Did he really? X is constantly more buggy than Twitter ever was.

Right now they have a bug where post appears duplicated as a reply to itself (you can tell it's a bug because liking one automatically likes the other).

Is "employ some critical thinking" supposed to involve being an annoying uptight cynic?

I think they mean to secure your most valuable accounts with a hardware token rather than in a normal password manager, so they aren't at risk if your password manager has an issue.

It seems to be describing what the Checkmarx vulnerability allows to be done on a GitHub Actions runner?

You initially complained about CLIs, not the dependency mess of the JS ecosystem.

You still have not said why this is an issue of having a CLI.

> You initially complained about CLIs, not the dependency mess of the JS ecosystem.

I complained about both. What does this say from the start?

>> Once again, it is in the NPM ecosystem.

> You still have not said why this is an issue of having a CLI.

Why do you need one? Automation reasons? OpenClaw? This is an attractive way for an attacker to get ALL your passwords in your vault. The breach itself if run in GitHub Actions would just make it a coveted target to compromise it which makes having one worse not better and for easier exfiltration.

So it makes even more sense for a password manager to not need a CLI at all. This is even before me mentioning the NPM and the Javascript ecosystem.

>Why do you need one? Automation reasons? OpenClaw? This is an attractive way for an attacker to get ALL your passwords in your vault.

I need one because I am not always using a graphical interface. What exactly in a GUI do you think makes it harder/less attractive for an attacker?

If the GUI code is compromised in the same way as the CLI, it'll have the same level of access to your vault as soon as you enter your master password, exactly the same as in the CLI.

I guess anyone/anything using a non-graphical interface should just not use a password manager for some reason?

Not to mention that a graphical application is just as vulnerable to supply chain attacks.

It's an understandable question, the article reads like an AI generated mess.

Does the CLI auto-update?

Edit: The CLI itself apparently does not, which will have limited the damage a bit, but if it's installed as a snap, it might. Incidents like this should hopefully cause a rollback of this dumb system of forcefully and frequently updating people's software without explicit consent.

Also the time range provided in https://community.bitwarden.com/t/bitwarden-statement-on-che... can help with knowing if you were at risk. I only used the CLI once in the morning yesterday (ET), so I might not have been affected?

I think you had to have installed the CLI during that time-frame, then ran the brand new installed CLI to be vulnerable.

Assuming you had it already installed, you would be safe.

I checked a machine this morning and it had updated itself at Apr 23 1715G

I've purged the snap. Really should purge snapd completely.

I'm not very convinced by the thesis of this post. When I look at book prices, I'm not thinking "well they're cheaper when adjusted for inflation!". I'm thinking "damn, this costs way too much to buy unless I am certain I'd enjoy it".

I've switched to ebooks almost entirely, they're cheap enough to buy just out of interest, and they leave space free for the books I care about enough to put physical copies in a shelf.

Besides the US, the places I grew up in all seemed to have much cheaper books, though as a tradeoff they didn't seem to have strong public library systems.

This is all without getting into the college textbook cartel.

To be fair, disentangling even just the Fate series is nearly impossible even for humans

Now that you mention it, i didn't try "Metal Gear". Now that would be a ride.