I initially assumed I would be safe because of 2FA. Sadly it looks like this is not the case, the second factor is used to access the encrypted data, not decrypt the data. As the attacker already has the encrypted data, they have bypassed the stage where 2FA is providing protection.
This appears to also be the case for 1password and bitwarden, so not specifically a lastpass failure.
> This appears to also be the case for 1password and bitwarden, so not specifically a lastpass failure.
It is currently(?) the case for Bitwarden, yes, but that's incorrect for 1Password, as they have client-only key material that is never transmitted to the cloud: https://blog.1password.com/what-the-secret-key-does/
Yes, a secret key like this could have made this breach much less concerning. Assuming you trust the company to not also lose this data (that they generate and claim to not store). What I was really hoping to find was a paid, cross platform, cloud sync'ed solution that can be setup to require your password and physical key to decrypt. i.e. have 2FA protection from a data breach like this.
There's nothing that I'm aware of preventing one from putting the secret key material on a hardware wallet of your comfort level and having it type in the encoded value when signing onto a new device (the way the Yubikey pretends to be a keyboard when plugged in); obviously(?) 1Password is not incentivized to own such a complex workflow but there's nothing that I can see stopping you from doing it. FWIW they also support 2FA on login, which is different from the secret key to unlock the vault, so ... 3FA?
With regard to the "claim not not store" part, they've had multiple security audits including granting the auditor access to the underlying source code, so if there was something underhanded going on, I believe it would have gotten out by now: https://support.1password.com/security-assessments/
I'm with you that it's not as nice as open source clients, but given a choice between trusting 1Password with code I cannot see and trusting Bitwarden with code that I can see, I'm sticking with 1Password
This makes me think of something Antoine de Saint-Exupery said, "Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away."
My guess is it's less about a moral issue with marijuana and more about a fear of upsetting people displaying the adds. Many of whom won't want to be associated with something federally illegal. The alternative headline being "Google displays illegal drug adds on school site" (or some other page that probably should not be showing ads)
If your employer is happy with your performance then you are probably "good enough" as you say.
However if you truly do always want to be improving your ability as a software engineer, then you are in luck, this field is so vast and deep that you can easily spend more than a lifetime improving! Finding out how and measuring it is another matter.
I think most people, at some level, know this and accept it. I think the shock comes when you think how long this information is kept for, and what that means. i.e. each year they can advertise age appropriate birthday presents, a few years from now they might get adverts for children party suppliers. As they grow up college saving funds, colleges, trips to Disney land, first cars can all be targeted to you at just the right time.
I just hope people, including a lot of people reading this, remember this for longer than two or three news cycles. Just because Not-Trump gets into power someday doesn't mean that he or she won't be followed by Not-Not-Trump. In fact, I guarantee the eventual rise to power of Not-Not-Trump, because the only thing that would stop it is if Not-Trump successfully institutes totalitarianism, hardly a win. Our vigilance on this matter can't depend on how much we collectively do or do not like the people currently in power. That was a big mistake Silicon Valley made over the past decade and the bill is coming due in a big way.
I only listed those two events because they were so obvious that I was surprised you hadn't considered them. There are, of course, far more events that people remember.
As far what was happening in January/February:
Pretty sure the government shut down at some point, I think that was around then.
I also remember a lot of news about the stock market breaking records and some post analysis on the tax bill which I think had already passed by then. I could have that timeline wrong on that though.
I think the Alabama Senate election was around then. That might have been earlier though, but I think there were still headlines about it in January.
That's all I remember off the top of my head. I follow political news more closely than other news lately.
People won't realize how bad it is because nothing has tried to contrast the ethics and outcomes of our inter-connected society. It took Black Mirror to make us cynical about the onward march of any non-defense era technology.
I like to think we are all 10x developers. The question of a 1x developer should be how to grow their productivity (assuming they are motivated to do so). Less productive developers should not feel like they have one tenth of the natural talent someone else has. Instead they should look at how they can improve their work flow/knowledge and companies should try and maximise the output of their employees.
Yes some people will always be better/more productive than others, but most people are differentiated by completely controllable factors.
Well, that's why the author had to call tech leads "100x developers". x inflation has led us to this situation where 10x is now a baseline minimum. Anything under 100x is just mediocre.
It really is scary. They claim to anonymise the data, but to me it feels like removing your name and address from your DNA is like removing the make and model from a car schematic (where only one model was produced).
