Bitwarden had some security issues historically.

What security issues? If you mean potential security vulnerabilities researcher found that they’ve patched, I don’t understand how that would be different from Keepass and their previous security vulnerabilities. Bitwarden has never had a security issues historically that I know of. Lastpass, on the other hand…

I generally recommend using software for password managers that isn’t internet connected.

I also recommend they upload it to whatever cloud storage they use

I also really don’t get these two. They seem to contradict each other.

I usually recommend bitwarden, where they can use the browser extension and mobile phone app. It gives them autofill features on all their sites. Getting someone to change their passwords and use a password manager is already difficult enough. Giving them the most convenient option is going to make it more like they stick with it.

Being social is pretty similar to exercising. When you first try to do it after a while, it’s usually painful and not enjoyable. It isn’t until practicing and keeping at it that it will get easier and you can actually feel the benefits. Finding someone that you can actually share your hobbies with can go a long way, especially if they are able to give some sort of input as well that is beneficial to what you’re working on.

Yea, being able to and actually doing so are very different. Reading is the barrier to entry for most everything. Time and energy are the missing resources, though. I am a tech enthusiast, and I struggle to find time to do all the things I want.

Yea, telegram being advertised as a privacy messenger is a joke. If people want to have group chats like in discord and don’t care about privacy, whatever. But to try and flaunt how privacy focused you are while using your own home-brewed encryption is a joke. Not to mention the fact you have to turn it on for every chat you want end to end encrypted.

The whole thing about not giving out data is really only accomplished by spreading user data across several countries. So you would have to get a search warrant from every country to get the data, relying on some countries not wanting to cooperate with other countries. That is not real security. Real security would be encrypting it so you literally couldn’t give them the data, even if they had a search warrant. Ya know, like signal.

1. A password managed is basically like a physical vault. If someone gets into a physical vault, they’ve gained access to all your valuable items, but the vault is extremely difficult to get into.
2. Random websites do not prioritize security like they should. So when there is inevitably a breach in one of those 50 sites and you end up on haveibeenpwned.com, that does not allow them access to the other 49 sites. Often when logins are breached, the people getting that information do not care about the actual site that was breached. Rather, they know a password you use and your email, and can now try to login to actually useful sites where people often use the same login.
3. There should be multiple layers of security to your password manager. Password and Authenticator app should be basic (No SMS or Email 2FA, not secure enough). Ideally, we move towards passwordless logins altogether so there is no secret that can be compromised on the server side.

Why keepass and not Bitwarden? Wouldn’t bitwarden be more user friendly for trying to ease people into secure technologies?

Then why make this post in the first place?

The original post is technically correct on the topic of capitalization for “Earth”. When referring to the planet, it is a proper noun, thus capitalized. source

However, that is a pretty egregious use of a colon XD

This, to me, seems like the standardization vs optimization argument. So much of the tech world could be optimized like crazy, but the more complex it gets, the hard it is to communicate with others and keep things consistent. This complexity actually hinders production overall. Standardization, even if it’s not the most optimized, allows us to create vastly more complex and reliable systems because we can ensure we are all on the same page. Even if that standardization isn’t the best way to do it. I mean, if you want to talk about absolute control over your code, why don’t you write in assembly? Are all programming languages not virtually assembly with training wheels?

Writing in code that is not memory safe is going to mean you are substantially more likely to have mistakes that lead both to user annoyance and straight up security vulnerabilities. Having applications written in a memory safe languages, especially when worked on by large swaths of people, is absolutely the best route. It provides a secure standard way to write memory safe code. This will reduce security vulnerabilities, decrease program crashes, and allow for more efficient developers.

Changing a bike tire is something for a single person, maybe two at most. Writing code is often a team effort. And the more people that are involved, the more likely mistakes are going to happen. People absolutely can still learn the complexities, and still choose to use Rust because honestly, it’s the smart thing to do. And it doesn’t need to be rust. Any memory safe language would accomplish the same goal.

