So let’s get right down to it: If you use AI, you are a thief. If you don’t use AI and you have published content online that can be accessed without going through some sort of paywall, you have probably been robbed. Does this sound extreme? Well I’m truly sorry to say that it isn’t.
To those of you in the know, these statements are likely not going to shock you. The rest of you are likely just shaking your heads in disbelief. So let’s get into the nitty gritty of this. The first step in understanding how I can make such a broad statement and legitimately claim that its accurate is to understand how copyright works...
Well its the day after the US Election and I’m more than a little shocked. Sure I learned the primary lesson of 2016 which was to “never count Trump out”, but despite that I went into the election last night thinking that a lot of the early indicators favored Harris. Obviously in the sobering light of mid-morning in which Trump has rightfully declared victory and thus far nearly every declared swing state seemed to go his way, this was tom-foolery.
Trump in recent weeks has taken it upon himself to refer to his political opposition as “the enemy within”. Well as part of his opposition, statements like that have terrified me and a lot of the people I know. As a straight white male who can at least blend in with MAGA if I so choose to, on the surface I have way less to worry about than so many others. However I’m still terrified. I’m an atheist. I’m a progressive socialist. I represent and embody many of the things MAGA claims to overtly hate.
Organisers of WordCamps, community-organized events for WordPress users, have been ordered to take down some social media posts and share their login credentials for social networks.
The order to share creds came from an employee of Automattic, the compay whose CEO happens to be Matt Mullenweg, co-creator of WordPress, and which owns owns and operates WordPress.com, a hosted version of the open source CMS. A letter sent to WordCamp organizers explains that the creds are needed due to "recurrent issues with new organizing teams losing access to the event's social media accounts."
There, I said it. Man it feels good to publish those words. Now don’t get me wrong, I have been asked for advice a good bit over the years, especially when it comes to tech related subjects. But the truth is: Almost nobody actually takes my advice. Now I can already hear you saying, “Well yeah but free advice typically isn’t worth that much”. Well sure, maybe not. But even when I’m getting paid to proffer it, my advice is generally not taken very often. In fact the cost of the advice seemingly has very little relationship to how seriously the recipient seems to take it.
Yeah, likewise. I'm a Bitwarden subscriber but I'd been looking into alternatives recently because of the licensing kerfuffle. But switching password managers is a pain, so I'm glad to not feel like I have to now.
KeePassXC (and I assume the other versions) can import an encrypted JSON Password Protected (NOT Account Restricted) export from Bitwarden.
I use them both. I have KeePassXC for my local machine, and Bitwarden for things I may need out and about.
With the browser plugins for both it's not that hard to manage them both, at least in my opinion.
I was hoping to see some course correction on this from Bitwarden, even if the over-stated impact was really just to the SDK. They appear to understand the look of their licensing move was going to cost them more than it probably should have. Most companies refuse to change course at all, so I at least see it as encouraging.
There is little chance I’ll ever move to keepassxc as that requires me to maintain it myself and take the chance on deleting something very precious. I’ll stick with the cloud solutions for now.
Synchronizing is not too difficult. You can use syncthing or any cloud-based storage solutions you are already using. You can also back stuff up. Given it has a recycle bin I wouldn't think accidentally deleting stuff is any more likely than a cloud solution. It's probably harder to back up a cloud solution as you don't have direct access to the file.
Are there other alternatives that are 1) open source 2) offer the same integration to begin with and finally 3) have been audited or are popular enough to be under constant scrutiny?
There is of course the KeePass ecosystem, but that is why I included my second point, as with KeePass you are responsible for vault syncing, having clients for all platforms, etc.
I suppose that it is good to be aware of other options. At the same time, jumping ship so easily also doesn't seem realistic or ideal behavior to me.
I have no affiliation, just found them this week, but https://psono.com/ exists. So 1 and 2 are met and 3 is half-way there maybe? It's a self-audit but they have been around a while. Apache2 licensed.
Again, I literally found them the other day, and other than a cursory check to make sure the UI/UX is friendly enough to compete with BW or 1P, I haven't had a chance to look through their code at all yet. I have no idea if the promises they document are met.
Hi, Sascha here, the main developer behind Psono. Psono has been audited multiple times so far, usually on a yearly bases. The last one here https://psono.com/blog/security-audit-2024 (you will also find a link to the audit itself)
I decided that vaultwarden should not have an internet accessible port. Are there any that meet those requirements and also let you (reliably!) edit/create passwords when offline?
