work)
2. You want each email address to be checked using a single session
3. You want each passwd to be checked using a single session

The reason I didn't suggest VPN was only because I'd have to discuss
browser fingerprinting, which I didn't want to get into but which most of
you know much about - and for those who don't, just go here for ideas:
o <https://panopticlick.eff.org>

While I realize Dan Purgert feels that all of us know _everything_ already,
I would like to ask the adults here if there is a _better_ approach to
privately inputting your data into that <https://haveibeenpwned.com>?

I make no claims of omnipotence.
Hence I ask your advice, for the benefit of all listeners (as always).

*Q: What is the most _private_ way to enter your data into that site?*

Specifically, did I suggest, in the opening post, the best way possible?
(Or, do you know of a more _private_ way than that suggested in the OP?)

[arlen holder]

On Mon, 21 Jan 2019 11:11:08 -0000 (UTC), Dan Purgert wrote:

> "We". You keep using that word. I don't think it means what you think
> it means.

Hi Dan Purgert,
Yet again you act like a child who is playing silly semantic games.

I don't have to prove you consistently act like a child, Dan Purgert.
All I have to do is point to what you write, Dan Purgert.

I ask you to think about this "adult" question, Dan Purgert.
Q: What technical value have you ADDED to this thread topic Dan Purgert?

--
HINT: The answer is a negative number (since I am forced to respond in an
attempt to shut down your childish drivel which is like the child who
brings a pile of shit to the Potluck Picnic that is Usenet, and then revels
in the response.)

[arlen holder]

On Mon, 21 Jan 2019 11:15:11 -0000 (UTC), Dan Purgert wrote:

> Except "the tribe(tm)" knew the information, and you did not.
> Therefore, your assessment of the purpose seems flawed.

Hi Dan Purgert,

I know you well, Dan Purgert.
*Yet again, Dan Purgert, you brazenly claim imaginary knowledge.*

(It's a hallmark trait of all you children stuck inside an adult's body.)
o Why do (some posters) habitually fabricate imaginary knowledge?
<https://groups.google.com/d/msg/comp.mobile.android/yO6Iy7PydDk/czTWvryhDwAJ>

I realize you're proving that you act like a child again so I will try to
be "gentle" with you by asking you a _simple_ question.

What other free SMBv2/v3 clients do you know of that are on Android, and
iOS, and Linux, and Windows, that we haven't covered to date.

For example, name just one Android SMBv3 client that we haven't named.

C'mon Dan.
You already know everything, right?

Name just one.
When you fail to come up with even a _single_ additional app, then read on.

The point of this thread is to not only them _all_ Dan Purgets, but to also
test them all, Dan Purgert. And then to write up a summary recommendation
for a use model, Dan Purgert.

Like we did here on the question I'm asking of you, Dan Purgert:
o Do you know of a free Android SMBv2 (or SMBv3) client?
<https://groups.google.com/forum/#!topic/comp.mobile.android/tl3Q05QGyAw>

Since you prove your brain is that of a child, Dan Purgert, I suspect you
don't even comprehend _why_ I ask you to simply name one additional Android
app.

HINT: It's a tactic that works time and again with children like you, Dan
Purgert, who think they know everything. Here is an example of that tactic
working perfectly, for example, when nospam claimed that, in effect, he
know of plenty of iOS apps that you could get "for a buck" that rivaled
those of Android (HINT: We proved nospam just made it up.)
o Name a single iOS app functionality that you can get for a buck, that isn't already on Android, for free
<https://groups.google.com/d/msg/comp.mobile.ipad/2ygyUAhbw6A/hIVaMWcAAwAJ>
HINT: As expected, nospam, Diesel, and you, Dan Purgert, always fail
even that simplest of simplest of simple tests of "name just one".

The funny thing is that the bar is so low, and yet, you children
consistently fail this simplest of simple tests called:
o Name Just One Dan Purgert

Since you consistently claim imaginary knowledge, just as Diesel does, just
as Wolf K does, just as Char Jackson does, just as Snit does, just as Jolly
Roger does, just as Alan Baker does, just as Tim Streater does, just as
Alan Browne does, just as Savageduck does, et al. (ad infinitum)

I realize that your brain is that of a child Dan Purgert.
Hence you probably don't even comprehend my question.
o Name just one (which would only _begin_ to prove your point)
o Name none (and you prove mine)

>> My tentative conclusion?
>> a. The only known free SMBv2/v3 client for Android appears to be AndSMB.
>
> Sounds like.

And yet, Dan Purgert, you're wrong (again).

We already proved there are at least _two_ SMBv2 (maybe only 1 SMBv3)
clients on Android.

These two worked the first time in my recent tests on Win10 default:
o AndSMB works (apparently) with SMBv2 & SMBv3
- <https://play.google.com/store/apps/details?id=lysesoft.andsmb>
o Total Commander + plugin works with SMBv2
- <https://play.google.com/store/apps/details?id=com.ghisler.android.TotalCommander>
- <https://play.google.com/store/apps/details?id=com.ghisler.tcplugins.LAN>

These two failed on their first tests on Win10 default:
o GhostCommander + plugin apparently is only for SMBv1
- <https://f-droid.org/en/packages/com.ghostsq.commander/>
- <https://f-droid.org/en/packages/com.ghostsq.commander.samba/>
o SyncMe WiFi appears to be only SMBv1
- <https://play.google.com/store/apps/details?id=com.bv.wifisync>

We're always looking to improve our tribal knowledge, Dan Purgert.
Hence, you will help, if you're an adult, by naming just one more
free Android SMBv3 client that we're currently unaware of,
but which, of course, in your childish brain, you're _already_ aware of.

