On Wednesday, 11 January 2023 at 05:27:05 UTC, Walter Bright wrote:
> On 1/10/2023 8:32 PM, Don Allen wrote:
>> Do you carry a cellphone? There are risks, as I'm sure you well know.
>
> Yeah, I do. But I don't build my life around the phone, because I'm aware of what happens when it gets hacked, stolen, lost, etc. Pegasus can remotely read everything you do on your phone. You can catch Pegasus by clicking on a link. A password manager is useless when faced by that.
>
>
>> I have friends at MIT who won't use them who, I'm quite sure, would agree with you about password managers. Use credit cards? See what Richard Stallman has to say about that. Write checks? Risks.
>
> I've had my credit cards stolen, and my checking account compromised. Both were a fair amount of work to fix. But it's not *ALL* of my online accounts.
>
> I keep things compartmentalized, like how airplanes are designed. Airplanes are deliberately designed to withstand any single failure and land safely. They can lose an engine, a pilot, a wing spar, a hydraulic system, a bird strike, a hole in the cabin, jammed actuators, etc. The incredible safety record of airliners shows this works.

True. But it doesn't work perfectly, which was my point. The jammed 737 rudder actuator problem killed a lot of people and it took years for the NTSB and Boeing to figure it out. Need I mention the DC-10 cargo door latches? You can have ATC errors, pilot errors, etc. that get people killed. So flying is not a zero-risk proposition, just like everything else we've been talking about, including password managers. Again, every case requires that we do our own personal calculation to decide whether the benefit is worth the risk.

>
> I take my cues from that.

On 1/11/2023 5:43 AM, Don Allen wrote:
> True. But it doesn't work perfectly, which was my point. The jammed 737 rudder actuator problem killed a lot of people and it took years for the NTSB and Boeing to figure it out. Need I mention the DC-10 cargo door latches? You can have ATC errors, pilot errors, etc. that get people killed. So flying is not a zero-risk proposition, just like everything else we've been talking about, including password managers.

The difference is, Boeing fixed that single point of failure problem as soon as they could. The rudder now has no known single point of failure problems.

The password manager remains a known, unfixed, single point of failure.

On 1/11/2023 5:35 AM, Don Allen wrote:
> 1. Steal your password
> 2. Produce the "secret key", which they won't be able to
> 3. Get past 2FA, which they won't be able to


Those are all good things. But it doesn't help you if you download a trojan version of the manager, or a trojan masquerading as an update. I've also seen several schemes that outmaneuver 2FA.

Allow me to explain the framing. At Boeing, it was never "that part cannot fail". It is always framed as "when that part fails, how do we land safely?"

So, *when* your password manager fails, what are you going to do about it?

I'm not singling you out, I'm trying to make a point. Far too many software developers develop a hubris that they can write software that cannot fail. Unfortunately, usually someone else is going to have to pay for that mistake.

I can't find your other post, so I'll reply here. You mentioned that ImportC failed to compile a .h file you were using. I asked for you to post these to bugzilla.

I can't find them there. Can you please post them? Help me help you get your code working.

On Wed, Jan 11, 2023 at 03:39:50PM -0800, Walter Bright via Digitalmars-d wrote:
> On 1/11/2023 5:35 AM, Don Allen wrote:
> > 1. Steal your password
> > 2. Produce the "secret key", which they won't be able to
> > 3. Get past 2FA, which they won't be able to
> 
> Those are all good things. But it doesn't help you if you download a trojan version of the manager, or a trojan masquerading as an update. I've also seen several schemes that outmaneuver 2FA.

Indeed, there are (at least) 11 ways to defeat 2FA:

	https://www.knowbe4.com/hubfs/KB4-11WaystoDefeat2FA-RogerGrimes.pdf


> Allow me to explain the framing. At Boeing, it was never "that part cannot fail". It is always framed as "when that part fails, how do we land safely?"
> 
> So, *when* your password manager fails, what are you going to do about it?
> 
> I'm not singling you out, I'm trying to make a point. Far too many software developers develop a hubris that they can write software that cannot fail.  Unfortunately, usually someone else is going to have to pay for that mistake.

We've had several decades of industry experience proving that all non-trivial software is inevitably buggy and has failure modes, oftentimes ugly ones. :-)  It's only a matter of time before yet another software tower of cards come crashing down, and all your precious data with it.

This is why I'm a big skeptic of cloud-based services (or indeed, anything that relies on some remote network resource being always available / secure). There's a time and place for it, but if you follow the bandwagon in putting *everything* on it even when you really shouldn't be, then you should be prepared for the catastrophic failure that's inevitably coming.


T

-- 
Why can't you just be a nonconformist like everyone else? -- YHL

On Wednesday, 11 January 2023 at 23:41:22 UTC, Walter Bright wrote:
> I can't find your other post, so I'll reply here. You mentioned that ImportC failed to compile a .h file you were using. I asked for you to post these to bugzilla.
>
> I can't find them there. Can you please post them? Help me help you get your code working.

On Wednesday, 11 January 2023 at 23:41:22 UTC, Walter Bright wrote:
> I can't find your other post, so I'll reply here. You mentioned that ImportC failed to compile a .h file you were using. I asked for you to post these to bugzilla.
>
> I can't find them there. Can you please post them? Help me help you get your code working.

