I want this but as a Linux distribution.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc KeepassXC as well? I have a hard time as it is to trust a password manager. It seems I have to write my own?
-
@mary yeah, but if a build and deploy means making and deploying an apk then there's some question why you're using react native at all.
i think it ought to be possible to do all this by just forking expo/expoapp and removing the arbitrary dependency on the web service.
@mcc@mastodon.social @mary@chaos.social
making and deploying an apk then there's some question why you're using react native at all.
usually those frameworks are used for cross-platform development, so you would make both an ios and android app from the same codebase
as far as i know from my vague understanding of the ecosystem, Expo is supposed to be more of a quick and dirty playground rather than something ready to ship -
@nina_kali_nina I was tempted to do Vaultwarden, but the Bitwarden clients are affected so I don't think that'd help much. Might be an okay stop-gap until I have the time to invest in it properly.
@lunarloony @nina_kali_nina what I'm using is old school, open source, self hosted and ai free: https://www.passwordstore.org/
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
-
@lunarloony @nina_kali_nina what I'm using is old school, open source, self hosted and ai free: https://www.passwordstore.org/
@lhengstmengel @lunarloony @nina_kali_nina ooh interesting, didn’t know about that, thanks
-
@mcc@mastodon.social
I think #debian has you covered.
Didn't encounter an AI there
Edit: ooh, you meant as tool to create the system, not as part of the system....
Never mind...
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
-
@nina_kali_nina @luana @mcc oh for fuck's sake
-
@mcc 1Password says "We want team members at all levels to take the approach of actively learning AI best practices, identifying opportunities to apply AI in meaningful ways, and driving innovative solutions in their daily work. Embracing the future of AI isn't just encouraged at 1Password—it's an essential part of how we will be successful at 1Password."
Pretty upset about KeepassXC on a personal level.
@itamarst @mcc hopefully that includes Verification Driven Development tools
https://levon003.github.io/2026/01/07/verification-driven-development.html -
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc KeePassXC has merged only a little bit of AI-assisted code, not in any critical parts. And there has been no merges of that kind of code since last November. KeePassXC is not preferred to use AI code, but they require people to let them know if they are trying to push code that includes it. It doesn't mean the code will not be reviewed before it's even accessed. Majority of the developers are NOT using AI. Read their blog post.
-
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Also, the main difference is that KeePassXC at least tracks the pull requests where AI-assisted code is used, and they require it. There's no way to confirm the same with Bitwarden. The pull request may or may not have been using AI. There's no clear track record how long they've been using it.
-
@mcc Yeah, KeePassXC going this route really hurt. I'm probably going to migrate back to a text file encrypted with gnupg for basic password management, but I have no idea what I'm going to use for one-time passcodes.
@mcc @jcnotwit the unix password manager does exactly that (and much more) and has an otp plugin, works fine. https://www.passwordstore.org/
-
@amin I do like the sound of the passwords being individual files. It'd make syncing them a whole lot easier!
-
@nina_kali_nina @luana @mcc oh FFS!!!! 🤬 I guess it’s back to KeepassXC and trying to sync across devices
-
@tris @mcc we are trying to be.
We recently introduced a policy of no LLM contributions with exceptions if people need to use LLM for accessibility purposes.
It's probably impossible to declaratively state all submissions are 100% human created but we have our stance and hope people will respect that and we will also reject submissions if we doubt authenticity.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Oh come on for fucks sake. I just migrated from KeepasXC to Vaultwarden/Bitwarden be außer of this shit. Passwordstore is great but the client and browser integration sucks. So now what?
-
@nina_kali_nina @luana @mcc oh FFS!!!! 🤬 I guess it’s back to KeepassXC and trying to sync across devices
@not_a_label @nina_kali_nina @luana @mcc Keepass XC is also accepting slop code contributions
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc damn, i was hoping bitwarden would know better, been very happy with their stuff, now not sure what to do
-
@nina_kali_nina @luana @mcc oh FFS!!!! 🤬 I guess it’s back to KeepassXC and trying to sync across devices
@not_a_label fwiw I've been syncing everything (including keepsss files) between Linux and Android devices using Syncthing, which replaced Dropbox for me, and I'm very happy with it indeed.
