Threads for lnplum

  1. 14

    Frankly, this doesn’t surprise me. LastPass had been giving us constant trouble when we switched to it from KeyPass X because we needed something that would allow sharing passwords in a team. Even the export when we wanted to stop using it was messy and we ended up with incomplete and broken plaintext files.

    We moved to BitWarden several years ago because it is an Open Source project and at the time 1Password’s team vault was a lot clunkier and the UX on Windows simply wasn’t there (tho I had heard a lot of praise from macOS users). Having recently had to use 1Password for a client I would still pick BitWarden over it but this feels like it’s more a matter of taste at this point. If you’re still on LastPass, I’d suggest trying out a few alternatives because they’re all vastly superior and more trustworthy.

    1. 1

      For personal use, I was always happy enough with lastpass so far. I’ve mostly stopped using form-fills on the phone anyway and manually copy-paste stuff, and the other stuff works as expected. I mean, there’s like 3 features: get me my password, save a new password and searching, sometimes. I know it’s not the most secure option around, but for basic use it’s safe enough, and for important-enough sites, I have multi-factor authentication anyway.

      But I had been thinking for quite a while now to change this for an open-source, self-hosted solution. The closest I got when they merged with logmein. I’m not not certain if it is worth my time, to run my own infrastructure. But I do think I’ll at least consider 1passwoird or bitwarden again.

    1. 17

      Someone did this manually on facebook: https://www.wired.com/2014/08/i-liked-everything-i-saw-on-facebook-for-two-days-heres-what-it-did-to-me/

      They got sent down a fascist rabbit hole in no time. While poisoning Google’s database sounds desirable, I’d also rather not be classified as a fascist.

      1. 3

        that’s what happens on pretty much any platform. By default you get trapped in right-wing propaganda. Especially true for youtube

        1. 0

          It worries me how meaningless those historically heavy terms have become. Of course I’m being a bit sarcastic, but it’s diluted to the point of “fascist [fash-ist] noun, a person who has clicked a bunch of ads” and if in the year 2049 the government takes browsing history into account to judge a person, I will go to jail, because I installed Ad Nauseam 5 years ago and forgot to turn it off.

          I’d also rather not be classified as a fascist.

          I sometimes worry about this too. Like with 4chan and the OK-Hand sign, context gets so painfully lost. Lines become blurred and doing mallice with those blurred lines becomes easy. Be it the fault of algorithm, person or both, something should be done about this. I complain and offer no solutions, so I am a bit of a hypocrite.

          As for Ad Nauseam, I think it’s really cool what was done here and being banned off Add-on stores really shows, that they successfully annoyed a good amount of people. Be it big Ad corpo or small artist’s blog being stripped of revenue, it created a good amount of discussion, that maybe this shouldn’t be the way the internet functions. Activism done damn right.

          1. 5

            a person who has clicked a bunch of ads

            But that’s not a definition, that’s a mechanism for getting categorized by algorithmic advertising as a person interested in content promoting fascism.

            Like with 4chan and the OK-Hand sign, context gets so painfully lost.

            “The OK-Hand sign being a dogwhistle was actually a 4chan prank” is the same kind of useless factoid as “tomatoes are actually a fruit not a vegetable”. Yes, it’s true, but it is inconsequential trivia. 4chan may have initially tricked some “liberals” into believing the OK-Hand sign is a hate symbol at a time when no hate group was using it that way. But very early on actual white supremacists started actually using it as a dogwhistle – at first ironically I’m sure (because some white supremacists do hang out on 4chan) but soon it spread to very offline white supremacists who just copied it because it was a thing they saw other white supremacists do and get excited about.

            There’s a difference between a teenager saying their mom is a fascist for making them clean up their room and calling people like Stefan Molyneux or Richard Spencer a fascist for promoting extreme sexism, white supremacy and violent racial power fantasies. Yes, fascism is a somewhat vague term but most of the alternatives are too euphemistic or only get at certain aspects of how the ideology is presented rather than the ideological underpinnings. Umberto Eco’s shopping list isn’t an all-or-nothing deal either.

            So yeah, calling a conservative fascist because they are a bit homophobic is a bit of a stretch, but insisting that people like Stefan Molyneux are not fascists because they don’t tick off every item on the fascism checklist is pedantic at best and directly aiding fascism at worst. It’s not like fascism is a coherent ideology to begin with, it’s more of a way to con a people to go against its own interests and submit to a Great Leader under the pretense of restoring some supposed former glory and claim to greatness while actually creating asphyxiatingly oppressive power structures and eliminating undesirables.

