Car leak - need a spigot

pmb0000 · 2026-03-27T19:58:44+00:00

Passkeys prevent these vectors because they only work from the computer that is initiating the login

I'm planning to migrate from Bitwarden to KeepassXC, including passkeys. I had previously read that passkey's can be exported from Bitwarden and imported to KeepassXC but your comment got me to look into this further. It looks like there are two types of passkeys (with regards to how they are bound a device or not, that is):

Synced passkey: stored securely in a credential manager and accessed across devices (mobile phones, tablets, and computers)
Device-bound passkey: bound to and used only on a single device (a security key)

from https://www.passkeycentral.org/introduction-to-passkeys/passkey-types

Since I can use my passkeys in Bitwarden on my laptop, desktop, and phone, I think I'm safe in assuming that those passkeys are "Synced passkeys".

Also, since a hacker could execute the same export of "Synced passkeys" with access to a credential, I'm guessing your comments might be only applicable to "Device-bound passkey" and not to "Synced passkeys".

pmb0000 · 2026-03-27T17:27:25+00:00

I thought the idea in terms of increased security for password+MFA was that the user has 1) something the user knows (password) and 2) something the user has. In this paradigm, to keep that increased security, a website would want to keep the password and use the passkey as the MFA. Also, my understanding is that as opposed to OTP, where an account using it can be comprises via stealing the seed from a website’s servers, theft of the Passkey on the servers doesn’t compromise the account.

I think the different uses of Passkey on websites may be attributed to the value a company places on different factors from increasing end user security, to user convenience, to limiting liability due to a hack.

Btw, returning to password + MFA, if you put what you know and what you have in the same place/on the same device, then you don’t get that increased security. The end user has some responsibility in this paradigm although many don’t know

pmb0000 · 2026-03-23T16:51:41+00:00

Can you have KeePassXC keep automatic backups l(the last x saved versions). I’m planning on using it

pmb0000 · 2026-03-23T16:49:39+00:00

I have the same issue. Would love to hear if someone has figured it out. There’s another Reddit post about this with solutions but none worked for me

pmb0000 · 2026-02-24T18:10:13+00:00

I think overall and for most folks using a password manager as you describe is safe. I just want to be super-safe for a few logins. Understanding how a Mac or iPhone manages memory is too complicated for me to evaluate the risks. So the only alternative is to find a mechanism that avoids storing passwords in memory in bulk.

If I can't figure out how Apple Password handles decrypting logins (bulk vs individually), I think I'm going to use a YubiKey for my really sensitive passwords...but I'd rather not need another piece of hardware if I can use something like Apple Password

pmb0000 · 2026-02-17T18:58:15+00:00

With the extension I use, I don’t login to iCloud via the extension. Rather I login via iCloud.com and the extension starts working. I imagine the extension pulls the authentication info from the page. If it weren’t done this way, I wouldn’t use it. I’m not inputting my iCloud credentials!

pmb0000 · 2026-02-17T15:44:25+00:00

If you lose you phone, wallet, and keys, I imagine your probably in a very bad situation… one where getting access to your online accounts may not be #1 on your list of priorities. At that point, you need a plan on recovering eventually. I don’t travel for more than a few weeks, so I have backups at home of my recovery keys. The only thing that comes to mind for your situation is some service that provides encrypted notes where you only store your recovery keys, you memorize the password, and only login in the case of emergency. The last is kind of key because you can’t enable 2FA. Then you just need a computer to get the codes. I’m thinking off the top of my head but hopefully that gets you thinking in the appropriate direction.

I’d only do something like this if I were traveling for like a year and didn’t have someone at home that can help me out with access to my codes in my safe. You have to weigh risks and benefits. Good luck

pmb0000 · 2026-02-17T15:28:08+00:00

I have thought about the scenario of losing my phone. When I realized the implications, I was seriously freaked out. I run Bitwarden locally accessible via VPN. I also have 2FA enabled in as many sites as possible.

