Notices by Kev Quirk (kev@fosstodon.org), page 94

Weird. Could it be that I'm in a couple of active telegram groups?

@DelusionalAI @joseph I've never really used Google photo, so can't really comment on that. I tend to just use the stock gallery app, and my photos auto-backup yo nextcloud.

@morgel good luck and welcome!

So I put Telegram X on my phone, and it started chewing through a shed load of battery. Has anyone else experienced this? Is that just normal for Telegram, or is it because I was using the X version?

@joseph what particular part of tech? I have a number of infosec and opensource, but I don't read many generalist blogs. I also listen to a few great podcasts.

@mike @joseph nah, that guy is an idiot!

@joseph yeah I have a dedicated IP. Nope, I don't check blacklists.

@lx @sheogorath I know I know I know. As I said in the previous comment, I know the issue, I just didn't explain myself very well...

@DelusionalAI but what about CAPITAL LETTERS???

@whonose123 😂😂😂😂

@sheogorath I'm well aware of the context around both issues. The point of the post is to alleviate any concerns that a relatively small project, such as this, is not storing password in plaintext. Obviously I didn't make that clear in the post.

@6gain @paulfree14 of course, and everything is salted. But I would be remis to not obfuscate some of the hash. The rainbow tables comment was just a flippant remark to inject some humour to the post. 👍

@6gain @paulfree14 correct. It was a glitch in local logging.

@pettter absolutely. Bcrypt and salt. But I'd rather protect things, just in case.

@paulfree14 it was a bug in their internal logging.

Both #Twitter and #Github have reported storing passwords in plaintext over the last two days. I wanted to alleviate any concerns - WE DO NOT STORE PASSWORDS IN PLAINTEXT.

Sure, I could just be saying that. So to help prove this to you guys, here is my user account as it appears in the backend database. I have redacted my personal email and half the hash, because rainbow tables, yo.

@espen possibly, not sure. I received a notification from Twitter, didn't get anything from GitHub though.

@kmj I actually still use Twitter as I follow a lot of infosec people in there that aren't on here.

Personally, I feel twitter is less dangerous than fb as everything posted is public, and people know that. There isn't the same back channels or convolution, like on fb. Plus, twitter requires way less info from it's users.

@joseph you can set it to display a notification when it detects an app that you have a password for (just like Lastpass).

@joseph yeah, for the most part it does work really well. You can also set it to check and pop-up a notification to fill when it detects a login. I don't have that turned on though.