I want this but as a Linux distribution.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Excuse an undereducated question from a long term 1password user who is going to move from it now: is the issue with “random code generators” that random passwords generated by these apps are easy to crack?
I’m looking at moving to Keepassium and as I understand it each of these apps in this family have different code to do password generating and are thus all different.
-
@mary@chaos.social someone did this and people immediately started using it as a list of people to start targeted harassment campaigns against
@leo urgh I hate this
-
@mcc Excuse an undereducated question from a long term 1password user who is going to move from it now: is the issue with “random code generators” that random passwords generated by these apps are easy to crack?
I’m looking at moving to Keepassium and as I understand it each of these apps in this family have different code to do password generating and are thus all different.
@johnlehet Software is a chaotic system. A small change in one part of a program can have unpredictable effects on other parts of the program. "Large language models" are statistical systems which create asemic strings designed to fool a human into believing they're looking at real text.
In other words a mistake introduced by an LLM may be significant, a human may not catch the error, and security flaws could result. This is BEFORE getting into the ethical issues with running the system at all
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc I'd argue that password managers are very easy to jump between. They tend to have good export and import functions. I've transitioned from keepass to dashlane to bitwarden to vaultwarden with little effort.
-
@ariadne I am, in a flippant and general way, saying I want to eradicate all code with "AI code assistant" contributions from my computer and VPSes, but I do not currently know a way to do so. I keep having programs I previously installed add the poison after the fact without public notice. https://mastodon.social/@mcc/116110912928005524
Perhaps in future I will have to use Alpine Linux if that's how I get my code audited for no "AI" contributions.
@mcc to be clear the proposed anti-AI policy only applies to the alpine project itself.
-
@mcc I'd argue that password managers are very easy to jump between. They tend to have good export and import functions. I've transitioned from keepass to dashlane to bitwarden to vaultwarden with little effort.
@LovesTha if i can export between password managers, but both password managers are infected with the same problem, does this help? what's dashlane? is it good?
-
@mcc to be clear the proposed anti-AI policy only applies to the alpine project itself.
@ariadne okay. when i said "linux distribution" i was thinking "a collection of all the software you need to run a computer system" as that's what a distribution traditionally meant. (the existence of flathub somewhat complicates what i want, but like I said, I was being vague and flippant)
-
@johnlehet Software is a chaotic system. A small change in one part of a program can have unpredictable effects on other parts of the program. "Large language models" are statistical systems which create asemic strings designed to fool a human into believing they're looking at real text.
In other words a mistake introduced by an LLM may be significant, a human may not catch the error, and security flaws could result. This is BEFORE getting into the ethical issues with running the system at all
@mcc Yes. I get that. So when you say “random code generators” you mean various LLMS inputting into the code base? Damn. I thought you meant that AIs were involved in the password generation, which as I understand it would also suck badly.
-
@mcc Yes. I get that. So when you say “random code generators” you mean various LLMS inputting into the code base? Damn. I thought you meant that AIs were involved in the password generation, which as I understand it would also suck badly.
@johnlehet Yes; I am attempting to describe the product sold as "AI code assistants" without using the word "AI". It did not occur to me that "code" was ambiguous/a pun when I made the post.
-
@mcc Yes. I get that. So when you say “random code generators” you mean various LLMS inputting into the code base? Damn. I thought you meant that AIs were involved in the password generation, which as I understand it would also suck badly.
One thing for sure, I’ve got a fire under my butt to get out of 1password pretty quick.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc I so want this too. Moreover, I want some kind of standard/standardized compact/agreement/declaration/license that F/OSS projects individually could reference to declare that they agree with and enforce this stance: no "AI" contributions whatsoever. Have not yet found such a thing.
I agree that the distro level is the right place for this, but there's an argument to be made that it should go all the way down.
-
@mcc I so want this too. Moreover, I want some kind of standard/standardized compact/agreement/declaration/license that F/OSS projects individually could reference to declare that they agree with and enforce this stance: no "AI" contributions whatsoever. Have not yet found such a thing.
I agree that the distro level is the right place for this, but there's an argument to be made that it should go all the way down.
Here's the text I'm currently copypasting into my own open source projects: https://codeberg.org/mcc/nameless-experimental-lisp/#contributor-agreement
I've seen other people with standard text, but nothing designed to be copypasted.
Incidentally, I am considering upgrading to something a little stronger, like this; what do you think about it? https://mastodon.social/@mcc/115872922320160715
-
@LovesTha if i can export between password managers, but both password managers are infected with the same problem, does this help? what's dashlane? is it good?
@mcc Oh, yes, it does require there to be a good option. And I have not done the research.
Dashlane is another 1Pass (centralised webservice password manager). I've been using *Warden for a long time now. I have no idea why I chose Dashlane, or if they still exist.
Heck, the name might be wrong. Although I think I recall seeing emails in the last year that they were deleting my account due to activity. Which probably means they both exist and that name is right.
-
@mcc Oh, yes, it does require there to be a good option. And I have not done the research.
Dashlane is another 1Pass (centralised webservice password manager). I've been using *Warden for a long time now. I have no idea why I chose Dashlane, or if they still exist.
Heck, the name might be wrong. Although I think I recall seeing emails in the last year that they were deleting my account due to activity. Which probably means they both exist and that name is right.
@LovesTha Thanks.
Looking it up, there is no Linux GUI client for Dashlane. So maybe I won't go for it.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc I've pinned my KeePassXC version to the last one without AI-generated code.
-
@mcc I've pinned my KeePassXC version to the last one without AI-generated code.
@redfire Which version is that, by the way?
-
@redfire Which version is that, by the way?
@mcc Not at my computer currently but I believe its 2.7.9.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc I am honestly a bit scared to find out which projects use gen AI. I do not want any of such code running on any of my devices.
-
@nina_kali_nina @luana @mcc Great. Password manager migration was really not what I needed on my to do list right now
-
One thing for sure, I’ve got a fire under my butt to get out of 1password pretty quick.
@johnlehet @mcc I knew 1password was getting worse, my renewal is soon and that's not happening now. Someone in thread said keepass 2.x isn't infected with AI. There's passwordstore.org and passky.org which I just learned about. Honestly I'm not sure what to try, this is a big PITA.
