Announcement

Collapse
No announcement yet.

Concerns Raised Over Bitwarden Moving Further Away From Open-Source

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by Damnshock View Post

    Nothing, it just doesn't have the same set of features. Specially the main one: bitwarden is designed with a server in mind while keepass/keepassXC isn't
    Just put the db file on Dropbox (I have it on my Nas) and you can access it from anywhere

    Comment


    • #22
      Absolutely silly... that anyone half-way knowledgeable to be using a password database is using someone else's platform to store passwords for this news to affect them

      KeePassXC; works everywhere (Windows, FreeBSD, Linux, Android, macOS), open-source, and just like the passwords you're supposed to be protecting on your own, you're in full-control of the database file and can protect it.
      • The database file itself is encrypted; good-enough for storing it as-is on cloud providers (decent master pass length; etc)
      • Google Drive, OneDrive, Keybase, NAS, Android/iOS; that's 5 different free locations you can throw your database file to ensure you never lose it and can access it anywhere
      • On Linux, you can put your master pass in secret-tool and call up keepassxc with it through hotkey with this:
      Code:
      bash -c "secret-tool lookup 'keepass' 'default' | keepassxc --pw-stdin ~/'Documents/keepass.kdbx'"
      I've been using KeePassXC since before Proton(mail?) was even a mainstream thing and I think was competing with Tutanota; this knowledge was out there since at least then

      Comment


      • #23
        Originally posted by Espionage724 View Post
        Absolutely silly... that anyone half-way knowledgeable to be using a password database is using someone else's platform to store passwords for this news to affect them
        Why is it silly? We have an auditable foss client that only sends the encrypted data to the server & the decryption happens locally. How is this different -besides being way more convenient- from storing your database file on someone else's platform, such as Google Drive.

        Comment


        • #24
          Originally posted by flower View Post

          Just put the db file on Dropbox (I have it on my Nas) and you can access it from anywhere
          It's just not the same:

          - I need to worry about syncing the files
          - There can be conflicts
          - I need to install software on _every_ computer
          - Now I depend on two things: keepassxc and nextcloud(albeit technically I could download the file through the web... syncing again!)
          - On some computers I cannot install keepassxc while virtually everywhere I can use a web browser
          - Web UI

          Again, it's just not the same :shrug:

          Comment


          • #25
            Originally posted by rmfx View Post
            That’s always the same story…
            Start with good intentions and open mind,
            then success happens precisely thanks to these, then money brings greed and fear of outside, then the things turns to shit.
            Why can’t people stick with the key of their success?
            Maybe being open source wasn't the key to their success? At least ongoing? By definition a company providing open source software under copyleft or liberal licenses are handing out their labor to competitors. It is not unlike "public goods" such as broadcast TV or radio. They have to have value add over and beyond the costs of generating the oss aspects. Not every company can be a OSS service provider and most of those have plenty of proprietary work in the form of custom plugins and services.

            I've been an OSS dev for ~30 years. I have a semi-popular project. I have made less in nearly 10 years of its existence than a single 2 week period at my day job and I know that there are numerous commercial entities and other, more popular OSS project which use the software and have contributed little or nothing back but likely have made quite a bit leveraging it. Of course this is my choice and my making. I chose the license and choose to continue using it. But it is just a matter of fact.

            OSS has a real funding problem and IMO there are technical solutions that could help with it but there is also a significant cultural aspect. On the user side both commercially and personal. OSS isn't a business plan and people could just have made a mistake when getting into business with "OSS" as a tagline and policy. I do wish more companies would be more forthright about these mistakes but the community outrage would likely be more or less the same if they just came out and said "We made a mistake. This isn't working out for us."

            What bothers me more about these "rug pull" situations is the way the OSS community responds. One of the primary reasons for advocating OSS is that anyone with the means and will can take the code and do their own thing. No one owns the labor of another person (or their IP). So if some one or some company decides to stop giving out either the people that care can go do their own thing. If people really think Bitwarden's previous setup is profitable then we should expect folks lining up to fork and start a competing business. If not, maybe Bitwarden is correct. If no one is willing to do that or invest the time to fork and maintain their own project then all the "rug pull" complainers seem to be complaining about really is the fact someone is no longer doing work for them for free.

            Comment


            • #26
              Originally posted by ExBhal View Post

              Serious question: what's wrong with KeepassXC?
              Not available on mobile. Non-seamless syncing process. A self-hosted Vaultwarden instance is 1000x better.

              Comment


              • #27
                Bitwarden was the first TOTP manager I've tried.
                My experience only lasted 5 seconds as I quit the moment I opened the app and it demanded me to log into a service.

                Then I moved on to another tool that actually worked.

                Comment


                • #28
                  I dont understand whats the issue, are they removing access to the software unless we pay?

                  i personally pay for the premium package because I feel they deserve to get paid.

                  Now i would love to see the same rage against Ngreedia and their closed source anticonsumer software, instead of the devotion that many here gives them…

                  Comment


                  • #29
                    PENGUINS, this whole situation is overblown, truly.

                    Yes, there's a problem that needs rectifying here. But what exactly is unacceptable about the CTO saying they're going to fix it?

                    I have personally, directly, worked with product managers at Bitwarden for months on end. They are humans just like everyone and make mistakes. And frankly I believe them when they say they're going to work to fix it.

                    Yes, actions speak louder than words, and we will need to see what they do in the end. But jumping ship over a mistake they have publicly said they would correct? That's very knee-jerk reactions here pengus.

                    I hope that they make this right, and I believe them when they say they will. But come on, don't be such hypochondriacs over what clearly is a genuine mistake. This is not a pattern of behaviour, and I actually take issue with Phoronix framing this as "moving further away from Open Source" as apart from this example, I really have not seen evidence that is true at all.

                    I myself self-host Vaultwarden, and have implemented various forms of Bitwarden ("proper") for prior employers. I do not believe there is a better tool out there than Bitwarden/Vaultwarden. My most notable gripe is they don't provide a PPA/Repo for their deb files (*GLARE*), but otherwise, they've been upstanding for many years in the tech community, and that includes FOSS communities.

                    Let's all calm down and make think about this a bit more, shall we? The sky isn't falling (at least not currently), let's not act like it.

                    Comment


                    • #30
                      Originally posted by Daktyl198 View Post

                      Not available on mobile. Non-seamless syncing process. A self-hosted Vaultwarden instance is 1000x better.
                      It is available on mobile. The mobile version even can open and write Dropbox, sshfs (and many more) backends directly.

                      Comment

                      Working...
                      X