Posted on
by

The last time I set up a new computer, I was surprised to find that installing a password manager has become a critical part of getting the system ready to use.

It used to be that you could pick a few unique passwords for critical services like your primary email and banking sites, and reuse some passwords for less important sites, and maybe remember them all. But when so much of what we do happens online in so many places with so many different levels of security (and visibility), the attack surface is huge. Add in how many criminals and others are trying to break into those sites, and it’s no longer safe to reuse passwords.

Why?

If one site gets hacked, and you use the same password at another site, someone will try it just to see if it works.

The only way to protect against that is to use a different password on every site. And unless your online activity is very narrow, chances are you can only memorize a few of them. You can stretch it out with mnemonics like XKCD’s passphrase scheme, but eventually you’re going to have to record them somewhere. Putting it in a text file or spreadsheet is bad, because anything that gets onto your system can read it, but password managers are designed to encrypt them.

You still have to protect the master password on that file, but now you don’t need to worry that when someone finds your old MySpace password, they’ll start buying stuff on one of your shopping accounts, or hijack your Twitter as part of a harassment campaign, or use your email account to send malware to all your friends.

LastPass is a popular one. It’s cloud-based, which makes it convenient to use on multiple devices, but you do have to trust them. If you’d rather not trust your passwords to someone else’s computer, you can go with an offline manager like KeePass, which stores everything locally on your system in an encrypted file.

Update June 2024: I really don’t recommend LastPass these days, so if you’re looking for a fully-online service, I’d suggest looking at alternatives like Bitwarden. I still use a local KeePass vault, synced over an entirely separate cloud account that only ever sees the encrypted form, and use the KeePassXC and KeePass2Android apps and browser extensions on desktops and my phone.

Posted on
by

Most social networks don’t give you the ability to backdate your posts. That’s good, because it provides a trail that you can point to, saying “Yes, I did in fact post this before it became common knowledge/was plagiarized/etc.” But other publishing platforms do. It’s helpful for things like transferring an archive from another site — though it seems a little weird (and vaguely dishonest) to backdate a new post.

That said, I do backdate posts on this blog from time to time, generally when:

  • The post is imported from another site (Instagram, LiveJournal, a comment somewhere, a Twitter thread, etc.), and I keep the original posting date. Basically it’s a smaller scale version of transferring an archive. Sometimes I’ll make a note, sometimes I won’t. But the post was already online somewhere on that date, even if it wasn’t here.
  • I’m splitting an old post into two or more smaller posts, in which case I’ll usually keep the date but adjust one of the times.
  • I’ve got an old draft that I never got around to posting, it’s no longer relevant today, but I’d like to make it available in its original context. In that case I’ll add a note that it was backdated.

There’s also the accidental backdating that sometimes happens when I create a draft in the mobile app and it decides to keep the upload date as the posting date. I try to fix these as soon as I notice. But that’s not really the same thing!

Posted on
by

Silly as it sounds to recall nuts for undeclared nuts, not all nuts are the same.

If you’re allergic to cashews but not pecans, you want to know whether the pecans you might eat have come in contact with cashews. And that’s not even getting into the peanut/tree nut difference!

In this case [Edit: link broken], a process breakdown at a roaster opened up everything to cross-contamination by every other kind of nut they sell. They’re recalling affected lots while they fix the problem.