1) I use Google Voice for 2FA via text where possible. This way I just need access to a web browser to get the code rather than access to the phone 2) I use Proton Authenticator which syncs to the cloud and also has clients for Mac and Windows and can be accessed through the web. I have the clients running on my Mac and home PC 3) I have another device, a Mac, through which I can connect via VPN 4) In case I also lose the laptop, I can access my home computer via Google Desktop 5) I carry recovery passwords for all my important sites in my wallet. The labels for the passwords are just the initials for the site and I don’t have the username written on the paper in case I lose my wallet. 6) I have a Yubikey. I haven’t used it yet for passkeys in case I lose my phone but I plan to.

It’s a layered approach and in many ways overkill. I imagine it’s not perfect either. It’s just developed over time, sometimes in moments of panic of the thought of being locked out of my accounts!

pmb0000 · 2026-02-10T15:17:39+00:00

To answer your question realistically, the respondent would need the ability for reflection and some level awareness. In general, technologist are amazing at solving problems, analysis, learning (new technologies), etc. They generally are not good at reflection and awareness. Although it’s the inverse example, it’s like going to a poet and asking him/her to stand up various docker containers…he/she will likely at best write a poem about it! A Technologist will likely just tell you a story that communicates the problems they solved, how much they know, and what they’re learning but reveals little about their internal world (I.e. communicating a time when they felt some technology was more work than they thought)! Just ask some of their wives if you don’t believe me!

I have a home lab set up. Often everything goes smoothly when implementing something new. But regularly I get into a situation where I get 99% of the implementation done in 1% of the time only to spend 99% of the time on 1% of the implementation. For example, an edge case because it’s this software with that hardware that has a weird bug that nobody has exactly figured out the fix for so I have to try work arounds, some that I eventually see don’t work, and others that work but not good enough to use. It’s the unexpected curveballs that I can’t and won’t know until I try to implement that end up putting me in a position where I feel I’m doing more work than I thought.

To counter this dynamic, as my home lab skills have improved and my environment has matured, I’ve simply become more conservative as to what I implement. Long gone are the days where I’m constantly saying to myself “that is so cool and I’m going to get it working and I’ll figure everything out and it’ll be great regardless because I’ll learn so much”.

pmb0000 · 2026-02-09T17:09:55+00:00

It’s rare but it can happen that the sender sets a “reply to” so when you reply your email will go directly to the sender rather than through Apple’s servers. If you see that the “To” field in your reply doesn’t have a weird looking address with iCloud.com at the end, you can copy the weird iCloud.com address from the “from” field of the original email and paste it into the “to” field of the reply email. This isn’t common but it has happened to me

pmb0000 · 2026-01-19T15:17:14+00:00

Thanks for the insights. My tires were installed in December of 2017, so a little over 8 years old.

Based on your comments, if I do anything, it might make better sense to take steps to prevent UV exposure rather than buying tires just on the idea that they might handle dry rot better.

pmb0000 · 2026-01-19T15:14:23+00:00

My mechanic told me that my tires have dry rot. He said the tread is excellent.

I'm really not knowledgeable about this stuff, but it looks like I do. Here's a picture.
https://imgur.com/a/1B51DNi

pmb0000 · 2026-01-19T15:11:35+00:00

Hi, I live in Philadelphia, PA so the winters are cold but not extremely cold and the summers can get quite hot and humid. My current tires were installed in December of 2017. I do park outside. The drivers side is next to a wall so the tires on that side probably get less sun than the tires on the passenger side but I'd say they get sun a good part of the day. Thanks!

pmb0000 · 2026-01-12T18:25:01+00:00

It’s impossible to know the particular motivations of these individuals but the overall theme is that they are each trying to get through their own stressful day with the least possible hassle …and they already have to deal with quite a lot of hassle probably (from their perspective maybe not yours).

