I want this but as a Linux distribution.
Uncategorized
55
Posts
25
Posters
1
Views
-
@mcc @itamarst my prediction is that they will pretend that once there are a few more truly catastrophic stories in the press, like if a whistleblower shows up to conclusively prove that Microsoft *knows* copilot is causing all the Windows bugs that everyone suspects it is, they will simply change the copy on their website to indicate that they were always against this and they were never fooled, and there will not be consequences for anyone involved
-
@Brett_E_Carlock the problem is removing any one tool from my life is a relatively large time investment and projects are adding "boycott me" flags faster than I can switch to or create alternatives
@mcc Yeah, absolutely. Thankfully so far these changes have all been low-stakes for me, but they are disruptive none-the-less.
As a fairly recent full time Linux everywhere user, something as stupid as changing my music manager app was a pretty significant shakeup. Twice, back to back, no less, after finally settling on each one. Enough that I had to package an entirely different media manager to use, since I had no other options I remotely enjoyed using.
Again, whinging, but the pattern holds
-
@mcc I admit I don't know the KeePass ecosystem terribly well, but does this go "up the chain" to regular KeePass 2.x or is it just XC?
@greyduck @mcc probably best to ask Mr Reichel here: https://sourceforge.net/p/keepass/discussion/329220/
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Canceled my subscription, told them why and now am deciding on if I even want to keep my own vaultwarden instance.
I can't trust the clients anymore, so i'm freezing updates to the apps - but that's a security time-bomb in and of itself.
Guess I'm doing a forced password manager migration in 2026 as well.
Thank you (and fuck them) for the information. I'm slightly annoyed that this is the first i've heard of it and Bitwarden published some BS about being all-in on agentic foolishness late last year.
-
@mcc Yeah, absolutely. Thankfully so far these changes have all been low-stakes for me, but they are disruptive none-the-less.
As a fairly recent full time Linux everywhere user, something as stupid as changing my music manager app was a pretty significant shakeup. Twice, back to back, no less, after finally settling on each one. Enough that I had to package an entirely different media manager to use, since I had no other options I remotely enjoyed using.
Again, whinging, but the pattern holds
@mcc Low-stakes, and I have options.
What about for more significant/critical tools for folks? What about when there aren't real options?
What about for folks that can't just build and package something else?
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc oh yikes wtf please not bitwarden
-
@ariadne I am, in a flippant and general way, saying I want to eradicate all code with "AI code assistant" contributions from my computer and VPSes, but I do not currently know a way to do so. I keep having programs I previously installed add the poison after the fact without public notice. https://mastodon.social/@mcc/116110912928005524
Perhaps in future I will have to use Alpine Linux if that's how I get my code audited for no "AI" contributions.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc
There is this thing called "debian" and "suse" -
@mcc Vaultwarden bundle a custom version of the web client but it's basically the official one with stuffs renamed around at best.
So yeah in my case, I would fork the client, make a new one or audit the client changes each time I update the server side...
(For reference, most of my services are not exposed on the internet so I can limit the downfall of most things by pinning and audit things when updating even if it's not really practical)
-
@mcc Vaultwarden bundle a custom version of the web client but it's basically the official one with stuffs renamed around at best.
So yeah in my case, I would fork the client, make a new one or audit the client changes each time I update the server side...
(For reference, most of my services are not exposed on the internet so I can limit the downfall of most things by pinning and audit things when updating even if it's not really practical)
@mary Still trying to figure out what a pure open source version of React Native would look like. Writing React Native apps currently seems to require using something called "expo" which is theoretically open source but it refuses to run unless you sign up for a specific online service and sign a terms & conditions with questionable terms
-
@mcc Vaultwarden bundle a custom version of the web client but it's basically the official one with stuffs renamed around at best.
So yeah in my case, I would fork the client, make a new one or audit the client changes each time I update the server side...
(For reference, most of my services are not exposed on the internet so I can limit the downfall of most things by pinning and audit things when updating even if it's not really practical)
@mcc I do think we (as a comunmity) should build a database of public repos that have any genAI related commits/config files, that would be a good start to flag thoses.
-
@mcc I do think we (as a comunmity) should build a database of public repos that have any genAI related commits/config files, that would be a good start to flag thoses.