HINT: You children who claim omnipotence _never_ come up with the goods.
DOUBLEHINT: Look at Diesel's recent posts, for example, where he claims all
he wants is an apology for having pointed out his childish posts, then
_then_ he'll tell us the secret that "nobody else knows" but he.

PS: There's more work to be done - much (much) more.
We haven't even _started_ detailed testing with Linux, iOS, & the Mac.

[arlen holder]

On Mon, 21 Jan 2019 06:15:35 -0000 (UTC), Jasen Betts wrote:

> well, stop with the personal attacks.

Hi Jasen Betts,

Thank you for pointing out my misspellings, as not only do I mirror the
implied intent of the past, but I generally strive to write and speak
English properly.

For example, you can see that I recently responded to Cybe R. Wizard when
he helpfully corrected my punctuation on "et al." on alt.os.linux earlier
this week:
o Can we come up with a free, ad free, cloud-free calendaring system that works with Windows and Linux and mobile devices?
<https://groups.google.com/d/msg/alt.os.linux/ydQ9sG-8Y08/s2JlY76bDwAJ>

His purposefully helpful corrections were subsequently confirmed and
expounded upon (i.e., it's not just "one" abbreviation!) on
alt.usage.english which I frequent for the purpose of further improving my
comprehension of the (Am)English & (Br)English languages:
o <https://alt.usage.english.narkive.com/IYRnAbiZ/why-on-earth-do-we-abbreviate-alli-so-often-to-save-1-character>

As for Unix-speak, as with almost everyone here, I "grew up" well before
computers were common, so my first languages were JCL and Fortran (before
77 existed), and then later, PL/1 (before C), and COBOL (because it was all
the rage at the time). After IBM Assembly Language, it was the BASIC
language as DOS started to grow up, simultaneously, it seemed, alongside
DEC (e.g., the PDP11 of my late graduate school days), VAX, and Masscomp
machines, before Sun grew up and died on SunOS & Solaris, where most of my
UNIX-speak came from and then a stint on the Mac & Windows in the 95/2k/XP
days with a few Ubuntu & Centos Linux desktops in between (hence, my
Windows editor of choice is _still_ vi, simply because it's ingrained in my
finger memory).
o Quick customized-installation tutorial for setting up gVim on Windows
<https://groups.google.com/d/msg/microsoft.public.windowsxp.general/BpPrLrSCza4/4fyzTCGFCAAJ>

Suffice to say, even when I bring up KeePass, the command is "vipw",
which is ingrained into the permanent memory of all UNIX users alike.
Start > Run > vipw
Where vipw is defind in the registry as:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vipw.exe
Default = c:\app\editor\passwd\keepass\KeePass.exe

While you appear to decry such ubiquitous vernacular as "passwd",
the very use of "pwned" in this thread is a similar such slang.

Moving further (farther?) toward improvement of vernacular,
I checked out, for Poutnik and friends, what the pwned site author
meant by distinguishing between "breached" and "pasted" events.
<https://groups.google.com/d/msg/alt.os.linux/YEfw5NblnRs/Ou3E7FHPEAAJ>

Notice, Jasen Betts, how DIFFERENT Poutnik's posts are from yours?
o Poutnik brings up valid concerns (adult concerns, not childish ones)
o Poutnik enhances the response & clarifies when he's misunderstood
o Poutnik ADDs overall to the tribal knowledge, as a whole

As just one example, look at this related thread on comp.mobile.android

o Do you know of a free Android SMBv2 (or SMBv3) client?
<https://groups.google.com/forum/#!topic/comp.mobile.android/tl3Q05QGyAw>

Pounik appears to be and act like an adult is expected to act like.
Poutnik _adds_ value.

*Think Jasen ... think... as an adult ... how much VALUE did _you_ add?*
_(It's a hard question for you to answer, isn't it Jasen?)_

I don't ask to be argumentative - I already know the answer.
The problem is that _you_ need to figure out that answer for yourself.

Every thread should strive to _add_ to our combined tribal knowledge.
(Otherwise, your posts are merely idle meaningless childish chitchat.)

[Alan Baker]

On 2019-01-21 1:44 p.m., arlen holder wrote:
> On Mon, 21 Jan 2019 06:15:35 -0000 (UTC), Jasen Betts wrote:
>
>> well, stop with the personal attacks.
>

> *Think Jasen ... think... as an adult ... how much VALUE did _you_ add?*
> _(It's a hard question for you to answer, isn't it Jasen?)_
>
> I don't ask to be argumentative - I already know the answer.

That you're a complete asshole?

Yes, we all know that too.

[Alan Baker]

On 2019-01-21 1:44 p.m., arlen holder wrote:

> On Mon, 21 Jan 2019 11:11:08 -0000 (UTC), Dan Purgert wrote:
>
>> "We". You keep using that word. I don't think it means what you think
>> it means.
>
> Hi Dan Purgert,
> Yet again you act like a child who is playing silly semantic games.
>
> I don't have to prove you consistently act like a child, Dan Purgert.
> All I have to do is point to what you write, Dan Purgert.
>
> I ask you to think about this "adult" question, Dan Purgert.
> Q: What technical value have you ADDED to this thread topic Dan Purgert?

What technical value did you just add, Asshole.

[nospam]

In article <q25efk$vai$1...@news.mixmin.net>, arlen holder

<ar...@arlen.com> wrote:

> > yep. haveibeenpwned is trustworthy, plus typing in *just* a password
> > gives no indication where it might be used, if at all.
>
> *Q: What is the most _private_ way to enter your data into that site?*

in a darkened room, while wearing gloves.

