AlexanderESmith

Whoa there, I never have - and never would - suggest that anything should be protected by a single factor. Where are you getting that?

Authy sucks. It’s not just that the TOTP they send you might not be secure (SMS is easily exploited), it’s been shown that they’re leaking other personal data.

You don’t have to cobble anything together. As you say, self-hosted BitWarden is a good option. As for your “glue”, you should trust it more than a third party, since you know what went into yours, and its not a massive honeypot treasure trove.

Edit: I’ve been using “honeypot” wrong. It would actually be good if the hackers tried to hack one of those.

Who said you shouldn’t be able to access your backups remotely?

A lot of tools allow you to set up google drive, drop box, whatever. Yes, this brings you back to cloud, but it’s better to have a hacker wonder if some random google drive might have juicy auth data than know for sure that some SaaS platform absolutely does. Also, even if they got the file, it should be encrypted, and should be a massive pain to get into (at least long enough to change the passwords stored in the file).

The other (better) option is to have it back up to sftp (or similar), which you manage yourself on private servers. Normally this would be accessed through RSA and/or TOTP, but you can set up secure backup methods (combo any/all of; port knocking, long-password, human-knowable timed password, biometrics, security questions, other trusted humans that have some TOTP that can’t open your storage alone, etc).

Stop. Trusting. Cloud/SAAS. Security. Apps.

Don’t give them your passwords and private keys, because you can never know of they’re being stored responsibly, or who has access to them.

Don’t give them your personal details, they don’t care about protecting user anonymity.

Keep your keys and passwords in local, encrypted files, and generate your TOTPs locally.

“But that’s not convenient!” - It’s plenty convenient, find an app that supports your phone’s biometrics. There are plenty on both Android and iPhone that also work in Windows/MacOS/Linux.

“What if I lose my phone?” - Keep your files backed up. If you don’t do this, you deserve to get locked out. Fear of losing data is a good thing, it keeps you vigilant. Apathy gets you another of these stories.

There are plenty of apps that encrypt local storage for security keys and code generation. Stop allowing these tech bros to create honeypots catnip for hackers, and making you pay them for the privilege of being an easy target.

Edit: I’ve been using “honeypot” wrong. It would actually be good if the hackers tried to hack one of those.

It’s not harmful to tell average people who run windows to disable updates, because you can’t disable the updates as a single-license scrub.

(Theres usually some hacky bullshit to delay or block updates, but they break constantly and you have to keep finding new ones, because Microsoft thinks of their userbase as stupid babies who can’t be trusted with their own hardware).

Also, you live in your own personal slice of Windows control with your hundreds/thousands of systems being managed with group policies. I have no doubt that you don’t see issues, because your company chose a few models of laptop or desktop and know how they’ll react to the updates. You can turn off the annoying shit, and choose specific updates at specific times. Microsoft doesn’t want to piss off their corporate customers, especially the ones with massive spending contracts with Dell/HP/Lenovo.

Thing is, outside of you - and your groups of other corporate windows admins - the general user (with varied hardware/software configurations) don’t have the safety of catching issues on a few test machines and delaying a deploy to the fleet, or even the option to delay updates at all, and they’re screwed over constantly by random broken drivers, system setting that aren’t respected between updates, and bloat/backdoors that you can’t opt out of.

It is you who is being disingenuous, by suggesting that the windows update system has no flaws, because you operate in an extremely controlled environment with tons of safeguards and - ironically - way more autonomy.

lol “anymore”

Out of nowhere, I logged in like a month ago. Everything was still there (at least, my friends list was). Hadn’t logged in since the early 2000s. A few weeks later, I heard it was being shuttered. Weird.

85453462 . Burned into my memory forever.

Hey, I’ve been a Linux gamer for many, many years, and before Steam Deck it was exclusively on nVidia hardware (mostly because I also wanted CUDA cores for Blender).

We need to prepare for the future where there is no jobs and AI replaced all of them.

You seem to think that the natural extension of this is that everyone who used to have a job continues to flourish, and doesn’t die in the gutter because they have no money/shelter/food.

The naivity would be adorable, if it weren’t also extremely dangerous and playing directly into rich assholes’ plans to bleed everything dry for themselves.

LinkedIn is Facebook, if the people you follow could fire you for not being a total brown-nosing boot licker.

Well, the other option is an unemployable dipshit that needs somewhere to rant, thereby making themselves even less employable.

Yeah, I posted a knee-jerk reaction, then followed up with an edit that says exactly that. Congrats for being able to read.

Adding to the increased attention: it was Microsoft night at the ballpark, with thousands of fans in attendance with ties to the Redmond-based software giant.

Honestly, my gut tells me this was a stunt.

Edit: Yeah, this is BS; You can hear typing in the video. What, they have a hot mic in the booth? And the article straight up calls it a gimmick. Definitely a stunt.

Hell, the fact that XP is handling an ultra wide display is enough to call bullshit xD

heh, pulling out

This is fucked.

I worked in call centers for many years (technical support and sales). I need to hear the customer’s tone; ecstatic, livid, and everything in between. I sit on the other end, shut my mouth, and listen to the whole rant, then calmly offer suggestions. Do they scream some more? Maybe. Do I need to take it personally? Of course not.

It drives me fucking crazy when some dipshit customer service rep hears one swear word (not even directed at them, like “I hate this fuckin’ thing”, not “you’re a fuckin’ dumbass”) and start in on the “if you keep swearing at me, I’ll end the call”. Grow up, you work in a service industry, and your company probably fucked up.

My favorite calls were the ones where someone called to cancel and tore up their voice yelling about all the reasons our product was gabrage. Very, very roughly, about 15% of the time there was nothing I could do (even if I fixed the problem, they have lost faith and will get their money back, or sue trying, so I just refund and move on). Another 25% was me fixing the problem and offering a credit because we fucked up. About half the time, its something stupid and simple and they get their problem solved, and the rest of the time was some absolutely crazy broken shit that makes me work with someone two tiers above me for a few hours fixing it (for everyone, not just that caller), then the customer is so happy they renew everything for a year because they know they’re gonna get great support.

I loved those calls. They were the reason I kept showing up to work. I learned a ton in those jobs, and my favorite thing was hearing someone go from completely apoplectic to surprised and elated that everything was fixed.