In my previous company we hired a startup that did security training, that recommanded everyone use a password manager. And one of their test was that they sent a fake phishing email to people (randomized over a couple of months so not everyone would get it the same day).
I don't remember the exact number but something like 30% of people who didn't use a password manager got caught. Basically no-one using a manager was.
Granted there might be some selection bias (people who had managers were probably already slightly more security conscious), but people were feeling slightly embarrassed to have been caught and it worked great to have everyone do the switch. And everyone remembered after that that if it doesn't autofill, something's amiss.
The anecdote provides evidence for people that are initially fooled by a phishing attack but aren't fooled enough to manually copy-paste credentials when autofill doesn't work.
Your argument about 2FA depends on how many of those people there are.
Therefore the anecdote is quite relevant, indirectly.
I don't think that's correct as a blanket statement - you can use a passphrase, or remember a 14+ character password since you only have one to remember.
Even if it's only random-ish, password managers do key stretching (for example by hashing the password 600k times - bitwarden has a high default value and lets you increase it if you like) so that it has to take some computational effort to check if a single password is correct. That's why it take a few seconds to unlock your vault each time.
With these in place I think you're pretty safe for a long time. (Well, maybe until quantum computing breaks those cyphers?)
I have the same issue, I tried to get into VSCode a few times but each time switched back to JetBrains.
If your main issue is the keybinding though there is a vscode plugin[1] that recreates Intellij IDEA bindings, which I found helped smooth the transition during my tryouts for me.
My mom is an avid traveler who takes a ton of photos and puts them on albums she then shares with the family, and a while ago she was asking if I had a solution so she could have a website where all her albums are listed. She wanted to not have to share a new link each time, and have people easily look up older ones.
I didn't have any easy solution and this looks promising, congrats!
A few dealbreaker things I can share:
- she has lots of albums already on gphoto. She'd need to easily import them.
- she makes heavy use of the map and text blocks you can add in gphoto albums, which makes each album a kind of travel diary. I don't get the sense these are supported in your product yet, these would be required for her.
- she doesn't have a ton of videos but sometimes she does have a few.
- I'd have some concerns about the longevity of your product - if she invests time into it she wants to be able to look back at the albums in 10-20 years time. Having a convenient way to export the albums would be reassuring to me.
- I think she has a few 1000s photos in those albums, so your highest tier would be too low for her, if there was a way to buy storage that might suit her usage better (though she has a hobbyist budget).
It might be technically difficult and you rejected that path already, but I'm thinking an ideal way for her would be to keep editing her albums in gphotos and sync them to your site, which would take care of the longevity concerns and allow her to keep using the interface she knows (if you linked directly to the pics/vids on google server that would eliminate the cost of storing pictures for you, but I assume that's impossible or prohibited by google's tos).
Anyway, just sharing my use case in case that's useful but congrats on launching and on the good looking product!
Map and text blocks - These are currently not supported, but we're still considering different use cases and will add features to match the ones we focus on soon.
Videos - These are currently not supported but might be added soon. They pose some storage and pricing issues but we'll try to solve that. Again depending on the use case we end up pursuing
Longevity - This is a legitimate concern. Obviously we're hoping that this product keeps growing and plan to maintain it. Regardless - The north star of this product is to be fast and easy to set up. So we hope that the time investment won't be that big anyhow.
Pricing and Storage - We've just launched so the pricing plans will definitely change over time. We'll take that into account.
Syncing albums - Seamlessly syncing albums to online galleries was our dream. Unfortunately Google's API doesn't support that (for obvious security and privacy concerns).
We'd love for your mom to give our product a try and will be happy to give her a generous period of free usage of the premium plan for some of her feedback.
If you're interested, please reach out at hey@myphotos.site.
> she could have a website where all her albums are listed. She wanted to not have to share a new link each time, and have people easily look up older ones.
Would a static site with a list of links to Google Photos albums work? I've done this with my family.
If so, there are ample static website providers out there.
I have a different use case in a similar situation.
My girlfriend runs an art studio that does art workshops. She uses Google workspace. She and her other teachers use Google workspace and have Google photos. They create albums of each workshop.
They want to have all the albums in one place so the social media person can easily find and use them.
