then surely you would not have asked your OS to shutdown? linux does what you ask
Pup Biru
- 0 Posts
- 9 Comments
Joined 1 year ago
Cake day: December 29th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
46·3 days agodomain names do that for people with well known domain names, and verification processes do that for people without
okay, but pretty much anyone in software knows what CVE means, and anyone outside of software doesn’t need to know what CVE means… it’s almost as common in the professional context as CPU
7·8 days agoabsolutely true… we’re completely captured by the US that’s for sure
australia has pretty big uranium reserves; we just don’t really mine it because we are pretty anti-nuclear… our uranium is mined (10% of global supply) as a byproduct of other mining. if there were a deal made, we’d probably step up
also jam in there protections for AI training so they don’t have to deal with those pesky rent-seeking “authors”
1·22 days agowhich endpoint are you referring to?
there are passwords exchanged when using the vault management API, but AFAIK that’s for local access (eg CLI talking to the app)
i’m no expert on the specifics of the API; just in the description they give: https://bitwarden.com/help/what-encryption-is-used/
Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data.
…
PBKDF2 SHA-256 is used to derive the encryption key from your master password
this is exactly the way this should be done. any deviation from this formula by a password manager with a server component should be viewed with extreme scepticism
When you login to the Vaultwarden web application it’s going to exchange your passphrase for a private key.
bitwarden is end to end encrypted: your decryption keys never leave your device, and the server certainly never sees them
you must always be able to trust your network
this would be a horrible password manager. this is also not how bitwarden works
you do still need to trust your server if you use the web interface, because any web interface can serve malicious components to exfiltrate whatever they like but native apps, assuming they’re verified appropriately, could communicate over HTTP and still not allow anyone actively monitoring your network to see any data that would be particularly useful
i think the .id.au domain licensing rules are a pretty reasonable middle-ground:
https://www.auda.org.au/au-domain-names/the-different-au-domain-names/id-au-domain-names/
you have to provide ID to register any .au, so you’re verified as a person, and though they don’t pre-check your nickname, AFAIK if there’s a complaint you do have to prove that you’re “known by” that name