[Alan Baker]

And wash your hands afterwards.

;-)

[Dan Purgert]

arlen holder wrote:
> On Mon, 21 Jan 2019 11:11:08 -0000 (UTC), Dan Purgert wrote:
>
>> "We". You keep using that word. I don't think it means what you think
>> it means.
>
> Hi Dan Purgert,
> Yet again you act like a child who is playing silly semantic games.

Nope, just pointing out that "you" had nothing to do with solving the
problem between your SMBv1 clients and SMBv2+ Windows host, and that
your including yourself in the solution is duplicitous.

>
> I don't have to prove you consistently act like a child, Dan Purgert.
> All I have to do is point to what you write, Dan Purgert.

It's really funny how you go from brown-nosing me in one post, to
calling me a child in the next

I bet next is gonna be some comments about how facts don't work with me,
or that I'm shitting in your cereal or something.

>
> I ask you to think about this "adult" question, Dan Purgert.
> Q: What technical value have you ADDED to this thread topic Dan Purgert?

I pointed out that the issue you're having is Win10 only allowing SMBv2
as of early/mid 2018, and how to re-enable it for support of legacy
applications ... albeit from memory of an OS that I've only touched on
the rare occasion that someone in the family needs some help.

Or that the correct solution was a linux server with own/nextcloud.

Or their documentation if you _really_ wanted to shoot yourself in the
foot and use the subpar-for-the-task option (Windows).

If that's not "technical value", then you should probably give your
definition (hell, you should probably write a full dictionary so we know
what you mean every time you use technical words wrong and/or use
alternate phrases for wellknown operations)

[Dan Purgert]

HINT: Negative value. something something rant about how arlen holder
is shitting in our collective cereal, etc.

(hope you get a laugh)

[Alan Baker]

On 2019-01-21 2:59 p.m., Dan Purgert wrote:
> Alan Baker wrote:
>> On 2019-01-21 1:44 p.m., arlen holder wrote:
>>> On Mon, 21 Jan 2019 11:11:08 -0000 (UTC), Dan Purgert wrote:
>>>
>>>> "We". You keep using that word. I don't think it means what you think
>>>> it means.
>>>
>>> Hi Dan Purgert,
>>> Yet again you act like a child who is playing silly semantic games.
>>>
>>> I don't have to prove you consistently act like a child, Dan Purgert.
>>> All I have to do is point to what you write, Dan Purgert.
>>>
>>> I ask you to think about this "adult" question, Dan Purgert.
>>> Q: What technical value have you ADDED to this thread topic Dan Purgert?
>>
>> What technical value did you just add, Asshole.
>
> HINT: Negative value. something something rant about how arlen holder
> is shitting in our collective cereal, etc.
>
> (hope you get a laugh)
>

I always do... ...it's the only reason I come here.

:-)

(Is that a Life glider I saw in your sig?)

[Dan Purgert]

arlen holder wrote:
> On Mon, 21 Jan 2019 11:15:11 -0000 (UTC), Dan Purgert wrote:
>
>> Except "the tribe(tm)" knew the information, and you did not.
>> Therefore, your assessment of the purpose seems flawed.
>
> Hi Dan Purgert,
>
> I know you well, Dan Purgert.
> *Yet again, Dan Purgert, you brazenly claim imaginary knowledge.*

You mean like from MID <slrnq48qv...@xps-linux.djph.net> (injected
Sun, 20 Jan 2019 12:39:10 -0000 (UTC) ), where I stated your issue was
most likely incompatible SMB versions?

And then followed up with MID <slrnq491t...@xps-linux.djph.net>,
injected Sun, 20 Jan 2019 14:37:46 -0000 (UTC) wherein I relayed that it
was last April(ish) when SMBv1 was forcibly disabled in a MSFT-provided
update, and the required steps to turn it back on?

>
> What other free SMBv2/v3 clients do you know of that are on Android, and
> iOS, and Linux, and Windows, that we haven't covered to date.

Why would I know anything about (new) client programs that have no value
for me?

That's about as intelligent as asking a Windows user for the best
program to finish some task on a Mac.

> Since you prove your brain is that of a child, Dan Purgert, I suspect you
> don't even comprehend _why_ I ask you to simply name one additional Android
> app.

Short version, you're hoping that I'll be "childish" enough to go out
and hunt down another potential solution for you, and post it here so
that you don't have to fight your abject computer illiteracy to
determine whether or not an app will work for you on SMBv2/3.

Alternately, I suppose you want to be able to reinforce your security
blanket by "proving(tm)" that since the software has no bearing on my
day to day usage (and therefore, I don't care enough to look for it), I
am somehow a childish incompetent who is just pretending to have
knowledge. Basically, you want to project your own shortcomings on me.

HINT: For those people in all channels who haven't yet sent me to the
bitbucket for proving myself a hopeless case for continually interacting
with you, they will regard this as a much more measured and "adult"
reaction than your ad hominem "you're a child!" chit-chat posts, arlen
holder.

>
> Since you consistently claim imaginary knowledge, just as Diesel does, just
> as Wolf K does, just as Char Jackson does, just as Snit does, just as Jolly
> Roger does, just as Alan Baker does, just as Tim Streater does, just as
> Alan Browne does, just as Savageduck does, et al. (ad infinitum)

You forgot Cybe R. Wizard. :)


(love ya Cybe, but it was too funny to let slide)

> HINT: You children who claim omnipotence _never_ come up with the goods.
> DOUBLEHINT: Look at Diesel's recent posts, for example, where he claims all
> he wants is an apology for having pointed out his childish posts, then
> _then_ he'll tell us the secret that "nobody else knows" but he.