See https://issues.dlang.org/show_bug.cgi?id=23485, "ImportC: two tests with gtk", posted 2022-11-14, tagged ImportC as you requested.

On 1/11/2023 4:07 PM, H. S. Teoh wrote:
> This is why I'm a big skeptic of cloud-based services (or indeed,
> anything that relies on some remote network resource being always
> available / secure).

Me too. You all know my practice of putting links to more information in code I write. I've been doing that for a long time. I've found a lot of those older links to Microsoft documentation have become deadends, and google doesn't reveal any replacement.

It's just gone. Poof.

On 1/11/2023 6:27 PM, Don Allen wrote:
> See https://issues.dlang.org/show_bug.cgi?id=23485, "ImportC: two tests with gtk", posted 2022-11-14, tagged ImportC as you requested.

Thank you. Can I press you to just quote enough of the .h file to show the problem, rather than a giant tar file?

On Wednesday, 11 January 2023 at 23:28:15 UTC, Walter Bright wrote:
> On 1/11/2023 5:43 AM, Don Allen wrote:
>> True. But it doesn't work perfectly, which was my point. The jammed 737 rudder actuator problem killed a lot of people and it took years for the NTSB and Boeing to figure it out. Need I mention the DC-10 cargo door latches? You can have ATC errors, pilot errors, etc. that get people killed. So flying is not a zero-risk proposition, just like everything else we've been talking about, including password managers.
>
> The difference is, Boeing fixed that single point of failure problem as soon as they could. The rudder now has no known single point of failure problems.
>
> The password manager remains a known, unfixed, single point of failure.

There is no difference whatsoever. The airplane (including pilots and ATC) remains a "known, unfixed, single point of failure" when you fly. Yes, the 737 is a safer airplane now that the rudder actuator has been fixed. The 737 Max has that fix, I'm sure. And 346 people died in  Max crashes because of a badly designed software change, a failed angle-of-attack sensor, (MCAS used only one of the two angle-of-attack sensors, which was crazy), pilots who weren't told about the software change and how to disable it in case of trouble, etc.

You persist in missing my point. I'll try once more. The use of everything we've talked about -- password managers, cellphones, airplanes, cars, etc. -- carries risks. Those risks may change over time but they are never zero. We either accept those risks in return for the benefits or we don't. That's a personal decision. You won't use a password manager, but you do use a cellphone. I'm guessing that you fly, especially given your interest in aviation. I'm also guessing you drive a car. I'm not trying to argue that I think this is unreasonable, because you have made subjective decisions about risks vs. benefits.

But you keep focusing on your perceived risks of password managers, implying that I'm making a huge mistake by using one -- you haven't said it, but the implication is clear -- losing sight of the fact that this is a personal risk-benefit decision just like your decision to use a cellphone or a car or an airplane. You are also losing sight of the fact that I understand security issues quite well, having dealt with them professionally for many years, and I am satisfied that the measures taken by the manager I am using bring the risk into line -- for me -- with the benefits.

On Wednesday, 11 January 2023 at 23:39:50 UTC, Walter Bright wrote:
> On 1/11/2023 5:35 AM, Don Allen wrote:
>> 1. Steal your password
>> 2. Produce the "secret key", which they won't be able to
>> 3. Get past 2FA, which they won't be able to
>
>
> Those are all good things. But it doesn't help you if you download a trojan version of the manager, or a trojan masquerading as an update. I've also seen several schemes that outmaneuver 2FA.

The safety 1Password doesn't depend on 2FA alone. A hacker has to get through three barriers.

>
> Allow me to explain the framing. At Boeing, it was never "that part cannot fail". It is always framed as "when that part fails, how do we land safely?"
>
> So, *when* your password manager fails, what are you going to do about it?

Maybe nothing, since these packages are designed using the Boeing approach: try your damnedest to fail safe.

LastPass just did fail. They had a security breach months ago. That's where my passwords were at the time. Have I seen any evidence that my accounts have been compromised? Absolutely not. To what do I attribute that? My use of long-enough random passwords drawn from a big-enough character set. And the effectiveness of AES256. And the fact that I have 2FA enabled on all sensitive accounts were it is optional, e.g., Amazon. I moved my passwords to 1Password for the simple reason, mentioned in an earlier post, because the LastPass management handled the situation dishonestly. I prefer not to give my business to such people.

>
> I'm not singling you out, I'm trying to make a point. Far too many software developers develop a hubris that they can write software that cannot fail. Unfortunately, usually someone else is going to have to pay for that mistake.

Yes, that's true. I don't see the relevance to this discussion. I am making an educated guess that password managers are safe enough to use, not that they are perfect. Just like you make the same educated guess when you get on an airplane that Boeing or Airbus or Embraer knew what it was doing when it built the airplane, the people in the cockpit are competent, especially in an emergency (sometimes you get a Sullenberger, sometimes you get a Pierre Bodin (AF447), or the Asiana 214 pilot who couldn't hand-fly a landing in perfect VFR conditions, or the guy in Buffalo who responded to a stall-warning by pulling back while his co-pilot retracted the flaps), and ATC doesn't screw up. It's a damned good system, but it's not perfect. Same thing exactly.