If You’ve Ever Used LastPass, You Should Change All Your Passwords Now

https://static1.makeuseofimages.com/wordpress/wp-content/uploads/2022/12/open-padlock-hanging-on-a-wire-fence-with-snow-falling-in-the-background.jpg

Personal details and password vaults containing the sign-in credentials of millions of users are now in the hands of criminals. If you’ve ever used the password manager, LastPass, you should change all of your passwords for everything, now. And you should immediately take further measures to protect yourself.

What Happened in the 2022 LastPass Data Breach?

LastPass is a password management service which operates on a "freemium" model. Users can store all of their passwords and logins for online services with LastPass, and access them through the web interface, through browser add-ons, and through dedicated smartphone apps.

Passwords are stored in "vaults", which are protected by a single master password.

In August 2022, LastPass announced that criminals had used a compromised developer account to access the LastPass development environment, source code, and technical information.

Further details were released in November 2022, when LastPass added that some customer data had been disclosed.

The true severity of the breach was revealed on December 22, when a LastPass blog post noted that criminals had used some of the information obtained in the earlier attack to steal backup data including customer names, addresses and phone numbers, email addresses, IP addresses, and partial credit card numbers. Additionally, they managed to steal user password vaults containing unencrypted website URLs and site names, as well as encrypted usernames and passwords.

Is It Difficult for Criminals to Crack Your LastPass Master Password?

Theoretically, yes, hackers should find it difficult to crack your master password. The LastPass blog post notes that if you use their default recommended settings, "it would take millions of years to guess your master password using generally-available password-cracking technology."

LastPass requires the master password to be a minimum of 12 characters, and recommends "that you never reuse your master password on other websites."

However, LastPass is unique among password management services in that it allows users to set a password hint to remind them of their master password should they lose it.

Effectively, this encourages users to use dictionary words and phrases as part of their password, rather than a truly random strong password. No password hint is going to help if your password is "lVoT=.N]4CmU".

The LastPass password vaults have been in the hands of criminals for some time now, and even though they’re encrypted, they will eventually be subject to brute force attacks.

Attackers will find their work easier thanks to the existence of massive databases of commonly used passwords. You can download a 17GB password list comprising the 613 million most common passwords from haveibeenpwned, for instance. Other password and credential lists are available on the dark web.

To try each of the half billion most common keys against an individual vault would take minutes, and although relatively few would be the required 12 characters, it’s likely that cybercriminals will be able to easily break into a good proportion of vaults.

Add to that the fact that computing power increases year-on-year, and that motivated criminals can use distributed networks to help with the effort; "millions of years" doesn’t seem feasible for the majority of accounts.

Does the LastPass Breach Just Affect Passwords?

While the headline news is that criminals can take their time to break into your LastPass vault, they can take advantage of you in other ways by using your name, address, phone number, email address, IP address, and partial credit card number.

These can be used for a number of nefarious purposes including spearphishing attacks against you and your contacts, identity theft, taking out credit and loans in your name, and SIM swap attacks.

How Can You Protect Yourself After the LastPass Data Breaches?

You should assume that within a few years, your master password will be compromised and all the passwords contained within will be known to criminals. You should change them now, and use unique passwords you have never used before, and which aren’t in any of the commonly used password lists.

With regard to the other data criminals obtained from LastPass, you should freeze your credit, and engage a credit monitoring service to monitor any new card or loan applications in your name. If you’re able to change your phone number without too much inconvenience, you should do that too.

Take Responsibility for Your Own Security

It’s easy to blame LastPass for the data breaches which saw your password vaults and personal details fall into the hands of criminals, but password management services that secure your life and help you generate unique combos are still the best way to secure your online life.

One way to make it more difficult for would-be thieves to get hold of your vital data is to host a password manager on your own hardware. It’s cheap, easy to do, and some solutions, such as VaultWarden, can even be deployed on a Raspberry Pi Zero.

