In my dream future, libgit2 is the official implementation of Git, taking most of the pain out of trying to create a Github-like service (among other things).
Alza (a czech retailer also available in Germany) has had it for many years as well but none of them appear to provide a comparison between brands in a category as Galaxus does.
From the perspective of someone who unfortunately deals with FB Business manager, their palette of services has become such an incoherent and buggy mess that it sure feels like they have totally lost control of their products and infra. Just two most recent issues I found last week:
- Removing a paypal account and adding another one is not reflected when creating a new ad - the old one is still there and new is nowhere to be see . Upon using the old one, ad got accepted normally but it wasn’t shown to any user. No error messages or anything. The ad went to some limbo state where it couldn’t be removed, edited or paused from the ads manager, but curiously could be deleted from mobile instagram app.
- Reels (a feature > 1yr old) can not be advertised from desktop dashboard, only from mobile instagram app. The reels or their statistics are not visible at all in business.facebook.com.
Stuff like this shouldn’t happen on any production service.
Oh and another fun one was an ad published after my client had a fundraiser for NGO aiding children in Ukraine. Results for the ad (it didnt relate to the fundraiser) showed ~15k clicks and 0 completed goals. Statistics happily stated that 99.9% of the budget was used by android users in Ukraine. Audience was all EU countries. Somehow it seemed a bit suspicious to me, but not to FB. Raising an issue about the results to FB is as useful as complaining about them to my dog.
For average user they are. They allow humans use long passwords without reuse. They're resistant to phishing. Online sync is necessary for multiple devices.
It's just LastPass that's uniquely bad. I don't understand how they are still in business. Their security track record is a series of embarrassments. Their UX is poor. Their browser extensions slow down the whole browser. And apparently their privacy is also suspicious.
But OTOH Firefox Lockwise/Sync is client-side encrypted, and the server just holds an opaque data blob for you.
> I don't understand how they are still in business.
For products this critical, that handle a relatively large amount of per-user data, inertia is massive. Once you get used to it, the thought of moving tens or hundreds of items to another service is daunting, for the average nontechnical user. (Yes, I know it's just "export this, import that", but for nontechies even the first step can be scary - "what is this thing I get? Am i deleting stuff? Where do I save it? Is this the right format? ..." etc etc). They had a couple of wobbles, "so what? Everyone gets hacked, even Facebook".
I've moved to Bitwarden years ago but I know I'm niche.
> I don't understand how they are still in business.
Dunno. UX was okay, it was easy to use. They were very responsive to fix security bugs (you can't blame having a security bug, but you can if they ignore it. Otherwise you should start by ditching your favourite OS)
>But OTOH Firefox Lockwise/Sync is client-side encrypted, and the server just holds an opaque data blob for you.
Back when I used lastpass that's also how they handled it (you can read through their open source command line client to see how it's implemented under the hood, it's fairly straightforward).
Come on, security isn't black or white, or absolute. I understand that my password manager may be flawed, but it sure was a huge upgrade from doing much simpler passwords, with my cats birthday in them, and +01, +02, +03 to make them "unique" between accounts. That sure made me feel vulnerable and unsecure. (And I do not really have a cat.)
Driving in a highway isn't secure, but only Japanese manga characters avoid leaving their town because of it. You pick your battles.
I just never save my core Google password and bank passwords in a password manager, and a willing to risk the vanishing possibility that my password manager might be evil or dumb. Also I am fairly aware of my deal with the devil with regards to having Google manage most of my online information.
Your threat model doesn't really make sense either. If your password manager is evil, you're probably screwed anyways because on non-sandboxed platforms (ie. windows, linux, maybe mac), there's basically zero security between applications so there are a variety of ways it can get your google/bank passwords. As for the "dumb" bit, that can almost be entirely mitigated by using a password manager that doesn't have network functionality.
Why do you use a web browser then? It doesn't know your master password, but you enter most/all of your passwords into it anyways. To make it worse, it runs third party code that also have access to your password (ie. addons with the "Access your data for all websites" permission, which is most of them).
Dropbox passwords, although it still leaves something be desired, looks very secure.
For what I have understood they store on their servers only an encrypted version of the passwords data. The encryption key is randomly generated from 12 words, that are not saved on their servers. Each new client that you want to connect to Dropbox passwords must be authorized by an existing client. I believe that it is at that time that the key is shared with the new client (if approved).
Is there someone here from Dropbox that could confirm this?
As per security, IMO this is currently the best compromise between security and usability.
1) the Netflix tier where my wife and in-laws are going to be sending it around insecurely and I don't really care what happens
2) the Random Bullshit tier where I really can't be bothered to remember another password
3) the Google and Financial tier where it's going to be a nightmare if it's compromised
The largest set is (2), and having a password manager for this one is extremely useful. I've tried prefix and mnemonic systems, but it can be a real hassle if it turns out you need to only use it a couple times a year and have to adapt for dumb character and length requirements. Having a manager for (1) is great too since I'm probably using it on multiple devices.
I don't put passwords from (3) anywhere and their knowledge will die with me.
Isn't the general consensus that nothing is secure, you just have different levels of difficulty to break in?
In that sense, they're just more secure than using a single simple password across multiple (potentially all) your logins. Or at least that's the goal...
They aren't completely secure but even the browser password managers enable good practices like having 64 random printable character passwords that are unique for every site. They're also resistant to phishing.
Another example of positive discrimination. I find it absurd that skin color has anything to do with businesses’ quality. Could be that I’m just living in a Finnish bubble where I haven’t seen racism in ages.
