Lastpass was hacked and might have lost control of some data https://blog.lastpass.com/posts/2022/12/notice-of-security-incident
1Pass hasn’t been hacked directly, but they were affected by the Okta https://blog.1password.com/okta-incident/
(One of the most common vectors for hacks is through your vendors - see Target https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/)
Dropbox had an unauthorized access, but the seemed on top of it. https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
Dropbox also has had a more significant data breech, but a while ago. https://www.twingate.com/blog/tips/dropbox-data-breach#
Overview of all password manager breeches! https://bestreviews.net/which-password-managers-have-been-hacked/
Storing Drivers Licence: Was answered elsewhere. Bottom line… Bitwarden seems like it can store other types of data. Note that I don’t use Bitwarden yet, but have experience with Enpass and 1Pass, both of which can store all sorts of data.
Why separate storage if Bitwarden is E2EE? You are placing all your trust in a single organization - Bitwarden. If they get hacked, then it is possible for the hackers to poison their software to deliver master passwords (hacks of s/w repositories has happened). I prefer to separate encryption from storage so a hack in both is required to get my data. Note that I do the same for offsite backups to Glacier/S3. I use Arq to do the backup and encrypt the files, then send them to S3 for storage.
The 2023 IBM Report on Cost of Data Breeches indicated that the average time for a company to discover a breech is about 200 days, and on average another 70 days to remediate. That keeps me up at night in my day job as security dude.
Good to know, thanks. I haven’t actually started looking for the Enpass replacement yet, but it sounds like Bitwarden will be a lead contender.
Fair comment, although due to the distributed nature of our implementation we are unlikely to lose services. All Vaults are stored locally on all devices.
Having said that - the copy of the vault on the Mac is backed up with TimeMachine.
[I’ve been a greybeard sysadmin and use 3,2,1 even at home]
My approach to this is as follows:
- the password manager is probably the most important and often used piece of software I own. We (wife and I share the vault) store everything important/private in there - bank details, hundreds of passwords, passport details, drivers licence etc. It is used many times a day by us both.
- Loss of control of this data would be catastrophic, so I took its security very seriously.
- No one company can be trusted with our data, because they all get hacked or make mistakes at some point.
I’m the security dude for a cloud service provider in my day job, so my goal was to use Separation of Concerns to manage my passwords. I therefore split the software from the storage, choosing software from one company, and storage from a second company. That way, it requires a failure on both parties at the same time for me to lose control of all the data.
I used to use OnePass for the software, storing the data in Dropbox. But then they removed that option, so I switched to Enpass. Data is stored in a vault on the local device and synced to a folder on Dropbox, which we both have access to from all our devices (Mac’s, iPads, iPhones). The vault is encrypted using our master password and Dropbox only sees an encrypted file. Enpass provides software that runs locally and doesn’t get a copy of my vault file.
If Dropbox has another failure and the vault gets out, then that is not a problem as long as Enpass have properly encrypted it. If Enpass has a bug making the vaults crackable - again it’s not a problem as long as Dropbox doesn’t lose control of my vault file. I update Enpass, the vault gets fixed and life goes on.
Enpass is very usable, but buggy. It crashes every night (requiring me to start it again and log in), and often loses connection to Safari and wont re-establish it. It got better with a previous update, but has got unreliable again. I’m about to look for another.
Cheers.
If you did get a seriously large lump of cash… after a settling in period a lot of changes will happen, and you will be happy they did (IMHO).
The reason is that one of the biggest gifts that wealth gives you is TIME. A lot of the day to day crap that the rest of us need to deal with just evaporates. No need to shop (there are people for that). Want to travel… people will organise everything. There will be no waiting in lines at airports, at restaurants, at government offices… there are people for that. Someone to clean, someone to pick up the kids (unless you want to of course), someone to cook, holidays on a fuck-off huge yacht with crew to manage everything, or just to zip to Paris for the weekend.
You will probably really appreciate not having to deal with most of that crap. Also, while you probably don’t want a stupid large house, you do want privacy and so will want to get a house on 1000 acres in a gorgeous landscape (plus perhaps apartments in various cities that you like).
