Lastpass was hacked and might have lost control of some data https://blog.lastpass.com/posts/2022/12/notice-of-security-incident

1Pass hasn’t been hacked directly, but they were affected by the Okta https://blog.1password.com/okta-incident/

(One of the most common vectors for hacks is through your vendors - see Target https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/)

Dropbox had an unauthorized access, but the seemed on top of it. https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign

Dropbox also has had a more significant data breech, but a while ago. https://www.twingate.com/blog/tips/dropbox-data-breach#

Overview of all password manager breeches! https://bestreviews.net/which-password-managers-have-been-hacked/

Storing Drivers Licence: Was answered elsewhere. Bottom line… Bitwarden seems like it can store other types of data. Note that I don’t use Bitwarden yet, but have experience with Enpass and 1Pass, both of which can store all sorts of data.

Why separate storage if Bitwarden is E2EE? You are placing all your trust in a single organization - Bitwarden. If they get hacked, then it is possible for the hackers to poison their software to deliver master passwords (hacks of s/w repositories has happened). I prefer to separate encryption from storage so a hack in both is required to get my data. Note that I do the same for offsite backups to Glacier/S3. I use Arq to do the backup and encrypt the files, then send them to S3 for storage.

The 2023 IBM Report on Cost of Data Breeches indicated that the average time for a company to discover a breech is about 200 days, and on average another 70 days to remediate. That keeps me up at night in my day job as security dude.

Good to know, thanks. I haven’t actually started looking for the Enpass replacement yet, but it sounds like Bitwarden will be a lead contender.

My approach to this is as follows:

• the password manager is probably the most important and often used piece of software I own. We (wife and I share the vault) store everything important/private in there - bank details, hundreds of passwords, passport details, drivers licence etc. It is used many times a day by us both.
• Loss of control of this data would be catastrophic, so I took its security very seriously.
• No one company can be trusted with our data, because they all get hacked or make mistakes at some point.

I’m the security dude for a cloud service provider in my day job, so my goal was to use Separation of Concerns to manage my passwords. I therefore split the software from the storage, choosing software from one company, and storage from a second company. That way, it requires a failure on both parties at the same time for me to lose control of all the data.

I used to use OnePass for the software, storing the data in Dropbox. But then they removed that option, so I switched to Enpass. Data is stored in a vault on the local device and synced to a folder on Dropbox, which we both have access to from all our devices (Mac’s, iPads, iPhones). The vault is encrypted using our master password and Dropbox only sees an encrypted file. Enpass provides software that runs locally and doesn’t get a copy of my vault file.

If Dropbox has another failure and the vault gets out, then that is not a problem as long as Enpass have properly encrypted it. If Enpass has a bug making the vaults crackable - again it’s not a problem as long as Dropbox doesn’t lose control of my vault file. I update Enpass, the vault gets fixed and life goes on.

Enpass is very usable, but buggy. It crashes every night (requiring me to start it again and log in), and often loses connection to Safari and wont re-establish it. It got better with a previous update, but has got unreliable again. I’m about to look for another.

Cheers.

I learned the hard way about the beauty of backups and the 3, 2, 1 rule. And snapshots are the GOAT.

Even large and (supposedly) sophisticated teams can make this mistake, so dont feel bad. It’s all part of learning and growth. You have learned the lesson in a very real and visceral way - it will stick with you forever.

Example - a very large customer running our product across multiple servers, talking back to a large central (and shared) DB server. DB server shat itself. They called us up to see if we had any logs that could be used to reconstruct our part of their database server, because it turned out they had no backups. Had to say no.

I am one… but I’m the only one I know at my company and socially.

The lists are quite similar with a slight reordering in the top 7 or 8. I guess both lists are a representative sample of developers… But there is one interesting difference:

IEEE: Python, Java, C++, C, JS, SQL, Go TIOBE: Python, C, C++, Java, C#, JS, VB (!), SQL

In IEEE, VB is way way down the list. Do IEEE members use VB less?

I’m always amazed that C still scores so high, but I’ve been told there is a lot of embedded work still going on.

Keep in mind that this is for « typical IEEE members », which I am pretty sure is not a great representative sample of programmers in general.

