Formerly /u/neoKushan on reddit

  • 2 Posts
  • 610 Comments
Joined 3 years ago
cake
Cake day: June 16th, 2023

help-circle



  • I generally agree with the sentiment but don’t pull by latest, or at the very least don’t expect every new version to work without issue.

    Most projects are very well behaved as you say but they still need to upgrade major versions now and again that contains breaking charges.

    I spebt an afternoon putting my compose files into git, setting up a simple CI pipeline and use renovate to automatically create PR’s when things update. Now all my services are pinned to specific versions and when there’s an update, I get a PR to make the change along with a nice change log telling me what’s actually changed.

    It’s a little more effort but things don’t suddenly break any more. Highly recommend this approach.




  • Kushan@lemmy.worldtoFediverse@lemmy.worldBe Wary of Bluesky
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    4
    ·
    3 days ago

    The main argument against bsky is that they’re still holding all of your data, unless you self host your own server.

    I don’t actually see how Lemmy is much different. Most users are not self hosting on Lemmy either, you’re trusting your data to a 3rd party. The main difference seems to be that there’s much more centralisation on bsky.

    I think it’s entirely reasonable to be wary of any service, be ready to delete your account if it goes to shit or whatever it is you need to do to feel safe.

    But right now, I like blue sky. I’ve had far more positive interactions on there than I ever had on twitter (even before musk took it over), the lists feature that lets you pre-emptively block entire swathes of dickheads is a game changer (I just block one group, anyone Maga) and I’m having a good time.

    I expect I’ll get downvoted for this but honestly I don’t care, the world has gone to shit far too much for me to give a crap about what internet strangers think over my own health and wellbeing and right now I’m having a good time and will not apologise for it.

    The second that stops, I’ll be leaving bsky.







  • From the paper itself:

    We had a video-conference and numerous email exchanges with Bitwarden. At the time of writing, they are well advanced in deploying mitigations for our attacks: BW01, BW03, BW11, BW12 were addressed, the minimum KDF iteration count for BW07 is now 5000, and their roadmap includes completely removing CBC-only encryption, enforcing per-item keys and changing the vault format for integrity. On 22.12.25 they shared with us a draft for a signed organisation membership scheme, which would resolve BW08 and BW09. At our request, to maintain anonymity, they have not yet credited us publicly for the disclosure, but plan to do so.

    I didn’t look at the response to other Password managers, but the gist here is that the article is overblowing the paper by quite a bit and the majority of the “issues” discovered are either already fixed, or active design decisions.