• ayyy@sh.itjust.worksEnglish
    5·
    26 minutes ago

    600 upvotes and only 10 downvotes on literal fake news. This community is brain dead trash.

  • gwen@lemmy.dbzer0.comEnglish
    6·
    43 minutes ago

    can we start reading the articles and not just the headlines??? it literally says it’s a packaging bug

  • ealoe@ani.socialEnglish
    5·
    43 minutes ago

    Some guy at bitwarden clicks a button wrong on a license drop-down option and all these people crawl out of the woodwork to declare the end of bitwarden being trustworthy. Nothing in the article or the company’s statements indicates an actual move away from open source. Big nothingburger

  • mli@lemm.eeEnglish
    21·
    2 hours ago

    Update: Bitwarden posted to X this evening to reaffirm that it’s a “packaging bug” and that “Bitwarden remains committed to the open source licensing model.”

    According to Bitwardens post here, this is a “packaging bug” and will be resolved.

  • Shape4985@lemmy.mlEnglish
    72·
    2 hours ago

    I use to always recommend bitwarden to people. Now i feel like an idiot for doing so with them switching up. Ill be making the effort to move to keepassxc soon and host it myself.

    • GHiLA@sh.itjust.worksEnglish
      1·
      1 hour ago

      …host it?

      …is there something I’ve been missing out on? Can one host a KeePass vault online? We have web apps? I only know about the Nextcloud ones. I’ve just been using syncthing and merging the conflicts when they happen.

  • Routhinator@startrek.websiteEnglish
    6·
    3 hours ago

    Alright does anyone have opinions on Nextcloud Passwords? There’s apps for it and it would sync to my Nextcloud.

    I hate this. Bitwarden has been a good app.

    • GHiLA@sh.itjust.worksEnglish
      2·
      1 hour ago

      Nextcloud passwords is just a client for a KeePass vault.

      I guess it’s as good or bad as that can be, but I’m sure it’s limited in functionality to KeePassxc with plugins.

      • Routhinator@startrek.websiteEnglish
        1·
        14 minutes ago

        TIL… Thanks.

        EDIT: Been playing with it a bit now and if it uses keepass as the DB the advantage I see right now is that having it in Nextcloud means automatic sync, and there are several autofill and syncing apps for various OSes and password sharing and automated checks for breaches. It’s probably a better option for anyone with Nextcloud than going the Keepassxc/syncthing route.

  • cmrn@lemmy.worldEnglish
    105·
    16 hours ago

    How many times do I need to pack up and move to the next “best option”

      • doktormerlin@feddit.orgEnglish
        1·
        48 minutes ago

        That’s far from the best option. It’s working, but it’s super complicated compared to Bitwarden and other cloud password managers. Imagine telling your grandma “just use keepass”, she would never be able to make it work. But Bitwarden? Lastpass? That’s possible

    • JustARaccoon@lemmy.worldEnglish
      47·
      15 hours ago

      Sadly as many times as needed, complacency is how these companies get “loyal customers” who are willing to put up with bs

  • ShittyBeatlesFCPres@lemmy.worldEnglish
    1192·
    18 hours ago

    Oh, for fuck’s sake. Can we have a decent password manager that isn’t tied to a browser or company? I pay for Bitwarden. I’m not being cheap. But open source is more secure. We can look at the code ourselves if there’s a concern.

    • asap@lemmy.worldEnglish
      7·
      10 hours ago

      Nothing in the article or in the Bitwarden repo suggests that it’s moving away from open source

      • coolmojo@lemmy.worldEnglish
        1·
        33 minutes ago

        It is a license problem. The license condition of the SDK which is required to build the client app change to limit the usage of it. The new license states that you can only use the Bitwarden SDK for Bitwarden. It is against the Freedoom-0 of the Free Software Foundation. The limitation of English language is that it is hard to differentiate between Free (as in Free bear) and Free (as in Freedoom). Also open source which could mean complaining with FOSS and that source is available. This been unfortunately have been abused before.

      • sigmaklimgrindset@sopuli.xyzEnglish
        22·
        13 hours ago

        Love Keepass. Love that I can sync it however I want. Love that there are multiple open source client options across several operating systems.

        • saddlebag@lemmy.worldEnglish
          231·
          11 hours ago

          Android syncthing announced they’re stopping development this year. Open source got fucked double today

          • prosp3kt@lemmy.dbzer0.comEnglish
            9·
            10 hours ago

            terrible day. There is a fork called syncthing-fork that is under current development. I hope both projects merge.

  • unskilled5117@feddit.orgEnglish
    1892·
    17 hours ago

    This is an important issue IMO that needs to be addressed and the official response by Bitwardens CTO fails to do so.

    There is not even a reason provided why such a proprietary license is deemed necessary for the SDK. Furthermore this wasn’t proactively communicated but noticed by users. The locking of the Github Issue indicates that discussion isn’t desired and further communication is not to be expected.