How many of you programmers out there are IEEE members?

To have library portability is a very cool feature. I hadn’t released that this was possible.

MAUI’s pretty undercooked at the moment. Editing UIs in raw XML, incomplete control set, bugs.

One day could be useful, and there are some 3rd parties providing controls… but of course this is microsoft so they will work on it for 2-3 years, and then write something new, throwing MAUI into the dustbin.

I’m guessing you are not programming on a Mac then :-).

I’m usually a little suspicious of a new fancy language - because the language is only a part of the equation. Does it have good tooling and does it have awesome libraries?

I had a preconception that Rust is strong as a language (formally well structured, low shoot-yourself-in-the-foot potential, consistent, predictable) and that the tooling seemed strong (debuggers, editors, code completion, help, test frameworks), but I’ve always thought that it would lag with libraries. I mean compared to something like Python (« Batteries included ») or java, surely it is not yet compatible, right?.

So I chose a few of the less main-stream libraries that I use regularly… and Lo and behold! They exist for Rust, including Couchbase, SQLite, ECDH, DiffMatch. I can’t vouch for the completeness of those libs, but the fact that everything I looked for existed… that’s impressive.

Cache clearing has been mentioned as a way to fix issues, but it didn’t work for me. I agree with your comment about the value in having a second IDE though.

No. I’m on a Mac, and VS is Mac/Windows only. (Well… windows only from next year).

After I saw your note, I had a quick catchup on that project.

It looks awesome, with the promise of mobile and desktop, and the ability to make apps that can be uploaded to the AppStore. Plus its Dart which is a pretty well structured language. Its ticking a lot of boxes…

Then I ran « wc -l » on my support libraries (i.e. not UI code) - 64k LoC that would need to be rewritten in dart. But then I noticed Flutnet. its probably an abomination linking the two… but it could be promising.

Thanks for the pointer.

Thanks. I’m very out of date with it.

I’ve had a few years experience in both C++ and C#. The learning curve is a lot steeper for C++ with many more opportunities to shoot yourself in the foot or create horrible hidden memory leaks. It sounds like the person making the recommendation is talking out of their arse.

If you have any experience in Java or any OO language, then the transition to C# is not so large. The language itself is not difficult - it will probably a couple of weeks to be comfortable. Its the frameworks and libraries that takes time, and there are a lot.

Here’s my view… it takes 10 or more years (IMHO) for a sharp person to become a senior developer. It takes a few weeks to learn a language. If I have to choose for a big project, I prefer to focus on choosing the right person, rather than just focusing on the language, because a good senior will just learn whatever they need at the start. They will also bring their years of experience in good design, methodologies, communication, mentoring, testing etc to the party.

I take back this comment partially. As 2023.1 (which I have), rider failed to support MAUI. As at 2023.2, they say they have preview support available. I’ve downloaded, and am giving it a try.

Rider doesn’t support MAUI. Nor does it support .net for iOS and .net for Mac which are part of MAUI and the natural upgrade from Xamarin. I downloaded Rider a few months ago and enjoyed being able to switch between VSMac and Rider, and especially enjoyed using CoPilot in Rider.

However Rider has a couple of nasty bugs that have been there for years - one of which was to ignore breakpoints. That came and went on me for a while.

I really like the idea of having a web UI for its portability and richness (esp thanks to CSS being so close to consistent across all platforms). But I have a metric tonne of business logic and ZKE code in C#/.Net running on Mac/iOS. From your prompt, I did just find Electron.Net, so perhaps there is hope.

And, AFAICT, electron can’t be used for iOS apps on the App Store (am I still wrong about that??)

Plus (personal bent) I did a ton of JavaScript years ago when truthiness and indeterminate behaviour was rampant back in ES5 days. I’m a purist and found it a little ugly, but incredibly fast. Then I found dart which compiled to JS, and I decided that JS made a better assembly language than a usable language. Sadly dart has remained a minor player. JS has moved on and I see lots of the old ugliness (like iterating through properties, exceptions and a sync) has gone away. ES13 looks pretty good, although I haven’t played with it yet.