MUO – Feed

A quick guide on why you should use Laravel Octane to scale your app

https://laravelnews.s3.amazonaws.com/images/og-image—laravel.png

Laravel has gained a lot of attention in recent years, though it has been a charm in the eyes of product owners for small-scale web applications. However, developing a large-scale application with Laravel still seems like a hard nut to crack. In this blog post, we have covered the latest addition to the Laravel framework, Laravel Octane, and the buzz Octane to scale Laravel applications has created around the market to fill the scalability gap of Laravel experienced by product owners

Introduction

Laravel possesses a simple and decent syntax that allows developers to make their web application development easier. The only drawback which led Laravel to lack on every front is Scalability which is why Laravel is not among the top most preferred languages among developers. After the introduction of Octane, this perception shifted slightly in favor of Laravel and its community. But, before we move to our Topic of Octane to Laravel Applications. Let us first understand What Laravel Octane is and How does it work.

What is Laravel Octane?

Laravel Octane is an open-source package introduced by Taylor Otwell in his Laracon Online Talk, with its release date on May 12, 2021. This package serves the Laravel application and uses the web server Swoole and RoadRunner to help improve performance. It is initialized with the first request, stored in memory, and does not reinitialize at subsequent requests. It possesses 3.3k Stars and 234 Forks on GitHub.

Octane Key Features

The key features of Octane include several features that allow it to present better performance than the traditional Laravel; given below are a few such features:

  • It makes your application extremely fast and efficient
  • It saves resources compared to conventional Laravel applications.

How does Laravel Octane work?

Octane Laravel is built on top of the traditional Laravel and PHP version 8.0 and above. It is not a separate language but is an addition to the standard Laravel. Octane works on its servers via Swoole and RoadRunner, which the traditional Apache and Nginx should redirect for incoming traffic.

Octane Open Swoole

It is a software development kit that allows product owners to create efficient and scalable web applications. Open Swoole is a fork of the Swoole framework initiated in late 2021 concerning the internal conflicts within the developer community of swoole.

Octane Roadrunner

It is an open-source, high-performance, serviceable PHP application server that is effective and efficient in replacing the traditional Nginx setups delivering better performance and flexibility.

We can also mention that though Swoole and RoadRunner still use worker processes for all requests, they only serve the first request to boot the framework (dependency containers), and the remaining ones are from the framework’s bootstrapped version. This collectively makes your application perform impressively fast from your existing application.

Octane Roadrunner

Octane Laravel catches the bootstrapped Laravel framework in RAM with the first request. After that, all the requests use the already bootstrapped framework from RAM instead of doing the whole reading of files from the hard disk and re-bootstrapping the framework, making the Laravel application faster and improving its performance to a significant extent.

Laravel with Apache vs Laravel Octane Benchmarks

According to the creator of Laravel, Taylor Otwell, after the introduction of Apache and Octane, there is almost no requirement to choose Lumen for new projects. As we know that Lumen is a Laravel-based micro-framework intentionally devoid of a few components, making it fast. Also, using the Laravel Octane as its server is a fast better option than Lumen. To understand that better, let us look at a few benchmarks.

In this benchmark, we took in a total of three modes Laravel Octane vs Laravel Apache Web Server vs Laravel built-in server:

  • Laravel with Octane
  • Laravel with Apache Web Server
  • Laravel with its in-built server.

In this benchmarking, we used the tool wrk with the given below configuration:

1wrk -tl -c50 URL

The first attest is performed on the Just Hello World HTML, and the results that we have received are as follows:

Mode Requests Handled in 10-Seconds Requests Per Second (RPS)
Laravel with Octane 2667 266 rps
Laravel with Apache 1210 121 rps
Laravel with its in-built Server 705 70 rps

These, Laravel Octane benchmark metrics are enough to give you insight that Octane Laravel is far faster in terms of performance than the traditional Apache-Server Laravel.

Why Scale your Laravel Application with Octane?

Octane catches your data and objects in the memory, which contributes to the improvement in the performance of your Laravel application by upto 30%. This improvement in the performance is observed due to the eliminating of disk reads, process forks, and various other overheads that come to function whensoever the framework is booted up on every request, which allows the Laravel application to manage thousands of connections quickly, thereby contributing to the increase in traffic or the need to be highly available. Also, this is a productive method that too with a little expense.

Additionally, a minor or no change in the codebase is required under certain circumstances. But it is related to how your application is structured.

What to Look for Before Scaling your Laravel Application with Octane (Prerequisites)

Octane can improve your web application development performance to a great extent, but that doesn’t mean that it is sufficiently capable of improving the performance of your web application and providing you with the freedom to scale.

