I want this but as a Linux distribution.
-
@mcc Yes. I get that. So when you say “random code generators” you mean various LLMS inputting into the code base? Damn. I thought you meant that AIs were involved in the password generation, which as I understand it would also suck badly.
One thing for sure, I’ve got a fire under my butt to get out of 1password pretty quick.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc I so want this too. Moreover, I want some kind of standard/standardized compact/agreement/declaration/license that F/OSS projects individually could reference to declare that they agree with and enforce this stance: no "AI" contributions whatsoever. Have not yet found such a thing.
I agree that the distro level is the right place for this, but there's an argument to be made that it should go all the way down.
-
@mcc I so want this too. Moreover, I want some kind of standard/standardized compact/agreement/declaration/license that F/OSS projects individually could reference to declare that they agree with and enforce this stance: no "AI" contributions whatsoever. Have not yet found such a thing.
I agree that the distro level is the right place for this, but there's an argument to be made that it should go all the way down.
Here's the text I'm currently copypasting into my own open source projects: https://codeberg.org/mcc/nameless-experimental-lisp/#contributor-agreement
I've seen other people with standard text, but nothing designed to be copypasted.
Incidentally, I am considering upgrading to something a little stronger, like this; what do you think about it? https://mastodon.social/@mcc/115872922320160715
-
@LovesTha if i can export between password managers, but both password managers are infected with the same problem, does this help? what's dashlane? is it good?
@mcc Oh, yes, it does require there to be a good option. And I have not done the research.
Dashlane is another 1Pass (centralised webservice password manager). I've been using *Warden for a long time now. I have no idea why I chose Dashlane, or if they still exist.
Heck, the name might be wrong. Although I think I recall seeing emails in the last year that they were deleting my account due to activity. Which probably means they both exist and that name is right.
-
@mcc Oh, yes, it does require there to be a good option. And I have not done the research.
Dashlane is another 1Pass (centralised webservice password manager). I've been using *Warden for a long time now. I have no idea why I chose Dashlane, or if they still exist.
Heck, the name might be wrong. Although I think I recall seeing emails in the last year that they were deleting my account due to activity. Which probably means they both exist and that name is right.
@LovesTha Thanks.
Looking it up, there is no Linux GUI client for Dashlane. So maybe I won't go for it.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc I've pinned my KeePassXC version to the last one without AI-generated code.
-
@mcc I've pinned my KeePassXC version to the last one without AI-generated code.
@redfire Which version is that, by the way?
-
@redfire Which version is that, by the way?
@mcc Not at my computer currently but I believe its 2.7.9.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc I am honestly a bit scared to find out which projects use gen AI. I do not want any of such code running on any of my devices.
-
@nina_kali_nina @luana @mcc Great. Password manager migration was really not what I needed on my to do list right now
-
One thing for sure, I’ve got a fire under my butt to get out of 1password pretty quick.
@johnlehet @mcc I knew 1password was getting worse, my renewal is soon and that's not happening now. Someone in thread said keepass 2.x isn't infected with AI. There's passwordstore.org and passky.org which I just learned about. Honestly I'm not sure what to try, this is a big PITA.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc So uh I have bad news about this Linux thing...
-
@nina_kali_nina I was tempted to do Vaultwarden, but the Bitwarden clients are affected so I don't think that'd help much. Might be an okay stop-gap until I have the time to invest in it properly.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Which reminds me, how is the reimplementation of Bitwarden, Vaultwarden, doing in that regard? I'm using the latter precisely because I'm wary of depending on a commercial product that happens to be open-source, but can yank the open licensing at any point in time. -
@itamarst Well, there is no universe where I would consider using 1password, but I guess that's still good to know
@mcc @itamarst I thought KeePassXC required human reviews / unit tests in order to mitigate any llm harms. Did that change?
More broadly, I don't really see how you can prove no LLMs were involved in code contributions if they are actually contributed by a human. Prove you used emacs or vi and didn't compile it ever on a cloud service? (I'm not happy about that state of affairs, mind you)
I suppose we can start adding some sort of watermark on code?
-
@WideEyedCurious @Lingmops @mcc Wondering if there's a way to save OTP derivation keys in an encrypted file, then use the CLI to decrypt and then derive the current six-digit code.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Aw man that sucks. Why would they... Ugh.
-
@luana@wetdry.world @mcc@mastodon.social @ariadne@social.treehouse.systems wouldn't you have to have a database of packages that don't contain LLM-written code? i don't think it's readily available
-
@mcc KeePass 2 is clean.
If you're looking for an alternative to KeePassXC, GNOME Secrets is pretty much a drop-in replacement.
-
@mcc Excuse an undereducated question from a long term 1password user who is going to move from it now: is the issue with “random code generators” that random passwords generated by these apps are easy to crack?
I’m looking at moving to Keepassium and as I understand it each of these apps in this family have different code to do password generating and are thus all different.
@johnlehet @mcc My educated guess is the problems are more likely to be things like
- sync protocol has a security flaw that makes it possible for malware in coffee shop wifi router to learn all your passwords
- sync protocol just plain stops working
- restoration of offline backups stops working, nobody notices for months
