I just learnt that #1Password dunks in #LastPass if you migrate your vault
This is the first time a retrieve one of the secrets... and I was received with a big red square that reads:
> Imported from LastPass
> LastPass suffered a data breach in August 2022. Change your password to keep your account safe.
- Change password on website
- Ignore
I've been stuck on #1Password 7 for years because I didn't want to move to the cloud, but this weekend I finally got #Vaultwarden set up on a #RaspberryPi and it's going well so far.
So I just wasted a morning trying to debug why the Highlight.js syntax highlighting in Kitten suddenly began to fail only to realise that @1password is stripping the hljs- prefixes from the class names.
You can see this for yourself if you have the 1password extension installed at:
https://kitten.small-web.org/#the-ubiquitous-counter-example
Load that page with 1password enabled in your browser and you will see that the syntax highlighting doesn’t work and the hljs- prefixes have been stripped.
Disable the 1password extension and load the page again and you will see syntax highlighting working properly.
WTF?!
@zef
Depends on if you trust proprietary software with your most precious.
There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.
TL,DR: Adopt Trusted Publishing 🔐🚀📦
RE: https://hachyderm.io/@miketheman/115618016841703831
Use Trusted Publishing instead of long-lived PyPI tokens. For other things, here's how to use 1Password with direnv to set secrets in env vars.
https://hugovk.dev/blog/2025/secrets-in-env-vars/
#security #1Password #direnv #cli #PyPI
There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.
TL,DR: Adopt Trusted Publishing 🔐🚀📦
RE: https://hachyderm.io/@miketheman/115618016841703831
Use Trusted Publishing instead of long-lived PyPI tokens. For other things, here's how to use 1Password with direnv to set secrets in env vars.
https://hugovk.dev/blog/2025/secrets-in-env-vars/
#security #1Password #direnv #cli #PyPI
BTW friend, that gray round icon, with a lighter gray star in the middle is a (bank?) vault. You’re welcome.
Not a bad #phishing attempt, this time targeting #1Password users.
Huh, spam from 1Password offering me “Early access to Comet, the new AI browser from Perplexity”. I’m perplexed all right, about why 1Password, an outfit I mostly like, is doing this. I want a serious relationship with my security-technology providers, not a spammy one that flirts with sketchy totally-unrelated products.
Huh, spam from 1Password offering me “Early access to Comet, the new AI browser from Perplexity”. I’m perplexed all right, about why 1Password, an outfit I mostly like, is doing this. I want a serious relationship with my security-technology providers, not a spammy one that flirts with sketchy totally-unrelated products.
