smb

The whole point of ssh-agent is to remember your passphrase.

replace passphrase with private key and you're very correct.

passphrases used to login to servers using PasswordAuthentication are not stored in the agent. i might be wrong with technical details on how the private key is actually stored in RAM by the agent, but in the context of ssh passphrases that could be directly used for login to servers, saying the agent stores passphrases is at least a bit misleading.

what you want is:

• use Key authentication, not passwords
• disable passwordauthentication on the server when you have setup and secured (some sort of backup) ssh access with keys instead of passwords.
• if you always want to provide a short password for login, then don't use an agent, i.e. unset that environment variable and check ssh_config
• give your private key a password that fits your needs (average time it shoulf take attackers to guess that password vs your time you need overall to exchange the pubkey on all your servers)
• change the privatekey every time immediately after someone might have had access to the password protected privkey file
• do not give others access to your account on your pc to not have to change your private key too often.

also an idea:

• use a token that stores the private key AND is PIN protected as in it would lock itself upon a few tries with a wrong pin. this way the "password" needed to enter for logins can be minimal while at the same time protecting the private key from beeing copied. but even then one should not let others have access to the same machine (of course not as root) or account (as user, but better not at all) as an unlocked token could also possibly be used to place a second attacker provided key on the server you wanted to protect.

all depends on the level of security you want to achieve. additional TOTP could improve security too (but beware that some authenticator providers might have "sharing" features which could compromise the TOTP token even before its first use.

My theory is that you already have something providing ssh agent service

in the past some xserver environments started an ssh-agent for you just in case of, and for some reason i don't remember that was annoying and i disabled it to start my agent in my shell environment as i wanted it.

also a possibility is tharlt there are other agents like the gpg-agent that afaik also handles ssh keys.

but i would also look into $HOME/.ssh/config if there was something configured that matches the hostname, ip, or with wildcards* parts of it, that could interfere with key selection as the .ssh/id_rsa key should IMHO always be tried if key auth is possible and no (matching) key is known to the ssh process, that is unless there already is something configured...

not sure if a system-wide /etc/ssh/ssh_config would interfere there too, maybe have a look there too. as this behaviour seems a bit unexpected if not configured specially to do so.

news from msn...

https://www.entrepreneur.com/business-news/microsoft-ai-publishes-fake-news-on-msn-angers-the/464775

"MSN's editorial AI published stories from low-quality outlets that are patently untrue, […]"

maybe this is also just some cheap msn lies?

since bots are better at solving captchas and humanoid services exist that solve them, the only ones negatively affected by captchas are regular legitimate users. the bad guys use bots or services and are done. regular users have to endure while no security is added, and for the influx i guess it is much more like with the better lock on the front door: if your lock is a bit better than that of your neigbhour, theirs might be force-opened more likely than yours. it might help you, but its not a real but only relative and also very subjective feeling of 'security".

beeing slower than the wolves also isn't as bad as long as you are not the slowest in your group (some people say)... so doing a bit more than others always is a good choice (just better don't put that bar too low like using crowdsnakeoil for anything)

Cold fusion is right around the corner!

i thought they're already at "triple cold² fusion++" ;-)

yet these are never make it to market.

my personal favorite (but not a battery) were two different fake news about fans without any moving parts, one with electricity, conductors and shapes only, the other using ultrasonic somehow, how cool were these lies !!!

https://www.itnews.com.au/news/silent-microchip-fan-has-no-moving-parts-106236

"RSD5 is the culmination of six years of research by Dan Schlitz and Vishal Singhal of Thorrn Micro Technologies"

"Six years of research", such a cool "product" and now that linked thorrn domain is for sale, how bad!! the world will never profit from their super "cool" invention !!!

"today" other bladeless fans (based on ultrasonic freqs) were anounced: https://linustechtips.com/topic/1471374-not-a-big-fan-new-solid-state-cooler-can-blow-air-with-no-moving-parts/ ("Frore is expecting to start shipping units in Q1 of next year." which was news from 2022) but did you hear about that cool product beeing shipped yet? i would have, i'm somehow sure, but somehow i didn't. maybe the "units" they wanted to ship were just something else *lol That article also says: "Frore Systems hasn't announced any actual computers featuring its Airjet solid-state coolers. But the company is already in partnership with the likes of Intel […]" no actual result, but already partners like intel (intel, how does'nt that already fit !!)

