undefined | Better HN

0 pointsmdeeks1y ago0 comments

Does the Chrome extension still require you to enter a six digit code every day to even use it? When I tried it this was incredibly annoying and I switched back to 1password shortly after.

0 comments

eastbound1y ago

It’s important, otherwise that means any locally-running binary (maven, npm) can steal all of your passwords, since they are in clear on your computer.

criddell1y ago

Does macOS sandbox things like maven or npm? Do they need read access for everything the user can see?

eastbound1y ago

MacOS asks when “Terminal” wants to access the Downloads or Documents or the Contacts, etc.

However it asks once, across all Terminal programs, for the entire lifetime. So if you’ve ever used “find ~/Documents -…”, then Maven can access it too.

My opinion about this is that we’ll progressively go towards a Dockerization of the builds, which is the only one that gives developers confidence about the sandboxing.

It should be required by SOC2/PII certifications, though. As in, I already think I’ve seen an insurance ask something like “Are accounting documents present on a machine where compilation is executed” or maybe it was “Is it possible to install new programs on machines where sensitive documents are managed?”

spike0211y ago

Not sure that it's every day but I haven't been too bothered by it. It's not unlike the security policies where I work. So needing to type in a OTP isn't out of my normal routine.

j / k navigate · click thread line to collapse

0 comments

eastbound1y ago

It’s important, otherwise that means any locally-running binary (maven, npm) can steal all of your passwords, since they are in clear on your computer.

criddell1y ago

Does macOS sandbox things like maven or npm? Do they need read access for everything the user can see?

eastbound1y ago

MacOS asks when “Terminal” wants to access the Downloads or Documents or the Contacts, etc.

However it asks once, across all Terminal programs, for the entire lifetime. So if you’ve ever used “find ~/Documents -…”, then Maven can access it too.

My opinion about this is that we’ll progressively go towards a Dockerization of the builds, which is the only one that gives developers confidence about the sandboxing.

spike0211y ago

Not sure that it's every day but I haven't been too bothered by it. It's not unlike the security policies where I work. So needing to type in a OTP isn't out of my normal routine.

j / k navigate · click thread line to collapse