Ive never claimed "omnipotence", just more general knowledge than you.
Maybe "omnipotence" doesn't mean what you think it means either.

[Dan Purgert]

Alan Baker wrote:
> On 2019-01-21 1:44 p.m., arlen holder wrote:
>> On Mon, 21 Jan 2019 06:15:35 -0000 (UTC), Jasen Betts wrote:
>>
>>> well, stop with the personal attacks.
>>
>> *Think Jasen ... think... as an adult ... how much VALUE did _you_ add?*
>> _(It's a hard question for you to answer, isn't it Jasen?)_
>>
>> I don't ask to be argumentative - I already know the answer.
>
> That you're a complete asshole?
>
> Yes, we all know that too.
>
>

I like the cut of your jib. Where can I sign up for your newsletter?

[Cybe R. Wizard]

On Mon, 21 Jan 2019 22:56:43 -0000 (UTC)
Dan Purgert <d...@djph.net> wrote:

> If that's not "technical value", then you should probably give your
> definition (hell, you should probably write a full dictionary so we
> know what you mean every time you use technical words wrong and/or use
> alternate phrases for wellknown operations)

"Slide" that!

Cybe R. Wizard
--
The proper words in the proper places are the true definition of style.
Jonathan Swift

[Dan Purgert]

Indeed it is, although I must admit I havent played it since college,
and as nice of an anchor that I think it is, I should probably change
it...

[Alan Baker]

On 2019-01-21 3:57 p.m., Dan Purgert wrote:
> Alan Baker wrote:
>> On 2019-01-21 2:59 p.m., Dan Purgert wrote:
>>> Alan Baker wrote:
>>>> On 2019-01-21 1:44 p.m., arlen holder wrote:
>>>>> On Mon, 21 Jan 2019 11:11:08 -0000 (UTC), Dan Purgert wrote:
>>>>>
>>>>>> "We". You keep using that word. I don't think it means what you think
>>>>>> it means.
>>>>>
>>>>> Hi Dan Purgert,
>>>>> Yet again you act like a child who is playing silly semantic games.
>>>>>
>>>>> I don't have to prove you consistently act like a child, Dan Purgert.
>>>>> All I have to do is point to what you write, Dan Purgert.
>>>>>
>>>>> I ask you to think about this "adult" question, Dan Purgert.
>>>>> Q: What technical value have you ADDED to this thread topic Dan Purgert?
>>>>
>>>> What technical value did you just add, Asshole.
>>>
>>> HINT: Negative value. something something rant about how arlen holder
>>> is shitting in our collective cereal, etc.
>>>
>>> (hope you get a laugh)
>>>
>>
>> I always do... ...it's the only reason I come here.
>>
>> :-)
>>
>> (Is that a Life glider I saw in your sig?)
>
> Indeed it is, although I must admit I havent played it since college,
> and as nice of an anchor that I think it is, I should probably change
> it...
>
>

Nah. It's a great homage to a simpler time...

...just like Usenet.

;-)

[Dan Purgert]

Cybe R. Wizard wrote:
> On Mon, 21 Jan 2019 22:56:43 -0000 (UTC)
> Dan Purgert <d...@djph.net> wrote:
>
>> If that's not "technical value", then you should probably give your
>> definition (hell, you should probably write a full dictionary so we
>> know what you mean every time you use technical words wrong and/or use
>> alternate phrases for wellknown operations)
>
> "Slide" that!

Next "tutorial" will be how to "slide" "passwd(5)" between windows,
android, ios, linux, and mac.

Cue all of us "faking knowledge" when we ask wtf he's smoking.

[Cybe R. Wizard]

On Mon, 21 Jan 2019 23:30:23 -0000 (UTC)
Dan Purgert <d...@djph.net> wrote:

{in response to the nonsense spewed forth by Harlem Oldun]

> > Since you consistently claim imaginary knowledge, just as Diesel
> > does, just as Wolf K does, just as Char Jackson does, just as Snit
> > does, just as Jolly Roger does, just as Alan Baker does, just as
> > Tim Streater does, just as Alan Browne does, just as Savageduck
> > does, et al. (ad infinitum)
>
> You forgot Cybe R. Wizard. :)

I think, rather, that he left me out intentionally as I hold him to
an honest accounting too uncomfortably.
>
The difference between me and that list of enemegos is that I don't
claim imaginary knowledge of computer systems. (of course, neither do
any of you)

Rather, I claim imaginary knowledge of Arlene Holdem, that old dog
(see the .sig).

That imaginary knowledge is much harder to come by as one must read at
least a couple of Anakin Holsaw's sentences posted to Usenet.
Now, /THAT'S/ difficult!

I'd sooner learn Emacs.

>
> (love ya Cybe, but it was too funny to let slide)

Don't you mean, "...to let copy?" ;-]

Cybe R. Wizard
--
A dog is not intelligent. Never trust an animal that's surprised by its
own farts.
Frank Skinner

[Wolf K]

On 2019-01-21 16:44, arlen holder wrote:
[...]

> Yet again you act like a child who is playing silly semantic games.

[...]

Stop insulting children. You are _not_ smarter than a child. A child is
willing and able to learn. You are neither.

