Why can’t I select alternative Working Languages in Term Store Management Tool?

I tried to create a multi-lingual term sets for a SharePoint Online Team Site following this guide. When trying to change the working language all options are grayed out and I can’t select them. Same goes for the other locales option. Under Site Settings > Language Settings the default language is English and all Alternative Languages are enabled. What do I have to do, to add another working language?

Any help would be greatly appreciated, Thanks

enter image description here

nautilus/nemo/other file manager – suggestions for more accessible GUI-based owner management?


Short version

TL;DR – When running nemo/nautilus with elevated privileges*, there are a TON of users/groups on the permissions tab… they’re all jammed in non-searchable drop-downs that don’t have any hotkey support. Looking for tweaks/alternate file managers/chmod gui-wrappers so I can change ownership from GUI without the accessibility nightmares. Any suggestions?


More Info

I have several versions of Ubuntu 18.04 installed in Virtualbox. I have primarily been using Cinnamon desktop/nemo up to this point.

Mostly, I am extremely happy with this desktop. But GUI-based ownership changes (from root) are frustrating because a TON of entries are jammed into a drop-down that I can’t search and can’t use hotkeys from (e.g. to press “r” to jump to “root”, etc). Launching terminal is reliable but slow to type out names when I’m in a hurry.

Note: That this isn’t really an issue when running the file manager from non-root accounts as the owner is not editable and only a few groups are displayed.

I generally run into this I am trying to fix botched ownership perms on shared folders that the current user doesn’t own. And it’s generally never as quick and easy as running a single chown -R command.

I have encountered this same accessibility design in:

  • nemo v.3.6.5 (ubuntu 18.04/gnome+cinnnamon)
  • nemo v4.2.3 (in a popular sub-distro that I’m apparently no longer allowed to mention here)
  • nautilus v3.26.4 (ubuntu 18.04/gnome).

Criteria:

I am interested in finding a GUI-based solution that meets these criteria:

  • Works on some flavor of Ubuntu 18.04 / bionic (bc I prefer LTS editions)
  • Decent user accessibility for lists of 50-100 users/groups (e.g. at least attempts to deal with non-trivial list size such as by having hotkey support, search filters, option to hide service accounts, or something else)
  • No issues running under root (e.g. via pkexec or whatever). Only mentioning this because I’ve run across a handful of apps before that flat-out refuse to run under root.

At this point, I’m just hoping somebody knows of an option that I don’t… I don’t particularly care if this is a nemo-specific tweak, a system configuration, some obscure build option, a different file manager/desktop environment, some external app that wraps a gui around chown (as long as I can throw it in a nemo-action and pass it the path), etc. Mostly just looking to avoid the extra runaround of launching terminal and typing out longer names by hand when I’m in a hurry.

* Also, when I say I am “running as root” / “running with elevated privileges”, I mean the option that appears in the nemo/nautilus UI rather than me launching directly with sudo / pkexec / etc.


Steps to view dialog issue:

  1. Create a folder named “test” on desktop or wherever that is owned by non-root account
  2. In Nemo, right-click > “Open as root” > enter password. Or for nautilus, run pkexec env DISPLAY=$ DISPLAY XAUTHORITY=$ XAUTHORITY nautilus to open with admin privileges.
  3. With the admin instance, right-click on the “test” folder > Properties > Permissions tab
  4. Observe that ALL the service accounts and groups are displayed with no means to filter them / no checkbox to hide them. Observe that pressing “R” in the drop-down does NOT jump to or select “root” (or whatever the first account starting with “R” is). In my case there’s something like 50 users displayed (3 of which are non-service accounts) and something like 80 groups displayed (8 of which are not related to service accounts). For me, this is an accessibility nightmare and it makes searching things out almost as painful as needing to launch the terminal and type it out by hand.

What I’ve tried:

I’ll follow-up if I find discover anything that works but so far, I have tried the following:

  • Permit was almost exactly what I am looking for except that it appears to require typing out the names instead of picking from a list/drop-down/etc. Unfortunately, I have absolutely zero GTK skills at the moment (although I might revisit this when I have more time if nobody has better suggestions).
  • Ubuntu 18.04.2/gnome – Couldn’t figure out how to run as root initially but pkexec env DISPLAY=$ DISPLAY XAUTHORITY=$ XAUTHORITY nautilus eventually worked. Not surprisingly, this seems to have the same issue as nemo.
  • Ubuntu 18.04.2/cinnamon – after installing cinnamon and running nemo as mentioned above, this doesn’t do what I am looking for.
  • Kubuntu 18.04 – Couldn’t find a way to launch dolphin as root so not able to test. User/Group fields were grayed out for me when running as the default non-root account on livedisc.

I have not yet tested other file managers (planning to test thunar but not really familiar with what all is out there).


Screenshot

The non-searchable drop-down with lots of entries and no hotkey support that appears in (admin/root/pkexec) nemo and nautilus > properties > Permissions tab.

Non-searchable drop-down with lots of entries and no hotkey support

Is an index, nonce and HMAC good enough for session management?

I’m researching session management for web applications. I’ve been looking at a couple places, and from my understanding is we shouldn’t use a secret as a session identifier(index). Because it can lead to timing attacks.

Let’s say for the sake of performance sessions on the server-side are stored in cache/memory. And the index is reset(e.g: starts back at 1) every time the server restarts or they are all purged.

session_payload = index || HMAC(server_key, index) 

But doing it like that would leave room for replay attacks, right? An attacker could generate a bunch of session payloads and store them for later to hijack sessions. Something is needed to make each session payload unique to prevent that, right?

So what about:

payload = index || nonce session_payload = payload || HMAC(server_key, payload) 

If my understanding is correct, the nonce just needs to be unique to make the session payload unique. Should it be just the output of a CSPRNG, RNG or the current time(milliseconds?, nanoseconds?)? What are the caveats of each?

So if the above is done right, it should be able to avoid:

  • Timing attacks.
  • Volume attacks.
  • Replay attacks.*
  • Tampering.

Right? And is there any other attacks I should be aware of? Please exclude session fixation, that can be mitigated via session payload regeneration on privilege escalation.

  • What I define by a replay attack, is adversaries could store pre-computed session payloads and hijack sessions later, hence the use of the nonce.

Vulnerability management – rt.jar

We have a network scanner and after running authenticated scan, it shows Java vulnerabilities for a system. After digging, it seems like its flagging rt.jar file for the java vulnerabilities, its claiming its using old version of Java.

The system in question is a Mac system and when I checked the system, rt.jar file resides under the user’s 1 of directories, so Java is not installed on the system.

Does anybody know if this would be considered a security risk? and if yes, why?

Vacation Rental Property Management Software

VRPMS Love the features you use every day like 3rd Party integrations, accounting management, booking management, contact management and see what needs to get done. After years of studying the specific needs of Vacation Rental Property Management Software offers the owners, we designed a property management software to help increase-conversions and cut down on manual tasks.