I use pass[1] as my password manager, and pass-git-helper[2] to serve credentials from pass to git.

[1] https://www.passwordstore.org/ [2] https://github.com/languitar/pass-git-helper

The way I see my password manager, is that its password store in itself is "something I have", while the password to it, is "something I know".

The problem is that “something I have” is generally supposed to imply that it’s a physical object whose functionality cannot be feasibly copied to another object. Some data, especially data stored in the cloud, isn’t really a good candidate, even if it’s protected by a password that only you know.

I disagree. The "have" factor can be soft or hard. It just needs to not be memorable (because then it's guessable, which is a primary weakness of a "know" factor).

For example: if you have an application protected by password+yubikey with "remember device" enabled, after prompting for your password it may decide not to also prompt you for the yubikey, and that can be because a cookie (perhaps ANDed with some other heuristics) is taking its place. A cookie which can be trivially copied to another device, but can't be trivially memorized nor guessed, and is for that reason not a "knowable" thing. If it was considered a "know" factor, then the "remember device" feature would effectively be a "conditionally disable 2FA" feature (two "knows" are 1FA), but it's really not that, outside of describing the interim UX.

I think that a "remember device" feature is a totally orthogonal concept. That's really just another word for a session, and it's quite common for authentication to apply to an entire session rather than to each and every message in a session.

It's true, of course, that once you have created an authenticated session on a device, anyone who has compromised that device (with physical access or a software hack) can likely gain access to that session. But the authentication method still prevents unwanted initiation of sessions, which is the whole point.

Any service provider obviously needs to choose their session policies to match the sensitivity of their service, their own threat models, and the threat models of their clients. So e.g. an online bank probably shouldn't issue cookies that last for a year and are portable across IP addresses. For some services, it could be a good idea for the session to only grant less sensitive access (e.g. only read access), and still require fresh authentication for sensitive actions (e.g. transferring money).

Might want to be careful with something like this, since facebook/google/etc decorate links with outward redirects for tracking purposes.

On the other side of this tracking, there are also URL parameters like fbclid, gclid, etc., that can tell the opened site where you came from and which post/content piece on that platform you came from. Additional extensions to remove these parameters are also necessary.

Maybe it gets distracted increasing the pac-scent? There's certainly a lot more of that around in memory

And what happens when Apple decides to (or is forced to) stop offering those shows for re-download? It's still a "licence" for you to be able to download them, not the same as physically owning a copy. (though slightly better, since you can just not delete the videos, and store them yourself)

The top button out of the three (⟲) in the column is it.

Is it really? I thought it only gave a new capcha, without me giving a reason. I mean, there is a difference between being unable to read a word because it's so mangled and not being able to type something because I don't have that typeset installed / can't read the language.

Hey, don't diss nano like that. Try alt+c, or ctrl+g. Looks like you didn't try looking for a solution either (=

First thing you should teach in a class like that is to teach them to fish for tricks in the manpages/docs rather handing them individual tricks throughout.

i.e. teach them how to teach themselves: scan menus, google, ask. http://xkcd.com/627/

Alright, I guess I'm not fully aware of all of Nano's features. And yes, my entire point is that it's much better to teach them to fish for tricks in various places rather than teaching them individual tricks. Also I was only a T.A. in this class (and actually only did grading) so I never got a chance to teach.

You're there in the lab to see them make these mistakes, but you can't tell them to man nano?

No, read the comment you just responded to. I only did grading. It wasn't until I asked a friend of mine who was in the class what he thought of it and he responded: "Line numbers are a bitch" that I discovered what was going on. At which point I mentioned to the professor that she might want to bring up man pages.

Since you're a chrome user, I'm not sure that you've heard of this, but firefox sync is amazing! Syncs history/bookmarks/tabs/settings/passwords across all your firefox instances, including firefox for android. I can read something on my phone, while on the bus, then get home and open the same tab on my computer or vice-versa. Or if setting up a new machine, I can add it to my sync profile, and it near instantly has all of my browsing history etc.

I feel that's much more useful than syncing extensions, as those can be machine dependant (i.e. i wouldn't want the same layout modifications with firefox on my tiny netbook screen that i do on my desktop)

Hitting both buttons usually simulates a middle-click.

If your drivers are clever you can do it with the trackpad, too - sometimes tapping the pad with two fingers will middle-click. Less error-prone than using the buttons.