Ken WhiteHamline University: sometimes, it IS cancel culture.
https://popehat.substack.com/p/hamline-university-and-cancel-culture
@Randall
- 13 Followers
- 79 Following
- 73 Posts
š¤
Radley BalkoNew from me: What does it mean for a state supreme court justice to say he is "intensely pro-law enforcement?"
It means he shouldn't be serving on a state supreme court.
https://radleybalko.substack.com/p/michigan-supreme-court-justice-richard
This week on Serious Trouble: George Santos has a troubled relationship with the truth, Sam Bankman-Fried is bailed out but flipped on, and oh what a shocker Scott Adams is making dumb defamation threats again. https://www.serioustrouble.show/p/reliable-liars#details
Reliable Liars
Listen now (38 min) | George Santos may have lied his way to indictment; the federal government trusts that Sam Bankman-Fried will not abscond; Scott Adams says he will sue Ben Garrison over Fauci cartoon
Daniel DreznerItās gonna be wild in 2026 when the āMarjorie Taylor Greene, Institutionalistā stories are written.
Paul MusgraveKevin McCarthy: āI want to make history.ā
The monkey paw curls
Adam GurriTo paraphrase @Randall, Mastodon has truly arrived as a Twitter replacement because the tankies are here
ryan cooper
TK@Popehat isolate this audio and write it into the contract that your client must use this as their ringtone.
SwiftOnSecurityLASTPASS NEWS ALERT AND COMMENTARY:
LastPass attackers know your name and billing address and all websites you have saved passwords for, and if your master password isn't sufficiently strong may be possible to brute-force open everything on attacker's machines.
PLEASE READ BEFORE PROCEEDING: https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
The fact LastPass doesn't encrypt website URLs is a known flaw it appears they never fixed on purpose, going back almost 6 years:
https://hackernoon.com/psa-lastpass-does-not-encrypt-everything-in-your-vault-8722d69b2032
This eventual possible security breach was planned-for as part of LastPass' design for username and password protection. This doesn't break the core offering.
But it has stripped away multiple layers of protection and will hasten my looking at @bitwarden
It's impossible to be completely secure in a massive offering. However I have always disagreed with their decision to not 100% encrypt all metadata, and this event shows that was a foolish choice when seen against the inevitable of the entropy our complex electronic systems.
In the end, a password manager is still right choice in comparison to alternative. And a cloud-native offering like LastPass strongly hedges against data loss by normal users trying to manage their own vault. That is an undersold primary risk, not hackers. Still, very disappointed.
Current password setup:
- Primary vault is LastPass with 2FA
- Core fallback "key" accounts like email that allow pw reset are only in a KeyPass db file with 20char password, synced via OneDrive+2FA.
- This is then further backed-up with BackBlaze, using 40char encryption key
