[-] deong@lemmy.world 32 points 1 year ago

As an internal implementation detail, it's fine and pretty standard. Exposing it to the end user so that they have to know whatever janky-ass domain and capitalization you picked to run your application is braindead.

[-] deong@lemmy.world 19 points 1 year ago

Or just use their built in sync and sign in one time, and all your addons will be installed and enabled for you.

If your argument boils down to "none of the browsers are exactly pre-configured for me, one of the 7 billion not special people on the planet", I’m not sure there’s a productive conversation to be had here.

[-] deong@lemmy.world 15 points 1 year ago

I've been saying for a while now that the actual test should be that you miss a couple. If you can look at a this 4 nanometer picture of what is either a bird, a sofa, or the titanic, and correctly tell me if it has part of one pedal from a bicycle in it, you're a robot.

[-] deong@lemmy.world 15 points 1 year ago

I’m not sure “Twitter is not a backup service for your personal hard drive” is a point that needed to be made.

[-] deong@lemmy.world 20 points 1 year ago

I don't know anything about any of these people one way or the other, but if you believe her account and just think the timing is opportunistic, then do you not also believe the part of her account that's in, you know, the bigger more noticeable font at the top that says, "To stop the speculation and DMs I'm receiving...".

As in, "I quit two years ago and didn't say anything about it, but now this is all over the news and a million people keep asking and/or assuming things, so I guess I should address it".

[-] deong@lemmy.world 11 points 1 year ago

yeah, the smart teenager is going to be charging the adults in his life $50 to get their porn working again.

[-] deong@lemmy.world 13 points 1 year ago

You can set MAKEFLAGS in /etc/makepkg.conf to something like "-j8" (where "8" should be something like the number of cores you have or maybe number of cores minus one or two if you want to leave some CPU capacity available.

However, the build instructions for a specific package can override these defaults. You'd have to look at the resolve-davinci package files to see if it does that for some reason that might be important.

[-] deong@lemmy.world 10 points 1 year ago

Mostly you're paying so that never getting any resolution is someone else's fault.

[-] deong@lemmy.world 15 points 1 year ago

I'm a bitter, stagnant, arrogant old man. That this guy also can't write for shit is coincidental.

[-] deong@lemmy.world 106 points 1 year ago

It is unfathomable to me how Reddit isn't profitable.

Facebook makes a mint by telling advertisers, "trust us, we'll get your ads in front of people who might buy your product based on a lot of inference around their fairly generic profile data plus some tracking cookies". One guy should be able to sell a billion dollars worth of ads on Reddit. Just put up a form that says, "which subreddit do you want to advertise in?" and "what's your credit card number?". That's it. They have like 10,000 completely segmented markets just sitting there full of hundreds of millions of people who have self-selected to be members of those communities.

We spend hundreds of billions of dollars collectively trying to figure out which google search terms might find us a few more solid leads. Reddit has an amazing list of them for every company in the entire world. How in the everloving fuck have they managed to blindly bumble around for two decades without ever falling into the giant pile of money in front of them?

[-] deong@lemmy.world 19 points 1 year ago

I accept that I'm in the minority on these things, but I value simplicity really highly, and I mean "simple" as a very specific concept that's different from "easy". It can be harder to resolve library dependencies on a system where everything is installed using the native package manager and common file systems, but nothing is as "simple" as ELF binaries linking to .so files. Nested directories branching off of / is "simpler" than containers.

Do I have any practical reason for preferring things this way? Not really. There are some ancillary benefits that come from the fact that I'm old and I already know how to do more or less anything I need to do on a Unix system, and if you tell me I need to use flatseal or whatever, I'd rather just use users and groups and tools that have been fine for me for 25 years. But that's not really why I like things this way. I have no issue with embracing change when it otherwise appeals to me --I happily try new languages and tools and technology stacks all the time. What it really is is that it appeals to the part of my brain that just wants to have a nice orderly universe that fits into a smaller set of conceptual boxes. I have a conceptual box for how my OS runs software, and filling that box with lots of other smaller little different boxes for flatpack and pyenv and whatever feels worse to me.

If they solved practical problems that I needed help solving, that would be fine. I have no problem adopting something new that improves my life and then complaining about all the ways I wish they'd done it better. But this just isn't really a problem I have ever really needed much help with. I've used many Unix systems and Linux distributions as my full-time daily use systems since about 1998, and I've never really had to spend much effort on dependency resolution. I've never been hacked because I gave some software permissions it wouldn't have had in a sandbox. I don't think those problems aren't real, and if solving them for other people is a positive, then go nuts. I'm just saying that for me, they're not upsides I really want to pay anything for, and the complexity costs are higher than whatever that threshold is for me.

[-] deong@lemmy.world 15 points 1 year ago

A good password manager will be encrypted on device using your master password and only the encrypted data ever synced anywhere. So if Bitwarden gets hacked, and the worst case scenario happens, that means an attacker makes off with the complete contents of your vault. But all they have is an encrypted file. To decrypt it, they need your master password. Bitwarden doesn't have the keys to lose -- they only have the lock, and only you have the key. So an attacker would need to compromise Bitwarden (the company) to get access to the vault, and then separately, compromise you personally to get your master password (the key).

Alternately, they could try to brute-force the master password offline. If you think you could guess a user's password if you tried 100,000,000,000 guesses, and each guess took you 1 nanosecond, you could guess all hundred billion in a little under two minutes. Bitwarden uses techniques to make it intentionally very slow (slow if you're a CPU at least) to generate the hashes needed to compare a password. If it takes you 100,000 nanoseconds per guess instead, then instead of two minutes, it takes almost 4 months. Those numbers are completely made up, by the way, but that's the general principle. Bitwarden can't leak your actual passwords directly, because they never get them from you. They only get the encrypted data. And if an attacker gets the encrypted data, it will take them quite a bit of time to brute force things (if they even could -- a sufficiently good master password is effectively impossible to brute force at all). And that's time you can use to change your important passwords like your email and banking passwords.

One important realization for people to have is that none of us get to choose perfection here. You don't only have to worry about Bitwarden getting hacked. You also have to worry about you forgetting them. You have to worry about someone figuring out your "cryptic messages that only I understand" scheme. Security is generally about weighing risks, convenience, and impact and choosing a balance that works best for you. And for most people, the answer should be a password manager. The risks are pretty small and mitigation is pretty easy (changing your passwords out of caution if the password manager is breached), and the convenience is high. And because it's, as you put it, "a pain in the ass" to manage good unique passwords yourself, virtually no one actually does it. Maybe they have one or two good passwords, and rest are awful.

view more: next ›

deong

joined 1 year ago