--
Wolf K
kirkwood40.blogspot.com
People worry that computers will get too smart
and take over the world, but the real problem is
that they’re too stupid and they’ve already taken over
the world (Pedro Domingos)

[Cybe R. Wizard]

On Mon, 21 Jan 2019 23:30:23 -0000 (UTC)
Dan Purgert <d...@djph.net> wrote:

> Ive never claimed "omnipotence", just more general knowledge than you.
> Maybe "omnipotence" doesn't mean what you think it means either.

It is plain to see that /someone/ is not omniscient.

Cybe R. Wizard
--
Omniscient, omnipotent, omnivorous and omnipresent all begin with Om.
Ashwin Sanghi
...so /some people/ equate them.
me

[Cybe R. Wizard]

On Mon, 21 Jan 2019 23:33:12 -0000 (UTC)
Dan Purgert <d...@djph.net> wrote:

> Alan Baker wrote:
> > On 2019-01-21 1:44 p.m., arlen holder wrote:
> >> On Mon, 21 Jan 2019 06:15:35 -0000 (UTC), Jasen Betts wrote:
> >>
> >>> well, stop with the personal attacks.
> >>
> >> *Think Jasen ... think... as an adult ... how much VALUE did _you_
> >> add?* _(It's a hard question for you to answer, isn't it Jasen?)_
> >>
> >> I don't ask to be argumentative - I already know the answer.
> >
> > That you're a complete asshole?
> >
> > Yes, we all know that too.
> >
> >
> I like the cut of your jib. Where can I sign up for your newsletter?
>

;-]

Plus one.

Cybe R. Wizard
--
"Learn the rules like a pro so you can break them like an artist.
Pablo Picasso

[Dan Purgert]

No I real...

great lord Cthulhu, BAHAHAHHAHAH it just clicked.

[Jasen Betts]

On 2019-01-21, arlen holder <ar...@arlen.com> wrote:
> On Mon, 21 Jan 2019 06:15:35 -0000 (UTC), Jasen Betts wrote:
>
>> well, stop with the personal attacks.
>
> Hi Jasen Betts,
>
> Thank you for pointing out my misspellings, as not only do I mirror the
> implied intent of the past, but I generally strive to write and speak
> English properly.

Yeah, your spelling is in general better than mine, I often take
insufficent care.

Interesting phrase that "mirror the implied intent of the past" at
first glance it seems to defy causality, and then I see a personification of
history and that leads nowhere towards a meaning. I'm taking it to mean
"mirror implied past intent" or possibly "mirror past implied intent"
as that seems to fit context. Were one of those that your meaning?

> Suffice to say, even when I bring up KeePass, the command is "vipw",
> which is ingrained into the permanent memory of all UNIX users alike.
> Start > Run > vipw
> Where vipw is defind in the registry as:
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vipw.exe
> Default = c:\app\editor\passwd\keepass\KeePass.exe

That seems pretty perverse to me... it's basically doing the opposite
(or complement) of what vipw did.

> While you appear to decry such ubiquitous vernacular as "passwd",

given your claim to try to write propperly It seems to me that you
are using the term to be perverse.

> the very use of "pwned" in this thread is a similar such slang.

However "pwn" (and "pwned") have vernacular meanings which you appear to be
compying with in your usage. where's this vernacular "passwd"?


Maybe you have fooled yourself, the original "vipw" allows editing of
the /etc/passwd user accounts database content. By mapping "vipw"
(which name as you no doubt know was derived from "edit passwd") to
"KeePass" you are in a way reversing the meaning of passwd.

> Moving further (farther?) toward improvement of vernacular,
> I checked out, for Poutnik and friends, what the pwned site author
> meant by distinguishing between "breached" and "pasted" events.
><https://groups.google.com/d/msg/alt.os.linux/YEfw5NblnRs/Ou3E7FHPEAAJ>

> Notice, Jasen Betts, how DIFFERENT Poutnik's posts are from yours?
> o Poutnik brings up valid concerns

same as me.

> (adult concerns, not childish ones)

Again with the oblique insults. why are you doing this?

> o Poutnik enhances the response & clarifies when he's misunderstood

same as me.

> o Poutnik ADDs overall to the tribal knowledge, as a whole

Same as me, not that that this branch of the discussion is headed much
in that direction

> As just one example, look at this related thread on comp.mobile.android
> o Do you know of a free Android SMBv2 (or SMBv3) client?
> <https://groups.google.com/forum/#!topic/comp.mobile.android/tl3Q05QGyAw>
>
> Pounik appears to be and act like an adult is expected to act like.
> Poutnik _adds_ value.
>
> *Think Jasen ... think... as an adult ... how much VALUE did _you_ add?*
> _(It's a hard question for you to answer, isn't it Jasen?)_

If you're going to keep on padding this thread with fluff like the
above my ability to add value will obviously be reduced.

> I don't ask to be argumentative - I already know the answer.

You may think you know the answer.

> The problem is that _you_ need to figure out that answer for yourself.

You seem to have some answer in mind that probably differs from what I
think. I can't read your mind, and do not desire to suffer the possible
harm such could cause were I able.

> Every thread should strive to _add_ to our combined tribal knowledge.
> (Otherwise, your posts are merely idle meaningless childish chitchat.)

If you find it uninteresting don't read it, or don't reply.

you may conclude that I found this last message more interesing that
the prevous two from the fact that I actually read all of it.

--
When I tried casting out nines I made a hash of it.

