To me 16 is long haha.

I usually end up running with 16 characters since a lot of services reject longer than 20 and as a programmer I just like it when things are a power of two. Back in the Dark Times of remembering passwords my longest was 13 characters so when I started using a password manager setting them that long felt wild to me.

I do have my bank accounts under a 64 character password purely because monkey brain like seeing big security rating in keepass. Entropy go brrrrrrrrrrrr

I’ve used cloud based services for password managers for work and “self host” my personal stuff. I barely consider it self hosting since I use Keepass and on every machine it’s configured to keep a local cached copy of the database but primarily to pull from the database file on my in-home NAS.

Two issues I’ve had:

Logging into an account on a device currently not on my home network is brutal. I often resort to simply viewing the needed password and painstakingly type it in (and I run with loooooong passwords)

If I add or change a password on a desktop and don’t sync my phone before I leave, I get locked out of accounts. Two years rocking this setup it’s happened three times, twice I just said meh I don’t really need to do this now, a third time I went through account recovery and set a new password from my phone.

Minor complaint:

Sometimes Keepass2Android gets stuck trying to open the remote database and I have to let it sit and timeout (5 minutes!!!) which gets really annoying but happens very infrequently which is why I say just minor complaint

All in all, I find the inconvenience of doing the personal setup so low that to me even a $10 annual subscription is not worth it

I’m genuinely curious how saying that Linux GUI desktop has issues equates to gargling Microsoft’s balls?

So many people forget that while they understand how to use a Linux terminal and how Linux on a high level works, not everyone does. Plus, learning all of that takes time, effort, and tenacity, which not everyone is willing to do. Linus’s whole conclusion was that as long as that learning curve exists and as long as it’s that easy to shoot yourself in the foot, Linux desktop just isn’t viable for a lot of people.

But Linus has done a lot of public fuck ups therefore everything he says must be inherently wrong.

It’s IEEE misinterpreting the guys original paper.

https://liuyang12.github.io/proj/privacy_dual_imaging/ (can’t find the full paper, but here’s the abstract at least)

The paper author straight up says the light sensor is impractical to use as an attack vector, but when you use it in conjunction with other sensors you might be able to gleam more information than most might think. It leaves me with question of what other sensors can you combine to start getting behavioral information that is a security threat?

I’ll say it worked for me. I read the IEEE headline, called bullshit, dug into it and yeah you can only get a tiny bit of information that you have to stretch pretty far to get useful conclusions from… But it’s more than the zero I initially thought. So props to the paper author, he met his goal. IEEE wanted sensationalized clicks, which they too unfortunately got.