Jim

I understand this change by Bitwarden, but I wish they gave us the option to turn this off or at least given us more time before forcing this on us.

There’s a lot of comments talking about how this increases security, which is true. But it also increases the risk of account lockout. This is especially true in two scenarios: traveling and incapacitation.

Traveling - for those of us who travel frequently, we carry all of our belongings with us. This makes us particularly vulnerable to account lockouts. We can’t securely store backup devices or documents in easily accessible locations. We can’t easily rely on trusted friends or family because they are so far away. Also, internet accounts are more likely to lock us out anyway because we are logging in from a different country, which is suspicious behavior.

Incapacitation - god forbid, if there comes a time when we are permanently or temporarily incapacitation, it becomes important for our loved ones to access accounts. When we are in the hospital, it’s important that our loved ones get access to our personal accounts. I personally have advanced directives and have worked with an estate lawyer to make sure that my Bitwarden account becomes available. I also have instructions for immediate trusted family on how to access my vault if I were ever in the hospital. With this short notice, I need to scramble to get all of that updated and provide a way for them to access the account without my 2FA devices.

The above scenarios are based off of my real experience. These are real and likely risks that I have to account for. Security is not just making sure that outside bad actors CANNOT gain access, but it also means that the right people CAN get access at the right time.

What am I going to do? I’m weighing my options.

1. I believe the self-hosted version of Bitwarden does not require this. This comes with its own set of risks though.
2. Pay for premium, which comes with lockout support - I need to see if this can take care of both use scenarios above.
3. Turn on 2FA and memorize the recovery code. While viable, since I will only use the recovery code once, I’m likely to forget it.
4. Change the email to a non-2FA email address, only used by Bitwarden, with a strong but easily memorable password. This email must allow access from foreign countries without lockout (gmail is out). I’m actually strongly considering this.

This is being purposefully obtuse. Choosing to force users to memorize a recovery code increases the likelihood of lock outs.

There is a real risk of account lockout, especially for those of us who travel frequently. Lockouts are a significant risk when you need to carry all your belongings and devices.

There are also some of us who also think about what happens to us when we are incapacitated and a loved one needs access to our passwords. In a situation, it’s important to balance security vs expediency to access critical information. This new policy disrupts that.

At the very least, I wish Bitwarden would have given us more time to force this policy. I have to scramble to make changes to my estate planning documents and get in contact with my lawyer to change my advanced healthcare directives.

This is a classic piece, and I love the contradictions in the text. It encapsulates my feelings on good software and code that it almost becomes an art than a science.

TIL this exists

I also like the POSIX “seconds since 1970” standard, but I feel that should only be used in RAM when performing operations (time differences in timers etc.). It irks me when it’s used for serialising to text/JSON/XML/CSV.

I’ve seen bugs where programmers tried to represent date in epoch time in seconds or milliseconds in json. So something like “pay date” would be presented by a timestamp, and would get off-by-one errors because whatever time library the programmer was using would do time zone conversions on a timestamp then truncate the date portion.

If the programmer used ISO 8601 style formatting, I don’t think they would have included the timepart and the bug could have been avoided.

Use dates when you need dates and timestamps when you need timestamps!

Do you use it? When?

Parquet is really used for big data batch data processing. It’s columnar-based file format and is optimized for large, aggregation queries. It’s non-human readable so you need a library like apache arrow to read/write to it.

I would use parquet in the following circumstances (or combination of circumstances):

• The data is very large
• I’m integrating this into an analytical query engine (Presto, etc.)
• I’m transporting data that needs to land in an analytical data warehouse (Snowflake, BigQuery, etc.)
• Consumed by data scientists, machine learning engineers, or other data engineers

Since the data is columnar-based, doing queries like select sum(sales) from revenue is much cheaper and faster if the underlying data is in parquet than csv.

The big advantage of csv is that it’s more portable. csv as a data file format has been around forever, so it is used in a lot of places where parquet can’t be used.

They’re asking for TV manufacturers to block a VPN app in the TV. Not to block VPN in general.

Dude, if you’re being obtuse on purpose because you have an ax to grind against Rust, try a different approach. You’re not getting anywhere, clearly by the fact that no one agrees with you.

If you don’t like that Rust has a restricted trademark, then call that out instead of trying to label the software and it’s license as non-free. It’s literally called out in my source that name restrictions ipso facto does not violate freedom 3.

But if you genuinely believe that the implementation of the Rust language and it’s trademark is burdensome to create a fork, and you want people to believe you, then you gotta bring receipts. Remember, the benchmark that we both quoted is that it “effectively hampers you from releasing your changes”. It being “not a piece of cake” doesn’t cut it.

Hint: Google Rust forks since their existence also undermines your claim.

Good luck.

Please read this and try again.

https://www.gnu.org/philosophy/free-sw.en.html#packaging

Rules about how to package a modified version are acceptable, if they don’t substantively limit your freedom to release modified versions, or your freedom to make and use modified versions privately. Thus, it is acceptable for the license to require that you change the name of the modified version, remove a logo, or identify your modifications as yours. As long as these requirements are not so burdensome that they effectively hamper you from releasing your changes, they are acceptable; you’re already making other changes to the program, so you won’t have trouble making a few more.

Yes it can be an issue because the GPS doesn’t know where you are and thinks you are on an aboveground street. Freeway tunnels can have multiple exits too.

I disagree. I think the default option should be what users expect, and users expect “copy” to do exactly that: copy without modifying the text.

A lot of what you’re sharing resonates with me and I’m not even unhappy at my current job. I do think part of being a manager, especially one who doesn’t have decades of experience under her belt, is an undercurrent of self-doubt and imposter syndrome.

There’s not really much advice I can give you except that to know you are not alone in how you’re feeling. It’s a struggle, and it doesn’t come naturally, I think, to those who started off as technical engineers.

Something that I’ve seen come through in your writing is compassion and empathy, qualities that are in short supply for leaders. I’m rooting for you, and I selfishly hope you succeed as a leader just so that there’s another success story of an empathetic and technical manager finding her way in the tech industry.

Good luck.

I use shared Google Docs for most things, like meeting notes, 1 on 1s, performance reviews, etc. There are some HR tools but they aren’t universally used.

Other than that, there’s the usual suspects for project management, issue tracking, etc that most people use.

Staying at this current job comes with a lot of risks. Say you got fired today, how well could you handle it? Do you have the financial and emotional wherewithal to land on your feet? I’ll reiterate the emotional part - just because you can afford to lose your job for two months doesn’t mean that your emotional health can take it.

If the thought of being fired is terrifying, then I would try to find someplace that is a better fit. You may not be in a good place to take the risks that comes with this position. That’s OK. It’s completely understandable that you aren’t willing or ready to take it on. You can start looking elsewhere.

If you are willing to take risks and push yourself, you may want to stay at this job. In some ways, the turbulence you’re experiencing now will make you a better engineering manager. It sounds like you have a good head on your shoulders, and the advice that @nibblebit gave is pretty much spot on.

Good luck.