Ideally there should be a way to make a Google photos account shared with the rest of the team. Unfortunately Google photos is not officially part of Workspace so it’s not treated as a b2b product.
I'm not sure what you mean by that. There's multiple accounts to invite. Do you mean a shared group?
I actually just tested creating a google group now, but indeed you cannot invite a group to a shared photo album.
Creating multiple shared albums, and sharing each album individually, manually, every single time, is super cumbersome. Plus I don't think the other users see the list of shared albums anywhere.
A huge shame given how great of a photo gallery app Google Photos is.
> Creating multiple shared albums, and sharing each album individually, manually, every single time, is super cumbersome.
Yes, this, sorry. I meant just having a "myorg+socialmedia@gmail.com" account, and sharing all the shared albums to that one user. The social media person always logs in with that account and they can see all the shared albums. But yeah, you do have to share all the albums with them individually (unless they're always of the same people/pets, in which case you can use the "partner sharing" AI stuff too which works maybe 80% of the time).
Been looking for something like this myself and surprisingly not that many options out there especially self hosted. All of the new ones are trying to chase after AI. Older ones don’t support object storage.
Using Google for my photos is a no go though so hopefully OP will come up with a solution for that.
Nice timing, tomorrow I'll be participating in a study doing transcranial ultrasonic neuro-modulation, meaning using ultrasound not just to map brain activity but to influence it (the point of the study is inhibiting the Default Mode Network).
If anyone's interested I found those two paper really interesting:
- Aubry et al 2023[1], on potential risks and limitions of using focused ultrasound in the brain (tldr we don't know but have conservative estimates. Really interesting for me to see that HN article adding to that)
- Lord et al 2024[2], a first study on using Transcranial Focused Ultrasound to modulate the DMN and subjective experience
I am a physician who has been following tfus for sometime now - Specifically, it’s ability to create persistent alterations in consciousness/Perception/Cognition- Similar to those found in long-term meditators. My understanding is that there are a few people in the world that can safely do this currently. If you feel comfortable sharing, it would be lovely to hear more details :)
For sure, though I'll probably have more info after the study.
It's done by the same people as the second paper I linked, on people attending a 10-day silent meditation retreat. My understanding so far is that the participants will be "zapped" a couple of time over the 10 days, to explore exactly what you describe ie alterations of consciousness similar to what's found in long term meditators on retreat, except induced on people who are already on retreat instead of people who'll have to go back to work afterwards.
I'll have more to report in a couple weeks time!
(If you'd like to share, I'm also curious as to what interests you in that field of study)
In Buddhism this is linked to the central concept of Dependent Origination: things arise in dependence on other things, everything is conditioned by something else.
This includes movements of attention: attention is drawn to a sound perception because a frog makes a sound, then conditioned on interest being high interest dwindles, conditioned on that plus nerves shooting in the back a sensation catches the attention, it goes to a thought of planning that appears conditioned on you having a deadline tomorrow...
Even the arising of intention to move the hand arises at that moment conditioned on other things (that include you playing around with your perception a moment ago, pre-existing view around how decision work and wanting to prove it, having a hand...)
Looking for conditionality in everything we might identify with - thoughts, perceptions, intention... - is a central practice in numerous schools of Early Buddhism, and can lead to a deep, deep sense of letting go, inhabiting a flow of things "just unfolding", and classical insights around what our sense of self actually is.
Yeah definitely! StatiCrypt was originally created to password protect pages uploaded on static hosting (like Github pages) or where you didn't have control on the server.
It has some valid other use cases but it has drawbacks too and htpasswd can definitely be the better solution in many situations. StatiCrypt just aims at being another tool with different trade-offs.
Oh cool that looks awesome thanks for sharing! Are you the maintainer?
I saw that StatiCrypt is listed is the alternative section of your README, I'll do the same on StatiCrypt (and add a bunch of the one listed there that I didn't know about!)
The "Alternatives" section of StatiCrypt has always felt a bit empty to me, I'm glad to discover all those great looking projects and beef it up a bit. :)
Especially with 600k PDBKF2 iterations, 16 alphanum chars should be very safe.
There's a (warning: very detailed) issue covering the topic of PBKDF2 iterations and password length over here, if you feel like diving into that rabbit hole: https://github.com/robinmoisson/staticrypt/issues/159
