That "very definition" is used incorrectly by so many people, including you. When you're slapping it into a call to an encryption/decryption function, it's ALL effectively "something you know". A thumbprint hash is just data, so is a keyfile, so is the output of an RSA clock at any time. Security "experts" tried to model this off of physical security principles, but they don't translate over. That doesn't stop them all form parroting "something you know, something you have, and something you are hurr derp", though.
Something you HAVE and something you ARE need to be verified by some authority that controls access. It's like buying pseudoephedrine at the drug store. They ask for something you HAVE (your driver's license), and they verify it to a reasonable extent. Without an active arbiter, you can only use something you KNOW. Imagine buying pseudoephedrine on Amazon. That something you HAVE becomes something you KNOW because all you can do is type in your driver's license number, state, and expiration date. At the drugstore, they expect a physical card with a photo that looks like you and a magstripe that swipes with valid data. They can also physically see if you look like a tweaker who's got the shakes because they need another hit.
You can try to use automated arbiters, but they're vulnerable. A thumbprint scanner can be tricked into scanning a fake thumb or someone else's thumb, or it can be bypassed completely if you know the output it gives for your target thumb. A car with a breathalyser can be tricked by having someone else, or a raccoon, blow into it (that story was fake by the way - http://www.inquisitr.com/24605... ). Or, again, if you know what the breathalyser outputs on a good blow you can bypass it entirely.
You can try to use remote arbiters. A typical example is a security camera and a remote person monitoring and unlocking doors and shit. You can attack the camera, dress up as the target, put a photo of the empty hallway over the camera so that's all it sees, whatever. For an apartment gate/door with an intercom and a "buzz me in" system, you can pretend to be anyone to anyone who can buzz you in, or you can click the button a bunch and make the sound distorted and someone will just fucking buzz you in to make it stop, or you can always attack the gate.
Something you KNOW is the only thing you can use without an arbiter, because the mere knowledge of that thing is what constitutes valid access. Something you ARE and something you HAVE require an arbiter for verification, otherwise the mere knowledge of those things can be used to masquerade/forge the thing that you ARE/HAVE. Automated and remote arbiters are better than nothing, but their automation/remote nature make them less able to verify the ARE/HAVE to the same degree an active and present arbiter can.
The most common "two factor" authentication systems in place are RSA clocks and one-time passwords sent via SMS. No one verifies that you have and own that dongle with seed XYZ or that the specified phone number belongs to you. They verify that you know the code the dongle output or that you know the code they send you. Knowing either isn't very hard, and you can attack on either end.
RSA clocks: Attack the database that has the seeds and generate your own valid codes willy nilly. Steal the dongle. The easiest, however, is to pwn the target's device / MITM the target's network connection. When they're doing shit intercept the code and use it in your own attack (they all have pretty wide validity windows to account for clock skew, time for users to type it in, latency and processing time, etc.) This is why many places now require you two input two separate codes to disable the dongle - a victim will typically not provide 2 codes within a short time span. Of course this is pointless as the attacker can spoof a message to the victim s
There is no such thing as two-factor encryption for cold data.
Using a keyfile and a password is the same thing as using a complex password. You just know one and you have the other and you chain them. The same for using a password and thumbprint hash. Anyone who has the encrypted data and knows how it's encrypted can feed it the password and hash. These are functionally no different than a single complex password - there is nothing "two factor" about it. And in many cases this type of layering can make it much easier for attackers to break ur shit.
Consider someone using 7-Zip to encrypt their "Secret My Little Pony Costume Design" directory. 1 layer of encryption using "aj29dn(3nb1A3n+d,c^D" is much better than 4 layers using "aj29d", "n(3nb", "1A3n+", and "d,c^D". The smaller passwords will be cracked almost instantly, and each one gets them 25% of the way to your shit. The full password will take ages to crack and it has to be done all or nothing.
You only want to layer passwords if your password's entropy exceeds the length (in bits) of the output of your encryption algorithm (or really, length minus one bit). It's far more common to increase the number of rounds than it is to layer, but if you suspect an algorithm may be compromised it may make sense to use multiple layers with different algorithms. Layering also makes it easier to slap on plausible deniability and steganography.
