Forem: David Calvert

Time to strengthen your password hygiene!

David Calvert — Thu, 05 Jan 2023 13:28:51 +0000

It’s 2023, happy new year!

If you were still a LastPass user in December, I hope that the terrible news didn’t ruin your Christmas and New Year's Eve parties. No matter if you are concerned by the breach or not, the beginning of the year is always a good opportunity for everyone to take good resolutions, why not choose to strengthen your password hygiene!?

What happened?

LastPass got hacked again, “an unauthorized party gained access to a third-party cloud-based storage service, which LastPass uses to store archived backups of our production data”.
Ouch!

On December 23, 2022, I received this email sent to every LastPass user:

Dear LastPass Customer,

We recently notified you that an unauthorized party was able to gain access to a third-party cloud-based storage service which is used by LastPass to store backups. Earlier today, we posted an update to our blog with important information about our ongoing investigation. This update includes details regarding our findings to date, recommended actions for our customers, as well as the actions we are currently taking.

We thank you for your patience and continued support of LastPass.

The Team at LastPass

I was busy preparing Christmas and didn’t have time to look into further details, so I didn’t do anything that day. But a few days later, it all changed when I saw the headlines... If you are still a LastPass user, I strongly recommend you to read the official incident notice from LastPass, this article from Wired, this article from 1password and these toots (toot #1, toot #2) from Jeremi M Gosney, or any other source.

There are still a lot of unanswered questions, and LastPass is not providing many details and numbers about the breach. The situation is already pretty bad, and it will only get worse in the coming weeks or months. Attackers have plenty of time to prepare for step 2, especially when they will be able to crack the vaults or even sooner with the unencrypted metadata they already have.

LastPass has been my password manager for years, but even with a strong password, I didn’t feel safe and didn’t trust the service anymore. This is why I decided to make a move, and I think you should too!

What to do?

Many recommended picking another service, and while it's not mandatory yet, it's probably the best thing to do right now. Changing all your passwords is a real burden, but if you are, or if you were a LastPass user, I think you should!

I have been using 1password at work, and I’m both familiar and satisfied with the service so far. Before making the switch, I wanted to try Bitwarden following the recommendation of a friend, and I have to say that it’s a pretty solid option, especially if you’re looking for a free, or cheap option. After comparing the two services side by side, I prefer the user experience of 1password, and I also believe that it will be the best option for the other members of my family, that’s why I finally decided to choose it over Bitwarden.

If you’re considering a switch, I recommend trying them both before making a choice.

Call to action

If you are a LastPass user:

read the articles mentioned earlier
rotate all your passwords to the maximum strength available
use Two-Factor Authentication (2FA) everywhere it's available (try to avoid text-based when possible)
consider a Nitrokey or a YubiKey
regularly check https://haveibeenpwned.com

In all cases, you can still:

use a password manager if it’s not already the case
check the strength of all your passwords and take action accordingly
rotate your important passwords from time to time, always to the maximum strength
use Two-Factor Authentication (2FA) everywhere it's available (try to avoid text-based when possible)
consider a Nitrokey or a YubiKey
regularly check https://haveibeenpwned.com

Final words

Best wishes for 2023, I hope that, like me, you will start the year with better password hygiene!

Feel free to follow me on:

GitHub : https://github.com/dotdc
Mastodon : https://hachyderm.io/@0xDC
Twitter : https://twitter.com/0xDC_
LinkedIn : https://www.linkedin.com/in/0xDC

👋

Creativity, Inc.

David Calvert — Mon, 19 Sep 2022 06:06:35 +0000

Introduction

Before joining Powder in late 2021, I got to read their blog, to learn more about the company. Among their blog posts, "How we defined our company values" particularly got my attention. The article describes how they defined their culture and shared values during Powder's first off-site. The Pixar culture described in Creativity, Inc was cited as a reference there, and was used as a foundation to bootstrap Powder's own culture. Because she knows I love those kinds of books, my wife got me a copy for my birthday earlier this year, and I finally got time to read it this summer.

Description

"As a young man, Ed Catmull had a dream: to make the world’s first computer-animated movie. He nurtured that dream first as a Ph.D. student at the University of Utah, where many computer science pioneers got their start, and then forged an early partnership with George Lucas that led, indirectly, to his founding Pixar with Steve Jobs and John Lasseter in 1986. Nine years later and against all odds, Toy Story was released, changing animation forever.

Since then, Pixar has dominated the world of animation, producing such beloved films as Monsters, Inc., Finding Nemo, The Incredibles, Up, and WALL-E, which have gone on to set box-office records and garner twenty-seven Academy Awards. The joyousness of the storytelling, the inventive plots, the emotional authenticity: In some ways, Pixar movies are an object lesson in what creativity really is. Now, in this book, Catmull reveals the ideals and techniques, honed over years, that have made Pixar so widely admired―and so profitable.

