• 0 Posts
  • 17 Comments
Joined 1 year ago
cake
Cake day: June 15th, 2023

help-circle



  • -Use your password manager for everything. 16-20 digit randomized passwords for each account. Change the password to everything you care about and put it in Bitwarden. Don’t host your own instance of Bitwarden, unless you have really good backups. If things go wrong you’re fucked.

    -Your master password should be 5-7 words strung together. Brand names, uncommon words, etc. Avoid dictionary words except for 1 or 2. Use random brands, not something you own that can be socially engineered. Write it down, work on memorizing it for a week or so, then throw it away.

    -Use 2FA on Bitwarden. If you can afford it, buy 2 yubikeys. One for your car keys, and one for a safe place at home. Add both to your account as your only 2FA method. This way there is zero possibility of an online attack. The only way your account could be compromised (outside of a software vulnerability) is a highly-targeted in-person attack, in which case, you have way bigger things to worry about. If you can’t afford 2, than buy 1 and print out a Bitwarden 2FA backup code to store in a very safe place at home.

    -This one is important: NEVER EVER USE SMS 2FA, too many things can go wrong (see: sim swapping). Pay the $10 a year for Bitwarden Premium and use the OTP 2FA codes. If a website doesn’t have OTP (most do nowadays, it’s usually labeled as the “authenticator app” option), than SMS is ok, just try to avoid it.

    If you follow these instructions, I see no probable scenario in which you would have a breach caused by something on your end. A breach in Bitwarden (with it being FOSS and highly-audited, this is pretty unlikely) or, more likely, a breach in the service your account is using are the two scenarios you would realistically be breached.

    Also, you’re very very unlikely to be locked out of Bitwarden as long as you keep 1 yubikey and/or a printed backup code in a safe space at all times. If you end up with brain damage and forget your password, you’d be fucked I guess, but if you’re that worried than write your password on paper in an obvious safe space. That definitely hurts your security though.

    You could also fall for scams and/or social engineering, but that’s a topic way beyond the scope of this post.







  • Mostly the admins. They’ve forgotten to renew their SSL certs multiple times, causing various issues, and they introduced a bug that briefly DDOSed the entire AUR.

    The distro itself seems fine. Although, I don’t see why you wouldn’t just use Arch with Archinstall or EndeavorOS if you really want that GUI installer. Both are much better managed imo.






  • Can someone explain to me why people are so violently opposed to this?

    If Threads blows up, and ActivityPub is integrated, you’ll have access to all of it through any federated instance. No need to let Meta sap all your data to view it or communicate with it’s users. Meta can’t kill ActivityPub or force us onto Threads, just abandon it and leave us back where we are today. If you don’t like the Meta users, just make or join an instance that isn’t federated.

    Anyone can scrape the metaverse data and use it for whatever, Meta included. Them implementing ActivityPub doesn’t change anything about that.

    Look I don’t like Meta as much as the next guy, but this all just seems like illogical gatekeeping

    Edit: I understand now, see: XMPP and Google. Good article someone replied to me with, down below.