@mary yeah. right now by the time you find out a project has an LLM infection you don't know which commit you even want to fork from
-
@WideEyedCurious @Lingmops @mcc There was a time I used an AES encrypted ZIP file for passwords, and when I wanted one out, I would decrypt it to the console
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Let me tell you something more scary: These projects accept code contributions from random people they don't know, they never meet. Nobody knows these contributors' skill level, their mental health status, the acutal intend. They might be sloppy coders introducing bugs every other line. They could be maniacs. They could be evil nations' agents trying to implement backdoors.
Why doesn't this scare you?
-
RE: https://wellduck.me/@greyduck/116110983001607000
I would like the answer to this question as well.
@mcc I had a look along those lines a while ago - I'm no longer using keepassxc, but there are independent implementations using the file format which I do use. What I really want is password-age with a good Android support though.
-
@mary Still trying to figure out what a pure open source version of React Native would look like. Writing React Native apps currently seems to require using something called "expo" which is theoretically open source but it refuses to run unless you sign up for a specific online service and sign a terms & conditions with questionable terms
@mcc I personally haven't used React Native but this seems to track with what I heard about Expo on the "develop and deploy your dev app on Android and iOS" but I think it's possible to build everything locally too even if it's maybe tedious? Anyway something that need digging and testing with dev app instead https://docs.expo.dev/guides/local-app-production/
-
@mcc I personally haven't used React Native but this seems to track with what I heard about Expo on the "develop and deploy your dev app on Android and iOS" but I think it's possible to build everything locally too even if it's maybe tedious? Anyway something that need digging and testing with dev app instead https://docs.expo.dev/guides/local-app-production/
@mary yeah, but if a build and deploy means making and deploying an apk then there's some question why you're using react native at all.
i think it ought to be possible to do all this by just forking expo/expoapp and removing the arbitrary dependency on the web service.
-
RE: https://wellduck.me/@greyduck/116110983001607000
I would like the answer to this question as well.
@mcc KeePass 2 is clean.
-
undefined oblomov@sociale.network shared this topic
-
@mcc oh yikes wtf please not bitwarden
-
@mcc I do think we (as a comunmity) should build a database of public repos that have any genAI related commits/config files, that would be a good start to flag thoses.
@mary@chaos.social someone did this and people immediately started using it as a list of people to start targeted harassment campaigns against
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@danjones000 @Matt_Noyes It does not hurt to try to reduce those emissions; reducing any emissions is good.
But shaming people for using AI as if they are solely responsible for climate change is intellectually dishonest.
There are plenty of other problems with AI; "burning up the planet" is not a convincing one.
-
@sako this looks so beautiful!
-
@danjones000 @Matt_Noyes electricity is only about 1/3 of global emissions. All data centers, including AI datacenters, are only 1% of electricity usage. That makes 0.3% of total emissions.
Much more emissions are due to cars, meat, cement production and rice cultivation.
I recognize that AI has a lot of electricity use; it is nothing compared to the other things you do with your time.
-
Energy from training
-
Oh no, Deep Space Nine auto-played after Starfleet Academy. Now I have to watch the whole thing for the third or fourth time. No other option, I guess.
-
Another application for AI. Have an AI bot go to a conference for me and listen to everything. Only tell me about the things that I would be interested in.
-
@evan@cosocial.ca The article that @Matt_Noyes@social.coop posted in the thread pretty clearly laid out the massive amount of electricity that AI data centers are using. That article isn't the only one saying the same thing. AI is using massive amounts of power.
Traditional server racks consume 5-15 kW, while AI-optimized racks with high-performance GPUs require 40-60+ kW. Some cutting-edge AI training facilities are pushing individual racks to 100+ kW, fundamentally changing data center design and cooling requirements. (ref)
It doesn't really matter if the power is coming from requests to the API, running the models, training the models, or making ritual sacrifices to Baphomet in hopes of making the models sentient.
If someone is using AI, they are indirectly contributing to that power usage. If you can acknowledge that and make peace with it, fine. But, saying that the energy cost is minimal in light of this is ignoring reality.
-
@sako Oh I loved banter with protagonist. Playing OneShot left deep impression on me even years after "checks steam"(last played 2019!?) so hope you succeed! Did a brief look on demo (for now) but positional tactics gameplay already was hook for me, so looking forward for the game in the future!
