Tag: manager

Which tool/key manager to manage people’s public keys in organization?

I’m not really an expert on different key types but here it goes. My company never really managed keys. We have an SKS server that was set up to manage GPG keys for a couple of users sending encrypted documents.

Now a new requirement has come up: all users logging into servers will have to use SSH keys (i.e. ssh-keygen, creating rsa keys) or to use services like git.

Can I manage/does it make sense to manage GPG and SSH keys in the same tool? Is the existing SKS server the right tool to store these keys?

password manager for macOS

I can see a few options for open source macOS password manager:

macpass

keepassX

keepassXC

Is any of these 3 more secure than the others?

I tried to browse for a while, but I couldn’t find anything meaningful on this subject. Does anyone technically competent have an opinion on this subject?

Thanks!

Why is that the UI/UX of Facebook Ads Manager so frustrating?

Here are the list of things that frustrates me.

  1. List of campaigns with horizontal scrollbar. You have to scroll just to see other info, and the other labels are in ellipsis.
  2. The home button. Im expecting it will bring me to my list of campaigns since it was the first screen I see when i click the ads manager from facebook. Instead it brings me to Business Home.
  3. The call the list of campaigns, ads as TABLE. Why can’t theny not just add Campaigns menu from the side navigation?
  4. The export option box is behind the collapsed side navigation, you cant see the entire box, you cant see other labels.
  5. You want to logout? Its not on the upper right of the screen. Its on the bottom left and its title is “Your personal ad account..”, your name is ellisized.

Im sure facebook can do better, Its just not what I expected.

Workflow Manager security configuration issues?

I have been trying to install the Workflow Manager on our SharePoint farm. I verified that all services are running (Service Bus message broker, Service Bus Gateway, Windows Frabric Host Service and the Workflow Manager backend) and they do under a farm account that I specified.

However, when trying to access the Worfklow Manager site it returns the following XML:

<?xml version="1.0"?>     <ScopeInfo xmlns="http://schemas.microsoft.com/workflow/2012/xaml/activities" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">     <DefaultWorkflowConfiguration/>     <Description>Root Scope</Description>     <LastModified>2014-06-18T15:56:53.21</LastModified>     <LastRevised>2014-06-18T15:56:53.21</LastRevised>     <Path>/</Path>         <SecurityConfigurations>             <ScopedSecurityConfiguration i:type="WindowsSecurityConfiguration">             <Name>Microsoft.Workflow.Management.Security.WindowsSecurityConfiguration</Name>             <WorkflowAdminGroupName>BUILTIN\Administrators</WorkflowAdminGroupName></ScopedSecurityConfiguration>         </SecurityConfigurations>     <Status>Active</Status>     </ScopeInfo>

What is the resolution for this? I have been going through Microsoft TechNet’s articles but couldn’t troubleshoot the issue.

Thanks for your support.

How do I get a user’s manager from Workday in MS Flow?

I am working on a workflow that, upon a user account being modified or created in Workday (using premium connector), writes the user’s pertinent data to variables so I can create accounts elsewhere. I’ve been able to get everything except for the user’s manager, which the Workday connection does not seem to provide via the out of box “Get” statements.

I’m not a programmer, but I understand the concepts around connections & integrations. It seems like I should be able to use the Workday “SOAP Operation” to retrieve the user’s manager (as long as I can locate the field in Workday…), but I don’t know how to go about formatting it.

Can anyone help me with formatting the SOAP request body to reference a user’s Worker ID and pull in their direct supervisor/manager?

thanks,

Gabe

nautilus/nemo/other file manager – suggestions for more accessible GUI-based owner management?


Short version

TL;DR – When running nemo/nautilus with elevated privileges*, there are a TON of users/groups on the permissions tab… they’re all jammed in non-searchable drop-downs that don’t have any hotkey support. Looking for tweaks/alternate file managers/chmod gui-wrappers so I can change ownership from GUI without the accessibility nightmares. Any suggestions?

More Info

I have several versions of Ubuntu 18.04 installed in Virtualbox. I have primarily been using Cinnamon desktop/nemo up to this point.

Mostly, I am extremely happy with this desktop. But GUI-based ownership changes (from root) are frustrating because a TON of entries are jammed into a drop-down that I can’t search and can’t use hotkeys from (e.g. to press “r” to jump to “root”, etc). Launching terminal is reliable but slow to type out names when I’m in a hurry.

Note: That this isn’t really an issue when running the file manager from non-root accounts as the owner is not editable and only a few groups are displayed.

I generally run into this I am trying to fix botched ownership perms on shared folders that the current user doesn’t own. And it’s generally never as quick and easy as running a single chown -R command.

I have encountered this same accessibility design in:

  • nemo v.3.6.5 (ubuntu 18.04/gnome+cinnnamon)
  • nemo v4.2.3 (in a popular sub-distro that I’m apparently no longer allowed to mention here)
  • nautilus v3.26.4 (ubuntu 18.04/gnome).

Criteria:

I am interested in finding a GUI-based solution that meets these criteria:

  • Works on some flavor of Ubuntu 18.04 / bionic (bc I prefer LTS editions)
  • Decent user accessibility for lists of 50-100 users/groups (e.g. at least attempts to deal with non-trivial list size such as by having hotkey support, search filters, option to hide service accounts, or something else)
  • No issues running under root (e.g. via pkexec or whatever). Only mentioning this because I’ve run across a handful of apps before that flat-out refuse to run under root.

