Password management involving a 3rd party is dumb and should never ever have been a thing. Before two parties had the secret (or something related to it) and now three parties have it and that's objectively worse -- even taking into account "the lazy user" or whatever.
I know we're past that in a lot of places for a lot of people, but nope, my dad and his printed out sheet of password next to his desk is still beating every company out there.
>3rd party is dumb and should never ever have been a thing. Before two parties had the secret (or something related to it) and now three parties have it and that's objectively worse
There seems to be a misunderstanding of how typical cloud password vaults work. The 3rd parties like Bitwarden, 1Password, Apple iCloud Keychain, etc don't have access to the users' passwords. The scheme is based on Zero-Knowledge End-2-End-Encryption. The 3rd-party cloud is just a mechanism to store an encrypted blob and sync them to various devices. The client devices (users' desktop, users' smartphone) are the only ones that can decrypt the passwords. There are still only 2 parties with knowledge of the actual passwords.
In contrast, the type of 3rd parties that do have knowledge/access to unencrypted plain text passwords would be Amazon storing users' wi-fi passwords, and Plaid storing users' bank account credentials & passwords. Gmail and MS Outlook.com would also be a 3rd party having a copy of users' passwords when they act as web clients to fetch email from other IMAP servers.
>, my dad and his printed out sheet of password next to his desk is still beating every company out there.
That doesn't work for users when they're not sitting at their desk and need passwords. Printing out a hardcopy sheet of passwords and carrying it the wallet or purse is a massive security risk.
But it's not that though. They're hosting an encrypted version that they don't have the keys for. They are doing the backend sync for you, and writing the clients that YOU run, that sync yuur passwords everywhere.
To suggest they have a copy of your passwords is to misunderstand what they're doing. It's the same as saying you host your Keypass on Dropbox so now Dropbox have a copy of your passwords/secrets.
The value they are providing is seamless sync between a huge range of platforms/devices and making it as frictionless as possible to entry your password when you need to (biometrics to unlock the vault, browser addons to seemlessly enter the passwords etc)
Your Dad has a single point of failure for all his accounts. That's not a win.
KeePass is a great middle-ground, which I've been using for the last decade (at least). Storing the vault is on you, it just makes it easy to keep stuff organised.
I did this for years too until mobile devices became popular. I have ~4 mobile phones for various things (yes this isn't normal) and ~4 different computers/laptops I use. Trying to keep a Keypass in sync between them is a nightmare. A proper password manager (Bitwarden or other) removes all that hassle. I have fingerprint unlock on the the mobiles that support fingerprint, face unlock on the devices that support that etc. I have browser addons to make password entry quick and easy while remaining secure.
Once I moved to a password manager I realised how clunky and poor dragging a Keypass vault around was.
This! I’m using Strongbox on macOS and iOS and it’s just sooo good. It integrates with Apple’s AutoFill API and feels native - just like Apple’s Passwords app. But all the entries are in a KeePass database which I can sync via SyncThing, iCloud, Dropbox, whatever. And if the application should fail, I can use any other KeePass-compatible app or KeePass itself to get to my secrets.
I think so, personally. I wouldn't bank a lot on "the soul" per se, but Dawkins is absolutely one of those "smart but not wise" people.
I imagine people don't dig it because it can be woo and vibey, but the older I get the more I understand the value of the "imprecise" metaphysical/religious/etc whatever you want to call it.
Someone in this space who handles this very well, unlike Dawkins, is Nassim Nicholas Taleb.
Quite a few people appear to have voted against Harris because they thought Biden didn't do enough to help the Palestinians. I can't imagine how they thought Trump would be better, but somehow they did.
And the older I get, this does make sense to me. Belief in a soul doesn't really require proof for me. I understand that this may not be satisfying in an academic way for some, but "humans have souls and machines probably don't" strikes me as the wisest default position until we have some other very strong proof otherwise.
What evidence is there for humans having souls to support your "wisest default"? What would constitute "strong proof otherwise" in the case of machines?
Wouldn't the wise position be that since there is no evidence of souls at all that the default should be that both humans and machines do not contain a soul until proven otherwise?
Entirely unsurprising. At the risk of whatever, your extreme atheists aren't much different from your extreme believers; they both have strong beliefs about things they can't prove, and for some reason want to go off on them.
Even people like Neil DeGrasse Tyson don't go on and on about "atheism" for a reason; there are a whole lot of things that we all go around everyday "not believing."
> your extreme atheists aren't much different from your extreme believers; they both have strong beliefs about things they can't prove, and for some reason want to go off on them.
You have a mistaken understanding of what atheism is. It is not a belief in anything, but an absence of belief in a deity.
> there are a whole lot of things that we all go around everyday "not believing."
Sure, and yet theism is part of 75% of the world population and influences everything from education to politics. It's perfectly reasonable to talk about atheism within appropriate settings.
>You have a mistaken understanding of what atheism is. It is not a belief in anything, but an absence of belief in a deity.
I consider that to also be a wrongly held position, because you'd need proof either way. So atheists are just making a bet.
I think agnostic is the most valid position as far as I am concerned, lacking proof of one or the other. I do not know. We can get into technicalities as well. What exactly do we mean by God? What if some religious God does exist but it's wrongly interpreted by believers? What if there's some highly technologically advanced entity that meets the criteria as far as the more primitive religious perspective is concerned? Do we have proof such thing exists? Do we have proof such entity cannot exist in our universe? I find both perspectives shortsighted.
Having certainty something that can be perceived as God by believers cannot exist in our universe is in the end a belief, with no proof.
The word seems to be used both ways, despite what anyone might like: either as a person who doesn't believe in a god, or as a person who believes there is no god. It's a subtle difference.
Not even industrial, I remember someone asking, what's the heaviest thing you can buy per dollar. And someone ran the math, somewhere it's like $20 for a full swimming pool on the expensive side.
Interesting people talking about whether they should be "defended," here or whatnot, and all of that strikes me as wildly naive.
They have a business model that's more or less known, and that includes THEIR AI model(s) that they get to put out there however they want. I don't like it much at all, I actually sort of like the idea that they "owe" more because they probably "stole" a bunch of stuff to get the thing going.
But I mean, don't be mad, be proactive. Anthropic is going to try to Microsoft this in whatever way possible, and we all see that the numbers don't really add up.
Asking them pretty please to be nicer, meh. Let's figure out better, and more free-software-like ways to do this.
For now we infer through few weights, lossily; but then in full precision. Now I represent in part; but then shall I represent as fully as the data was sampled.
Password management involving a 3rd party is dumb and should never ever have been a thing. Before two parties had the secret (or something related to it) and now three parties have it and that's objectively worse -- even taking into account "the lazy user" or whatever.
I know we're past that in a lot of places for a lot of people, but nope, my dad and his printed out sheet of password next to his desk is still beating every company out there.
reply