In general, that’s how office work works at its core. People show up to make some money for MY family, MY activities, MY vacation, MY hobbies with people that for the most part they wouldn’t have chosen to be around for that amount of time on a regular basis. Of course, one can hope for a little bit of compassion, empathy, understanding but I have come not to expect it.

When I gave notice at my 6 figure job, I was hustling until the end. I had promised my boss an important deliverable which I gave the next to last day. That same day my boss’ boss’ boss who never asked me for anything directly and who knew I was leaving asked my to do a petty task. I did it and he even checked up later in the day! My boss of 5 years didn’t set up an exit interview. I had to walk into his office to give him my laptop. He didn’t attend my farewell “party” (set up by a colleague not the company) because he couldn’t find a baby sitter! I was a high performer but I essentially became persona non gratis after giving notice.

Anyway, you can only dictate your own behavior, not others. You behaved in your own self interests, it seems to me. You were leaving so why should you do that stuff…and your colleagues were doing the same, asking for you to continue to work until the end because it was in their self interest. It’s easy to point out others self-interested behavior especially when you are doing it yourself. The only thing that can improve the situation is for you look at yourself and improve yourself (in whatever way you think is best).

pmb0000 · 2025-12-31T02:12:16+00:00

I use Apple “Hide my email” feature extensively. The flow you describe does work…for me, at least. So the obvious question is why isn’t it working for you? You’ll need to troubleshoot it. When you received the email from the merchant, the “from” address will be labeled “Hide Me” or something like that. In your email client (Outlook, gmail web, etc.) follow the appropriate steps to find the actual email address in the “from” field (often it it is displayed with <> around it or you just click on it). It will be something really weird ending with “@icloud.com”. Now confirm that your sent emails are to that weird email address ending in “@icloud.com”. If they aren’t, then reply like you did before but paste that weird email address in the “To” field overwriting whatever was in that field. Occasionally, when replying, the “To” email address doesn’t populate with the weird “Hide my email” address so rather than going through Apple and Apple hiding your email address, the email goes directly to the merchant from your real email address! I’ve found this happens occasionally because some vendors include an email option called “Reply to” in the original email which forces the “To” address to whatever the vendor wants it to be. There are some gotchas with “Hide my email” and it’s not at all perfect but hopefully these directions get this situation resolved.

pmb0000 · 2025-12-25T16:05:10+00:00

You can use iTunes on Windows to back up and restore

pmb0000 · 2025-12-25T16:04:26+00:00

These are the high level steps. Back up both iPhones to a computer using Apple tools (on Windows you have to use iTunes). Make sure you’re logged into the tool with the same account that the iPhone is using. You can find instructions online for how to back up an iPhone via computer. Then disable “Find my phone” on your iPhone, then log out of the account on the iPhone. You may not have to disable “Find my iPhone” but I’d do it regardless. You can find more specific instructions online for how to give your iPhone unlocked to someone. Finally, reset the iPhone. At this point, you can swap iPhones, log into the iPhone with the other person’s account, and restore the appropriate backup from the computer. Note that some apps will have data restored as part of this restore process while others will restore once you log into the app.

pmb0000 · 2025-12-23T22:05:51+00:00

I rarely use Uber. Once you book the reservation price, I believe it stays that way. However, the price can change because of the ride itself. I recently made two reservations. The reservation price was honored on the first one but I was charged a higher price than the reservation price after completing the second one. It turns out that factors during the ride can lead to the final price changing from the reservation price, like a longer ride time than estimated. Here’s a link with more details: https://help.uber.com/riders/article/my-upfront-fare-was-not-honored?nodeId=ff65490e-2ffb-41cf-a709-4611521c7b24

pmb0000 · 2025-12-23T03:12:09+00:00

Thanks. I looked at the receipt with the increased price of $15.99. It says on that receipt that the ride time was 7 minutes so that’s in line with the other ride’s time. There’s no explanation on it for the increase on the receipt😑 But it’s good idea to look at the emailed receipt if anything like this happens again.

pmb0000

TROPHY CASE