Temporal passwords (RSA clocks) require a verification step by an arbiter. These are vulnerable to DoS attacks and MITM attacks, as well as all the usual "LOL HACKED UR DB AND GOT UR SHIT" attacks. Anyone with the seed of your particular authenticator app / dongle can generate those temporary codes and get access from the arbiter. These kinds of passwords aren't there to protect the actual stored data, but control access to it. Anyone who gets the data will be able to try to decrypt it as usual.
For a temporary password to be considered a secondary layer of encryption, the data must be decrypted (temp pw layer only) and reencrypted each time that temporary password changes, AND you must ensure all previous copies of the decrypted AND encrypted data are destroyed (you can't do this if you hand the decrypted file to the user for them to decrypt the inner layer). You generally don't do this for cold data, you do it for live communication across an untrusted channel, such as the itnernet.
KeePass IS better. It's far more functional and far more customizable. Throwing a KeePass database on Dropbox is secure even if Dropbox exposes the database.
I find it hilarious that you bitch about people who don't understand that LastPass's breaches meant nothing, yet you go on to imply that Dropbox's breaches are a problem for people using it for KeePass databases.
Wrong. Some barriers are good and some are bad. Having an opinion on which are good and bad doesn't make you a hypocrite, nor does following some and shitting on others.
I forgot that Slashdot would eat all the Mus (the squiggly ass u). Anytime you see a missing word or something in the above, picture a u but with a little dingleberry hanging off the back end.
No no no. We French fucks at SI dictate that G is for giga.
You can never use G for anything other than giga. g is for gram, but we don't use g for the base unit of mass, we arbitrarily use kg as the base unit for mass even though k is the prefix for 1000. However, 1000 kg isn't kkg, as our own rules dictate, but Mg, which is megagram. Note the capital M, we use big letters when we're scaling things up in magnitude and small letters when scaling them down.
Except for k, as noted previously, because K is for Kelvin. And also except for h and da. We'll gloss over h and da, as well as d and c, because we got drunk and included them even though every other prefix is based on powers of 1000. Yeah, we woke up next to da one morning and it wasn't pretty, I can't believe we included a prefix with two fucking letters when every other prefix is a single letter.
Back to M. M is MEGA and means 10^6, while m is milli and means 10^-3 (but M is also mass and m is also meter). Now, I know you thought that M being 10^6 would mean m was 10^-6, but it's not. (It's just not, okay?) For 10^-6 we use a u, but not a regular u that you can write or type easily, a squiggly ass Greek fuck of a u. This fucking guy: . Sure, we could have used u since it's not in use in any other base unit, dimension, or prefix, but fuck you, we're French.
But don't worry, is the only one like that, unless you count the dimension symbol for temperature, or the 2nd-tier named units where is for Ohm (we haven't used O but we were worried it might look like a 0 even though we dictate that you must put a space between quantities and units) while C is degree Celsius (because C is for coulomb).
Now, you might be thinking that we should have used c for coulomb and C for degree Celsius. I'm sure that capitalization led you to believe degree Celsius is named after someone whereas coulomb is not. In fact they are both named after people, but degree Celsius is the only named unit in the first or second tier of base units that has multiple words. We actually dictate that named units start with lower case letters except when any regular ass word would have its first letter capitalized, such as at the start of a sentence. However, since degree Celsius is two fucking words, we decided that Mr. Celsius would always be capitalized, just because. This left us with no choice but to use C for coulomb and C for degree Celsius. Of course when pluralizing degree Celsius we go to degrees Celsius, not degree Celsiuses, even though "degree Celsius" as a whole is the fucking term.
Where was I? Ah, yes, the . Don't worry, after we go to n, which is for nano, or 10^-9. This is the counterpart to G (for giga) which, as I explained previously, is only for giga and not the universal gravitational constant, so please get it right. It's all so simple and consistent!
Dave420 comes out to be completely wrong yet again.