It involves prerequisites like PHP version 8.0 and adopting the stateful programming convention. Therefore, before you finalize using Octane, the first and foremost step is to update your PHP version and install it. Though it seems a simple task, the severe hiccup with this is that numerous websites that work on Laravel are using an older version of Laravel, which does not support the Octane and hence needs to be updated with the latest Laravel version.

Also, many product owners, whether experienced or fresher, are not familiar with the stateful framework, which again requires efforts to understand it before they finalize to implement Laravel Octane within your web application to scale.

Other Necessary Factors

In addition to the above-given prerequisites, a few other factors must be considered to make a scalable web application. Let s look at those factors given below:

Refactoring Implications

For applications using session state or a few middleware types, some prior changes to the code are required for using the Octane. Also, you should add support for Swoole coroutine-based sessions and remove middlewares that aren’t compatible with Swoole.

The rest of the changes that need to be made involve the Dependency Injection Container. You can refer to the Laravel Official Document of Laravel for more details on How to do it.

Handling Code Changes

The traditional Laravel requires you to start or stop the entire Laravel application instance whensoever a change is made. However, contrary to this, with Octane, you get a convenient way to monitor your codebase automatically and restart your Octane server without any manual interventions, which allows you to make the developments easily by altering the code at a single instance or in one place instead of restarting the whole application insta\nce every time the codebase is updated.

Are there any other Options to Scale Laravel applications?

Yes, there is always another solution to a problem. Though Laravel Octane is a great tool to resolve the issue of scaling within the traditional Laravel application, it is still not the only option; plenty of other options can contribute to your scaling needs. Let us have a look at a few of them:

Horizontal Scaling

The first comes horizontal scaling, a simple yet least recommended method to scale your Laravel application. The reason behind this is that though it is efficient, it becomes more and more complex and expensive as the running costs keep increasing and more difficult as you migrate to a different server. Further, it is still a limited solution as you cannot scale on demand with this setup.

Load Balancing (with AWS or Without AWS)

For scaling your Laravel Application on AWS, you can automatically scale the applications to a limited extent for applications with the same MySQL database. These servers thereafter use a single Amazon RDS or Amazon Relational Database.

Though this seems a viable option to scale compared to Horizontal scaling, the hidden costs involved here are not transparent. Also, it is less effective than Octane Laravel. Still, the Significant benefit is that it allows you to scale without any alteration needed in your existing codebase, as with Laravel Octane.

Laravel Vapor and Octane

Laravel Vapor is an auto-scaling, serverless deployment platform for Laravel. Vapor allows for scalability and simplicity of the serverless. When combined with Octane, the Laravel Octane Vapor combination provides autoscaling and faster load times at any scale. However, to understand it, even more, let us take an example from the official Laravel Documentation.

Vapor project on the us-west-1 region of Amazon. This Vapor application is configured with 1 GB of RAM and an RDS MySQL instance (db.t2.micro) with 1 VCPU and 1Gib RAM.

Now, looking at the API endpoint that gets a user from the database. With Octane, its endpoint becomes 7x faster. It uses 44% less memory:

Before Vapor’s Octane integration

1Time Taken by Request: 39.40 ms, Memory Usage: 169 MB

2Time Taken by Request: 40.20 ms, Memory Usage: 169 MB

3Time Taken by Request: 37.71 ms, Memory Usage: 169 MB

4Time Taken by Request: 42.16 ms, Memory Usage: 169 MB

5Time Taken by Request: 40.60 ms, Memory Usage: 169 MB

6Time Taken by Request: 45.75 ms, Memory Usage: 169 MB

After Vapor’s Octane integration

1Time Taken by Request: 6.78 ms, Memory Usage: 112 MB

2Time Taken by Request: 6.64 ms, Memory Usage: 112 MB

3Time Taken by Request: 6.67 ms, Memory Usage: 112 MB

4Time Taken by Request: 6.38 ms, Memory Usage: 112 MB

5Time Taken by Request: 6.75 ms, Memory Usage: 112 MB

6Time Taken by Request: 6.47 ms, Memory Usage: 112 MB

While the “login” route which renders a static template. Octane at this endpoint has made it almost 3x faster. It uses 35% less memory:

