not_a_whale's recent activity
-
Comment on What is a simple tech tip that changed how you use your computer or other devices in a significant way? in ~tech
-
Comment on Experts link LastPass security breach to a string of crypto heists in ~tech
not_a_whale Lastpass leaked a lot more then the vault. By the time the analysis was winding down the unencrypted data fields and number of secret key types leaked is enough to cause concern. See one of their...Lastpass leaked a lot more then the vault. By the time the analysis was winding down the unencrypted data fields and number of secret key types leaked is enough to cause concern. See one of their last blog posts here.
https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/
The recommendation for all LP users is to change everything. My company opted to migrate all data to Bitwarden, and then change everything.
-
Comment on Experts link LastPass security breach to a string of crypto heists in ~tech
not_a_whale They did not and they lost a lot of business as a result of it. Those weeks during the initial announcements for the leaks were rough for us as admins because they kept giving incomplete...They did not and they lost a lot of business as a result of it. Those weeks during the initial announcements for the leaks were rough for us as admins because they kept giving incomplete information and revising it 3 days later without clarification. My company pulled a few hundred user accounts away from them as a result of their inability to properly communicate on this matter. Well that and after we had flipped those accounts to Bitwarden we realized how much extra work LastPass's garbage software was actually causing us. It does not always pay to go with the industry standard.
-
Comment on Experts link LastPass security breach to a string of crypto heists in ~tech
not_a_whale TLDR: Bitwarden is working just fine for the group of small companies we manage with it. Considerably better the Lastpass did. I did the vetting for my company for password managers early this...TLDR: Bitwarden is working just fine for the group of small companies we manage with it. Considerably better the Lastpass did.
I did the vetting for my company for password managers early this year to move our small business, and that of our clients, away from Lastpass. We did end up settling on Bitwarden for company use with the addition of Duo in order to allow MFA recovery if required. It should be noted we were also looking for a platform that would allow a good reseller relationship and Bitwarden won in that game too. BItwarden is one of the few that does allow for self hosting if you opt for it. Management is simple and effective. The entire team has latched onto it and were all pretty evangelical about it now compared to other products.
The largest selling points for us was independent 3d party pen testing and yearly security auditing. Also they have provided decent support for us and seem like a good group of human beings.
Self hosting: https://bitwarden.com/help/self-host-an-organization/
Duo relationship: https://bitwarden.com/help/saml-duo/
Company Admin Policy control: https://bitwarden.com/help/policies/Runners up that did not make the cut were 1Password and Keeper.
I want to make a statement that support contracts and security credentials are much more important then self hosting for small businesses like us. Doing a lot of work on our own does not leave us much time for client facing work to improve our business relationships. If we can trust a platform to help us get our monies worth for security were going to take that option. Bitwarden hit the right balance and we are proud to be clients thus far.
-
Comment on Fairphone Keep Club: Sustainable consumerism? in ~tech
not_a_whale I replied to your question under the same question from OP. Just leaving you this note here so you know to go check it out!I replied to your question under the same question from OP. Just leaving you this note here so you know to go check it out!
-
Comment on Fairphone Keep Club: Sustainable consumerism? in ~tech
not_a_whale (edited )Link ParentSo there really is no winning this fight for me. I am screwed in almost any direction I go beyond carrying and actively maintaining multiple phones. I have done that in the past and it is...So there really is no winning this fight for me. I am screwed in almost any direction I go beyond carrying and actively maintaining multiple phones. I have done that in the past and it is cumbersome. Lets see why my options are less cool then most peoples.
I work in small business IT. My company runs on Google Workspace. 45% of my clients also run in Google Workspace. I am upper management and the head of the on-call system. I spend roughly 55% of the year on the electric leash capable of being called, or needing to step in at any time, 24/7. Sure I probably need to get a less intensive job. But for the sake of current phone related choices we need to consider this an unchanging fact of my life. Your going to hear some things in the following paragraphs that will make you hate the "controls" my company puts on me. I am totally fine with them so lets just leave that argument aside. Security compliance is a huge deal in our industry as we are the primary targets for the hackerz.
Custom roms, rooted devices, and working without a google admin profile is against the terms of use for my company. I am not allowed to put a work profile or do work off a device that does not comply to company policy. Which means I need google services on something for work. And I need it with me at all times.
Google: https://fourweekmba.com/google-revenue-breakdown/
Apple: https://fourweekmba.com/apple-revenue-breakdown/I am going to not bore you by complaining of all the myriad privacy concerns brought to bare against both tech giants. The basics of my main argument is economic. Google revenue is 79.92% earned through different advertising channels. You can see a breakdown in the above link. Apples ad revenue is part of the section called "services" in its revenue breakdown. The linked rundown does not break down service into smaller chunks but someone will probably be able to find that number for me. Services is 19.81% of Apples revenue meaning probably safe to say its >18% of total revenue.
Google: 79.92% Ads
Apple: >18% AdsThe incentive for Google to not only collect, but use that data for selling me everything under the sun, through ads, is considerably higher then Apple. Apple indicates that almost all of its ad revenue is generated through its own App Store. They do not have ad revenue streams that take ads from outside sources and inject them anywhere into other peoples lives. Its just apps on a single store.
On that Android device pretty much everything from both my personal and work profile are going to the same place. A place with much more power to use that data to try to sell me much more then just another iPhone or App. With the trackers coming back off all that ad data that means at least some data is probably going to third parties. Apple has done a lot of damage to other ad tracking business models by limiting the telemetry that's going back to them. Meta has been struggling since Apple killed a lot of the data flow out of their apps. They actually do limit the leaking of data to third parties and that is an important aspect of what I want to keep at bay.
