I want this but as a Linux distribution.
Uncategorized
207
Posts
103
Posters
5
Views
-
@aiono @lunarloony @nina_kali_nina what do you mean with "official"? It is open source. You can check all code, even compile it yourself. It is all individuals who build and maintain it. There is no big company backing it.
@lhengstmengel @lunarloony @nina_kali_nina By official I mean officially supported/endorsed by the pass project.
Yes all the code is out there, but I won't going to read all the code changes for every update. Since it's for a password manager, I am extra cautious.
-
@lhengstmengel @lunarloony @nina_kali_nina By official I mean officially supported/endorsed by the pass project.
Yes all the code is out there, but I won't going to read all the code changes for every update. Since it's for a password manager, I am extra cautious.
@aiono @lunarloony @nina_kali_nina
Yeah as I said, like many open source, it is all a community effort by individuals. There is a link from the official project page to an older version of the android app, it has been archived but you can still download the apk and it still works. The version in the app store is a fork that just implements fixes and dependency updates. There is no new functionality. I would say it is more open and reliable than any of the closed source alternatives.
-
@aiono @lunarloony @nina_kali_nina
Yeah as I said, like many open source, it is all a community effort by individuals. There is a link from the official project page to an older version of the android app, it has been archived but you can still download the apk and it still works. The version in the app store is a fork that just implements fixes and dependency updates. There is no new functionality. I would say it is more open and reliable than any of the closed source alternatives.
@lhengstmengel @lunarloony @nina_kali_nina To be clear, it seems like the best option in the pass ecosystem, and I prefer open source apps. Still, using an app for my passwords means I put a lot of trust on the developer. I don't think developers of this app have any ill intentions, but it's always possible that a malicious change gets through which would be catastrophic for a password manager. Ideally I want my trust chain to be very minimal for something like password manager.
-
@lhengstmengel @lunarloony @nina_kali_nina To be clear, it seems like the best option in the pass ecosystem, and I prefer open source apps. Still, using an app for my passwords means I put a lot of trust on the developer. I don't think developers of this app have any ill intentions, but it's always possible that a malicious change gets through which would be catastrophic for a password manager. Ideally I want my trust chain to be very minimal for something like password manager.
@aiono @lunarloony @nina_kali_nina yes I feel you. There's always a trust component. Indeed there have been nasty exploits in open source as well. Remember xz?
Alternatively you would need to build everything yourself. But then there's the "competency" issue. I am just not competent enough with encryption to be sure that I am implementing everything correctly, and not introducing possible exploits. And there's the "time" issue as well, of course. So I choose to trust the devs.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc At which point are such applications just Claude with a logo tacked on?
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Unclear about how KeePassXC is somehow compromised by using random key generators. The parameters are set by the user, and it is optional in any case. So what exactly is the problem here?
-
@liw Are you aware of any good options for an Android phone?
@mcc
I use keepassxc on my laptop, which is synced using nextcloud to my phone. There, I use keepassdx which is able to read the same files.
https://f-droid.org/packages/com.kunzisoft.keepass.libre
@liw -
@mcc
I use keepassxc on my laptop, which is synced using nextcloud to my phone. There, I use keepassdx which is able to read the same files.
https://f-droid.org/packages/com.kunzisoft.keepass.libre
@liw -
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc I emailed BitWarden about this and their response was, literally, "our code is open source, so it's fine."
The shit sandwich they're making isn't more appetizing because they do it in public view. Promtpfondlers are somehow even worse than Bitcoin dweebs.
-
@mcc Unclear about how KeePassXC is somehow compromised by using random key generators. The parameters are set by the user, and it is optional in any case. So what exactly is the problem here?
@jeffmcneill "code" in this post refers to source code, e.g., the form of a computer program designed for reading and changing
-
@mcc the double (triple?) entendre of "random code generator" here is really upsetting
-
@sanityinc @glyph the thing that makes it problematic is not that it is artificial or tool-driven the problem is that it is thoughtless¹
we spent a hundred years with fiction training people to think of "AI" as "a thing which thinks, but in a different way" and this is now serving as marketing cover for a thing which actually does not think
¹ and also, the other problems
-
@sanityinc @glyph the thing that makes it problematic is not that it is artificial or tool-driven the problem is that it is thoughtless¹
we spent a hundred years with fiction training people to think of "AI" as "a thing which thinks, but in a different way" and this is now serving as marketing cover for a thing which actually does not think
¹ and also, the other problems
-
@sanityinc @glyph also at any one time maybe it's being puppeted by a human or a state intelligence service, who knows, the cloud service is a black box
-
RE: https://wellduck.me/@greyduck/116110983001607000
I would like the answer to this question as well.
