Most of the things that the public — even so-called “AI experts” — consider “magic” are still within the in-sample space. We are nowhere near the out-of-sample space yet. Large Language Models (LLMs) still cannot truly extrapolate. It’s somewhat like living in America and thinking that America is the entire world.
Great to hear the tasks sparked your interest! While we primarily hire within the CET timezone, we make accommodations for candidates whose background aligns well with the role. You’d need to be available to participate in team calls during usual CET business hours - if that works for you, we’d encourage you to apply using the links above.
100% serious question: how is using dropbox (one cloud) to sync passwords any better or more secure than using a password manager that syncs your vault for you (another cloud)? I see so many "I don't trust <insert pw manager> so I use dropbox" comments around these parts and I just don't understand what real or perceived threat is being mitigated.
It's valuable that the syncing mechanism is seperate because that makes it agnostic. Parent comment uses Dropbox, I use Google Drive, someone else uses OneDrive, someone else uses iCloud, someone else uses Syncthing or Nextcloud, etc.
You don't have to trust the single cloud provider to encrypt and not be able to spy. The vault is encrypted on your own device using fully open software, and the cloud only ever sees a blob they have no keys to, directly or indirectly. The encrypting/decrypting software was not written by the cloud provider.
You don't have to trust any single cloud provider to stay up, be available in your country, stay friendly to you. If Dropbox goes down or kills your account, you just flip to any of 20 other options.
You say you don't understand why someone prefers Dropbox over the special custom syncing, but I don't understand what the excuse is for a special vendor-specific implimentation of something that is already generic and agnostic. It's like using a browser that uses it's own version of http to download files and only works with one web site that has the matching special server.
It's not a remotely equivalent comparison between "one cloud" and "another cloud". One is a single vendor-specific, custom purpose, single-provider thing, the other is agnostic and infinite, use any method you want from any provider you want any time you want.
For me it's not about "mitigating a real or percieved threat". It's just basic system resilience and principle to avoid special things and prefer generic/agnostic things, and keep concerns seperated. But it is also more secure not to trust any integrated cloud provider, vs having the cloud be just storage that doesn't know anything about the blob being stored, and can't even if they turn bad, or are pressured by a government, or get hacked, etc.
I guess the idea is that you trust open source software to encrypt the vault, so Dropbox couldn't do anything with it even if they wanted to. That's also true for the open source Bitwarden clients though.
No local backup? Do you rely on the network working all the time?
I do something similar on the mobile phone (the reasining is, if there's no network, there's nothing I need to login to) but I also keep a local copy on my laptop (that I sometimes operate with limited connectivity). Without any automatic syncing, one of the two copies will be stale.
Back in the day we tried to sync KeePass vaults at work and ended up with a conflict about once a week, which is way too often. Not sure if other password managers have solved this.
Ah, you mean by using some app or daemon. I excluded that possibility because on at least one of my laptops I'm not allowed to install anything, so for me "normal" behavior is using Dropbox as a container for files to download when needed.
I did this a long time ago but eventually ended up with conflicts. Password managers write new entries in a file and easily avoid conflicts whereas agnostic file managers will immediately conflict if sync wasn’t working for a while on a device
I use it (Keepass) for a while and never got the conflict on the desktop client (osx), nor on Firefox. But the iOS app does not like the file on the Google Drive and occasionally it needs to be reloaded.
I use mobius sync and I'd say the app itself is fine, you just have to open it whenever you want things to sync. That's one of the things I miss from Android. Also you can't sync your camera folder
Mobius Sync works really well, the only caveat is that it's not completely free (you're limited in the sync size unless you pay $5, but that's a one-time thing), and that while it can background sync, it's not continuous, and you'll want to open the app if you need to make sure something's synced.
Nope. I have a cloud Syncthing box that is accessible over SSH, and I use ShellFish to read/write my synced folders. It works okay, especially for lazily sending stuff from my phone to my laptop.
You laugh, but that's apparently what I did a decade and a half ago.
I recently mounted a HDD that was at my parents' house. Most files are from 2009-2012ish. I was there one summer between undergrad and grad school and used it for a couple months.
I found an Opera password list that I'd exported, presumably to copy over to my new laptop. It was fun last night skimming the list, seeing which websites I'd completely forgotten about that I used to have accounts for. Almost none of them even exist anymore besides the big players (Slashdot, Apple, etc.), but the point is *almost all of them had the same password*. o.O
Thanks for asking! Using SQLite with SQLx in Rust provides type-safe SQL queries, which enhances safety by catching errors at compile time.
As for backups, the setup is straightforward: just periodically copy the SQLite file to a secure location. Since it's a single binary and a database file, this keeps things simple and low-maintenance.
I hope you're calling the `backup` command in sqlite. A simple copy can leave sqlite db files in an inconsistent state from which sqlite can't recover.