Culture comes from the Latin cultura, which is all about agriculture. See cultivation.
By definition, a culture is something that is cultivated - something that is encouraged, fostered, or tended to in order to ensure its growth or preservation. A "counterculture" would be something counter to a culture. Seeking to preserve a "counterculture" means you are seeking to cultivate it, which would make it a culture, not a "counterculture".
No, encrypt it locally with keys only in your brain.
Alternatively, encrypt it locally with keys only on your computer / in your possession, then encrypt those keys with keys only in your brain. This method lets you manage more unique keys than you can fit in your brain.
No, because he didn't disrupt the network. He just spammed the blockchain a bit. No transactions were forged, interrupted, or otherwise fucked with. Just a few extra megs to store the full blockchain for those running full nodes.
"User Acceptance Testing" is the birth of UXtadation. It's focused on users blindly using a thing with no training and assessing how they feel. It provides very little testing coverage of the thing in question and serves only to waste time by dancing to the fickle users who don't even know what they're being asked to do.
"Counterculture"? Is that something that runs counter to your culture? Why would you want to keep that? By definition, that which is preserved and fostered, or "cultured", IS "culture".
Uh, 'big iron" means mainframes. As in hot swapping RAM and CPUs, uptime measured in decades, paying the old guy a lot of money cuz he's the only one who knows how it works, etc.
A: Ask accounting for an account number, throw it on the form, and Dell ships. Dell expects your accounting department to balance the account (pay for it with a bank transfer) within 30 days. If you placed the order, the account manager will call your extension and say "Hey, Dell wants their money. Did we get that thing we ordered?". If you say "Yup!" Dell gets paid. If you say "Nope, we never got it." Dell doesn't get paid. If you say "We got it, but it's fucked up." or "They sent the wrong thing." Dell doesn't get paid until they fix it.
B: Finance and pay monthly via credit card, granting you all the protections you need.
You can't cache live, "personalized" content. More and more of the web is becoming a constant stream of shit with ads and tracking tacked on. You can't cache this. The solution is to block the ads and trackers. Users WANT the constant stream of shit. The remaining static content is a drop in the bucket, and any decent browser already caches it, nothing special to do on the server/network side.
MOOC is not a commonly used term. The ones you mentioned are. Do you understand the difference?
Do you understand the difference between publishing a summary on CNN and publishing on a site where MOOC should be as commonly known as a term like SSD? If you are even remotely part of the IT industry, it is very unlikely that MOOC is a term you are unfamiliar with.
In terms of common usage, I would put MOOC in the same category as a term like UAT. Unfortunately google disagrees with me, since it appears MOOC is twice as commonly used as UAT (another term no one here should be hearing for the first time).
Fuck off with your prescriptions as to what acronyms every person "even remotely part of the IT industry" should know. I only know MOOC because it's a shitty buzzword. I didn't know what UAT was because there are dozens of possible meanings, and the likely meaning you're referring to is related to "UX" bullshit where you talk about the user's feelings as they use a program blind.
IPMI interfaces with hardware and knows nothing of the OS. If you're using IPMI to mess with your OS, then your vendor has implemented hooks into your specific OS in their specific BMC/iLO/iDRAC/whatever controller, which you can access via their tools, a web portal, etc. Their iLO/iDRAC/whatever also implements IPMI, which you can access via free and open IPMI tools as well as their proprietary tools.
IPMI 2.0 includes serial over LAN, but that's text only console redirection. If you want graphical console redirection, you need to use a proprietary tool from your vendor, your server's BMC has to support it , and you have to pay for the license for it. Dell calls their IPMI implementation "iDRAC", and every motherboard always has the latest BMC capable of doing whatever, but you have to license iDRAC, iDRAC Pro, iDRAC Enterprise, etc. The cheapest option when buying a server is iDRAC Express, which gives you IPMI and none of their proprietary shit. You get power on, off, cycle, read the (hardware) system event log, configure the network settings of the BMC, and console redirection to a serial port. For Dell, you also have to enable redirection via COM2 in the BIOS if you want serial over LAN.