    It is a step in the wrong direction after having accepted Venture Capital funding, which already put Bitwardens opensource future in doubt for many users.

    This is another step in the wrong direction for a company that proudly uses the opensource slogan.

    • irotsoma@lemmy.worldEnglish
      81·
      11 hours ago

      They’re basically trying to get rid of vaultwarden and other open source forks. I expect they’ll get a cease and desist and be removed from github at some point in the not too distant future if they don’t make some changes. I have a vaultwarden instance and use the bit warden clients. Guess I’ll need to look for alternatives in case Bitwarden decides to get aggressive.

    • sunzu2@thebrainbin.org
      622·
      21 hours ago

      Welp, I guess another time to move here soon.

      And I just fucking vouched for them to a friend recently 🤡

      Didn’t know about VC funding these parasites using their funding to turn everything into shite.

      What’s the current “best” alternative? Keepass?

      • foggenbooty@lemmy.worldEnglish
        141·
        18 hours ago

        I haven’t jumped yet, but the Proton suite is looking more and more appealing. I’ve been eyeing them as a Gmail replacement, but I’ve been happy with my VPN and password management providers. As this reduces the bundle makes more sense.

        • sunzu2@thebrainbin.org
          251·
          18 hours ago

          They have a solid value proposition but don’t like putting all my eggs all in one basket both for security and monopoly reasons.

          They seem to be gunning for one stop shop and I think they are doing decent shop but I just don’t like the idea after what Google did to us.

          Situation is a bit different but gonna need to tka the lessons and not let these corpos do this again.

          • foggenbooty@lemmy.worldEnglish
            6·
            14 hours ago

            That’s a good practice, and I think you’re right that is what they’re going for. I don’t think that means you shouldn’t consider them, but it does lower their value proposition as the bundle is the better deal.

          • Caboose12000@lemmy.worldEnglish
            1·
            10 hours ago

            this isnt a full solution obviously, but I figured it’d be nice to know: Proton lets you set different passwords for your email and password manager, so at least from a security standpoint its not all behind the same password, even if it is still from the same company

    • Routhinator@startrek.websiteEnglish
      11·
      2 hours ago

      I’ve always loved Keepass, however I moved away from it in 2012 as it and any file based vault has brute forcing issues. You need to track every copy of it that has been made and if any copy falls out of your hands, like if you lose a device, you need to do a password rotation on 100% of your passwords. Since its a file, its not possible to prevent brute forcing.

      • GHiLA@sh.itjust.worksEnglish
        1·
        1 hour ago

        Consider the possibility that someone could get your database.

        It isn’t a safe. You can’t weld through the side of it and get in. You either make it ridiculous or impossible to get in.

        Use something memorable, but insane.

        My password is a three-line film quote with numbers in some of the places for letters.

        Haikus work great. Memorable, complex. Wrote it yourself? Even better.

  • Boozilla@lemmy.worldEnglish
    59·
    21 hours ago

    Goddammit. It’s getting to the point I’m going to have to figure out how to write my own app for this.

    • Humanius@lemmy.worldEnglish
      2117·
      19 hours ago

      It shouldn’t even be that complex…

      I might be mistaken, but ultimately a password manager is basically nothing more than a database of passwords in an encrypted zip file, right? That could entirely be self-hosted with off the shelf open source applications stringed together.
      All you’d need is a nice UI stringing it all together.

      Edit: I’m not sure why people are downvoting me. Is that not what a password manager essentially is?

      • LedgeDrop@lemm.eeEnglish
        6·
        11 hours ago

        It’s the “stringing it all together” that could be problematic.

        If you have multiple clients (desktop/cellphone) modifying the same entry (or even different entries in the same “database” ). You need something smart enough to gracefully handle this or atleast tell you about it.

        I did the whole “syncing” KeePass and it was functional, but it also meant I needed to handle conflicts - which was annoying. I switched and really appreciate the whole “it just works” with self-hosted bitwarden.

      • wintermute@discuss.tchncs.deEnglish
        29·
        19 hours ago

        Keepass is exactly that. Basically all the client side parts, and the database is a single encrypted file that you can sync however you want.

      • HereIAm@lemmy.worldEnglish
        6·
        16 hours ago

        I see it as it’s easy to self host. But I’m not skilled nor rich enough to guarantee the availability of it. I don’t want to be stuck on a holiday without my passwords because my server back home died from black out or what have you.

        I pay for bitwarden and the proton mail package to keep the password management market a bit more competitive and it actually works out cheaper. It would be nice to have protons anonymous emails built in, but I can live with it.

        But I might have to reconsider if Bitwarden is going a different direction that what I’m paying for.

      • xthexder@l.sw0.comEnglish
        10·
        19 hours ago

        I’ve done basically this in the past by encrypting a text file with GPG. But a real password manager will integrate with your browser and helps prevent getting phished by verifying the domain before entering a password. It also syncs across all my devices, which my GPG file only worked well on my desktop.