I want this but as a Linux distribution.

mcc@mastodon.social

@m oh… this post was meant to be a reply to your post https://mastodon.social/@mcc/116115453811522063

gabrielesvelto@mas.to

@fabrice I don't know. I remember using IntelliJ tools for doing significant refactoring on an old Java codebase some 15+ years ago and they were already quite powerful. I don't know why anyone who did not use those kind of tools in the past suddenly feels like an unreliable system is a good idea for mechanical refactoring. 🤷

xek@hachyderm.io

@Moore @graydon You've both been around as long as I have, so you've seen this: for literal decades, the "tech" industry has increasingly been "slap together a bunch of open source code to implement a product innovation, without any meaningful technical innovation." LLMs are just the culmination of that process, removing the expensive open-source-gluers from the equation, and, as a bonus, creating code that has been laundered clean of any pesky licensing concerns.

If you play this arc out, it suggests the loss of "indigenous" technical capabilities for anyone but the LLM companies. This is very, very dangerous, given that we seem to be slipping into a global oligarchy.

Very early on, Brazil heavily regulated computer imports, mostly to guarantee that they weren't fully reliant on foreign-origin technology. They understood that embracing tech exclusively owned by the US and Europe was inviting a new form of colonialism. LLMs are the same thing, just in a very cyberpunk corporate feudalism sort of way.

gsprs@mastodon.social

@mawhrin I couldn’t ask for an example of holier than thou attitude and proselytizing better than the first half of this post, the other half honestly looks like parody after reading it.

mawhrin@circumstances.run

@gsprs the only people who complain about virtue signalling are the gobshites: the racists, the white supremacists, the misogynists, you know the type.

gsprs@mastodon.social

@mawhrin And Merriam-Webster too, don’t forget to add them to your list!

https://www.merriam-webster.com/dictionary/virtue%20signaling

> the act or practice of conspicuously displaying one's awareness of and attentiveness to political issues, matters of social and racial justice, etc., especially instead of taking effective action

mawhrin@circumstances.run

@gsprs it's a dictionary; it does not make judgements, merely records usage.

you, on the other hand, make judgements after showing unasked in a thread where you felt compelled to involve yourself in a confabulation machinery advocacy.

and now, have an adequate evening.

gsprs@mastodon.social

@mawhrin And the usage it records is negative, look up what “conspicuously” means.

mawhrin@circumstances.run

@gsprs i see. now: can you tell me in your own words what's wrong with being virtuous and ethical?

viralobscurity@mstdn.social

@mcc bitwarden ffs. I manage a paid family bitwarden plan and I'm happy with the service but I was planning on moving to proton family pass because of cutting down on us tech & now this

The problem I have with proton pass is that you can't add an account to the family plan if it already has paid proton services so that rules that out as an option

I'm not removing someone's mail plus just to add them to a family pass plan so I'll have to stick with bitwarden a little longer & see how things go

fabrice@fosstodon.org

@gabrielesvelto Because it's super easy to just type "rename this component from X to Y" without knowing details about what you're actually doing.

timbray@cosocial.ca

@nina_kali_nina @luana @mcc Well to be fair, it was reviewed by ten humans and did pass all the tests: https://github.com/bitwarden/clients/pull/18584

Even given that, I still find the future opaque; will things sort out after the bubble pops in such a way that there's a sane/safe way to get value out of Claude-like software? I'm pretty convinced that YOLO-flavored vibe coding is a path going nowhere but baffled as to how things end up.

codinghorror@infosec.exchange

@hack_char @mcc @nina_kali_nina no code should ever be committed without review

bacteriostat@infosec.exchange

@mcc I can guarantee you that the Linux kernel and MacOS/Windows are getting code contributions by "random code generators" as you have put because most of the code pushed on to these projects are by engineers hired by big corporates who mostly have LLM subscriptions.

It is better to acknowledge and understand a tool than to spread FUD about it. I am no AI flag hoister but you are just scaring people away from genuinely good tools (password managers in this case) maintained by the same people for years.

KeePassXC is totally offline which reduces the attack vector a lot anyway. And the file format is open so you can pick from many clients if you don't trust KeePassXC maintainers.

liw@toot.liw.fi

@mcc There are more password managers than those two, of course. I use GNOME Secrets as a desktop GUI application for some things. For the command line there's pass (https://www.passwordstore.org/), which uses GnuPG.

I use my own sopass (https://sopass.liw.fi/), which I wrote myself.

CLI isn't for everyone, but I'm sure we don't need to despair.

mcc@mastodon.social

@liw Are you aware of any good options for an Android phone?

liw@toot.liw.fi

@mcc I'm afraid not. I don't use my phone for anything where I'd need a password manager.

quaff@thecanadian.social

@mcc You can avoid KeePassXC altogether. It's the nicest desktop client for your keepass DB, but you don't need to use it.

I am keeping an eye out for another fork for keepassxc if this goes on longer. On Android, you can use KeePassDX.

lespocky@machteburch.social

@nina_kali_nina @lunarloony @luana @mcc This is why I use pass [1] despite its friction. It is just shell, pgp and git. I have zero trust issues with that setup.

[1] https://www.passwordstore.org/

lespocky@machteburch.social

@jcnotwit @mcc There is pass and it is exactly text files, pgp, and git: https://www.passwordstore.org/