I listen to Steve Gibson’s podcast “Security Now” and he was talking about why, for security reasons, memory safe applications should be the way of the future. So many security vulnerabilities come from improper memory management. And while C may be more powerful, giving up some of that power for standardization is almost always worth it. We could make much more progress if we were spending less time trying to make sure the memory is handling correctly in every situation. So while there is no doubt the crazy fans of it, I think moving to memory safe languages in general should be the way of the future.

Of course, he still writes all his programs in assembly and refuses to learn anything else. But when you’re at his age, I guess you get a pass XD

I agree with you, but I do wish a lot of conservatives used chatGPT or other AI’s more. It, at the very least, will tell them all the batshit stuff they believe is wrong and clear up a lot of the blatant misinformation. With time, will more batshit AI’s be released to reinforce their current ideas? Yea. But ChatGPT is trained on enough (granted, stolen) data that it isn’t prone to retelling the conspiracy theories. Sure, it will lie to you and make shit up when you get into niche technical subjects, or ask it to do basic counting, but it certainly wouldn’t say Ukraine started the war.

What’s not to get? He made his password 7 asterisks. Funny, because it’s the same as mine.

I agree, but that… kind of seems like a blanket statement.

They’re saying the only way you can get the games legally is by buying them. But since the products aren’t made anymore, if it’s unavailable for purchase, it will be impossible for you to play (legally).

They were essentially trying to preserve vintage games with a library style check-out system of digital copies of the games you can play with an emulator. The ruling concluded that was not legal, since the preserved games were used for recreational use. As it stands, if the last physical copy of a game is lost, the only one that would legally have the game files would hypothetically be the original publisher (assuming they kept the original files) and it would be entirely up to the publisher how they shared it. If they decided to keep it to themselves, it would be lost to the public (by any legal means, at least).

Their argument doesn’t really make sense to me, though. I guess we should also ban any books that are used for recreational purposes. If a book is not a non-fiction textbook, someone might read it for fun, which is unacceptable. I think we should get rid of 1984 from all the libraries, since people might read it for enjoyment.

300 million AWS api calls costs $1.00. If they lost even 2 sales because people could just use HA instead, they 100% lost more money in subscriptions than the cost of AWS api calls

lol, I have no idea why someone down voted you.

But yea, the plural of code in the context of programming scripts is just code, but if you were to talk about codes like a code to get into a door pin-pad, it has an “s” at the end for plural. To be honest, I’m sure there’s plenty of native English speakers not in the tech world that would likely also call it “codes” when talking about programming.

When you said “I highly doubt it” in response to the first comment, what were you doubting? You comment does not seem to make sense in response to the comment. They said that the open source project has likely cost more money in lost subscription fee’s than in AWS API calls, and you said you doubt it?

Then the person replying to you said “The general population is very much influenced by the Home Assistant community” not that everyone knows about it. But your comment talks strictly about how commonly known things in the tech world are not commonly known in the general population (which I think is pretty commonly known in the tech world as well).

This comment chain does not seem to be talking about the same things.

I think it could definitely be possible to do locally, and I wouldn’t want a car where I have to connect to servers to connect to it. But I am also not sure I want a car that can be opened with a command on the car itself. The code to access your CAR being stored locally on the car itself, with no server side validation, does seem kinda scary. It’s one thing for someone to manage to get into your online login where you can change the password, it’s another for someone to literally be able to steal your car because they found a vulnerability. It being stored locally would mean people would reverse engineer it, they could potentially install a virus on your car to be able to gain access. Honestly, as a tech guy, I don’t trust computers enough to have it control my car.

Generally, an engineer wants their product to work well and work efficiently. They put effort into a product, and it feels good to see people benefit from that work. The ones making the decisions have money on their mind. If a FOSS version of their paid platform costs them too much money, they will shut it down. Not because it was the engineers decision, but because the one’s making the decision likely don’t even know what github is and just know it’s taking away that sweet subscription money.

Not the original commenter, but it seems they’re asking if lemmy is doing anything about imposters. These are all different characters: “Greek Ο (039F), Latin O (004F), and Cyrillic О (041E)” so someone could look like they have an official username, when really it’s a different unicode character. Nothing to do with the actual IDN part, but moreso about the “homograph” part, or even more accurately, homoglyph