<infinisil>
Probably one of the most untrustworthy "password manager"s I've seen in a while, especially after the comment by the author
<infinisil>
"First... don't confuse encryption with hashing. The tokens are hashed on the server side (1 way algorithm - no key). Encrypting your data serverside is no good compared to hashing because a key has to exist somewhere."
<samueldr>
I first read rspectful
<infinisil>
?????
<samueldr>
respectful*
<qyliss>
what
<infinisil>
This person clearly has no idea about security and should not be providing such a service
<gchristensen>
this is wild
<infinisil>
samueldr: Yeah I did too at the start..
<infinisil>
"How do you go about "encrypting" your database LOL... from that comment alone I can tell that you do not have much experience in this field Database entries are HASHED not encrypted dude"
jasongrossman has joined #nixos-chat
* samueldr
uses logs.nix.samueldr.com as password manager 2ab96390c7dbe3439de74d0c9b0b1767
<samueldr>
interesting to search google for that hash
<infinisil>
Very smart of you to use hashing, nobody can read the password like that!
<infinisil>
Haha
<infinisil>
I only see ******
jtojnar has quit [Ping timeout: 258 seconds]
<infinisil>
Update: The reddit post got taken down because it's got nothing to do with programming and author deleted their account
drakonis1 has quit [Quit: WeeChat 2.4]
endformationage has quit [Quit: WeeChat 2.4]
Myhlamaeus has quit [Ping timeout: 276 seconds]
jasongrossman has quit [Remote host closed the connection]
<qyliss>
what a ride that was
<makefu>
infinisil: you surely archive.org'ed the link, right , right?
<joepie91>
the tl;dr is that a mindgeek employee was trying to get a websocket blocking API (needed by adblockers) killed off, by making bad-faith arguments about "security"
<joepie91>
(they were actively using this lack of blocking API to deliver ads via websockets at the time, bypassing adblockers)
<joepie91>
so yeah, I'm not sure which is going to be the lesser evil in this situation
<joepie91>
the company that's ejecting the vulnerable people from the community, or the company that's exploiting the vulnerable people for their own benefit
drakonis_ has quit [Ping timeout: 250 seconds]
<gchristensen>
yeah, not sure that websocket example is very compelling given VZ's power overall
jtojnar has joined #nixos-chat
drakonis has quit [Ping timeout: 252 seconds]
<joepie91>
I'm just providing it as an insight into the ethics of the company
<gchristensen>
yeah I won't say either of them are ethically great
<gchristensen>
or great in any fashion
<gchristensen>
or even good
<gchristensen>
and yet, here I am, feeling like tumblr in the hands of pornhub is likely a better home than Verizon Media Group, a.k.a Oath
<simpson>
Alignment of incentives.
<simpson>
And it's not like it's a different business; Pornhub owns and operates their own adtech, and are effectively a "media group".
<infinisil>
Remember when I said it's impossible to download older macOS versions yesterday or so?
<samueldr>
sure
<infinisil>
Well it's actually not impossible. All you need is an apple developer lincese for $99/year!
<joepie91>
gchristensen: I'm not saying that it is definitively worse, to be clear - just that I'm not sure it'll be better :)
<infinisil>
I am lucky enough to still have a High Sierra installer downloaded from some time back
<infinisil>
Which at least lets me work around the nixpkgs problems with mojave
<infinisil>
(See #42719, have been fixed, but I need nixpkgs versions that are older than that fix)