IPMI doesn't touch the fucking OS. IPMI lets you build tools to do that, but that basically means spotty support for Windows servers. If you're running graphical Linux, you need graphical console redirection, as Guspaz does:
SSH is my primary interface to the server, but sometimes you've got to get on a box locally, like if you mess up something network related, or you mess up a change to grub, or who knows what. It's not common, but I don't have a serial terminal, so having video output when needed is very important.
The only ways to get graphical console redirection are to use a hardware solution connected to video ports or to use proprietary vendor shit. IPMI does not do this. IPMI console redirection is text only. Read the spec.
Then those credentials would be in a compiled binary. The proper way to do credentials is to supply them by hand when a server/service starts up. Yes, that means physical, human intervention every time the server/service restarts.
Yet you can't do what the OP said he needed the video out for - fix OS configuration issues.
UNLESS your mobo manufacturer developed/bought a chip and software to do that for your specific OS, AND included it for your mobo/license, AND they actively maintain it to make sure it actually works. OR that chip is embedded into the CPU (such as Intel's backdoor suite with an ever-changing name), AND your mobo/BIOS/UEFI exposes it, AND it works for your OS, AND you're properly licensed for it (typically built into the cost of the mobo).
The closest you'll get in the real world is a chipset that pipes keyboard, mouse, and video (graphical console) over LAN. Dell charges a buttload to license this, it only works with the built-in Intel GPU as far as I know, and you're stuck with a shitty Java web portal. You can't really call this IPMI.
It's DDR3 being shuffled off the stage because DDR4 is now well-established. Prices for DDR3 will bottom out and then shoot back up and plateau, and you won't care until you need to upgrade an old system.
That "very definition" is used incorrectly by so many people, including you. When you're slapping it into a call to an encryption/decryption function, it's ALL effectively "something you know". A thumbprint hash is just data, so is a keyfile, so is the output of an RSA clock at any time. Security "experts" tried to model this off of physical security principles, but they don't translate over. That doesn't stop them all form parroting "something you know, something you have, and something you are hurr derp", though.
Something you HAVE and something you ARE need to be verified by some authority that controls access. It's like buying pseudoephedrine at the drug store. They ask for something you HAVE (your driver's license), and they verify it to a reasonable extent. Without an active arbiter, you can only use something you KNOW. Imagine buying pseudoephedrine on Amazon. That something you HAVE becomes something you KNOW because all you can do is type in your driver's license number, state, and expiration date. At the drugstore, they expect a physical card with a photo that looks like you and a magstripe that swipes with valid data. They can also physically see if you look like a tweaker who's got the shakes because they need another hit.
You can try to use automated arbiters, but they're vulnerable. A thumbprint scanner can be tricked into scanning a fake thumb or someone else's thumb, or it can be bypassed completely if you know the output it gives for your target thumb. A car with a breathalyser can be tricked by having someone else, or a raccoon, blow into it (that story was fake by the way - http://www.inquisitr.com/24605... ). Or, again, if you know what the breathalyser outputs on a good blow you can bypass it entirely.
You can try to use remote arbiters. A typical example is a security camera and a remote person monitoring and unlocking doors and shit. You can attack the camera, dress up as the target, put a photo of the empty hallway over the camera so that's all it sees, whatever. For an apartment gate/door with an intercom and a "buzz me in" system, you can pretend to be anyone to anyone who can buzz you in, or you can click the button a bunch and make the sound distorted and someone will just fucking buzz you in to make it stop, or you can always attack the gate.
Something you KNOW is the only thing you can use without an arbiter, because the mere knowledge of that thing is what constitutes valid access.
Something you ARE and something you HAVE require an arbiter for verification, otherwise the mere knowledge of those things can be used to masquerade/forge the thing that you ARE/HAVE. Automated and remote arbiters are better than nothing, but their automation/remote nature make them less able to verify the ARE/HAVE to the same degree an active and present arbiter can.
The most common "two factor" authentication systems in place are RSA clocks and one-time passwords sent via SMS.