[Cybe R. Wizard]

On Tue, 22 Jan 2019 00:53:39 -0000 (UTC)

Dan Purgert <d...@djph.net> wrote:

> Cybe R. Wizard wrote:
> > On Mon, 21 Jan 2019 23:30:23 -0000 (UTC)
> > Dan Purgert <d...@djph.net> wrote:
> >>
> >> (love ya Cybe, but it was too funny to let slide)
> >
> > Don't you mean, "...to let copy?" ;-]
>
> No I real...
>
> great lord Cthulhu, BAHAHAHHAHAH it just clicked.
>

...aaand my work here is done (for the moment). ;-]

Cybe R. Wizard
--
A conversation is a dialogue, not a monologue. That's why there are so
few good conversations: due to scarcity, two intelligent talkers seldom
meet.
Truman Capote

[William Unruh]

On 2019-01-21, nospam <nos...@nospam.invalid> wrote:
> In article <q2595i...@ID-201911.user.individual.net>, Frank Slootweg
><th...@ddress.is.invalid> wrote:
>
>> > >
>> > > So let's say you have 1 email address, used in 4 places with 4 different
>> > > passwds, then you can type in each of the 4 passwds, and from that result,
>> > > you can determine which passwords were breached - but not whether YOUR
>> > > specific email/passwd combination was breached.
>> > ><https://haveibeenpwned.com/Passwords>
>> >
>> > So, you would type in one of your passwords into a random site which is
>> > all about password theft? I presume that you would also hand your house
>> > keys to a random person on the street who promises to tell you whether
>> > your key is safe.
>>
>> Please no FUD! Being careful is of course very wise, but *this* is not
>> 'a random site' by any stretch of the imagination.

>
> yep. haveibeenpwned is trustworthy, plus typing in *just* a password
> gives no indication where it might be used, if at all.

You know it is trustworthy how? Because it says so? Wow!.
I think if you were a betting man you would say that the chances were
pretty good that if user A typed in a password, then it is a password
that user A uses. Of course it might not be. But a 50% chance of its
being one, is way way way way way higher than almost anything else you
could use to guess user A's password.

[nospam]

In article <q25rso$7nh$1...@dont-email.me>, William Unruh

<un...@invalid.ca> wrote:

> >> > ><https://haveibeenpwned.com/Passwords>
> >> >
> >> > So, you would type in one of your passwords into a random site which is
> >> > all about password theft? I presume that you would also hand your house
> >> > keys to a random person on the street who promises to tell you whether
> >> > your key is safe.
> >>
> >> Please no FUD! Being careful is of course very wise, but *this* is not
> >> 'a random site' by any stretch of the imagination.
> >
> > yep. haveibeenpwned is trustworthy, plus typing in *just* a password
> > gives no indication where it might be used, if at all.
>
> You know it is trustworthy how? Because it says so? Wow!.

the reputation of the person behind it.

<https://www.troyhunt.com/about/>

> I think if you were a betting man you would say that the chances were
> pretty good that if user A typed in a password, then it is a password
> that user A uses. Of course it might not be. But a 50% chance of its
> being one, is way way way way way higher than almost anything else you
> could use to guess user A's password.

except that there's no way to link it to anyone or what service it's
used with.

[arlen holder]

On Tue, 22 Jan 2019 00:37:01 -0000 (UTC), Jasen Betts wrote:

> Yeah, your spelling is in general better than mine, I often take
> insufficent care.

Hi Jasen Betts,

Usenet being the casual ad-hoc medium it is, we all make typos & thinkos.

> Interesting phrase that "mirror the implied intent of the past" at

That was a typo - which I apologize for, Jasen Betts.

It was supposed to read:
o "Mirror the implied intent of the post"...

That is, I take _each_ post on its own merits, even yours, Jasen Betts:
o If you act like an adult in the post - I treat you as an adult
o If you act like a child in the post - I treat you as a child

It's really _that_ simple.
o I am trying to "funnel" you into acting like an adult, Jasen Betts.

It's no different than how teachers teach kids to act like adults.
o Didn't you ever hear a teacher call our your name, Jasen Betts?
o HINT: It's generally because you did something childish, Jasen Betts.

> first glance it seems to defy causality, and then I see a personification of
> history and that leads nowhere towards a meaning.

Jasen Betts,

I don't begrudge you that understanding simply because I was the one who
made the typo. I've explained my strategy & tactics many times.

While most of you proven drivel use the "chitchat" method, I don't.
In your chitchat model, you post mostly for your own amusement.

Hence, you post 99% to threads you didn't author - hence you don't
generally care if the thread is ruined by the trolls - since you are not
attempting to learn something from that thread you post to.

The Q&A model, as I've defined it, is quite different, Jasen Betts.
Who I am is meaningless - what matters is what VALUE I add.

The question generally starts simple but often morphs, as Usenet
conversations tend to, into deeper and more varied technical subjects.

In _this_ thread, the goal was stated outright, where we ran into a
momentary problem with SMB client access to Windows 10 shares.

We're _past_ that stumbling block now, so we will now move on to solving
the same problem on the other platforms, most importantly, iOS, Mac, and
Linux (where Linux and the Mac are not expected to be an issue).

> I'm taking it to mean
> "mirror implied past intent" or possibly "mirror past implied intent"
> as that seems to fit context. Were one of those that your meaning?

Jasen Betts,

I've explained my strategy & tactics many times over the decades.
o STRATEGY: Obtain & disseminate technical solutions
o TACTICS: Use the Q&A model - and - confront bullies frontally

Remember, we all know the old adage I can aptly summarize as...
o Never argue with an idiot like Alan Baker because he will win in the end
o By dropping you down to his level - where his experience is greater

The problem is that this adage assumes the "chitchat" model, where
o Don't feed the trolls has merit in the chit-chat model
o The reason is that you don't care that the thread come to an answer

This adage of not feeding the trolls doesn't work as well with the Q&A
model because trolls like Wolf K, Char Jackson, Rene Lamontagne, et al.,
will not only ruin the current thread, but they will ruin all subsequent
threads.

