Lastpass

19 replies [Last post]
dh99136751
Offline
Joined: 06/16/2011

Has anyone gotten the Lastpass Firefox plug in to work in Trisquel? When I try to set it up, I get the error message "An errror occurred while attempting to contact the server. Please check your internet connection."

Just wondering if anyone else has had better luck. This is one of two Firefox addons that I "must" have.

Thanks all,

dh99136751

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

This add-on is proprietary ( http://forums.lastpass.com/viewtopic.php?f=12&t=8 ). Do not expect any help from this forum.

SirGrant

I am a member!

I am a translator!

Offline
Joined: 07/27/2010

Banana I would put it differently. I'm sure you didn't mean it but it sounds kinda like you are throwing him under a bus (text online doesn't translate well). dh99136751 just registered today so lets teach and not scare away the new members.

To clarify Magic Banana's statement I think he means to say we can't give you any support on this particular last pass add-on because it is non-free not that we won't help you in general.

My personal recommendation is to especially not trust this add-on with your passwords for two reasons. Firstly, it is non-free software so no one can audit it and make sure it is secure or even see what it does. While unlikely it could easily send all your passwords to the FBI or any number of things. The second reason is because storing your data on someone else's server is dangerous. Especially something as important as passwords. As far as I can tell when you use this you are handing over your passwords to a company (encrypted or not) whose primary goal is $$ and looking out for you will always come second. I don't know if you have kept up with the news lately but there have been a lot of security breaches lately (e.g. sony, US Senate). You can easily store your passwords on your own computer.

I use a program called Revelation which you can find the package for here (http://packages.trisquel.info/slaine/revelation). I believe there is also a free password add-on but I have to check the license for it. I'll get back to you on that.

SirGrant

I am a member!

I am a translator!

Offline
Joined: 07/27/2010

Ok I just checked Secure Login (http://trisquel.info/en/browser/addons/secure-login) is a free software add-on. License checks out.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Thanks SirGrant for your clarification of my post! :-)

BinaryDigit
Offline
Joined: 11/30/2010

Completely agree with being careful about who you trust your passwords to, it's not just passwords now either. There's also the so called "cloud" services you can use to store your personal data, bookmarks and documents for free. Thousands of computer users are flocking to these services, but there's a storm brewing in the cloud.

For example, one of the leading cloud storage services is Dropbox. Dropbox were recently discovered to be misleading (aka lying to) their users by giving the impression files stored on their servers were encrypted and only accessible by the user who uploaded them. In fact, while the files are encrypted, they can be read by anyone with access to the encryption key and the Dropbox servers:

http://www.wired.com/threatlevel/2011/05/dropbox-ftc/

http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html

The problem was taken so seriously in the US, that the US governments' Federal Trade Commission (FTC) filed a complaint against Dropbox in the courts, for Deceptive Trade Practice (opens pdf):
http://www.wired.com/images_blogs/threatlevel/2011/05/dropbox-ftc-complaint-final.pdf

Mithrandir
Offline
Joined: 10/02/2010

Dropbox also promotes nonfree software via its daemon. For example, their Nautilus plugin is free software (GPL v3) but the plugin requires that it download the proprietary daemon.

dh99136751
Offline
Joined: 06/16/2011

Hey MB - I understand.
Sir G - Thank you much, for the links and the explanation(s).

I'm very excited about Trisquel GNU/Linux. Just came across it recently in Linux Format Magazine. This is also my first experience with a really free distro, so I didn't really think through the ramifications of installing prop ware. Bad habits die hard, but as long as they do go away and are replaced with good habits, it's worth the effort.

Cheers!

dh99136751

SirGrant

I am a member!

I am a translator!

Offline
Joined: 07/27/2010

Yeah no problemo. If you have anymore questions feel free to post.

Daniel Molina
Offline
Joined: 07/04/2009

> I'm very excited about Trisquel GNU/Linux. Just came across it recently in
> Linux Format Magazine. This is also my first experience with a really free
> distro, so I didn't really think through the ramifications of installing prop
> ware. Bad habits die hard, but as long as they do go away and are replaced
> with good habits, it's worth the effort.

Yeah! That's the way! I'm very happy you see it so clearly. :)

adherry

I am a member!

Offline
Joined: 04/19/2011

Would suggest using KeePass (v2 is available over ppa) together with syncany (http://www.syncany.org/) or anything else to sync.

(You can also extraencrypt it with truecrypt or something similar)

SirGrant

I am a member!

I am a translator!

Offline
Joined: 07/27/2010

Actually watch out for Truecrypt (http://fedoraproject.org/wiki/Forbidden_items#TrueCrypt). A lot of distros have banned it because while the upstream claims it is a "free software" project the license is really bad. I know Debian also has removed it. I believe despite their claims it is either non-free or most likely non-free.

teodorescup

I am a member!

Offline
Joined: 01/04/2011

According to comments on bugs.edge.launchpad.net the TrueCrypt has updated the license but It's unclear, to me at least, the degree of danger in using it.
From what I understand from the license, there is a trademark issue when you repackage it or redistribute it, but I don't have legal experience to pronounce myself.
Are there any news on this issue ?

Mithrandir
Offline
Joined: 10/02/2010

There's a great Ruby script that automagically converts a backed up LastPass .CSV file into an XML file KeePass can read.

https://gist.github.com/746077

To backup your passwords, go to Export>LastPass CSV File. Also run "sudo apt-get install libhtmlentities-ruby1.8" before you run the Ruby script, then change the "input_file" variable in the script to where your CSV file is.

BinaryDigit
Offline
Joined: 11/30/2010

Mozilla now have their own bookmarks, passwords and history sync service called Firefox Sync. It's installed by default in Firefox 4, and available as an extension for other Firefox versions.

Although I don't think these services are a good idea, Firefox Sync seems a better choice than some others. The security implementation appears to be better and the data is kept on Mozilla servers, which is a non-profit.

Firefox 4 with Sync
http://www.mozilla.com/en-US/mobile/sync/

The extension is released under the Mozilla Public Licence v.1.1, not sure that's compatible with the GPL:
https://addons.mozilla.org/en-US/mobile/addon/firefox-sync/

adherry

I am a member!

Offline
Joined: 04/19/2011

FF uses a Google Weave server for that, you can also use your own, even if its tricky to set up

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

It is indeed better because the data is encoded locally what means Mozilla cannot read them. You can check the source code! :-)

adherry

I am a member!

Offline
Joined: 04/19/2011

Maybe someone with some time could support syncany http://www.syncany.org/ which would be very good for syncing keepass files

BinaryDigit
Offline
Joined: 11/30/2010

Not sure that I fully understand what Syncany are trying to do .... seems like its just re-packaging existing cloud storage services.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

The data are encoded on the client side (no privacy problem), cut in pieces and sent to various storages (which can be yours!). Syncany reuses the Free Nautilus integration written by Dropbox but adds a versioning system that can even deal with file renaming.

Using a versioning system (bazaar, mercury, git, ...) on a server you own provides the same advantages but requires 1) a server (hardware + electric consumption), 2) the knowledge about how to setup it. For non-critical data (the online services may still ditch them!) such as backups, Syncany is a cool project.