No one verifies that you have and own that dongle with seed XYZ or that the specified phone number belongs to you. They verify that you know the code the dongle output or that you know the code they send you. Knowing either isn't very hard, and you can attack on either end.
RSA clocks: Attack the database that has the seeds and generate your own valid codes willy nilly. Steal the dongle. The easiest, however, is to pwn the target's device / MITM the target's network connection. When they're doing shit intercept the code and use it in your own attack (they all have pretty wide validity windows to account for clock skew, time for users to type it in, latency and processing time, etc.) This is why many places now require you two input two separate codes to disable the dongle - a victim will typically not provide 2 codes within a short time span. Of course this is pointless as the attacker can spoof a message to the victim s
There is no such thing as two-factor encryption for cold data.
Using a keyfile and a password is the same thing as using a complex password. You just know one and you have the other and you chain them.
The same for using a password and thumbprint hash. Anyone who has the encrypted data and knows how it's encrypted can feed it the password and hash.
These are functionally no different than a single complex password - there is nothing "two factor" about it. And in many cases this type of layering can make it much easier for attackers to break ur shit.
Consider someone using 7-Zip to encrypt their "Secret My Little Pony Costume Design" directory.
1 layer of encryption using "aj29dn(3nb1A3n+d,c^D" is much better than 4 layers using "aj29d", "n(3nb", "1A3n+", and "d,c^D". The smaller passwords will be cracked almost instantly, and each one gets them 25% of the way to your shit. The full password will take ages to crack and it has to be done all or nothing.
You only want to layer passwords if your password's entropy exceeds the length (in bits) of the output of your encryption algorithm (or really, length minus one bit).
It's far more common to increase the number of rounds than it is to layer, but if you suspect an algorithm may be compromised it may make sense to use multiple layers with different algorithms. Layering also makes it easier to slap on plausible deniability and steganography.
Temporal passwords (RSA clocks) require a verification step by an arbiter. These are vulnerable to DoS attacks and MITM attacks, as well as all the usual "LOL HACKED UR DB AND GOT UR SHIT" attacks. Anyone with the seed of your particular authenticator app / dongle can generate those temporary codes and get access from the arbiter.
These kinds of passwords aren't there to protect the actual stored data, but control access to it. Anyone who gets the data will be able to try to decrypt it as usual.
For a temporary password to be considered a secondary layer of encryption, the data must be decrypted (temp pw layer only) and reencrypted each time that temporary password changes, AND you must ensure all previous copies of the decrypted AND encrypted data are destroyed (you can't do this if you hand the decrypted file to the user for them to decrypt the inner layer). You generally don't do this for cold data, you do it for live communication across an untrusted channel, such as the itnernet.
KeePass IS better. It's far more functional and far more customizable.
Throwing a KeePass database on Dropbox is secure even if Dropbox exposes the database.
I find it hilarious that you bitch about people who don't understand that LastPass's breaches meant nothing, yet you go on to imply that Dropbox's breaches are a problem for people using it for KeePass databases.
"Never attribute to conspiricity that which is adequately explained by stupidity."
That's what they want you to think.
Instructions unclear. Decorative photos tastefully hung on wall. Please send help.
Wrong. Some barriers are good and some are bad. Having an opinion on which are good and bad doesn't make you a hypocrite, nor does following some and shitting on others.
He's referring to defining an average driving profile, then testing cars using that profile, not testing cars in order to determine average emissions.
I forgot that Slashdot would eat all the Mus (the squiggly ass u).
Anytime you see a missing word or something in the above, picture a u but with a little dingleberry hanging off the back end.
No no no. We French fucks at SI dictate that G is for giga.
You can never use G for anything other than giga. g is for gram, but we don't use g for the base unit of mass, we arbitrarily use kg as the base unit for mass even though k is the prefix for 1000. However, 1000 kg isn't kkg, as our own rules dictate, but Mg, which is megagram. Note the capital M, we use big letters when we're scaling things up in magnitude and small letters when scaling them down.