It's what childish cowardly bullies do.
o They are asked to bring something of value ot the potluck picnic
o Where all they can _ever_ bring - is their steaming pile of shit

All I do, Jasen Betts, is point that out.
o That's a tactic that I use which supports my strategy
o I want them to go somewhere else to shit

NOTICE a KEY DISTINCTION PLEASE!
o These trolls like Wolf K shit on a _lot_ of Potluck Picnic tables
o I don't call them out when they shit in other people's threads

Notice I ignore people like Alan Baker when they shit in other threads.
o It's only when they shit in my Q&A threads - that I confront them

NOTE to the trolls:
o I realize you insist on proving your "God-Given Right to Troll"
o But expect your trolling to be pointed out when you do.

*In essence, go shit on someone else's potluck picnic, Jasen Betts.*

[arlen holder]

On Mon, 21 Jan 2019 20:38:54 -0500, nospam wrote:

>> You know it is trustworthy how? Because it says so? Wow!.
> the reputation of the person behind it.

> except that there's no way to link it to anyone or what service it's
> used with.

If there is a _better_ way (i.e., more private) to check - please let us know!

On reputation, there is a reason I quoted the Consumer Reports version
of the news (there were many news articles on this topic), which is simply
that a recommendation by Consumers Union is presumed, by some, to be
"reputable". (We can hope anyway.)

Likewise, there is a reason I mentioned using a sanctioned Tor Browser,
where if you're not on iOS, you might not know that there is no "official"
Tor Browser for iOS (so basically don't do the lookup on iOS is my
recommendation).

Similarly, there's a reason I suggested a specific official privacy-based
browser, which is on all platforms (other than on iOS) in some
guardian-approved manner.

Note that, on "most" platforms other than on iOS, there are a few
well-known well-respected "privacy browsers", such as:
o Tor Browser Bundle <https://www.torproject.org/projects/torbrowser.html>
o Epic Privacy Browser <https://groups.google.com/d/msg/microsoft.public.windowsxp.general/hqKijRgHOC0/vB3pH-sZAgAJ>
o Opera VPN Browser <https://www.opera.com>

There are others that "claim" to be privacy based - but I don't trust them:
o Pragmatic experience with Freegate, Ultrasurf, and Polarity privacy-related web-surfing tools
<https://groups.google.com/d/msg/microsoft.public.windowsxp.general/oHuik0iDqcA/7GJlVUiyCgAJ>
o Globus VPN Browser - new - but is it a gimmick - and where is it from?
<https://groups.google.com/d/msg/microsoft.public.windowsxp.general/w9r9ZKTnBsg/UOqktdYNBAAJ>

Lastly, there's a good reason, even after using the official Tor Browser
Bundle, that I suggested you run only a single check per session.

I am no privacy expert - so these are simply my ad-hoc off-the cuff
recommendations just in case the haveibeenpwned web site is being watched,
or if they are hacked, or if there is a nefarious intent of the admin.

There are a lot of people on this thread who BENEFIT from those
recommendations, so I would ask that folks like William Unruh, who bring up
perfectly valid points, simply ASSUME that people _are_ using the method
that was proposed in the opening post.

My question I repeat, whose answer will benefit everyone, is whether you
(plural) know of a BETTER way (i.e., more private) to check if you've been
pwned than the method I initially proposed in the OP?

[nospam]

In article <q25ubp$qlj$1...@news.mixmin.net>, arlen holder

<ar...@arlen.com> wrote:

>
> I am no privacy expert

yep

[arlen holder]

On Mon, 21 Jan 2019 22:56:43 -0000 (UTC), Dan Purgert wrote:

> It's really funny how you go from brown-nosing me in one post, to
> calling me a child in the next

Hi Dan Purgert,
*If you want to predict my response to you, simply look in the mirror.*

I love your comment, which people like Jolly Roger make because they can't
comprehend the concept of a 'mirror' response of intent.

The strategy is to attempt to convince you to add value by using the tactic
of rewarding valuable posts &, conversely, pointing out when posts add
negative value.

I've explained this simple strategy & tactic many times over the years.
It's _exactly_ how teachers are taught to deal with children - is it not?
o Act like an adult - get treated like an adult
o Act like a child - get treated like a child

The intent is to "funnel" you (via my response), into acting like an adult.
However, you need to comprehend that strategy & tactic for it to work.

What you, Wolf K, Rene Lamontagne, Char Jackson, Snit, Alan Baker, et al.,
will _never_ comprehend is this simple method of dealing with children:
o When you act like an adult, I treat you like an adult
o When you act like a child, I treat you like a child

It's really that simple.
Nothing I do is complex.

Especially when dealing with adults who prove to own the brain of a child.

How I respond to you, or to anyone, is the same approach:
o *If you want to predict my response to you, simply look in the mirror.*

[William Unruh]

On 2019-01-22, nospam <nos...@nospam.invalid> wrote:
> In article <q25rso$7nh$1...@dont-email.me>, William Unruh
><un...@invalid.ca> wrote:
>
>> >> > ><https://haveibeenpwned.com/Passwords>
>> >> >
>> >> > So, you would type in one of your passwords into a random site which is
>> >> > all about password theft? I presume that you would also hand your house
>> >> > keys to a random person on the street who promises to tell you whether
>> >> > your key is safe.
>> >>
>> >> Please no FUD! Being careful is of course very wise, but *this* is not
>> >> 'a random site' by any stretch of the imagination.
>> >
>> > yep. haveibeenpwned is trustworthy, plus typing in *just* a password
>> > gives no indication where it might be used, if at all.
>>
>> You know it is trustworthy how? Because it says so? Wow!.
>
> the reputation of the person behind it.
>
><https://www.troyhunt.com/about/>

And that means what? He says he is a good guy?

