Fixing C's Biggest Mistake (page 24)

On Monday, 9 January 2023 at 17:30:32 UTC, Don Allen wrote: > [snip] > > I'm only about a week into this, so not a lot of experience, but 1Password has worked well so far. A minor inconvenience is that the 1Password browser extension wants the master password the first time you use it after a browser restart. My password is 15 random characters, so impossible to remember. I've dealt with this by putting the password in a file in a USB key and have a little script to mount the key (using doas so I don't have to do this as root), print the password and umount the key (doas again). I then copy-paste the password to make the extension happy. Not a big deal. Thanks. The USB key approach is difficult if you use a work computer that locks down the ability to use a USB driver at all.

On Monday, 9 January 2023 at 15:12:41 UTC, Don Allen wrote: > > I will say, though, that I have cancelled my LastPass subscription and migrated to 1Password, because I think the way LastPass handled this was dishonest. just watch out for phishing attacks, now that someone out there has all that customer data. Won't be long till they have 1password customer data too ;-)

On Monday, 9 January 2023 at 17:30:32 UTC, Don Allen wrote: > I'm only about a week into this, so not a lot of experience, but 1Password has worked well so far. A minor inconvenience is that the 1Password browser extension wants the master password the first time you use it after a browser restart. My password is 15 random characters, so impossible to remember. I've dealt with this by putting the password in a file in a USB key and have a little script to mount the key (using doas so I don't have to do this as root), print the password and umount the key (doas again). I then copy-paste the password to make the extension happy. Not a big deal. A word of warning, 1Password requires you to enter the master password every 2 weeks. So you may want to find a better way to do it, or try to memorize that password. I personally have it set to require the MP whenever the screen is locked and reopened. I have the Mac desktop app installed, and you log in once, and it works for all browsers at that point (restarting browser doesn't require a reentry). -Steve

On 1/9/2023 7:12 AM, Don Allen wrote: > So is an airplane (despite the internal redundancies, the whole system can fail, e.g., the 737 rudder actuator failures), and yet we fly. That something is a single point of failure is, considered alone, not an argument against its use. The decision to use or not should be based on a weighing of the benefits vs the risk/cost (probability of failure and its cost). The rudder failure was a very baffling problem, and it wasn't even clear it *was* a rudder failure for years. > As for LastPass, I was a user, with a long-enough random password drawn from a large enough character set resulting in > 10^15 possibilities. A key that hard to find by brute force gets the risk low enough for me so I can enjoy the benefit of having access to my passwords from all my devices and share them with my wife and vice-versa. What's the alternative? An encrypted spreadsheet? Unworkable. A strong password isn't good enough. There are other ways in. A key logger may record your password. > I will say, though, that I have cancelled my LastPass subscription and migrated to 1Password, because I think the way LastPass handled this was dishonest. Just be aware you've got a single point of failure for *all* your passwords.

On Monday, 9 January 2023 at 15:23:56 UTC, jmh530 wrote: > On Monday, 9 January 2023 at 15:12:41 UTC, Don Allen wrote: >> [snip] >> >> I will say, though, that I have cancelled my LastPass subscription and migrated to 1Password, because I think the way LastPass handled this was dishonest. > > Sorry if this is off topic, but how was the migration? Any difficulties? I moved from Lastpass to Bitwarden long before this incident (maybe a year ago). Moving all my passwords and notes took a minute or two. I exported everything to a csv file and Bitwarden imported it all correctly.

On Monday, 9 January 2023 at 21:38:34 UTC, Walter Bright wrote: >> I will say, though, that I have cancelled my LastPass subscription and migrated to 1Password, because I think the way LastPass handled this was dishonest. > > Just be aware you've got a single point of failure for *all* your passwords. Your computer is always going to be a single point of failure for passwords if you're not using 2FA, independent of the password manager issue. Weak/recycled passwords is far worse than anything that can happen when you put your passwords in the cloud. The bigger advantage of a password manager is that it provides a convenient way to generate secure passwords - even if you ultimately choose to write them on a piece of paper. But you don't need to put them in the cloud or on paper. KeepassXC works just fine on your local machine.

On 1/9/2023 3:19 PM, bachmeier wrote: > Your computer is always going to be a single point of failure for passwords if you're not using 2FA, independent of the password manager issue. Weak/recycled passwords is far worse than anything that can happen when you put your passwords in the cloud. I'm aware of that. But I don't lose *all* my passwords due to one failure. > The bigger advantage of a password manager is that it provides a convenient way to generate secure passwords - even if you ultimately choose to write them on a piece of paper. Assuming the password generator algorithm isn't itself cracked. > But you don't need to put them in the cloud or on paper. Storing passwords in the cloud is one of the riskier ideas. What if your cloud provider disables your account? What if they just "go dark"? How is *losing* all your passwords going to affect you? > KeepassXC works just fine on your local machine. Replacing one single point of failure with another single point of failure is not progress.

January 10, 2023

Re: Fixing C's Biggest Mistake

Posted by FeepingCreature
in reply to Walter Bright

Permalink

FeepingCreature

Posted in reply to Walter Bright

Permalink

On Friday, 30 December 2022 at 02:03:39 UTC, Walter Bright wrote:

On 12/29/2022 12:45 PM, Adam D Ruppe wrote:

The alternative is the language could have prevent this state from being unanticipated at all, e.g. nullable vs not null types.

It can't really prevent it. What happens is people assign a value, any value, just to get it to compile. I've seen it enough to not encourage that practice.

If there are no null pointers, what happens to designate a leaf node in a tree? An equivalent "null" object is invented. Nothing is really gained.

This all hangs together if you have a sufficient type system. What you'd do in Neat (with non-nullable objects) is, for instance, you'd start with a non-nullable type, by default, say Class class, you'd get an error that "null is not convertible to Class" or such, and you'd either declare the variable/field as nullable Class (which doesn't implconv to Class), if it's a variable declare it as mut uninitialized Class class (which is easy to grep for), or if it's in a data structure add a leaf case as (Class | :none) - but then you're obligated to handle :none at every use site; the compiler won't get you get to Class otherwise. That can be as simple as .case(:none: die), which tbf is not much better than a segfault, but at least the termination happens in the right location, rather than some random time later on an access attempt. The point is that you don't get automatically opted into crashes by the language, but have to choose them explicitly. You can get null crashes by telling the compiler to crash in case of null, but you can't get null crashes by forgetting about null.

On Tuesday, 10 January 2023 at 03:49:17 UTC, Walter Bright wrote: > What if your cloud provider disables your account? What if they just "go dark"? p sure you'd still have the local copy, similarly to how github works. but i don't use these things either im all about the sticky notes on the monitor

On Tuesday, 10 January 2023 at 12:57:51 UTC, Adam D Ruppe wrote: > On Tuesday, 10 January 2023 at 03:49:17 UTC, Walter Bright wrote: >> What if your cloud provider disables your account? What if they just "go dark"? > > p sure you'd still have the local copy, similarly to how github works. > > but i don't use these things either im all about the sticky notes on the monitor Speaking of single points of failure... ;)

Forums