Apple's goal is to sell actual stuff, mostly iPhones. Which does make them pretty freaking evil when it comes to environmental practice (Though imo they are doing a good job of getting on the right path for this). But Apple generally supports security updates on a device for 6+ years. They have slowly improved their repair options and anecdotally most of my iPhone friends DO keep their phones going longer then the Android ones. Apple is not a Fairphone in terms of how long I could keep it running for. but its better then my android history. it should be noted that the longest time frame promised for a Pixel phone for security updates is 5 years and that was new and groundbreaking. We're only two years into that agreement so there is no way to know how fast they will cut off security updates after 5 years yet. The longest I have kept a Android phone within security policy thus far is 4 years before forced retirement by policy non-compliance (before the device was even dead). If I don't have security updates. I uninstall work from it and it turns into a remote control or a gift to someone who needs a phone but does not need my level of compliance.
The goal of the swap is not to stop the flow of data but to silo off work data from personal data and put the data for both in competing buckets. It is not likely that Google and Apple are sharing what they could be making money off me from with each other. By siloing work into google and personal into Apple I might be doing myself some good in related exposures.
As a side note. My decision to swap is far from over. I only started considering it seriously again a few weeks ago and a change like this is like a 6 month minimum of research and doubling back on myself. I still need to contend with a lot of unknowns in the landscape that me and a few security minded industry associates on both sides of the fence are exploring. A lot of that deals with how Apple sandboxes the data coming off its own apps in comparison to third party apps. We shall see!
-
Comment on Fairphone Keep Club: Sustainable consumerism? in ~tech
not_a_whale (edited )Link Parentindeed I am glad this got brought up for anyone doing research using this thread in the future. There is a chance we will get a Fairphone 5 through Murena eventually. /e/os or any ROMs without the...indeed I am glad this got brought up for anyone doing research using this thread in the future. There is a chance we will get a Fairphone 5 through Murena eventually. /e/os or any ROMs without the ability to install google management tools are not an option for my use case. I will respond with more details on why my use case is annoying once I get around to responding to AndreasChris about the possible iPhone swap. Its probably going to be a book. Trying to figure out how to cut it down in length.
-
Comment on Fairphone Keep Club: Sustainable consumerism? in ~tech
not_a_whale IMO there are the idealistic wishes of forward thinking consumers and there is the capitalist reality. Fairphone is doing the best they can to live up to their ideals while not being out of...- Exemplary
IMO there are the idealistic wishes of forward thinking consumers and there is the capitalist reality. Fairphone is doing the best they can to live up to their ideals while not being out of business. I for one would like them to stay in business. That requires a little bit of advertising and I like this approach. If I was able to get a fairphone (I am not, the USA can't have nice things), I would be happy to be a member of this club. Being rewarded for buying my own parts and maintaining my phone would be a dream.
I like to push the life expectancy of devices. This system would not draw enough incentive for me to buy one every time new models became available. But I would feel good every time I bought a new part for my existing device. It gives a little bit of something back to those who maintain. Sure its not as much of one as buying each new model iteration. But those whose consumerist habits are formed from the concept "I got it because it was on sale" or "I got it because its new" should not be the target audience for this device.
I would hope Fairphone is trying to give those who already have the right mindset a little something back for living with a sustainable devices. Hopefully they are banking on the correct mindset being the majority of their customer base.
If anything this club might be a nice reminder for me NOT to replace my phone when something goes wrong. I already keep track of my phones birthdays and death days to try to better control my replacement habits. Current phone was born on November 10th 2021. Unfortunately it might not last as long as others as I struggle with the privacy concerns of direct google products. I might be flipping to iPhone in the near future after more than a decade on Android. I am not happy with my choices all around.
As I attempt to make myself into a informed consumer I find that I get deflated by the idea that everyone who is trying to survive as a business and do better by our planet is "not doing good enough" because of small imperfections in the business model. The reality is as much as we don't like it, this system IS still capitalist. If we ignore those who take the small steps in the right direction because its not enough, they will not survive. If they do not survive their ideas and the good they did might be lost. We have to support everyone we can that's trying to make a small difference. The more important part is consumer understanding. Understanding the difference between actually helping and green-washing will help us make better informed choices.
As a lower middle class person stuck in the USA I often joke I only have two votes. My actual vote in elections and my wallet. I see Fairphone as someone trying harder then most and deserving of that little support even when they have to play the capitalist game.
-
Comment on Blackbraid - A Song of Death on Winds of Dawn (2023) in ~music
not_a_whale I just ran across this guy a few weeks ago. Happy I did. Glad to see some recognition circling too.I just ran across this guy a few weeks ago. Happy I did. Glad to see some recognition circling too.
-
Comment on What are your favourite genre-bending bands/artists? in ~music
not_a_whale Just wanted to throw in here for some jazzy metal fusion. Rivers of Nihil. Death Metal saxophone. Need I say more? Albums "The Work" and "Where the Owls Know my Name". The Fall and Winter albums...Just wanted to throw in here for some jazzy metal fusion. Rivers of Nihil. Death Metal saxophone. Need I say more? Albums "The Work" and "Where the Owls Know my Name". The Fall and Winter albums of their 4 season include a lot of jazzy and 70s rock influences (Pink Floyd for sure).
Also the rest of this list is great. Zeal and Ardor is probably top 5 for me. Also Whispered and Rolo Tomassi are great. Ill be exploring the rest of this list I had not seen before.
Some Bash interface aliases have trouble appending sudo in by design. you will get a message similar to
sudo: !!: command not found
So instead you can use the history functions with
alias please='sudo $(fc -ln -1)'
This took me a few tries to figure out the first time I did it so might as well post it here in case someone else has an issue.