Except for k, as noted previously, because K is for Kelvin. And also except for h and da. We'll gloss over h and da, as well as d and c, because we got drunk and included them even though every other prefix is based on powers of 1000. Yeah, we woke up next to da one morning and it wasn't pretty, I can't believe we included a prefix with two fucking letters when every other prefix is a single letter.
Back to M. M is MEGA and means 10^6, while m is milli and means 10^-3 (but M is also mass and m is also meter). Now, I know you thought that M being 10^6 would mean m was 10^-6, but it's not. (It's just not, okay?) For 10^-6 we use a u, but not a regular u that you can write or type easily, a squiggly ass Greek fuck of a u. This fucking guy: . Sure, we could have used u since it's not in use in any other base unit, dimension, or prefix, but fuck you, we're French.
But don't worry, is the only one like that, unless you count the dimension symbol for temperature, or the 2nd-tier named units where is for Ohm (we haven't used O but we were worried it might look like a 0 even though we dictate that you must put a space between quantities and units) while C is degree Celsius (because C is for coulomb).
Now, you might be thinking that we should have used c for coulomb and C for degree Celsius. I'm sure that capitalization led you to believe degree Celsius is named after someone whereas coulomb is not. In fact they are both named after people, but degree Celsius is the only named unit in the first or second tier of base units that has multiple words. We actually dictate that named units start with lower case letters except when any regular ass word would have its first letter capitalized, such as at the start of a sentence. However, since degree Celsius is two fucking words, we decided that Mr. Celsius would always be capitalized, just because. This left us with no choice but to use C for coulomb and C for degree Celsius. Of course when pluralizing degree Celsius we go to degrees Celsius, not degree Celsiuses, even though "degree Celsius" as a whole is the fucking term.
Where was I? Ah, yes, the . Don't worry, after we go to n, which is for nano, or 10^-9. This is the counterpart to G (for giga) which, as I explained previously, is only for giga and not the universal gravitational constant, so please get it right. It's all so simple and consistent!
Dave420 comes out to be completely wrong yet again.
Culture comes from the Latin cultura, which is all about agriculture. See cultivation.
By definition, a culture is something that is cultivated - something that is encouraged, fostered, or tended to in order to ensure its growth or preservation.
A "counterculture" would be something counter to a culture. Seeking to preserve a "counterculture" means you are seeking to cultivate it, which would make it a culture, not a "counterculture".
No, encrypt it locally with keys only in your brain.
Alternatively, encrypt it locally with keys only on your computer / in your possession, then encrypt those keys with keys only in your brain. This method lets you manage more unique keys than you can fit in your brain.
No, because he didn't disrupt the network. He just spammed the blockchain a bit. No transactions were forged, interrupted, or otherwise fucked with. Just a few extra megs to store the full blockchain for those running full nodes.
"User Acceptance Testing" is the birth of UXtadation. It's focused on users blindly using a thing with no training and assessing how they feel. It provides very little testing coverage of the thing in question and serves only to waste time by dancing to the fickle users who don't even know what they're being asked to do.
Design, develop, test, document, train, use, repeat.
"Counterculture"? Is that something that runs counter to your culture? Why would you want to keep that?
By definition, that which is preserved and fostered, or "cultured", IS "culture".
Uh, 'big iron" means mainframes. As in hot swapping RAM and CPUs, uptime measured in decades, paying the old guy a lot of money cuz he's the only one who knows how it works, etc.
When you're spending that much money you either:
A: Ask accounting for an account number, throw it on the form, and Dell ships. Dell expects your accounting department to balance the account (pay for it with a bank transfer) within 30 days. If you placed the order, the account manager will call your extension and say "Hey, Dell wants their money. Did we get that thing we ordered?". If you say "Yup!" Dell gets paid. If you say "Nope, we never got it." Dell doesn't get paid. If you say "We got it, but it's fucked up." or "They sent the wrong thing." Dell doesn't get paid until they fix it.
B: Finance and pay monthly via credit card, granting you all the protections you need.
You can't cache live, "personalized" content.