At this point, I’m just hoping somebody knows of an option that I don’t… I don’t particularly care if this is a nemo-specific tweak, a system configuration, some obscure build option, a different file manager/desktop environment, some external app that wraps a gui around chown (as long as I can throw it in a nemo-action and pass it the path), etc. Mostly just looking to avoid the extra runaround of launching terminal and typing out longer names by hand when I’m in a hurry.

* Also, when I say I am “running as root” / “running with elevated privileges”, I mean the option that appears in the nemo/nautilus UI rather than me launching directly with sudo / pkexec / etc.

Steps to view dialog issue:

  1. Create a folder named “test” on desktop or wherever that is owned by non-root account
  2. In Nemo, right-click > “Open as root” > enter password. Or for nautilus, run pkexec env DISPLAY=$ DISPLAY XAUTHORITY=$ XAUTHORITY nautilus to open with admin privileges.
  3. With the admin instance, right-click on the “test” folder > Properties > Permissions tab
  4. Observe that ALL the service accounts and groups are displayed with no means to filter them / no checkbox to hide them. Observe that pressing “R” in the drop-down does NOT jump to or select “root” (or whatever the first account starting with “R” is). In my case there’s something like 50 users displayed (3 of which are non-service accounts) and something like 80 groups displayed (8 of which are not related to service accounts). For me, this is an accessibility nightmare and it makes searching things out almost as painful as needing to launch the terminal and type it out by hand.

What I’ve tried:

I’ll follow-up if I find discover anything that works but so far, I have tried the following:

  • Permit was almost exactly what I am looking for except that it appears to require typing out the names instead of picking from a list/drop-down/etc. Unfortunately, I have absolutely zero GTK skills at the moment (although I might revisit this when I have more time if nobody has better suggestions).
  • Ubuntu 18.04.2/gnome – Couldn’t figure out how to run as root initially but pkexec env DISPLAY=$ DISPLAY XAUTHORITY=$ XAUTHORITY nautilus eventually worked. Not surprisingly, this seems to have the same issue as nemo.
  • Ubuntu 18.04.2/cinnamon – after installing cinnamon and running nemo as mentioned above, this doesn’t do what I am looking for.
  • Kubuntu 18.04 – Couldn’t find a way to launch dolphin as root so not able to test. User/Group fields were grayed out for me when running as the default non-root account on livedisc.

I have not yet tested other file managers (planning to test thunar but not really familiar with what all is out there).

Screenshot

The non-searchable drop-down with lots of entries and no hotkey support that appears in (admin/root/pkexec) nemo and nautilus > properties > Permissions tab.

Non-searchable drop-down with lots of entries and no hotkey support

Network manager goes bad after hot unplugging an external usb wifi adapter

While my Lubuntu 18.04 is connected to a wifi network via an external wifi adapter, I hot unplug the external wifi adapter.

Symptoms of the problem:

  1. When I plug the external wifi adapter back to my computer, no wifi network is detected, even though both networking and wifi are enbaled.

  2. The top process shown in the output of top is:

     PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND  1068 root      20   0 1029552   8060   4864 R  85.7  0.1  29:25.70 NetworkManager

    Trying to kill it by sudo kill 1068 or sudo service NetworkManager restart/stop or sudo systemctl restart/stop NetworkManager will result in hanging forever

    Trying to run any sudo command e.g. sudo pm-suspend will result in the same forever hanging

  3. The usb port on my laptop where the external wifi adapter was originally plugged in has also stop working for other external devices, unless I reboot my Lubuntu.

How can I solve the problem? Preferably not rebooting my Lubuntu.

How can I avoid the problem in the future? Is NetworkManager the culprit? Will some alternative be better and which ones?

Thanks.

Log:

This is part of /var/log/syslog around the time when the problem happened. (I unplugged a keyword to free up a usb port for a flash drive, and then unplugged the external wifi adapter, to free up a usb port for a printer, and then plugged it back. )

Is there any Password Manager that supports Hardware-Based OTP encryption/decryption?

I see that some projects like KeepassXC use CR based OTP to provide some additional security. While this is discussed quite controversial my opinion is that – for quite some cases (e.g. most non-targeted attacks as of today) – it can provide additional security over having “only” a secure master password.

However: if at one point in time the attacker has access to both, the response and the version of the data encrypted with it, then obviously this adds no additional security to the encryption. So, for targeted attacks or speciallized tools any local OTP method I could find (CR based or certificate based) add no additional security. They all share the same design-flaw: if an attacker has access to all local data (including memory) at some point in time it’s not much better then a simple secure master password. It only rises the attack complexity a bit.

I wonder if there are things in the works to eliminate this last (“design-wise”) attack surface so even if a system is completely compromised we can rely on physical dongles like Yubikey to protect the most sensitive data and have features like physical presence dection for actual encryption (not only authentication) at hand.

Obviously I make alot of assumtions here e.g.: that the transport between the hardware dongle and the CPU as well as any memory in between is “secure”. But that’s not my question.

So, just out of interest: are there any projects that aim for such things? E.g. by implementing asymetric encryption for local files where the encryption and decryption is completely offloaded to a plug-and-play hw dongle like Yubikey, possibly even using a OTP derived from the private key on the dongle?

Are there other methods / areas of research that discuss this topic or even working solutions?