Also, sometimes the bitwarden client decides to blow away my local copy of the password database. I'd like it to store it pesistently on all machines so I have to lose my phone, my laptop, my vaultwarden server and its two backups before I get locked out of everything.
Currently, the phone + laptop don't count as backup copies.
> I decided that vaultwarden should not have an internet accessible port
So how does your browser extension work when outside your LAN? via Tailscale or similar VPN mesh? And for people who use it outside of the LAN entirely?
The app (and iOS keyboard integration) degrades to read only mode. It works about 95% of the time. I'd rather it work 100% of the time, and be read-write.
I don't run the browser extension. (There have been too many other password managers with exploitable password bugs.)
i use the keepass ecosystem with app.keeweb.info.
Its an open source webclient that can directly pull from your google drive (and other places!).
I use a google drive through keeweb for syncing, 2 clicks and its syncd. Auto pulls when past pw.
keepass works in browser (how I use it on a computer), can work offline (which is good in air-gapped instances, one of my reqs) and works directly on my android phone without issue.
It is actually sort of how I used it as well, though through nextcloud. It did still remain a hassle. It also requires all different apps to be maintained and equally safe.
Huge VaultWarden fan here. It's been running absolutely unattended for about 3 years from a machine in my basement now, and it's great.
I back things up fairly often, but otherwise I would have no idea I'm not just using the enterprise grade Bitwarden license. Things just work, features are there.
Side-note - VaultWarden is incredibly reliable for a self-hosted free solution (I have 1 pod restart 27 days ago due to a power outage, but otherwise it basically does not fall over. No memory leaks, no high cpu consumption, no reliability problems)
Tacking onto this comment as another thumbs up for vaultwarden. "incredibly reliable" is exactly the way to describe it, in the world of tech headaches the password manager is the last thing you want to be worrying about and I can say with confidence that vaultwarden is a reliable well-oiled machine.
Backups are also fairly easy so if need be a DR can be done (and automated) with very little hassle. The vaultwarden backend does depend upon the bitwarden apps for client devices but also features it's own web UI.
Your comment was marked dead FYI, I vouched for it.
Normally this would mean you are shadow banned, but I don't see any other comments in your history getting this treatment - perhaps this comment caught the ire of some anti-spam algorithm.
I mean it reads like ad copy, and the entire first paragraph takes so many words to say nothing more than "I agree." As comments go, I have to say I've seen better.
I haven't worked up the courage / time to back up my database and upgrade the docker container; will probably get to it this weekend. However, I can't imagine using bitwarden with the official server (too bloated to be trustworthy), or with their cloud thing. I got burnt by lastpass. I'm not putting my passwords in a giant high-value target again.
Same here - I just see that versions change from time to time (yeah I know I should do that manually but there we are).
One thing I do not like (or, say, "miss") in Bitwarden/Vautwarden is the ability to make decrypted backups. I run the service for my immediate family and would like to have access to some people's passwords (of course with their agreement) to make sure they are fine.
A solution is to use Organizations but you cannot have a "organization-only account" - an account that would exclusively save to an organization without a private vault.
The "solution" is to tell people to move what they save to such and such Org but this works fine with me, recently with my wife but somehow my father does not do it and we sometimes end up with tense moments when it is time to get to some accounts :)
Vaultwarden is great, but it's only half the equation. If bitwarden does go user-hostile eventually, who's going to fork all the client apps and extensions?
He is absolutely destroying WordPress. I wasn't ever a fan but given that 40% of websites rely upon it, the end users are the ones who will suffer the most here.
If somebody doesn't fork WordPress soon, it will be decades before WordPress is purged from the web and in the meantime a lot of those remaining sites will devolve into bot-net members and malware hosts.
Because that's how Mullenwegs crusade is going to end: With the death of WordPress.
This blog post is so spot on it actually hurts. Big Tech is out of ideas and the MBA asshats running those orgs are looking to sell us on the product of their gullibility. The bubble is going to burst and a lot of people will eat shit when that happens.
To those of you in the know, these statements are likely not going to shock you. The rest of you are likely just shaking your heads in disbelief. So let’s get into the nitty gritty of this. The first step in understanding how I can make such a broad statement and legitimately claim that its accurate is to understand how copyright works...