>
>> I think if you were a betting man you would say that the chances were
>> pretty good that if user A typed in a password, then it is a password
>> that user A uses. Of course it might not be. But a 50% chance of its
>> being one, is way way way way way higher than almost anything else you
>> could use to guess user A's password.
>
> except that there's no way to link it to anyone or what service it's
> used with.

And how many services does someone have? And you look at the last 10
addresses entered and the betting is pretty good that the password is
associated with one of them. And the person probably does not have even
100 services Now if I told you that I had a password and address and
there was a 10% chance that it was you and one of your services, I think
you would get pretty worried. Or at least you should. I find it
incredible that people get upset with a 1/100000 probability of someone
getting their password, but are blase about a 10% chance.

[Eric Ericksen]

On Tue, 22 Jan 2019 02:45:26 -0000 (UTC), arlen holder <ar...@arlen.com>
wrote:

>Nothing I do is complex.

I've said the same about my 3-year old.

--
EE

[😉 Good Guy 😉]

On 20/01/2019 06:19, Jasen Betts wrote:

On 2019-01-20, someone making the false claim to be
arlen holder <ar...@arlen.com> lied thusly:

What prompted this is the news today that 773 million emails are pwned.

Slow news day.

You may not know this but Arlen Holder (sometimes known as Arlen Michael Holder) is a known nym-shifter pedo  and he is what Japanese call "hikikomori" .  He sits in his bedroom alone and planning his moves how to attack young boys without being caught.  He has succeeded up to now but the authorities are behind him now.  This video will tell you something about hikikomoris!!!

<https://www.youtube.com/watch?v=q9IRmUEsz6g>

--

With over 950 million devices now running Windows 10, customer satisfaction is higher than any previous version of windows.

[arlen holder]

On Tue, 22 Jan 2019 03:53:14 -0000 (UTC), William Unruh wrote:

> And that means what? He says he is a good guy?

Hi William Unruh,

Facts.

I proposed a method to maintain privacy when using that service.
o Do you _still_ see flaws in _that_ method?
o If so ... What flaws do you (still) see using that method?

METHOD:
1. Use the Tor Browser
2. Enter one "item" (email or passwd) per session.
3. (It's helpful to wait a period of time between sessions.)

*This is a DIRECT QUESTION to you, William Unruh.*
o Since you _repeatedly_ bring up the privacy issue ...

*What do you see as the privacy flaw using _that_ approach?*
o (Or, do you have no objection when folks use _that_ approach?)

[arlen holder]

On Mon, 21 Jan 2019 21:19:53 -0500, nospam wrote:

>> I am no privacy expert
>
> yep

I realize you're attempting fifth-grade wit, since adult wit escapes you.

But you do bring up a point - which is that I only speak facts.
You - on the other hand - have an entirely different belief system.
o My belief system is factual
o Your belief system is religious

It's always actual facts verses (Apple MARKETING propaganda) religion.

The difference between you and me, nospam, is your brain is "religious"
o Your credibility, nospam, is known to be worse than that of the monkey
o Proving you wrong takes, in general, fewer than ten seconds (with facts)

The reason it's so easily proven that you're wrong is that you don't use facts.
o You use religion (instead of facts).

That religion mainly is promulgated by Apple MARKETING propaganda.
o Religion forms the fundamental basis of your imaginary belief system, nospam.

The fundamental basis of my belief system is cold hard fact.

Hence...
You've never _once_ (in my thousands of posts), found me state incorrect facts.
o Not even once (save minor typos or thinkos).

And yet, you're _almost always_ wrong nospam.
o The difference is stellar

*You _still_ can't find a single error in my facts - after years of trying!*

And yet, it only took 10 seconds to prove you wrong in this thread, nospam.
o What is the factual truth about PRIVACY differences or similarities between the Android & iOS mobile phone ecosystems?
<https://groups.google.com/forum/#!topic/comp.mobile.android/FCKRA_3i9CY>

And in this thread...
o Name a single iOS app functionality that you can get for a buck, that isn't already on Android, for free
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/aUyeuaPI9pc/r9gtLFjXAwAJ>

And in this thread...
o Every indication is that the new line of astronomically-priced Apple iPhones are just as flawed as the iPhone 6 to 7 to 8 to X are
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/1RiqBADD-vE/Hry3kQmMFAAJ>

(The number of times you're wrong, nopspam, is truly phenominal).
o The sad thing is that it takes less then 10 seconds to prove you wrong.

And yet, you can't find a _single_ instance where my facts are wrong.
o Not a single one (see note 1)

The point is that I know nothing about privacy; and yet, you prove to know
far (far) less than I do.

It's kind of funny with you Dunning-Kruger folks how you _think_ you
know far more than you do (simply because you can't process facts).
o ...Far to the left on the Dunning-Kruger scale
<https://groups.google.com/forum/#!topic/alt.os.linux/4Wb5i0W3nOo>

No amount of me explaining lemon-juice chemistry will sway you.
You _still_ think iOS is "more private" than Android - despite the facts.

--
NOTE 1: SInce I'm human, out of thousands of facts, I must have been wrong
on my facts at least once - but it will be rare because facts happen to be
facts for a reason.