When I say "fork every software project containing code by by 'AI code assistants', starting at the commit before the slop is known or believed to have been added, and resume from there", I really do mean every project
https://donotsta.re/objects/8e2166c6-3e0f-4ea3-8a29-3008702a39f7
-
When I say "fork every software project containing code by by 'AI code assistants', starting at the commit before the slop is known or believed to have been added, and resume from there", I really do mean every project
https://donotsta.re/objects/8e2166c6-3e0f-4ea3-8a29-3008702a39f7
@mcc unfortunately it's a more viable solution to "just" switch to a different backend than to maintain an organizationally separate long time llvm fork...
-
@mcc unfortunately it's a more viable solution to "just" switch to a different backend than to maintain an organizationally separate long time llvm fork...
@whitequark This would all be much easier if GNU would switch their position from "We had a discussion in a meeting once and we think probably LLM generated code is not eligible to be GPLed" to "no GNU project will accept LLM generated patches'
-
When I say "fork every software project containing code by by 'AI code assistants', starting at the commit before the slop is known or believed to have been added, and resume from there", I really do mean every project
https://donotsta.re/objects/8e2166c6-3e0f-4ea3-8a29-3008702a39f7
@mcc I've been surprised at how little pushback against "AI" code I've seen in major open source projects, but perhaps I shouldn't be. There's the old guard who deliberately muddled the meaning of freedom and encouraged corporate exploitation of open source, and after decades of that, a lot of open source software organizations seem to be fronts for major corporations.
-
@mcc 1Password says "We want team members at all levels to take the approach of actively learning AI best practices, identifying opportunities to apply AI in meaningful ways, and driving innovative solutions in their daily work. Embracing the future of AI isn't just encouraged at 1Password—it's an essential part of how we will be successful at 1Password."
Pretty upset about KeepassXC on a personal level.
@itamarst @mcc That quote about 1password’s approach to AI is on this page:
https://jobs.ashbyhq.com/1password/a6b45c96-d055-4dbd-844f-674b4c41298f
As for me, I have completed my move out of 1password. Subscription expires pretty soon. Have a family member to move out too.
-
When I say "fork every software project containing code by by 'AI code assistants', starting at the commit before the slop is known or believed to have been added, and resume from there", I really do mean every project
https://donotsta.re/objects/8e2166c6-3e0f-4ea3-8a29-3008702a39f7
@mcc fork it now or fix it later
Gli ultimi otto messaggi ricevuti dalla Federazione
-
People like to complain about Linux' lack of support for backwards compatibility, and I have been bitten by that myself, but this is even more frustrating, because: (1) this is stuff I paid for and (2) since it's not open source, I can't even try to hack my way around it. It's ridiculous that in 2026 the still only operating system that seems to have gotten backwards compatibility right is frigging Microsoft Windows.
-
@HMLivy @theleftistlawyer I'm asking how do you become one of those people who says things like "my attorney" and not proclaiming that i live under a rock
-
-
As a consequence of this, I have lost executable access to a nontrivial amount of games that I purchased via Humble Bundles. For some of them I could maybe get in touch with the developers IF they are still in business and see if they can offer access to the Google Store version for owners of the Humble version, but that's a lot of authors to get in touch with, some of which have either stopped developing for Android altogether, or have stopped working on that particular game/piece of software.
-
Firefox 148 is out with the new AI settings
Go to about:preferences#ai
-
In addition to that, backwards compatibility is limited. Newer versions of Android complain very loudly if you try to install apps written for older versions, and in some cases refuse to proceed altogether. This is obviously compounded by potential binary incompatibility due to varying hardware architecture for programs that include a native component, but for the most part it's at the OS level.
-
A “Macchie e Inchiostri” il ricordo di Mario Paciolla
@giornalismo
articolo21.org/2026/02/a-macch…
Serata intensa e partecipata, ieri all’ultimo appuntamento di “Macchie e Inchiostri”. “Abbiamo affrontato insieme il caso di Mario Paciolla, archiviato come suicidio, ma al centro della coraggiosa battaglia dei suoi
-
@ufficiozero @yoota decisamente! Microsoft è la migliore pubblicità per Linux 😂
