Don’t upload your passwords to the cloud

December 23, 2022

Well, it finally happened: The cloud store of popular password manager LastPass was breached, and all user password vaults are now in the hands of hackers.

https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

LastPass users: Your info and password vault data are now in hackers’ hands

Password manager says breach it disclosed in August was much worse than thought.

While this is not the nightmare scenario (the vaults are still encrypted), it’s pretty close to it. Hackers now have users’ vaults on their drives, and they can brute-force their main passwords at their leisure. Guessing the main password will unlock the entire vault and grant hackers access to all the passwords—and TOTP second factors—in it. Remember: the encryption is only as strong as the main password, and some users may have chosen hunter22 for all we know. With 33 million customers’ data available, hackers only have to unlock a tiny fraction of the vaults to make it worth their while.

I continue to believe that it’s irresponsible for password managers to encourage regular people to upload their vaults to a central cloud. Companies like LastPass and 1Password expose their customers to risks that most of them don’t understand.

My advice? Never upload your password vaults to a central cloud—those storage locations attract hackers because they promise huge payoffs. Instead, keep local copies, replicate them across multiple devices, and back them up to an offsite location. Even keeping a local vault on one computer or phone and keeping good backups of that one device is better than uploading your data to the cloud.

Enabling Dagger in IntelliJ

December 1, 2022

I had a hard time getting Dagger to work in IntelliJ, so I’m writing down the steps so you will have an easier time at it.

Create a Java project using the usual settings.

IntelliJ default project creation dialog

Section Your Day and Contain Your Failures

November 11, 2022

Split up each day into sections: morning/afternoon/evening; breakfast/lunch/dinner; whatever divisions make the most sense to you and can repeat daily.

Begin each section with a plan of action. Then execute your plan. Stop and review at the at the end of each section. Take a break. Replan when starting the next.

Most importantly, contain failure to a single section. So you failed your morning section; that’s ok, you learned from that. Now, let’s focus on the afternoon section.

Get the hell out of twitter

November 3, 2022

Stylized face of Elon Musk surrounded by distorted Twitter blue birds

Generated image¹

If you have a twitter account with a significant amount of data in it, run—don’t walk—away from that platform.

Elon appears to be rapidly turning twitter into an unmitigated disaster, from its social media and technical aspects to its fundamental business model.

Barely a week in, Elon has caused immense internal chaos by immediately firing twitter’s leadership without a transition plan; telling workers to drop everything they’re doing to do an aborted ink-and-paper code review; telling engineers to launch a pointless blue-checkmark subscription service within a week or lose their jobs; telling remote workers to show up in an office or get fired; and threatening to fire half the crew anyway.

Image generated by DiffusionBee. Prompt: “Elon musk destroying the twitter logo magazine illustration” ↩

So long, Apple

October 24, 2022

I suppose all good things must come to an end. This is my last week at Apple. I’m looking forward to working on a new set of challenges in the near future.

My tenure at Apple has lasted 13 years and 8 months—by far the longest I’ve stayed at any one company. During those years I worked on countless iPhones and iPads, created Mobile Device Management and Photo Stream/Shared Photos for iCloud, worked on a ton of plumbing for iOS in UIKit, Mac Catalyst, and the ability to run iOS apps natively on M1 Macs.

I’m thankful for the life-long friendships I’ve made along the way. I’m grateful for the chance to work with brilliant, opinionated, hardworking people, even those with whom I commiserate occasionally on the state of the industry.

I hope I leave with no hard feelings on either side—I certainly leave with gratitude and humility. Life is different after two years of the pandemic, and I think it’s the right time for us to go our separate ways.

I sincerely wish everyone at Apple the best of luck in the days ahead. It’s been fun. Stay in touch.

humancode.us