The same nonexisting effect (fan without moving parts), abused (at least) twice. (i'll just ignore those "bladeless fans" here that officially just have hidden "propellers") but military says "twice" is already a scheme...

why should it be different for batteries?

if they produce batteries THAT good, they would never sell them but make them available only for rent, to maximise their(!) ROI (and not yours). so i guess it's yafn - yet another fake news. i might still be wrong however, but i also like to be on the safe side of predictions ;-)

a theory: the richies offsprings startups desperately need other lies than their parents and grandparents who already used up nearly all language-allowed possible lies (as well as nonverbal lies, just watch tv for a while to see it in action) to distract people, companies and govs to 'invest' in them instead of i.e. in the future or in the nation, thus new nonexistant technologies is what the richies offspring found best to be their lies about.

like i said:

maybe the root-cause is […] the total lack of any consequences

but you used much more words ;-)

"publicly traded" does not imply that consequences would be impossible.

i see the opposite is true.

one could make that "public trade" also "very" public as in ownerships could only be changed together with a public note of who that new owner of that share is in person and only like not allow ownership changes more than twice a week per person, making investment more profitable than parasitic high performance trade. also the current lack of consequences could be improved by making the shareholders personally responsible for everything that the company does, including going to jail when the ceo left the country to not go there.

that could include making those responsible who owned that company at the time of its crime, making trust in the company way more important than that they can cause damage to society in macroscope just to profit in microscopical bits.

this way the shareholders would have a at least one trigger to actually want to look into who that bullshittalker is they want to let into such a position of "their property"

society should take care who they let do things with "their property" too.

i believe such happens only bcs society lets people into such positions without checking them to be fit in any way for anything except them having a bank account for receiving millions and a lawyer to check contracts and tell them what they should not say in public and receive parts of these millions in return for changing their customers "pampers".

or maybe that brainfart was just part of a trip on randomly mind altering illegal substances? or maybe a brain tumor? or maybe a brain parasite? or maybe a parasite brain? or maybe just normal capitalism? or maybe a tumor that grows in society?

i guess we will never know for sure.

apple also killed productivity *lol but that has nothing to do with blackburied or ... *who the f is intel?

server: arm handy: arm desktop: amd laptop: amd

and happy with it, left intel 20years ago for at that time already obvious reasons why other companies products are better.

work notebook: impediment with a bitten fruit logo on it. i am very unhappy with its lack of stability/deterministic behaviour on even veery low basic things, and guess what, it also has an intel cpu... yeah (f**k), i unwillingly try to use that intel crap for work.

apple might have killed intel, but got infested with releasing crappy products on that path. what a gain!!! 🤦‍♀️

i'ld rather let a zombie go on walking than getting zombiefied while trying to stop it... but tbh its "only work" that is slowed down by the fruitlogozombie (well, am i zombiefied already?) at least that "bitten" part of its logo from now on makes fully sense to me 😁 😂

maybe the root-cause is less the publicly-traded part but rather the total lack of any consequences?

but yes i totally agree, any company publicly traded will get a payed-for-CEO after a while and latest at that point is where no problems are resolved any more, but instead are IMHO always created on purpose.

Having subscriptions for hardware

actually how i understand that model, the subscription would not be for the "hardware" (which you would still have to 'buy' and pay for all of its repairs by yourself) but only for the software which would actually block you from using your own hardware if you stop paying the then-later-by-them-to-be-definded-price for the 'licence' to use that software, rendering the hardware a useless piece of junkscrap whenever and as long as they whish or their cloud runs on MShitsoft or is maybe ClownStricken, MacAfff'ed, CEO'ed, CTO'ed, Shareholder'ed or such).

That f*up-idea is afaik explicitly NOT a renting model for hardware where they'ld had to make sure that it actually works before you have to pay the rent, but only a licensing software for that only software that is vendor-locked-in on that vendor-poisoned hardware.

As i know myself, i guess i'll discontinue to buy or suggest any of their stuff for a few decades from now, for that "idea" only.

Have a nice(r) day without logitech!

Only rate limiting is the effective option.

i doubt that. you could maybe ratelimit per IP and the abusers will change their IP whenever needed. if you ratelimit the whole service over all users in the world, then your service dies as quickly into uselessness as effective your ratelimiter is. if you ratelimit actions of logged in users, then your ratelimiting is limited by your ability to identify fake or duplicate accounts, where captchas are not helpful at all.

at the same expense of bots. they might be cheap, but i doubt that anyway, bots don't need sleep.

i was answering about that wording (that captchas were "not" about bots but about "stopping automated requests") and that automated requests "are" bots instead.

call centers are neither bots nor automated requests (the opposite IS their advantage) and thus have no relation to what i was specifically saying in reply to that post that suggested automated requests and bots would be different things in this context.

i wasn't talking about effectiveness of captchas either or if bots should be banned or not, only about bots beeing automated requests (and vice versa) from the perspective of the platform stopping bots. and that trying to use different words for things, (claiming like "X isn't X, it is really U!"* or automated requests aren't bots) does not change the reality of the thing itself.

*) unrelated to any (a-)social media platform

[…] reCAPTCHA […] isn’t to detect bots. It is more of stopping automated requests […]

which is bots. bots do automated requests and every automated request doer can also be called a bot (i.e. web crawlers are called bots too and -if kind- also respect robots.txt which has "bots" in its name for this very reason and bots is the shortcut for robots) use of different words does not change reality behind it, but may add a fact of someone trying something on the other.