I want this but as a Linux distribution.
-
@mcc @itamarst this is a bit tangential to the whole thing but that phrasing bothers me a LOT. "an essential part" — is it? is it "essential?" where was it five years ago? and three years from now, when everyone, even the most braindead useless dead-weight MBA executive, finally realizes that it doesn't fucking work at all, will it still be "essential" then? or is the plan to stop being successful?
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Yeah, KeePassXC going this route really hurt. I'm probably going to migrate back to a text file encrypted with gnupg for basic password management, but I have no idea what I'm going to use for one-time passcodes.
-
@mcc @itamarst this is a bit tangential to the whole thing but that phrasing bothers me a LOT. "an essential part" — is it? is it "essential?" where was it five years ago? and three years from now, when everyone, even the most braindead useless dead-weight MBA executive, finally realizes that it doesn't fucking work at all, will it still be "essential" then? or is the plan to stop being successful?
-
@mcc …shit
-
@mcc @itamarst this is a bit tangential to the whole thing but that phrasing bothers me a LOT. "an essential part" — is it? is it "essential?" where was it five years ago? and three years from now, when everyone, even the most braindead useless dead-weight MBA executive, finally realizes that it doesn't fucking work at all, will it still be "essential" then? or is the plan to stop being successful?
-
@ariadne I am, in a flippant and general way, saying I want to eradicate all code with "AI code assistant" contributions from my computer and VPSes, but I do not currently know a way to do so. I keep having programs I previously installed add the poison after the fact without public notice. https://mastodon.social/@mcc/116110912928005524
Perhaps in future I will have to use Alpine Linux if that's how I get my code audited for no "AI" contributions.
@mcc @ariadne I have the same feeling, if something I use start accepting AI code assistant contributions, I am considering it the same way as any proprietary software.
On the subject of Bitwarden, it seems that Vaultwarden isn't accepting any AI contributions so far (would need to dig more into issues/PRs to be 100% sure), so I will likely fork bitwarden client or make my own client...
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc I admit I don't know the KeePass ecosystem terribly well, but does this go "up the chain" to regular KeePass 2.x or is it just XC?
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc I am dropping/switching any FOSS tools that I know are using GenAI/LLMs and it is getting bleak -_-
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
RE: https://wellduck.me/@greyduck/116110983001607000
I would like the answer to this question as well.
-
@mcc @ariadne I have the same feeling, if something I use start accepting AI code assistant contributions, I am considering it the same way as any proprietary software.
On the subject of Bitwarden, it seems that Vaultwarden isn't accepting any AI contributions so far (would need to dig more into issues/PRs to be 100% sure), so I will likely fork bitwarden client or make my own client...
-
@mcc I am dropping/switching any FOSS tools that I know are using GenAI/LLMs and it is getting bleak -_-
@Brett_E_Carlock the problem is removing any one tool from my life is a relatively large time investment and projects are adding "boycott me" flags faster than I can switch to or create alternatives
-
@mcc @itamarst my prediction is that they will pretend that once there are a few more truly catastrophic stories in the press, like if a whistleblower shows up to conclusively prove that Microsoft *knows* copilot is causing all the Windows bugs that everyone suspects it is, they will simply change the copy on their website to indicate that they were always against this and they were never fooled, and there will not be consequences for anyone involved
-
@Brett_E_Carlock the problem is removing any one tool from my life is a relatively large time investment and projects are adding "boycott me" flags faster than I can switch to or create alternatives
@mcc Yeah, absolutely. Thankfully so far these changes have all been low-stakes for me, but they are disruptive none-the-less.
As a fairly recent full time Linux everywhere user, something as stupid as changing my music manager app was a pretty significant shakeup. Twice, back to back, no less, after finally settling on each one. Enough that I had to package an entirely different media manager to use, since I had no other options I remotely enjoyed using.
Again, whinging, but the pattern holds
-
@mcc I admit I don't know the KeePass ecosystem terribly well, but does this go "up the chain" to regular KeePass 2.x or is it just XC?
@greyduck @mcc probably best to ask Mr Reichel here: https://sourceforge.net/p/keepass/discussion/329220/
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Canceled my subscription, told them why and now am deciding on if I even want to keep my own vaultwarden instance.
I can't trust the clients anymore, so i'm freezing updates to the apps - but that's a security time-bomb in and of itself.
Guess I'm doing a forced password manager migration in 2026 as well.
Thank you (and fuck them) for the information. I'm slightly annoyed that this is the first i've heard of it and Bitwarden published some BS about being all-in on agentic foolishness late last year.
-
@mcc Yeah, absolutely. Thankfully so far these changes have all been low-stakes for me, but they are disruptive none-the-less.
As a fairly recent full time Linux everywhere user, something as stupid as changing my music manager app was a pretty significant shakeup. Twice, back to back, no less, after finally settling on each one. Enough that I had to package an entirely different media manager to use, since I had no other options I remotely enjoyed using.
Again, whinging, but the pattern holds
@mcc Low-stakes, and I have options.
What about for more significant/critical tools for folks? What about when there aren't real options?
What about for folks that can't just build and package something else?
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc oh yikes wtf please not bitwarden
-
@ariadne I am, in a flippant and general way, saying I want to eradicate all code with "AI code assistant" contributions from my computer and VPSes, but I do not currently know a way to do so. I keep having programs I previously installed add the poison after the fact without public notice. https://mastodon.social/@mcc/116110912928005524
Perhaps in future I will have to use Alpine Linux if that's how I get my code audited for no "AI" contributions.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc
There is this thing called "debian" and "suse" -
@mcc Vaultwarden bundle a custom version of the web client but it's basically the official one with stuffs renamed around at best.
So yeah in my case, I would fork the client, make a new one or audit the client changes each time I update the server side...
(For reference, most of my services are not exposed on the internet so I can limit the downfall of most things by pinning and audit things when updating even if it's not really practical)