Before Vapor’s Octane integration

1Time Taken by Request: 11.32 ms, Memory Usage: 165 MB

2Time Taken by Request: 11.35 ms, Memory Usage: 165 MB

3Time Taken by Request: 11.29 ms, Memory Usage: 165 MB

4Time Taken by Request: 11.29 ms, Memory Usage: 165 MB

5Time Taken by Request: 11.36 ms, Memory Usage: 165 MB

6Time Taken by Request: 11.43 ms, Memory Usage: 165 MB

After Vapor’s Octane integration

1Time Taken by Request: 4.89 ms, Memory Usage: 108 MB

2Time Taken by Request: 4.89 ms, Memory Usage: 108 MB

3Time Taken by Request: 4.83 ms, Memory Usage: 108 MB

4Time Taken by Request: 4.66 ms, Memory Usage: 108 MB

5Time Taken by Request: 4.79 ms, Memory Usage: 108 MB

6Time Taken by Request: 4.91 ms, Memory Usage: 108 MB

Thus, we can infer that Octane decreases the duration of requests as well as memory usage. Also, adding the AWS applies 1ms billing granularity on Lambda, so you need to pay comparatively less for your HTTP function. Hence, the combination of Laravel Octane Vapor is a great choice for making a Laravel Octane Vapor web application with scalability.

Conclusion

This is what we have on scaling your Laravel application using Laravel Octane. Though it is a decent option to scale your existing Laravel application, it shows significant improvement in terms of performance in comparison to the traditional Laravel application. Still, its incompatibility with the existing codebase of many traditional Laravel applications is a setback. It can be a good choice if you wish to improve the performance of your application, but if you plan on saving an already struggling application, then Octane Laravel is not the best option. You must do thorough research before making the final call.

Additionally, when you have opted for Octane, make sure to use the Octane Compatible packages you add to your project to get the ideal application compatible with Octane if you are still hesitant about making the final call or scaling your Laravel application. A Laravel Development Company like Bacancy can assist you in the same; our expert professionals are always available to guide and walk alongside you through your entire web application development process.

Laravel News

The Rimfire Report: Why Your 10/22 Rifle is Inaccurate

https://www.thefirearmblog.com/blog/wp-content/uploads/2022/12/keyhole-targetfeat-180×180.png

The Rimfire Report: Why Your 10/22 Rifle is InaccurateHello everyone and welcome back to another edition of The Rimfire Report! This ongoing series is all about the rimfire firearm world and its various firearms, shooting sports, ammunition types, and history! Last week on The Rimfire Report we talked about the historical significance of what was collectively known as gallery guns – basically versions of rifles […]

Read More …

The post The Rimfire Report: Why Your 10/22 Rifle is Inaccurate appeared first on The Firearm Blog.

The Firearm Blog

Things That Don’t Suck: Faxon’s Ruger 10/22 Bolt Upgrade

https://cdn0.thetruthaboutguns.com/wp-content/uploads/2022/12/ruger-1022-bolt-6-scaled-e1670962187398.jpg

 

There are many parts that make up a 10/22 rifle, and each one of them plays an important role. However, the most critical component of the Ruger is the bolt. The trigger may be what initiates every shot, but it’s the bolt that’s responsible for shot-to-shot operation.

A high-quality bolt affects more than just reliability. The bolt face, its consistency, and how the firing pin strikes the bullet significantly contribute to the rifle’s accuracy.

Faxon Stainless Steel Bolt Assembly for 10/22

Faxon bolt sitting on it's butt against a white background

Whether you’re building up a new gun or keeping an old favorite running, the Faxon 10/22 Bolt Assembly is compatible with the OEM receiver, trigger group, charging handle, and bolt stop pin. The Faxon 10/22 bolt is fully assembled and ready to drop into your Ruger 10/22.

Specs

  • Material: 17-4 PH Stainless steel, H900
  • Hardness: HRC 40 – 47
  • Round Firing Pin
  • Sharp Extractor

Why Upgrade a 10/22 Bolt?

Upgrading the bolt improves reliability and accuracy on any 10/22 rifle. A high-quality bolt aftermarket bold like Faxon’s is properly radiused and polished to enhance the reliability of the cyclic action.

