I want this but as a Linux distribution.
-
@mcc Which reminds me, how is the reimplementation of Bitwarden, Vaultwarden, doing in that regard? I'm using the latter precisely because I'm wary of depending on a commercial product that happens to be open-source, but can yank the open licensing at any point in time.
@csolisr i'm told elsewhere in thread that vaultwarden has not accepted AI code, but vaultwarden replaces the *server*, not the client, right?
-
@argv_minus_one @elfin I do not use keepassxc
EDIT: checking google there *is* a "Keepass2Android", one assumes forked from the original keepass
-
@luana@wetdry.world @mcc@mastodon.social @ariadne@social.treehouse.systems wouldn't you have to have a database of packages that don't contain LLM-written code? i don't think it's readily available
@ariadne @mcc @xarvos that would be the pretty way. Another pretty way would be having nixpkgs maintainers add that info.
I said it was an awful way that would require full system building for a reason, I imagine it’s possible to override the default check phase or even the fetchers to check the downloaded src for .copilot and alike and fail if present.
-
@johnlehet @mcc I knew 1password was getting worse, my renewal is soon and that's not happening now. Someone in thread said keepass 2.x isn't infected with AI. There's passwordstore.org and passky.org which I just learned about. Honestly I'm not sure what to try, this is a big PITA.
@maaneeack @mcc StrongBox has been sold to a company with maybe iffy success with the products they have acquired. I had first hand experience with their mess-up of the Mac utility Bartender, which I bailed on after their version.
-
@WideEyedCurious
If you're ok with local storage and local replication rather than "cloudy", there's pwsafe. You could keep the db in some less local storage, I guess.
https://www.pwsafe.org/index.shtml -
@argv_minus_one @elfin I do not use keepassxc
EDIT: checking google there *is* a "Keepass2Android", one assumes forked from the original keepass
@mcc @argv_minus_one @elfin I use https://www.keepassdx.com/ on android, and sync the file over with Syncthing.
I don't THINK either of those projects use LLMs, but I haven't been machmir about poring over careful details when checking.
-
@mcc I admit I don't know the KeePass ecosystem terribly well, but does this go "up the chain" to regular KeePass 2.x or is it just XC?
@greyduck @mcc From all that I have seen regarding The Original KeePass (authored by Dominik Reichl in C# for .NET/Mono) has made no mention of AI pollution. How Mono are handling AI I haven't looked at, but for .NET: Microsoft is as they are.
KeePassXC (maintained by the KeePassXC team in C++ using the QT toolkit) announced the use of AI and then clarified the scope later. KeePassXC is a separate project that uses the keepass vault format but it its own thing.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc yikes
-
@chopsstephens @jcnotwit @mcc But there are forks of the pre-vibecoded XC now, no need to switch to a whole other program.
-
@mcc I do think we (as a comunmity) should build a database of public repos that have any genAI related commits/config files, that would be a good start to flag thoses.
@mary @mcc There was an effort to do this called open-slopware, but the creator got harassed by LLM apologists into deleting it and leaving open-source. After that, people who had local forks put them up and began working on their own versions. I was dissatisfied with the layout of the previous version, so myself and a few other contributors to open-slopware created https://codeberg.org/ai-alternatives/llm-afflicted-software hoping to avoid the pitfalls of the previous repo. It's not perfect, but it is chugging along slowly.
-
@mary @mcc There was an effort to do this called open-slopware, but the creator got harassed by LLM apologists into deleting it and leaving open-source. After that, people who had local forks put them up and began working on their own versions. I was dissatisfied with the layout of the previous version, so myself and a few other contributors to open-slopware created https://codeberg.org/ai-alternatives/llm-afflicted-software hoping to avoid the pitfalls of the previous repo. It's not perfect, but it is chugging along slowly.
@mary @mcc The major changes made were:
1. yaml instead of markdown so its machine-readable (I want to develop a tool chat checks your system for llm software).
2. Requiring signoffs and signing of commits to limit troll submissions through annoyance (LLM apologists were brigading open-slopware with genAI MRs and one got in)
3. More carefully vetting sources and reasons for submissions so only actually "bad" projects are added. -
@argv_minus_one @elfin I do not use keepassxc
EDIT: checking google there *is* a "Keepass2Android", one assumes forked from the original keepass
@mcc@mastodon.social @argv_minus_one@mastodon.sdf.org @elfin@mstdn.social I've been using keepass2android for a long time, and have been quite happy with it. I haven't poked deeply at it to check for LLM use, but there's nothing obvious in the contributor's graph (a single unlinked copilot commit of 1+ 1-)
-
@mcc Yeah, KeePassXC going this route really hurt. I'm probably going to migrate back to a text file encrypted with gnupg for basic password management, but I have no idea what I'm going to use for one-time passcodes.
@jcnotwit for one-time passcodes you could use this standalone desktop application: https://apps.gnome.org/Authenticator/
@mcc -
@nina_kali_nina @lunarloony @luana @mcc time to get crackin' on your escape hatch for those not already using the keypass file format: https://gitlab.gnome.org/World/secrets/-/issues/509
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc not sure if anyone mentioned a passkey. For me it's good compromise security and convince wise. My yubikey works ok with laptop and phones too.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc@mastodon.social
I think #debian has you covered.
Didn't encounter an AI there
Edit: ooh, you meant as tool to create the system, not as part of the system....
Never mind...
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc Taking an undifferentiated position against genAI tech as whole is about the stupidest thing we - as “the left”
️ - could be doing. The same is true for software engineers btw. (1/3) -
I love object oriented C (no not C++) but it is not sustainable to use it for most tasks. I enjoy writing python code, but for simple CLI tools Claude is much faster at it than me and delivers high quality whe steered correctly. Do I have a local setup with devstral running on solar power already? No, but I certainly plan to have that in 1 year from now. (2/3)
Of course there’s way too much bullshit software being created and using genAI to do that l while consuming vast amounts of resources is a problem, but that doesn’t mean Anti-AI is a valid position. (3/3)
-
@mcc Taking an undifferentiated position against genAI tech as whole is about the stupidest thing we - as “the left”
️ - could be doing. The same is true for software engineers btw. (1/3)I love object oriented C (no not C++) but it is not sustainable to use it for most tasks. I enjoy writing python code, but for simple CLI tools Claude is much faster at it than me and delivers high quality whe steered correctly. Do I have a local setup with devstral running on solar power already? No, but I certainly plan to have that in 1 year from now. (2/3)
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc KeepassXC as well? I have a hard time as it is to trust a password manager. It seems I have to write my own?
