*NIX enthusiast, Metal Head, MUDder, ex-WoW head, and Anon radio fan.
I saw the lack of arm and facepalmed but I was half asleep poo posting so got over it :p (fixed now!)
I’ve been using this device for ~5 years now, so my memory is a little hazy on it, but I’m pretty sure for the particular device I prefer (which is to say, I have nfc what the setup is for other vendors, which could be greatly superior) the AES-256 key used for encryption isn’t generated until you setup your first card.
How would any company, regardless of geography have the secret I generated? This is a stand alone hardware device. They seller is not involved at all once I’ve received my package.
Could a sophisticated/well resourced actor clone the smart card they stole or you lost? Sure, brute force attacks are brute force attacks. At least you’d know your device and card are stolen. Now you’re in a race to reset your passwords before they finish making 500 clones of the smart card they stole.
Hypothetically I could blackmail someone at LastPass and have a backdoor is installed for me.
Someone could bust down my door while I have it connected and unlocked and just login to all my things. ¯\_(ツ)_/¯
That will vary from vendor to vendor. In the case of the one I like there are a few relevant things.
The password db is stored encrypted on the device. Accessing the passwords requires all of:
Three PIN failures and the smart card is invalidated.
That sort of covers “stolen” and “lost + recovered by a baddie”. Your bad actor would need to have their hands on both physical pieces and guessed the 4 digit hex code in 3 tries.
As far as a user recovering from a lost or failed device or smart card goes, you can export the encrypted version of the db for backups, which I do to a thumb drive I keep in my document safe. I do the same with a backup smart card. So that and a backup device or purchasing a new one if yours fails or is lost/stolen.
In the super “just in case” move, I also keep a keepassdb on said thumb drive. In case my device fails and it’s just not possible to get a new one. Kind of like keeping two cloud providers in case LastPass goes bankrupt or something.
I’m a pretty big fan of the mooltipass. They’re sold out and between iterations right now, but a new one is expected soon. One of my coworkers is pretty into their OnlyKey.
So many folks talking about which software they use, and how they sync it between devices etc.
You all know there are hardware password keepers right? They present to your devices as a usb and/or bluetooth keyboard and just type out the user/password that you select. They have browser plugins to ease the experience. Now your password is not even stored on the device you’re using to perform your login and it will work on any modern device even without internet access.
Oh and no subscription fee to cover the costs of cloud infrastructure.
I also “misuse” timewarrior a bit and use it to time things like “how much time do I spend waiting for salt to run”. That has its own timewarrior db and a wrapper function for pointing the command at said db. I use this in both login and non login shell contexts.
All of the repos for my GitHub sourced vim plugins live under one parent directory. I symlink to them from ~/.vim
One example is a simple function that pushes the top level repo directory onto my dir stack and then runs a loop where it pushes each subdir into the stack, runs “ggpull” then pops back to the top level repo directory. ggpull is an alias added by the zsh git plugin. After all repos have been updated it pops back to my original pwd.
I run this as part of my “update all the things” script but sometimes I also want to run it in demand from the cli. So I want this function in all scopes and I want it to have access to “ggpull” in all of those scopes.
It’s all about context. If you write a convenience function and put it in zshrc, scripts you run from the cli will not have access to the function as defined in zshrc. Same with aliases added by zsh plugins etc.
If you need “the thing” on the command line, zshrc. If you also need it in scripts you run from the cli, toss it in the profile file.
ETA: I personally keep the functions I want to access from scripts in .zshenv as I recall reading that this file is ALWAYS sourced.
I want to add: 2-3 sprints ahead is a GREAT begining goal for a team trying to get started with Agile.
Long term though let’s set that bar higher :D
I do greatly appreciate my management and general company tech culture, they’re great.
I agree with your stance here, because it’s part of my point. I tend to see more people bitching about Agile itself and not management or their particular implementation.
The jobs where I was only given enough info to plan 2 - 4 weeks out were so stressful because I frequently felt like I was guessing at which work was important or even actually relevant. Hated it.
Turns out it’s a skill issue ;p (on the management level to be clear). Folks, don’t let your lazy managers ruin you on a system that can be perfectly fine if done right.
2-3 sprints?! Y’all really flying by the seat of your pants out here huh?
My teammates and I have no trouble planning multiple quarters in advance. If something crops up like some company wide security initiative, or an impactful bug needing fixed, etc then the related work is planned and then gets inserted ahead of some of the previously planned things and that’s fine because we’re “agile”.
I delivered a thing at the end of Q3 when we planned to deliver at the start of Q3? Nobody is surprised because when the interruptions came leadership had to choose which things get pushed back.
I love it. I get clear expectations set in regards to both the “when” and the “what”, and every delay/reprioritization that isn’t just someone slacking was chosen by management.
Configuration management and build automation are definitely worth the time and effort of learning. It doesn’t have to be ansible, find which tool suits your needs.
I also have a small domain that is relatively low traffic. A lot of the “all in one” software on the list you linked looks pretty cool, I can’t deny.
What I found is that I make very few changes. I used to add mailbox aliases fairly often, but the fact is there are only two users and enabling the “+” syntax in addresses put a stop to me needing to make new aliases when I wanted a new address.
I just don’t feel like I need a management interface. Because of this I’ve just sort of frankensteined my own setup together and I love it. It operates how I expect it to, and enforces the standards I care about to the extent that I desire (e.g. which SPF result codes am I ok accepting?).
Bonus tip: Many distros make this info available on the cli by including a “hier” man page that you can read using the command “man hier”.
In addition to many of the fine points made in other comments I think it’s silly to overlook the power of celebrity worship and weird-ass parasocial relationships with famous people.
There exists a large number of people who aren’t really interested in discussing <topic_x>, they just want to know what <favourite celebrity whos life I have deluded myself into thinking is attainable by me> thinks about the topic so that they can regurgitate it and feel like they’re “the same”.
I’m sure if Chappell Roan or whatever “the kids” think is cool these days had jumped to Mastodon we’d be seeing something very different. TBH I’m mildly surprised that we didn’t see more record labels standing up instances. It’s always boggled me that people have just trusted the service desperately trying to be known as “X” as an authority on identity.