I want this but as a Linux distribution.
Uncategorized
207
Posts
103
Posters
4
Views
-
One thing for sure, I’ve got a fire under my butt to get out of 1password pretty quick.
@johnlehet @mcc I knew 1password was getting worse, my renewal is soon and that's not happening now. Someone in thread said keepass 2.x isn't infected with AI. There's passwordstore.org and passky.org which I just learned about. Honestly I'm not sure what to try, this is a big PITA.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc So uh I have bad news about this Linux thing...
-
@lunarloony @luana @mcc but it's like: where to? 😔
@nina_kali_nina I was tempted to do Vaultwarden, but the Bitwarden clients are affected so I don't think that'd help much. Might be an okay stop-gap until I have the time to invest in it properly.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Which reminds me, how is the reimplementation of Bitwarden, Vaultwarden, doing in that regard? I'm using the latter precisely because I'm wary of depending on a commercial product that happens to be open-source, but can yank the open licensing at any point in time. -
@itamarst Well, there is no universe where I would consider using 1password, but I guess that's still good to know
@mcc @itamarst I thought KeePassXC required human reviews / unit tests in order to mitigate any llm harms. Did that change?
More broadly, I don't really see how you can prove no LLMs were involved in code contributions if they are actually contributed by a human. Prove you used emacs or vi and didn't compile it ever on a cloud service? (I'm not happy about that state of affairs, mind you)
I suppose we can start adding some sort of watermark on code?
-
@WideEyedCurious @Lingmops @mcc Wondering if there's a way to save OTP derivation keys in an encrypted file, then use the CLI to decrypt and then derive the current six-digit code.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Aw man that sucks. Why would they... Ugh.
-
@mcc KeePass 2 is clean.
If you're looking for an alternative to KeePassXC, GNOME Secrets is pretty much a drop-in replacement.
-
@mcc Excuse an undereducated question from a long term 1password user who is going to move from it now: is the issue with “random code generators” that random passwords generated by these apps are easy to crack?
I’m looking at moving to Keepassium and as I understand it each of these apps in this family have different code to do password generating and are thus all different.
@johnlehet @mcc My educated guess is the problems are more likely to be things like
- sync protocol has a security flaw that makes it possible for malware in coffee shop wifi router to learn all your passwords
- sync protocol just plain stops working
- restoration of offline backups stops working, nobody notices for months
-
@argv_minus_one @elfin that's great, but can it interop with a phone?
-
@mcc @itamarst I thought KeePassXC required human reviews / unit tests in order to mitigate any llm harms. Did that change?
More broadly, I don't really see how you can prove no LLMs were involved in code contributions if they are actually contributed by a human. Prove you used emacs or vi and didn't compile it ever on a cloud service? (I'm not happy about that state of affairs, mind you)
I suppose we can start adding some sort of watermark on code?
"I thought KeePassXC required human reviews / unit tests in order to mitigate any llm harms. Did that change?"
I literally don't give a shit. If you think it's OK to generate computer source code from a neural network, I don't trust yr judgement enough to trust your code reviews.
"More broadly, I don't really see how you can prove no LLMs were involved in code contributions if they are actually contributed by a human."
Same way you enforce any policy against stolen code
-
-
@argv_minus_one @elfin that's great, but can it interop with a phone?
-
@mcc Which reminds me, how is the reimplementation of Bitwarden, Vaultwarden, doing in that regard? I'm using the latter precisely because I'm wary of depending on a commercial product that happens to be open-source, but can yank the open licensing at any point in time.
@csolisr i'm told elsewhere in thread that vaultwarden has not accepted AI code, but vaultwarden replaces the *server*, not the client, right?
-
@argv_minus_one @elfin I do not use keepassxc
EDIT: checking google there *is* a "Keepass2Android", one assumes forked from the original keepass
-
@ariadne @mcc @xarvos that would be the pretty way. Another pretty way would be having nixpkgs maintainers add that info.
I said it was an awful way that would require full system building for a reason, I imagine it’s possible to override the default check phase or even the fetchers to check the downloaded src for .copilot and alike and fail if present.
-
@johnlehet @mcc I knew 1password was getting worse, my renewal is soon and that's not happening now. Someone in thread said keepass 2.x isn't infected with AI. There's passwordstore.org and passky.org which I just learned about. Honestly I'm not sure what to try, this is a big PITA.
@maaneeack @mcc StrongBox has been sold to a company with maybe iffy success with the products they have acquired. I had first hand experience with their mess-up of the Mac utility Bartender, which I bailed on after their version.
-
@WideEyedCurious
If you're ok with local storage and local replication rather than "cloudy", there's pwsafe. You could keep the db in some less local storage, I guess.
https://www.pwsafe.org/index.shtml -
@argv_minus_one @elfin I do not use keepassxc
EDIT: checking google there *is* a "Keepass2Android", one assumes forked from the original keepass
@mcc @argv_minus_one @elfin I use https://www.keepassdx.com/ on android, and sync the file over with Syncthing.
I don't THINK either of those projects use LLMs, but I haven't been machmir about poring over careful details when checking.
-
@mcc I admit I don't know the KeePass ecosystem terribly well, but does this go "up the chain" to regular KeePass 2.x or is it just XC?
@greyduck @mcc From all that I have seen regarding The Original KeePass (authored by Dominik Reichl in C# for .NET/Mono) has made no mention of AI pollution. How Mono are handling AI I haven't looked at, but for .NET: Microsoft is as they are.
KeePassXC (maintained by the KeePassXC team in C++ using the QT toolkit) announced the use of AI and then clarified the scope later. KeePassXC is a separate project that uses the keepass vault format but it its own thing.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Oscar Wilde, dallo scandalo al simbolo LGBTQ+: “Oggi è un’icona del movimento gay. Sarebbe orgoglioso e felice”, parla il nipote Merlin Holland
https://www.gay.it/oscar-wilde-nipote-merlin-holland-icona-gay
> Il nipote di Oscar Wilde, Merlin Holland, racconta il ritorno a Tite Street e il libro After Oscar, ripercorrendo lo scandalo del 1895 e la trasformazione dello scrittore in icona LGBTQ+ della cultura europea.
-
EdwardMO (@emo777.bsky.social)
https://bsky.app/profile/emo777.bsky.social/post/3mfjdarfffs27
> The English comic actor, director and writer appeared with his comedy partner Oliver Hardy in over a hundred short films, feature films and cameo roles... Stan Laurel June 6, 1890 – February 23, 1965
-
Sentimaaaa …
Il massaggiatore clitorideo sonico…Eh?!
LELO SONA™ 3 Cruise, il sex toy che riscrive il piacere clitorideo: la mia esperienza in coppia e da solə
https://www.gay.it/lelo-sona-3-cruise-recensione
> Abbiamo testato LELO SONA™ 3 Cruise fino in fondo: piacere clitorideo sonico, controllo dell’orgasmo e un modo nuovo di vivere il desiderio, in coppia e in solitaria.
-
미스키에서도, 마스토돈에서도, 해커스펍에서도 호환이 되는 밋업 플랫폼 만들고 있는데 관심있으신분
-
Brutto periodo per le tesi salviniane sulla legittima difesa...
RE: flipboard.com/users/ilPost/sta…
-
@maudel
I nostri angeli.
-
Fedify로 어디까지 할 수 있나 프로덕션에서 실험하는 사람이 돼
-
Comunque si chiama "caffè con l'aria piccola"
