Does that even fit on the spectrum? From Europe things like the "Stanford's guide to political correctness" feel super niche in the same way that some weirdos on the left used to advocate for getting rid of ages of consent.
>Seems like instead of spending Christmas with my family, I will spend it changing passwords for 100s of accounts.
Why didn't you just use decent passwords in the first place? You were using a password manager, what's the fucking point if your password is still "kittens1"?
Only the encrypted randomized passwords were leaked. Unless you knowingly used a bad password for your cloud-based password manager, you're fine.
If you did use a bad password for the cloud based password manager, you're the walnut. The whole sales pitch is that lastpass can't fuck you as long as you have a reasonable password protecting your vault.
Your encrypted data is compromised, it is in the hands of an attacker who really wants to decrypt it. You're pinning all of your digital security on encryption holding against an active attacker. What if there is an undiscovered or undisclosed vulnerability in the encryption? What if last pass isn't using encryption as secure as they claimed? What if the attacker just gets really lucky and your password is in the first thousand bruteforce attempts?
Same rationale applies when a random website gets hacked and leaks their password database. Yes, your password is salted and hashed, and hypothetically unrecoverable. But you change your password anyway.
You have the option to guarantee your accounts are secure, or do nothing and hope it will be fine.
There's a lot of situations where your vault might be decrypted. Sure, they're all pretty unlikely, but the risk is not zero. Changing your passwords does make that risk zero.
You're already fucked. LastPass lied in their sales pitch, and they released a bunch of your data unencrypted. Having absolute trust in their encryption as your sole layer of security at this point is incredibly reckless and stupid. You don't know that your master password isn't uncompromisable, you're trusting the company's sales pitch, and they've already lied to you. There is no reason at all to assume your vault will be secure forever.
n? What if last pass isn't using encryption as secure as they claimed? What if the attacker just gets really lucky and your password is in the first thousand bruteforce attempts?
This is why you always do your own encryption on offline computer using trusted tools like VeraCrypt . Relying on cloud storage to encrypt is doomed to fail eventually.
> Your encrypted data is compromised, it is in the hands of an attacker who really wants to decrypt it. You're pinning all of your digital security on encryption holding against an active attacker.
Well, yeah. Just like you leak your encrypted password to the internet every single time you log into a website.
>What if there is an undiscovered or undisclosed vulnerability in the encryption?
lmao, if aes-256-cbc is broken then LastPass is probably the least of anyone's concerns. This happens to also be one of the more difficult AES modes to screw up.
>What if last pass isn't using encryption as secure as they claimed?
Shit, if that was a real concern you would have to be a complete idiot to use LastPass in the first place.
What proof do you have that last pass uses that encryption scheme? Is there any evidence to suggest that it meets rigorous standards?
Remember that last pass has just been caught lying about their security, and you can't trust what they say.
Calling other people idiots just makes you look like an uninformed asshole, so stop that. You're wrong, and you're trying to justify yourself rather than just back down.
Changing passwords in the face of a breach like this is standard practice and is the only logical step forward. You cannot trust last pass security from this point forward. Whether or not you should have trusted them in the first place is irrelevant in the extreme.
Last pass users should change their passwords, period. Telling those users that they're idiots who shouldn't have trusted them to begin with makes you look foolish and toxic.
>Shit, if that was a real concern you would have to be a complete idiot to use LastPass in the first place.
What are you even talking about? Of course it's a real concern. That exact kind of thing happens constantly. And of course, the nature of the concern here involves us not knowing that LastPass was fucking up. LastPass might not even know. It's not like companies regularly announce in public, "hey, customers! We're actually massive fuckups, we know it, we haven't fixed it, and we just thought you'd like to know!"
One has to wonder what would prompt someone to issue such a violent, random, unhinged threat, in response to a simple question.
You're clearly here propping up LastPass, you don't seem to have a particularly strong argument, as noted by many, you have no substantial history of doing anything constructive on the site, and now you're threatening SWATting me?
I have a better idea: stop the childish, dangerous, violent, criminal threats, and just answer my question, instead.
Do you feel big and powerful issuing threats from behind a cloak of anonymity? Go for it.
Obviously the GP comment was worse, but you also have been breaking the site guidelines repeatedly lately, and not that long after we banned you following countless warnings over many years (https://news.ycombinator.com/item?id=33153801). I was willing to give you another chance, but since it hasn't worked, I think we have to ban you again.
You came looking for a fight, don't act so surprised when you get one.
Go verbally attack random people on the street, see if you don't come home with a bloody nose.
If your comment hadn't been so obviously in bad faith, you'd have received a different response. A 7 months old account that has only mentioned LastPass within the past 24 hours was obviously not created to systematically defend LastPass.
In fact, the account you were replying to hadn't even been "knocking down any criticisms of LastPass" as you accuse. There's not a single comment made by "rosnd" you could reasonably describe as defending LastPass.
How do people running Ceph and other exotic filesystems deal with performance? What performance is considered reasonable performance in your opinion? It might not align with others, most people don't push that crazy amounts of data. I know IBM went from in-kernel NFS to Ganesha for their Spectrum Scale product recently.
"Crazy amounts of data" isn't the main concern, it's latency. It's the people storing giant amounts of data who generally don't worry about that so much.
Ceph isn't a filesystem, it's a service layer (self-described "storage platform") that runs on top of some other unspecified filesystem. Think git-annex or hadoop, not ext4.
Anyway the way Ceph does that is replication, just like those other solutions. There may be 4 nodes with filesystems that contain that data, and Ceph is the veneer that lets you not have to worry about the implementation-detail of where it lives.
That doesn't make any sense, everyone on the receiving end of these threats has a lawyer. Even the shittiest public defender will translate this for you.
These numbers exist solely for the audiences at home.
Getting OT here but at least the end-user cost in that case is some kind of "normalized impact on society" if you're looking for a number to compare different busts with.
