Braindump


Password Managers and why they are used


Finally, there's my conclusion about a Tweet I did over a year ago...

It was one of my best tweets regarding engagement was related to Password Managers and why people use them.

The question was:

What password manager(s) do you use (or do you?)


Takeaway for tweet succession

  • It's good to start such a Tweet on weekends (start Saturday), around noon (12:34 this time) Central European Time.
  • On Monday, you get almost no answers anymore
  • Ask a simple question the target audience most likely has an opinion about
  • Engage with further questions to create engagement and discussion
  • Have a bit of luck

The Votes

The following is not a conclusive list. But, I distilled the 4 most mentioned Password Managers and the reasoning.

Bitwarden

Why

  • Free (and generous free plan)
  • Open Source
  • Self-hosting possible
  • extensive 2FA with yubikey for paid version
  • even paid version relatively cheap
  • good family account
  • by now there's even a bitwarden Rust server

1Password

Why

  • very convenient and easy to use
  • first password manager to be used and stayed with it
  • good family account
  • builtin 2FA
  • builtin ssh-agent
  • very good autofill

Keepass(X|XC|DX)

Why

  • OpenSource
  • self-hosted
  • offline/no cloud

LastPass

  • https://www.lastpass.com
  • 5 votes
  • many used this in the past but changed to Bitwarden because they skipped the free cross-platform usage

Why

  • good password generator
  • very good autofill
  • grouping
  • protected notes

If you're further interested in this kind of topic, take a look at my password handler without storing passwords at all.

Also, as a developer one could think about using blackbox in combination with Git/GitHub.

 




devrustshort

Rust and OpenSSL and static linking

Today I learned

While the default linking is dynamic for Rust and using OpenSSL you can change the default and use static linking as well. For my use case I had a different setup on the build machine and the target deployment (yes, no docker here). So I needed to statically link OpenSSL instead.

Turns out you can very easily change that in Rust via:

OPENSSL_STATIC=yes OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu OPENSSL_INCLUDE_DIR=/usr/include/ cargo build

The first OPENSSL_STATIC param tells cargo to use static binding for OpenSSL. Whilst the second param OPENSSL_LIB_DIR is used to specify OpenSSL's library folder. Last but not least we have OPENSSL_INCLUDE_DIR for telling cargo where to find the OpenSSL header files.

And that's it.

Of course, in most cases you probably want dynamic linking (and get a smaller executable) but in some cases this helps a lot.

 




Interesting articles about innovation, money and work

Here are some of the most interesting articles about innovation, money and work I read the last 2 weeks.

Innovation

Should you start from scratch when building something? Or do innovations come from iteration? That's what James Clear writes about in his article Don't start from scratch. Summing it up: No, most of the time you shouldn't start from scratch! Most innovation comes from iterating on or building on already existing technologies or solutions.

Money

You probably already thought about the question: How much money is enough?. Turns out there's an answer for that. It's an individual one for each of us. And it might not be what you think it is. Having not enough money sucks. Having too much can suck as well. So there's not a threshold but a range of wealth where you can truly do and say what you want. Hence, f**ck you money.

Work

Essentially, this article how to use daily quadrants is about when to be most effective and to do what kind of work. In the end: do the heavy (brain) lifting in the morning when you're more focused and alert.

Also, what about the work as a developer: What do you think about Pull Requests? Are they a good thing for your professional work or could they hold you back?

There's evidence stating that high performance teams do not seem to use PRs quite often. Which might either be because they just don't need it since they're just a well oiled team who found their ideal workflows and processes. Or that those teams might not profit from using PRs at all.

The article tends to conclude that it works well for managing trust i.e. in Open Source development teams.

But professional teams working in a company shouldn't use this additional step. At least not if they want to be a fast moving team producing rapid results.

 

Articles about Rust for OpenCV and a Svelte Store

If you're into Rust and web development here are some interesting Rust related articles I've read lately.

Rust and OpenCV

If you're interested in Rust and missing image recognition features like with OpenCV this article about Rust with OpenCV got you covered.

Rust and Svelte Store

So, I like developing with Svelte and Rust. When I found this article about developing a Svelte store with Rust I was instantly hooked.

Effective Rust

Do you know the book Effective C++? It's quite popular in the C++ world and if you enjoyed it and are about to learn Rust you might like the book Effective Rust.

 

Is there anything good about feedback at work?

I happened to stumble upon this article from 2019 about "the feedback fallacy", again. If you don't know it, it's a very good read!

You might have asked yourself if there was anything good about those feedback rounds. This article pretty much sums this up and handles the good and especially the bad parts.
And makes suggestions on how to do it better.

My takeaway

  1. Always handle feedback like an opinion and present it like that
  2. Concentrate on strengths and how to connect the strengths with possible weaknesses
  3. Direct and humble feedback is worth more than general feedback rounds
  4. The receiver (of feedback) decides if they should act on it or not
  5. A weakness to one can be a strength to the other. And the other way around. Also, this might very much depend on the situation or job. Meaning: There rarely is one and only truth