Imagine moving from a food insecure lifestyle to a secure lifestyle where food, safety, housing is always there. Would you want to keep your old food-insecure lifestyle? No. Same with going from a food secure lifestyle to a time-and-resource abundant lifestyle.
Yeah, started working for me a few hours later.
And clicking on the activation link again shows »too many tries »
I signed up, got the activation email, clicked on that which took me to the login page.
Logging in shows me a message that I am not activated.
Weird.
Yes! This bugs the hell out of me. Chrome works perfectly, but I would prefer safari.
Also - if you turn the office webpage into an app in safari and Chrome, only Chrome works.
I’d love to know how to fix it.
I second the advice to switch to a different/previous/known good kernel. That has been the cause a most boot problems for me. I just had it happen on a VM a couple of weeks ago, so I switched to the old kernel, then removed the new kernel. I’ll wait for another kernel before upgrading.
It’s probably worth scanning your disk just in case as well.
That’s the sucker. Just stick an “H” on his forehead…
One other (slightly funny) aspect, for some of us older people. The leader of the Act party - David Seymour - is a dead ringer for Arnold Rimmer from Red Dwarf. As Lister would say - they are both complete knobheads.
Act is waaaaaay to the right of any other party in NZ.
NZ First have partnered with Labour (left) and with National (right) over the years. Their strength is mainly around the leader (Winston Peters) who is a real firebrand and somehow they pull 5-7% or so every year (although they disappeared below the threshold in the 2020 election). IIRC their support is more in the older generation.
I would say their economics are centrist, but they tend to be conservative on other issues.
In the 2017 govt when they partnered with Labour (left), Winston became deputy prime minister and foreign minister and the rumours were that he was pretty effective and hardworking in the foreign minister position.
I always plug in. I don’t know if it works with calibre server.
My unmodified kobo syncs with calibre.
I wish you both the best.
This is not true. I think a more accurate term would be we swung for change. Green vote held up, it was mainly labour that dived. Having said that, the extreme right, Act, did do well with about 9%. And it’s also worth noting that both national (right) and labour (left) would be considered quite middle of the road elsewhere.
I learned the hard way about the beauty of backups and the 3, 2, 1 rule. And snapshots are the GOAT.
Even large and (supposedly) sophisticated teams can make this mistake, so dont feel bad. It’s all part of learning and growth. You have learned the lesson in a very real and visceral way - it will stick with you forever.
Example - a very large customer running our product across multiple servers, talking back to a large central (and shared) DB server. DB server shat itself. They called us up to see if we had any logs that could be used to reconstruct our part of their database server, because it turned out they had no backups. Had to say no.
Damn… I feel for you. It sounds like you are in a tough spot. There’s lots of good advice on this page, and the one thing I will add is to protect and keep working on your relationship. Money is the core component of many (or was it most?) relationship problems.
You can get through it, but (IMHO) you need your wife right there with you (or at least, I did). We were doing ok until I tried to start a business and dropped my 9-5 job. Revenue was slim, and then at one point I earned nothing for 6 months. We were on the bones of our arse - living off a meagre kindergarten teacher’s wage paying rent and food. Without my wife, we would have drowned. She did amazing things in budgeting down to the last penny, no luxuries, riding everywhere, spending time together. It was hard and there was no end in sight for a long time. We were very lucky and things turned around. But I would have not managed it without her (and her incredible budgets).
It sound like you have been deep in it for longer than we were, and I wish you all the best in working your way out.
Lockdown mode and MS Office Web - icons missing
I’ve got Lockdown enabled on my mac. Most things are fine. But MS Office for the web is not.
For most web pages, you can select whether lockdown applies. I have done this for Office: !
When looking at office in the browser, a red message appears in the top right “Lockdown Off”. But when the office web page shows, all the icons are blank:
I looked at the web page source - and can see that some material is being loaded from here:
res-h3.public.cdn.office.net
I have also set this to be excluded from lockdown. But that didn’t help.
Has anyone got MS Office for the web working under Lockdown Mode? Thx
Stability just dived
Dunno what is triggering it, but in the last 2 days I’m getting a log of crashes when touching on a post. It was far less frequent before that.
Privacy for Bean
Can you please clarify the privacy position of the app? As usual, TestFlight says you can get everything. What information are you scraping?