More and more of the web is becoming a constant stream of shit with ads and tracking tacked on. You can't cache this.
The solution is to block the ads and trackers. Users WANT the constant stream of shit. The remaining static content is a drop in the bucket, and any decent browser already caches it, nothing special to do on the server/network side.
http://www.sciencedaily.com/re...
Sure it does. Depends on how fast you spin it and for how long.
MOOC is not a commonly used term. The ones you mentioned are. Do you understand the difference?
Do you understand the difference between publishing a summary on CNN and publishing on a site where MOOC should be as commonly known as a term like SSD? If you are even remotely part of the IT industry, it is very unlikely that MOOC is a term you are unfamiliar with.
In terms of common usage, I would put MOOC in the same category as a term like UAT. Unfortunately google disagrees with me, since it appears MOOC is twice as commonly used as UAT (another term no one here should be hearing for the first time).
http://www.acronymfinder.com/M...
http://www.acronymfinder.com/U...
Fuck off with your prescriptions as to what acronyms every person "even remotely part of the IT industry" should know.
I only know MOOC because it's a shitty buzzword. I didn't know what UAT was because there are dozens of possible meanings, and the likely meaning you're referring to is related to "UX" bullshit where you talk about the user's feelings as they use a program blind.
ONE?
Everyone knows you have to go through 7 proxies.
IPMI interfaces with hardware and knows nothing of the OS. If you're using IPMI to mess with your OS, then your vendor has implemented hooks into your specific OS in their specific BMC/iLO/iDRAC/whatever controller, which you can access via their tools, a web portal, etc. Their iLO/iDRAC/whatever also implements IPMI, which you can access via free and open IPMI tools as well as their proprietary tools.
IPMI 2.0 includes serial over LAN, but that's text only console redirection. If you want graphical console redirection, you need to use a proprietary tool from your vendor, your server's BMC has to support it , and you have to pay for the license for it. Dell calls their IPMI implementation "iDRAC", and every motherboard always has the latest BMC capable of doing whatever, but you have to license iDRAC, iDRAC Pro, iDRAC Enterprise, etc. The cheapest option when buying a server is iDRAC Express, which gives you IPMI and none of their proprietary shit. You get power on, off, cycle, read the (hardware) system event log, configure the network settings of the BMC, and console redirection to a serial port. For Dell, you also have to enable redirection via COM2 in the BIOS if you want serial over LAN.
IPMI doesn't touch the fucking OS. IPMI lets you build tools to do that, but that basically means spotty support for Windows servers.
If you're running graphical Linux, you need graphical console redirection, as Guspaz does:
SSH is my primary interface to the server, but sometimes you've got to get on a box locally, like if you mess up something network related, or you mess up a change to grub, or who knows what. It's not common, but I don't have a serial terminal, so having video output when needed is very important.
The only ways to get graphical console redirection are to use a hardware solution connected to video ports or to use proprietary vendor shit. IPMI does not do this. IPMI console redirection is text only. Read the spec.
Then those credentials would be in a compiled binary.
The proper way to do credentials is to supply them by hand when a server/service starts up.
Yes, that means physical, human intervention every time the server/service restarts.
Yet you can't do what the OP said he needed the video out for - fix OS configuration issues.
UNLESS your mobo manufacturer developed/bought a chip and software to do that for your specific OS, AND included it for your mobo/license, AND they actively maintain it to make sure it actually works. OR that chip is embedded into the CPU (such as Intel's backdoor suite with an ever-changing name), AND your mobo/BIOS/UEFI exposes it, AND it works for your OS, AND you're properly licensed for it (typically built into the cost of the mobo).
The closest you'll get in the real world is a chipset that pipes keyboard, mouse, and video (graphical console) over LAN. Dell charges a buttload to license this, it only works with the built-in Intel GPU as far as I know, and you're stuck with a shitty Java web portal. You can't really call this IPMI.
It's DDR3 being shuffled off the stage because DDR4 is now well-established.
Prices for DDR3 will bottom out and then shoot back up and plateau, and you won't care until you need to upgrade an old system.