wth

Lastpass was hacked and might have lost control of some data https://blog.lastpass.com/posts/2022/12/notice-of-security-incident

1Pass hasn’t been hacked directly, but they were affected by the Okta https://blog.1password.com/okta-incident/

(One of the most common vectors for hacks is through your vendors - see Target https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/)

Dropbox had an unauthorized access, but the seemed on top of it. https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign

Dropbox also has had a more significant data breech, but a while ago. https://www.twingate.com/blog/tips/dropbox-data-breach#

Overview of all password manager breeches! https://bestreviews.net/which-password-managers-have-been-hacked/

Storing Drivers Licence: Was answered elsewhere. Bottom line… Bitwarden seems like it can store other types of data. Note that I don’t use Bitwarden yet, but have experience with Enpass and 1Pass, both of which can store all sorts of data.

Why separate storage if Bitwarden is E2EE? You are placing all your trust in a single organization - Bitwarden. If they get hacked, then it is possible for the hackers to poison their software to deliver master passwords (hacks of s/w repositories has happened). I prefer to separate encryption from storage so a hack in both is required to get my data. Note that I do the same for offsite backups to Glacier/S3. I use Arq to do the backup and encrypt the files, then send them to S3 for storage.

The 2023 IBM Report on Cost of Data Breeches indicated that the average time for a company to discover a breech is about 200 days, and on average another 70 days to remediate. That keeps me up at night in my day job as security dude.

Good to know, thanks. I haven’t actually started looking for the Enpass replacement yet, but it sounds like Bitwarden will be a lead contender.

Fair comment, although due to the distributed nature of our implementation we are unlikely to lose services. All Vaults are stored locally on all devices.

Having said that - the copy of the vault on the Mac is backed up with TimeMachine.

[I’ve been a greybeard sysadmin and use 3,2,1 even at home]

My approach to this is as follows:

• the password manager is probably the most important and often used piece of software I own. We (wife and I share the vault) store everything important/private in there - bank details, hundreds of passwords, passport details, drivers licence etc. It is used many times a day by us both.
• Loss of control of this data would be catastrophic, so I took its security very seriously.
• No one company can be trusted with our data, because they all get hacked or make mistakes at some point.

I’m the security dude for a cloud service provider in my day job, so my goal was to use Separation of Concerns to manage my passwords. I therefore split the software from the storage, choosing software from one company, and storage from a second company. That way, it requires a failure on both parties at the same time for me to lose control of all the data.

I used to use OnePass for the software, storing the data in Dropbox. But then they removed that option, so I switched to Enpass. Data is stored in a vault on the local device and synced to a folder on Dropbox, which we both have access to from all our devices (Mac’s, iPads, iPhones). The vault is encrypted using our master password and Dropbox only sees an encrypted file. Enpass provides software that runs locally and doesn’t get a copy of my vault file.

If Dropbox has another failure and the vault gets out, then that is not a problem as long as Enpass have properly encrypted it. If Enpass has a bug making the vaults crackable - again it’s not a problem as long as Dropbox doesn’t lose control of my vault file. I update Enpass, the vault gets fixed and life goes on.

Enpass is very usable, but buggy. It crashes every night (requiring me to start it again and log in), and often loses connection to Safari and wont re-establish it. It got better with a previous update, but has got unreliable again. I’m about to look for another.

Cheers.

My smaller battery MX Tesla, after 7 years, has gone from 330km to 308km. The degradation is a lot slower than you indicate.

He’s talking about the USA, so the guard could shoot your neighbour and be suspended with pay. If he wants to be extra cautious, he could yell stop resisting after shooting him.

I have one, and they are great. But wasn’t there just a scandal about a recent firmware update that applied DRM to ink?

You probably did the right thing for headphones.

I’ve been looking for real data on the effectiveness of Sony’s MX5 vs Max vs others - specifically I want to see how well they do passive and ANC across the frequencies we are exposed to. And Verge have come through with this video: https://www.theverge.com/2023/8/31/23852241/we-took-six-pairs-of-headphones-and-a-dummy-head-on-the-subway

Its a good video, but its also got real data from some experts. If you are TLDW - then skip to the end for a table from the experts.

The Sony MX5 are head and shoulders above the rest (with the max second in most categories).

I know it was a sorta joke… but I had to find out if it was true.

This link: https://www.ifixit.com/Teardown/AirPods+Max+Teardown/139369 provides an awesome breakdown on the contents and lots of X-rays.

It turns out the answer is no, although both batteries are in the right ear cup, and ifixit never do figure if there is a counterweight in the other ear. There’s just a gap.

And yeah… adding that weight was a crappy move and very un-apple IMHO. Their products should stand on their own and not require gimmicks like that. Having said that, this is Beats. Analysis showed that their products cost as little as $18 to make (including parts and assembly) - talk about cheap overpriced crap. The other few hundred dollars per set is marketing, distribution and profit. Shows what celebrity endorsements can get you.

And heavy. The Max’s are quite a bit heavier than competitors.

My $0.02c worth - I have run all sorts of servers at home over the years, and one of the main challenges around the hardware is managing heat.

I’ve used mini-ITX mobos and tiny cases for builds. They look gorgeous, but at some point, when you stick enough drives in there (assuming you can) or make the CPU/GPU busy, you are going to have a heat problem, or a noise problem, or both.

On my mythtv build I used M-itx and a gorgeous Lian Li small case. It was a beautiful add to my home theatre stack, but in the end I drilled a ton of small holes in the top and added a slow 140mm fan to control the heat without noise.

The same goes for my file server - it was a slightly larger case with no GPU, but once I added my 6th HDD and had a ton of services running, heat became an issue and I was having to add extra fans, which could only be 80mm so they ran fast and noisy.

My new build I’m going to go all the way with a Phanteks Enthoo Full Tower and a few 120mm fans. I’ve decided that looks don’t matter

The other problem for me with these tiny builds is cable management. I’m complete shit at it, and small builds requires some skills. A big case gives you space to spread those cables out.

Lastly, you can get ATX or EATX mobos with 6, 8 or more SATA connectors - room for growth! And there are very low power options available.

I’ll soon have the appleTV + TV upstairs, laptop in the office, and the monster server downstairs with cat-6 + Gb fibre throughout.