          1. 2

            MDN says

            The Symbol.isConcatSpreadable well-known symbol is used to configure if an object should be flattened to its array elements when using the Array.prototype.concat() method.

            I was like: “‘well-known’? I’ve never heard of this”. Then I went to the spec

            Well-known symbols are built-in Symbol values that are explicitly referenced by algorithms of this specification

            So, uhh, not probably most people’s definition of “well-known”, but it didn’t answer my real question: why does this exist? Who needs this? It just seems like a good source of surprising behaviour. Has anyone here ever had cause to use this symbol?

            1. 2

              If I had to guess, it’s probably an obscure part of the spec that was implemented in V8 just for completeness and the reason why it’s implemented so sloppily is exactly because it’s not well known in the literal sense. Maybe other JS engines implement it per-object rather than globally.

              1. 1

                FWIW “well-known” has a technical meaning in a few other places (e.g. “well-known” URLs are a subset of URLs that have certain implications if present, as used in domain validation for example) so it isn’t like the spec made that definition up.

              1. 1

                Won’t this cause problems for layout computations in client-side JS?

                1. 1

                  I think the most important skill of a programmer is the ability to learn.

                  Year over year this can mean

                  • knowing things you didn’t know last year
                  • not making the same kinds of mistakes you made last year
                  • understanding the difference between those kinds of mistakes

                  For example, if you’re new to async programming you may make entire categories of errors that wouldn’t happen to you if you have a solid grasp of what the code actually does because you wouldn’t write the kind of broken code that is causing those problems in the first place (and the problems were inevitable given how you wrote the code because it was based on a flawed understanding of what the code does).

                  You won’t stop making mistakes. If you no longer make mistakes that’s a good indicator you’re no longer learning because you’re no longer pushing the boundaries of your knowledge. You may want to make fewer mistakes but especially you don’t want to keep making the same mistakes – because making the same mistakes likely means you have some underlying knowledge gap that leads you to make those mistakes (or you simply don’t know how to avoid them – e.g. using the proper tooling rather than just winging it).

                  There are no reliable metrics. This is not only true for competence, btw, this is true for most things.

                  Frequency or speed in isolation is a garbage metric as it can be influenced by too many metrics that are unrelated to competence or skill. Salary is highly contextual ($100k in SF is unimpressive, $100k in most parts of Europe is obscene). Applying to companies like Google is neither (universally) desirable nor is acceptance a good indicator of competence (just of matching the specific criteria they have for consideration for a given role).

                  You can set goals or milestones for yourself but chances are when you start out you lack the actual knowledge to pick goals and milestones that are actually meaningful or relevant to you. If you do set milestones for yourself, you should not only reevaluate your performance but also the milestones themselves – feel free to adjust or replace them if you feel they were a mistake.

                  And don’t forget that your job is about more than just pushing buttons on a computer. The knowledge you want to gain is not only technical, you also need to understand the social aspects. How your users use your product, how your team members work together to create the product and how the product impacts society. And don’t forget taking care of yourself either: learn your limits and when to rest before your body forces you to rest.

                  So what is a good programmer? I’d say most importantly they’re a good person and they’re a learner.

                  I’m not sure this is the advice you were looking for, but after 25 years of learning to be a programmer this is all I can tell you.

                  1. 2

                    It’s extremely handy to have a ssh auth key in your pocket. I use a similar setup that amazingly works on Mac, Windows, Linux and OpenBSD (using GPG and a combo of pcscd / opensc).

                    As an alternative to Yubikey, checkout Nigrokey. The form factor isn’t as convenient, but they get the job done!

                    1. 4

                      oh man.. colemak noob typo - NitroKey

                      1. 2

                        Nigrokey

                        That typo sounds racist. I’m glad it’s not the real product’s name.

                        1. 2

                          Somewhat beside the point but I think that’s literally Italian for “black” (also Nigro seems to be an actual surname).

                        2. 1

                          Can you use the built-in openssh auth key stuff alongside gpg-agent for the other key types?

                          1. 1

                            Not sure. I don’t use them outside of gpg.

                          2. 1

                            The Nitrokey is really nice (I have two). They run the open source gnuk firmware, which can also run on many STM32 F103 boards. E.g., some people run gnuk on $2 Blue Pill boards.

                            http://www.fsij.org/doc-gnuk/