Creativity, Inc. is a book for managers who want to lead their employees to new heights, a manual for anyone who strives for originality, and the first-ever, all-access trip into the nerve center of Pixar Animation Studios―into the story meetings, the postmortems, and the 'Braintrust' sessions where art is born. It is, at heart, a book about how to build and sustain a creative culture―but it is also, as Pixar co-founder and president Ed Catmull writes, 'an expression of the ideas that I believe make the best in us possible.'"

From the cover of Creativity, Inc

Thoughts and feelings

In the book, Ed Catmull describes all the steps that led him to found Pixar and build the first computer-animated movie. When you think about it, this must have been a very long shot back then. Ed Catmull includes a lot of details on their journey, and how it could have turned south. I found the story amazing because you really feel that the odds were against them, but they've finally made it with their determination, hard work and also, let's be honest, a bit of luck.

After the release of Toy Story in 1995, Ed Catmull's dream was fulfilled. I can imagine his feelings during this particular moment, and the crisis that comes after it: what to do once you've accomplished your dream? He needed a new quest, so he focused on developing a healthy and creative culture for Pixar and remove all the obstacles along the way. His new goal was to enable trust, gain candor and remove fears in order to embrace creativity at Pixar.

I love the small cliffhanger during the making of Toy Story 2, when someone accidentally deleted the movie's footage using the /bin/rm -rf * command. Following Murphy's law, they realized that the backup system hadn't been working for weeks! As a system engineer, I've often been responsible for backups and was even the technical lead of a backup platform with more than 3500 client servers. Even if such an incident had never happened to me, I felt their pain, until I found out that they got a lucky star! Galyn Susman, the movie's supervising technical director, had set up an automated backup sync every week when she took some time off for the birth of her second child 6 months earlier. Good news for them, she forgot to disable it, so they were back on track!

The merger with Disney is also a huge step! I was really amazed to see how Steve Jobs, Robert Iger, John Lasseter and Ed Catmull handled this together. They made sure that the merger will work for themselves, sure, but also for every employee of Pixar and Disney Animation. This is for sure, a really good leadership lesson.

The book ends with an unusual description of Steve Jobs, Ed Catmull's thoughts for managing a creative culture and his acknowledgments.

Favorite quotes

"Experiments are fact-finding missions that, over time, inch scientists toward greater understanding."

"Everyone says they want to hire excellent people, but in truth we don't really know, at first, who will rise up to make a difference."

"The best way to predict the future is to invent it."

Final works

To sum it up, it's a really good read! I'm pretty sure that most people can get something from this book, to name a few: learn how to build a company's culture, leadership advices, Pixar's history, a good tale from the Silicon Valley...

If you like what I do, feel free to follow me on:

GitHub : https://github.com/dotdc
Twitter : https://twitter.com/0xDC_
LinkedIn : https://www.linkedin.com/in/0xDC

👋

0xDC is live! 🎉

David Calvert — Fri, 02 Sep 2022 11:16:48 +0000

https://0xdc.me

Is your Kubernetes API Server exposed? Learn how to check and fix!

David Calvert — Thu, 07 Jul 2022 08:40:42 +0000

I just published "Is your Kubernetes API Server exposed? Learn how to check and fix!"

Is your Kubernetes API Server exposed? Learn how to check and fix! | by David Calvert | Jul, 2022 | Medium

David Calvert ・ Aug 21, 2022 ・
Medium

A set of modern Grafana dashboards for Kubernetes

David Calvert — Fri, 24 Jun 2022 05:32:10 +0000

Sharing my first article on Medium! It's about a set of modern Grafana dashboards I made for Kubernetes.

Forem: David Calvert

Time to strengthen your password hygiene!

What happened?

What to do?

Call to action

Final words

Creativity, Inc.

Introduction

Description

Thoughts and feelings

Favorite quotes

Final works

0xDC is live! 🎉

Is your Kubernetes API Server exposed? Learn how to check and fix!

Is your Kubernetes API Server exposed? Learn how to check and fix! | by David Calvert | Jul, 2022 | Medium

David Calvert ・ Aug 21, 2022 ・ Medium

A set of modern Grafana dashboards for Kubernetes

A set of modern Grafana dashboards for Kubernetes | by David Calvert | Medium

David Calvert ・ Aug 21, 2022 ・ Medium

David Calvert ・ Aug 21, 2022 ・
Medium

David Calvert ・ Aug 21, 2022 ・
Medium