• 0 Posts
  • 16 Comments
Joined 1 year ago
cake
Cake day: June 19th, 2023

help-circle



  • Thanks for responding, that makes a lot of sense.
    I think generally what one gets used to has a big impact on preferences.

    I’ll say, an easily accessible, reliable gesture for side menu sounds nice. It feels like this was either abandoned on Android or left up to developers who mostly abandoned it. I remember struggling to get the side menu to trigger instead of back navigation and it not working near reliably enough. So I’ve been trained to always use the hamburger buttons that, ironically, are hard to reach in the top left corner in most apps. To be fair, I feel like I hardly use one menu interaction for every 100 back actions, so the latter being ergonomic is a lot more important to me.
    On that point, swipe from left to go back seems quite annoying. I go back all the time, and having to move my thumb across the entire screen is a pain. I almost never need to go forward, so having that be the more accessible gesture seems weird. I’ll concede that having a gesture for it at all is useful and Android should add the option.

    I never felt like the swipe to go back is too sensitive, and if you accidentally trigger it, you can simply move your finger back towards the edge before letting go to cancel the action. You can also configure the sensitivity in the settings. The feedback that you’re about to trigger the action is probably not as obvious as on iOS though, and likely less elegant.

    I think both Android and iOS would do well to let users customize these interactions more to their own needs.


  • Could you elaborate on the gestures part?
    I remember the opposite, having hated navigating my iPhone for work. I specifically remember swipe to go back not working reliably at all (many apps seemed to just ignore it, others I think configured other actions on that gesture - WTF), so I got into the habit of using that stupid little hard to reach, hard to hit, tiny back arrow that at least worked consistently when you managed to hit it.
    I’ve been enjoying Android navigation gestures pretty much ever since I found out they existed.

    It might have been a user issue in my case with iOS since I didn’t use it as much, and therefore maybe was simply using it wrong/was unaware of better ways. But I don’t see anything wrong/missing with gestures on Android.


  • Ditto on the no text part. That is an accessibility failure that’s way too widespread.
    Sometimes I’m afraid to even push a button: does this delete my thing, or does it do some other irreversible change? Will I be able to tell what it did? Maybe it does something completely different, or maybe I’m lucky and it does in fact perform the action I’m looking for and which in my mind is a no-brainer to include?

    And it’s infected interpersonal communication too - people peppering their messages with emojis, even professional communications. It not only looks goofy, but is either redundant (when people just add the emoji together with the word it’s meant to represent - such a bizarre practice) or, worse, ambiguous when the pictogram replaces the word and the recipient(s) can’t make out what it depicts.
    The most fun is when it’s a mix - the message contains some emojis with accompanying translation, some without.


  • I don’t share the hate for flat design.
    It’s cleaner than the others, simpler and less distracting. Easier on the eyes, too. It takes itself seriously and does so successfully imo (nice try, aero). It feels professional in a way all the previous eras don’t - they seem almost child-like by comparison.

    Modern design cultivates recognizable interactions by following conventions and common design language instead of goofy icons and high contrast colors. To me, modern software interfaces look like tools; the further you go back in time, the more they look like toys.

    Old designs can be charming if executed well and in the right context. But I’m glad most things don’t look like they did 30 years ago.

    I’m guessing many people associate older designs with the era they belonged to and the internet culture at the time. Perhaps rosy memories of younger days. Contrasting that with the overbearing corporate atmosphere of today and a general sense of a lack of authenticity in digital spaces everywhere, it’s not unreasonable to see flat design as sterile and soulless. But to me it just looks sleek and efficient.
    I used to spend hours trying to customize UIs to my liking, nowadays pretty much everything just looks good out of the box.

    The one major gripe I have is with the tendency of modern designs to hide interactions behind deeply nested menu hopping. That one feels like an over-correction from the excessively cluttered menus of the past.
    That and the fact that there’s way too many “settings” sections and you can never figure out which one has the thing you’re looking for.

    P S. The picture did flat design dirty by putting it on white background - we’re living in the era of dark mode!





  • The main difference is that 1Password requires two pieces of information for decrypting your passwords while Bitwarden requires only one.

    Requiring an additional secret in the form of a decryption key has both upsides and downsides:

    • if someone somehow gets access to your master password, they won’t be able to decrypt your passwords unless they also got access to your secret key (or one of your trusted devices)
    • a weak master password doesn’t automatically make you vulnerable
    • if you lose access to your secret key, your passwords are not recoverable
    • additional effort to properly secure your key

    So whether you want both or only password protection is a trade-off between the additional protection the key offers and the increased complexity of adequately securing it.

    Your proposed scenarios of the master password being brute forced or the servers being hacked and your master password acquired when using Bitwarden are misleading.

    Brute forcing the master password is not feasible, unless it is weak (too short, common, or part of a breach). By default, Bitwarden protects against brute force attacks on the password itself using PBKDF2 with 600k iterations. Brute forcing AES-256 (to get into the vault without finding the master password) is not possible according to current knowledge.

    Your master password cannot be “acquired” if the Bitwarden servers are hacked.
    They store the (encrypted) symmetric key used to decrypt your vault as well as your vault (where all your passwords are stored), AES256-encrypted using said symmetric key.
    This symmetric key is itself AES256-encrypted using your master password (this is a simplification) before being sent to their servers.
    Neither your master password nor the symmetric key used to decrypt your password vault is recoverable from Bitwarden servers by anyone who doesn’t know your master password and by extension neither are the passwords stored in your encrypted vault.

    See https://bitwarden.com/help/bitwarden-security-white-paper/#overview-of-the-master-password-hashing-key-derivation-and-encryption-process for details.



  • If their password was actually good (18+ random characters) it's not feasible with current day technology to brute force, no matter how few PBKDF2 iterations were used.

    Obviously it's still a big issue because in many cases people don't use strong enough passwords (and apparently LastPass stored some of the information in plaintext) but a strong password is still good protection provided the encryption algorithm doesn't have any known exploitable weaknesses.


  • I think they meant the only language we transpile to for the express reason that working with it directly is so unpleasant.

    Java is not transpiled to another language intended for human use, it’s compiled to JVM bytecode.

    People don’t usually develop software directly in the IR of LLVM. They do develop software using vanilla JavaScript.


  • You don’t need to correct something everyone already knows is an exaggeration (and I agree it doesn’t seem very socially aware to do so) but this is a political discussion on the internet, so

    1. Everyone does not know the original figure is an exaggeration, especially by how much
    2. Providing the actual information ads value to the conversation and in this context this is more important than whether the commenter comes off as smarmy or socially inept

    What if they said “Hey I know you’re being hyperbolic, but for anyone who’s interested, here’s the number estimated by experts…”?
    The only difference here is tone.
     

    I’m not sure why they only shared numbers for minke whales, as these don’t seem to be hunted anymore in Iceland in contrast to fin whales, whom the article was about.

    Global fin whale population was estimated in 2018 by IUCN to have been around 100000.
    https://www.iucnredlist.org/species/2478/50349982#population