Additionally, Faxon’s 10/22 bolt has the proper head spacing in order to improve the reliability of the bullets feeding from the magazine into the chamber. Lastly, proper firing pin protrusion ensures optimal striking of the rimfire case.

All these small improvements add up to better overall reliability, consistent performance, and improved accuracy.

faxon bolt sitting against a white background

Does The Ruger 10/22 Have a Bolt Hold Open?

Out of the box in the stock configuration, the Ruger 10/22 doesn’t have a last-round bolt hold open feature. To add the bolt hold open feature, you need a third-party upgrade such as the CST Auto Bolt Stop.

What is a 10/22 Bolt Buffer?

A bolt buffer replaces/upgrades the bolt stop pin in your 10/22 receiver. The OEM bolt stop pin is made from steel, whereas the bolt buffer is made from a polymer material.

Over time the steel bolt stop pin can cause micro-cracks in the receiver due to repeated impacts of the bolt during shooting. The bolt buffer mitigates that and several other issues by being manufactured out of a polymer material.

top view of a ruger 10/22 bolt from faxon firearms

There are three main benefits of replacing the bolt stop pin with a bolt buffer.

  1. It reduces the sound when the bolt slams rearward during the cycling action during shooting. This is also a benefit when shooting suppressed as it greatly reduces the noise signature even more.
  2. The 10/22 blowback action is less shaky because of the dampening of the recoil and bolt cycling vibrations.
  3. It can prevent cracks in the 10/22 receiver resulting from prolonged usage, high round count shooting, or the added stress of high-velocity ammo.

top view of a faxon firearms bolt against a white backgound

The Ruger 10/22 bolt by Faxon includes a bolt buffer to replace the OEM bolt stop pin. If you’re interested in learning more, check out more on the Ruger 10/22 Bolt here.

 

This article originally appeared at Firearms Press and is reprinted here with permission. 

The Truth About Guns

First Human Trials Test Light and Sound Therapy For Alzheimer’s Disease

A new study published in the journal PLoS ONE has reported on the first human tests of an experimental therapy using sound and light to treat Alzheimer’s disease (AD). New Atlas reports: Over the last seven years, Li-Huei Tsai and colleagues at MIT’s Picower Institute for Learning and Memory have been investigating an unusual hypothesis. The researchers found toxic proteins associated with Alzheimer’s disease could be eliminated from mouse brains following exposure to flickering lights. Further research found the magic frequency was 40 Hz. When animals were exposed to both sound and light at that frequency, improvements in brain health were detected. Of course, these kinds of animal tests don’t mean much if they can’t be replicated in humans, so after further investigations revealed how this sensory therapy could be affecting a mouse brain, the researchers started preliminary human experiments. Working with colleagues at Massachusetts General Hospital, two clinical trials set out to test the therapy in humans.
The first Phase 1 study recruited 43 participants to test whether this kind of light and sound exposure was safe, and did anything to the human brain. Each subject was monitored using EEG measures while experiencing a short exposure to what has been dubbed by the researchers as GENUS (Gamma ENtrainment Using Sensory stimulation). This preliminary study comprised both healthy and cognitively impaired subjects, as well as participants with epilepsy in order to evaluate the seizure potential of the treatment. After a short exposure to the sensory stimulation, the researchers found a number of brain regions synchronize with the 40-Hz frequency.
The second trial recruited 15 participants with early-stage Alzheimer’s disease. Each participant was given a device to take home and use for around an hour a day. The device was essentially a small LED white board with an iPad in the middle and a soundbar underneath. While watching videos on the iPad, the LED light panel on the white board would flicker at a rate of 40 Hz and the soundbar would play a 40-Hz tone. Half the cohort was randomized to a sham control condition, exposed to a constant white light and white noise. Compliance was relatively high between both the GENUS and the sham groups, with participants completing the daily requirement of exposure around 90 percent of the time. After around three months of use the researchers could detect statistically significant differences between the two groups, both on brain imaging and memory tests. The researchers are cautious not to overstate their initial findings, the report says. "It’s early days for human studies […], larger cohorts of patients are needed to better understand the impacts of this sensory stimulation and longer trials will hopefully establish more prominent beneficial effects."


Read more of this story at Slashdot.

Slashdot