We apologize, but your web browser is configured in such a way that it is preventing this site from implementing required components that protect your privacy and allow you to view and change your privacy settings. This functionality is required for privacy legislation in your region.

We recommend you use a different browser or disable the “EasyList Cookie” filter from your “Content Filtering” settings (found under “Settings” -> “Shields” in the Brave Browser

lol

It is reasonable yet subpar under a threat model where you do not trust any single provider, which is a model I find appropriate most of the time.

You should not assume your password manager is unhackable.

That’s my main point. Perfect is an enemy of good indeed, but I feel that doing things properly the first time is a good idea in general, especially when it as easy as using a different app for your TOTP tokens. It’s a low hanging fruit really.

Please don’t use your password manager for TOTP tokens. It is called two factor authentication for a reason.

Until next time they try to push through something similarly stupid. Now it’s EU’s turn to make their mind too.

Me, at work, looking at my backlog of Baldur’s Gate 3, Armored Core, Blasphemous 2 and countless indies on Steam

Tbh I’d not be surprised if that’s the case. Last time I had enough time to spare to rice me some arches was all the way back when I was in uni :(

I barely have enough time to hotfix my dotfiles nowadays :/

Open the link and read the thread, the author is not aware of this “collection” being shared publicly.

My point is that you should not excuse big corporations for clearly overstepping their bounds when it comes to moderation (as in “minority report” style moderation).

For Google, it would probably be even cheaper to only check URLs in collections that were shared with anybody, at a point the owner attempts to share them. Instead, they preemptively hide them from you, because “this set of characters offends us”.

This is something people should be angry about, not find an excuse for.

Scary illigal content here

I guess we test and see whether I get banned.

Also, it’s not the same. A link to a website is not “pirated content”. A link to a website in a “collection” not shared with anybody is not publicly available pirated content.

Why would Google preemptively ban a set of characters that does not constitute a slur and is perfectly legal to exist?

I’d not expect the private booth to have the club’s employee sitting there and waiting for me to do something that is against the rules preemptively.

We mostly argue about semantics, but in this instance you are trying to excuse some very questionable behaviour by companies by saying something along the lines of “well you better go and live in a forest then”. And I don’t think that’s a good take.

For example, how many Lemmy instances are fine with you direct linking to piracy torrents?

Irrelevant, as all content on Lemmy is public in a proper sense of this word.

Words used to have meaning, you know. Like, for example, the word “private”.

For MFA apps, Google Authenticator seems to be the norm.

I personally use OTPAuth with sync disabled and regular backups. Mostly because it is easier to organise and back up.

Regarding hardware security keys as part of MFA, you can either get yourself dual USB-C / Lightning or USB-C / USB-A keys from Yubikey. Then just buy a USB-A to USB-C dongle (or vice versa) and keep it on your key chain. That’s mostly what I do, not ideal but does the job.

I also use OnlyKey for some passwords, especially encryption passphrases on some servers and laptops. I usually need to enter them on boot, and it just takes too long to do that manually and I’m lazy.

I agree with you on most of the points. Some security is better than nothing. More security is better than less, layers and all.

Regarding data breaches and malware, and threat models in general. We should not forget phishing too. People voluntarily entering their credentials on a website masquerading as their bank etc.

With all of that, having your credentials split over multiple applications and devices actually saves you from an endpoint compromise and evil maid attacks, at least in a sense of limiting the fallout.

Regarding VeraCrypt and “FREE”. While it is, again, better than nothing, VeraCrypt is fiddly, not always works consistently on all operating systems (I look at you, MacOS), and is susceptible to key logging. I prefer actual certified hardware with physical keypads instead. It is not free and has its own downsides, but it is just something I find more appealing.

As a rule of thumb, do not put all your eggs into one basket. No software is infallible and vulnerabilities can be uncovered and exploited in both open and closed sourced applications.

That’s being said, as long as you don’t store all information necessary for a successful login in your password manager, you should be fine.

So storing credentials for your bank account is fine, as long as it is also protected by MFA and you do not use the same password manager for handling that.

You can store PIN codes from your debit cards in the password manager as long as you do not store card number / expiration / CVV2 there too.

Personally, I keep passwords in a password manager, MFA tokens in a separate authenticator, MFA recovery codes go to FIPS 140-2 certified encrypted USB sticks (3 separate copies). I do store debit card PIN codes in my password manager, but only alongside the last 4 digits of the card number.

Type hints are cool. Runtime enforced type hints are cooler.

https://github.com/beartype/beartype

Hey, sorry for slow replies, not receiving notifications for replies on Lemmy by design.

You can ping me on Matrix / Discord / Telegram, I’m ddnomad there. We can have a chat :)

Good

Also while I’m at it, there are some things you can do to improve your chances of getting a solid entry level position with a good pay and decent perks:

• Make sure you have a presentable LinkedIn profile with a lot of connections. Having a good baseline of connections usually helps to legitimise yourself as a professional.
• Have a solid resume put together, there are plenty of guides online on how they should look like. You will need multiple resumes for every area of expertise you will be applying in (e.g. resume for a back-end web developer, resume for a Java developer, resume for an Android developer). Keep each resume one page, you can embellish things but do not outright lie about your achievements / expertise.
• Do some open-source projects, those can be simple things, but well presented and put together. This will help to show that you can actually code, know how to use VCS etc. Having GitHub and GitLab profiles is a must.
• Maybe go ask / answer some questions on Stack Exchange. Having good reputation there used to be (and probably still is) a decent plus for you as a candidate.
• Also consider having a decent reputation on Hackerrank, LeetCode and similar platforms. Add those in to your resume.

All of those items above probably sound like a usual business, or maybe do not particularly make sense for you, but having those really helps to get that extra boost of credibility to land a solid first job.

My suggestion would be to start applying for jobs that look interesting and specifically mention that they are entry level positions.

Also, unless you need to have an official job for some reason, you can always try to make a living freelancing on a platform like Upwork. It does have its downsides (0 job security, requires you to deal with clients directly, finding fitting contracts sucks etc) it will also help you to learn and evolve for your future job interviews, and it will allow you to try different things without having to be actually hired into a specific position long term.

I’ve started my professional career a long time ago by doing small tasks like writing automatic installers for things like Splunk around the time Ansible was not popular yet. It was fun, helped me to earn a living and forced me to learn both soft and hard skills at a far greater pace than I would ever do (because of the a pressure of delivering for my clients).