wols
The point is not the difference between a fake memory and a real one (let’s grant for now that they are undistinguishable) but the fact that positive experiences are worth a lot more than just the memories they leave you with.
I may not know the difference between a memory of an event that I experienced and a memory of an event I didn’t experience. Looking back on the past, they’re the same.
But each moment of pleasure that I only remember, without having experienced it, was essentially stolen from me. Pleasure is a state of consciousness and only exists in the present.
Even better, Obsidian notes are stored directly in folders on your device as plain text (markdown) files.
It’s all there, nothing missing, and no annoying proprietary format.
Not only can you keep using them without the Obsidian application, you can even do so using a “dumb” text editor - though something that can handle markdown will give you a better experience.
The main difference is that 1Password requires two pieces of information for decrypting your passwords while Bitwarden requires only one.
Requiring an additional secret in the form of a decryption key has both upsides and downsides:
- if someone somehow gets access to your master password, they won’t be able to decrypt your passwords unless they also got access to your secret key (or one of your trusted devices)
- a weak master password doesn’t automatically make you vulnerable
- if you lose access to your secret key, your passwords are not recoverable
- additional effort to properly secure your key
So whether you want both or only password protection is a trade-off between the additional protection the key offers and the increased complexity of adequately securing it.
Your proposed scenarios of the master password being brute forced or the servers being hacked and your master password acquired when using Bitwarden are misleading.
Brute forcing the master password is not feasible, unless it is weak (too short, common, or part of a breach). By default, Bitwarden protects against brute force attacks on the password itself using PBKDF2 with 600k iterations. Brute forcing AES-256 (to get into the vault without finding the master password) is not possible according to current knowledge.
Your master password cannot be “acquired” if the Bitwarden servers are hacked.
They store the (encrypted) symmetric key used to decrypt your vault as well as your vault (where all your passwords are stored), AES256-encrypted using said symmetric key.
This symmetric key is itself AES256-encrypted using your master password (this is a simplification) before being sent to their servers.
Neither your master password nor the symmetric key used to decrypt your password vault is recoverable from Bitwarden servers by anyone who doesn’t know your master password and by extension neither are the passwords stored in your encrypted vault.
See https://bitwarden.com/help/bitwarden-security-white-paper/#overview-of-the-master-password-hashing-key-derivation-and-encryption-process for details.
That number is like 20 years old.
Today it’s around 60 billion.
This works as a general guideline, but sometimes you aren’t able to write the code in a way that truly self-documents.
If you come back to a function after a month and need half an hour to understand it, you should probably add some comments explaining what was done and why it was done that way (in addition to considering if you should perhaps rewrite it entirely).
If your code is going to be used by third parties, you almost always need more documentation than the raw code.
Yes documentation can become obsolete. So constrain its use to cases where it actually adds clarity and commit to keeping it up to date with the evolving code.
It’s a big deal IMO, particularly because at login it doesn’t do the same. From the user perspective, your password has effectively been modified without your knowledge and no reasonable way of finding out. Good luck getting access to your account.
When a bank does this it should be considered gross negligence.