Even better, Obsidian notes are stored directly in folders on your device as plain text (markdown) files.
It’s all there, nothing missing, and no annoying proprietary format.
Not only can you keep using them without the Obsidian application, you can even do so using a “dumb” text editor - though something that can handle markdown will give you a better experience.
Honestly, their comment reads like copy pasta. That first paragraph is chef’s kiss.
I initially thought they weren’t being sincere, something something Poe’s law…
(’ v ')/
The main difference is that 1Password requires two pieces of information for decrypting your passwords while Bitwarden requires only one.
Requiring an additional secret in the form of a decryption key has both upsides and downsides:
So whether you want both or only password protection is a trade-off between the additional protection the key offers and the increased complexity of adequately securing it.
Your proposed scenarios of the master password being brute forced or the servers being hacked and your master password acquired when using Bitwarden are misleading.
Brute forcing the master password is not feasible, unless it is weak (too short, common, or part of a breach). By default, Bitwarden protects against brute force attacks on the password itself using PBKDF2 with 600k iterations. Brute forcing AES-256 (to get into the vault without finding the master password) is not possible according to current knowledge.
Your master password cannot be “acquired” if the Bitwarden servers are hacked.
They store the (encrypted) symmetric key used to decrypt your vault as well as your vault (where all your passwords are stored), AES256-encrypted using said symmetric key.
This symmetric key is itself AES256-encrypted using your master password (this is a simplification) before being sent to their servers.
Neither your master password nor the symmetric key used to decrypt your password vault is recoverable from Bitwarden servers by anyone who doesn’t know your master password and by extension neither are the passwords stored in your encrypted vault.
See https://bitwarden.com/help/bitwarden-security-white-paper/#overview-of-the-master-password-hashing-key-derivation-and-encryption-process for details.
This works as a general guideline, but sometimes you aren’t able to write the code in a way that truly self-documents.
If you come back to a function after a month and need half an hour to understand it, you should probably add some comments explaining what was done and why it was done that way (in addition to considering if you should perhaps rewrite it entirely).
If your code is going to be used by third parties, you almost always need more documentation than the raw code.
Yes documentation can become obsolete. So constrain its use to cases where it actually adds clarity and commit to keeping it up to date with the evolving code.
It’s a big deal IMO, particularly because at login it doesn’t do the same. From the user perspective, your password has effectively been modified without your knowledge and no reasonable way of finding out. Good luck getting access to your account.
When a bank does this it should be considered gross negligence.
If their password was actually good (18+ random characters) it’s not feasible with current day technology to brute force, no matter how few PBKDF2 iterations were used.
Obviously it’s still a big issue because in many cases people don’t use strong enough passwords (and apparently LastPass stored some of the information in plaintext) but a strong password is still good protection provided the encryption algorithm doesn’t have any known exploitable weaknesses.
Extra steps that guarantee you don’t accidentally treat an integer as if it were a string or an array and get a runtime exception.
With generics, the compiler can prove that the thing you’re passing to that function is actually something the function can use.
Really what you’re doing if you’re honest, is doing the compiler’s work: hmm inside this function I access this field on this parameter. Can I pass an argument of such and such type here? Lemme check if it has that field. Forgot to check? Or were mistaken? Runtime error! If you’re lucky, you caught it before production.
Not to mention that types communicate intent. It’s no fun trying to figure out how to use a library that has bad/missing documentation. But it’s a hell of a lot easier if you don’t need to guess what type of arguments its functions can handle.
The point is that you’re not fixing the problem, you’re just masking it (and one could even argue enabling it).
The same way adding another 4 lane highway doesn’t fix traffic long term (increasing highway throughput leads to more people leads to more cars leads to congestion all over again) simply adding more RAM is only a temporary solution.
Developers use the excuse of people having access to more RAM as justification to produce more and more bloated software. In 5 years you’ll likely struggle even with 32GiB, because everything uses more.
That’s not sustainable, and it’s not necessary.
You don’t need to correct something everyone already knows is an exaggeration (and I agree it doesn’t seem very socially aware to do so) but this is a political discussion on the internet, so
What if they said “Hey I know you’re being hyperbolic, but for anyone who’s interested, here’s the number estimated by experts…”?
The only difference here is tone.
I’m not sure why they only shared numbers for minke whales, as these don’t seem to be hunted anymore in Iceland in contrast to fin whales, whom the article was about.
Global fin whale population was estimated in 2018 by IUCN to have been around 100000.
https://www.iucnredlist.org/species/2478/50349982#population
Yes, correcting hyperbole with relevant information is bad, actually.
Many of the programming languages that are regularly the butt of everyone’s jokes don’t just allow you to use them badly, they make it easy to do so, sometimes easier than using them well.
This is not a good thing.
A good language should
The reality is that the average software developer barely knows best practices, much less how to apply them effectively.
This fact, combined with languages that make it easy to shoot yourself in the foot leads to lots of bad code in the wild.
We should attack this problem from both directions: improve developers but also improve languages.
Sometimes that means replacing them with new languages that are designed on top of years of knowledge that we didn’t have when these old languages were being designed.
There seems to be a certain cynicism (especially from some more senior developers) about new languages.
I’ve heard stuff like: every other day a new programming language is invented, it’s all just a fad, they add nothing new, all the existing languages could already do all the things the new ones can, etc.
To me this misses the point. New languages have the advantage of years of knowledge accrued in the industry along with general technological advancements, allowing them to be safer, more ergonomic, and more efficient.
Sure, we can also improve existing languages (and should, and do) but often times for one reason or another (backwards compatibility, implementation effort, the wider technological ecosystem, dogma, politics, etc.) old quirks and deficiencies stay.
Even for experienced developers who know how to use their language of choice well, there can be unnecessary cognitive burden caused by poor language design. The more your language helps you automatically avoid mistakes, the more you can focus on actually developing software.
We should embrace new languages when they lead to more good code and less bad code.
Bonus: good tests can also serve as technical documentation.
Though I have to disagree with the notion that documentation is as important or more so than code.
Documentation is certainly near the top of the list and often undervalued. I’ve worked on a project where documentation was lacking and it was painful to say the least.
Without documentation, changing or adding features can be a nightmare. Investigating bugs and offering support is also very difficult. But without code, you have nothing. No product, no users, no value.
There are (inferior) substitutes for documentation: specialized team knowledge, general technical expertise. These alternative pools of knowledge can be leveraged to create and improve documentation incrementally.
There’s no replacement for the actual functionality of your applications.