Announcement

Collapse
No announcement yet.

Bitwarden Makes Change To Address Recent Open-Source Concerns

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by Daktyl198 View Post
    ...There's 0 setup or maintenance required for self-hosting vaultwarden. Just a simple docker-compose script.
    Heh, not only running passwords in someone else's complex playground, but additionally running it through someone else's environment even!

    And if I'm reading right, Vaultwarden is unofficial: https://github.com/dani-garcia/vaultwarden

    I guess if it works for you then cool! There's no way I'd be running that

    Comment


    • #22
      Originally posted by Daktyl198 View Post
      Bitwarden has always been "open-core", in that most of it's features are open source but the more enterprise-leaning features are source-available. Bitwarden doesn't try to hide this at all, but has always made the open-source parts able to be built without the source-available code included. The SDK being required by the open-source code was a bug, and is now fixed. Everything is back to the way it was before.

      I still love my self-hosted vaultwarden setup combined with bitwarden's amazing clients (browser extensions and phone apps). It'll take more than this for me to switch to something less convenient.
      Mm, I wouldn't call it "open core". Core implies everything that the service depends on to function is open source. It's mostly open front end - to some degree. Their internal back end, the real core, has always been closed source Microsoft SQL Server. So parts are open, parts are closed. I have never been comfortable with their over-the-top open source advertising campaign despite being a [paying] customer for about 2 or so years, going on 3 in Jan. I'm currently reevaluating using them because my comfort level with their advertising has only decreased after this explanation.

      The fly in the ointment for the announcement is this seems to be damage control as the BSL-type license changes were made public the day before they announced a $100M USD investment by a venture capital firm. So no, It's not passing my smell test here. Someone apparently thought trying to do the same thing as Reddis was a good idea then blinked at the backlash.

      I've been keeping a KeePassXC database all along as insurance against Bitwarden going bad as some 'open source' companies have been doing over the past few years. I advise people to make similar arrangements. Keeping the file consistent across computers shouldn't be difficult for the skill set of Phoronix readers ... theoretically
      Last edited by stormcrow; 26 October 2024, 03:32 PM. Reason: inserted [paying]

      Comment


      • #23
        Originally posted by Espionage724 View Post
        Heh, not only running passwords in someone else's complex playground, but additionally running it through someone else's environment even!

        And if I'm reading right, Vaultwarden is unofficial: https://github.com/dani-garcia/vaultwarden

        I guess if it works for you then cool! There's no way I'd be running that
        Says the guy running an unofficial fork of a fork of a fork who's source code he's never read lol. If you're afraid of docker containers on your own hardware, I've got bad news for you about the future of Linux apps.

        Comment


        • #24
          Originally posted by Espionage724 View Post
          Heh, not only running passwords in someone else's complex playground, but additionally running it through someone else's environment even!

          And if I'm reading right, Vaultwarden is unofficial: https://github.com/dani-garcia/vaultwarden

          I guess if it works for you then cool! There's no way I'd be running that
          Vaultwarden is very popular on the selfhosting community, it actually has a lot of users. It's very well done.

          Comment


          • #25
            Originally posted by Daktyl198 View Post

            Because I don't want to install a file syncing service on every single device I own when I'm not going to use it for anything else. There's 0 setup or maintenance required for self-hosting vaultwarden. Just a simple docker-compose script. Vaultwarden running on a raspberri pi in the corner is super simple, easy, and only requires me to download the bitwarden client on my devices, not a separate syncing service.
            I remember doing something like that many years ago (maybe 2010) with KeePassX. Man, that was so long ago.

            Then, somewhere in 2010 I think, I modernized and used a modern, real, genuine password manager and don't regret it. I can trivially sync passwords between my phone, laptop, desktop, tablet and whatever else using whatever OS, with solid browser integration. All of the clients are open source as well, meaning I can guarantee that the data is appropriately encrypted before leaving my computer. Any mission-critical passwords (e.g. proton itself) can be stored in something like KeePass on an encrypted partitions.

            The days of KeePassX were so bad. You should try a modern solution for the 21st century sometime. But then again, I suppose some people even want to run solaris today...

            Comment


            • #26
              Originally posted by Daktyl198 View Post

              Says the guy running an unofficial fork of a fork of a fork who's source code he's never read lol. If you're afraid of docker containers on your own hardware, I've got bad news for you about the future of Linux apps.
              Eh, I trust the trust of it across multiple Linux distros having it in default repos (and their trust chains/policies) and even FreeBSD that it's probably more safe than something used primarily to make running stuff easier/less complex

              Nah I'm sure Docker itself is fine (it's everywhere), I'm just also not about the idea of not running stuff bare-metal. Docker hasn't been a consideration for anything I've messed with for years.

              Originally posted by mobadboy View Post
              ...The days of KeePassX were so bad. You should try a modern solution for the 21st century sometime. But then again, I suppose some people even want to run solaris today...
              I did take a good look at OpenSolaris relatively recently as a consideration; lost the interest relatively quick, but I'm aware of it existing and being a potential option

              I briefly remember running KeepassX I think in Mono iirc; if that's right then I remember it not looking great but functional. Not at all something I prefer though and I'd rather run official KeePass in Wine.

              Comment


              • #27
                Originally posted by Daktyl198 View Post

                Because I don't want to install a file syncing service on every single device I own when I'm not going to use it for anything else. There's 0 setup or maintenance required for self-hosting vaultwarden. Just a simple docker-compose script. Vaultwarden running on a raspberri pi in the corner is super simple, easy, and only requires me to download the bitwarden client on my devices, not a separate syncing service.
                There's already file synchronization systems for every device ecosystem in existence and not all of them require buy-in or vendor lock-in. Many of them are equally easy to set up, or may already be completely set up with the functional device. I get why you're doing what you're doing, but your reasoning, or at least your explanation, is seriously flawed. There's no more effort setting up things like Syncthing or even rsync or utilizing integrated native solutions than Vaultwarden. You just want to use Vaultwarden, and that's fine, but don't make it out that other solutions are too involved or complex.

                Comment


                • #28
                  Originally posted by royce View Post

                  Vaultwarden is very popular on the selfhosting community, it actually has a lot of users. It's very well done.
                  May be popular but does not support "emergency access" which is the key feature why I started to use bitwarden.
                  Same with keypassxc. I used that before but move to bitwarden because of the "emergency access" feature.

                  Comment


                  • #29
                    Originally posted by t1r0nama View Post

                    Nextcloud is big pile of garbage. Just use Vaultwarden that is truly open source and gives you features that others hide behind paying wall.
                    Can you explain how I can store my other files with Vaultwarden? Because I'm not using Nextcloud solely for syncing my KeePass database. I use it for file storage of all of my files and syncing the database is an added benefit. I also use Nextcloud Notes for most of my notes.

                    I mean: I know you can store some files on Bitwarden/Vaultwarden, but it's not nearly as feature-rich as what Nextcloud offers, because Vaultwarden is aimed at passwords, not file storage.

                    And what would I run it on? Even if I set up a server, my electricity bill would be way higher than the 5 euros per month I pay for my Nextcloud instance.
                    Last edited by Vistaus; 27 October 2024, 12:09 PM.

                    Comment


                    • #30
                      Originally posted by t1r0nama View Post

                      It's been years Vaultwarden has "emergency access" feature
                      Ok. Looks like this was implemented with a release in Sept. 2021. That was after I moved to bitwarden. Too late for me.

                      Anyways, setting up a complex server / docker environment for emergency access that only I can maintain but not my family. With no support available when I am gone does not make sense.

                      Comment

                      Working...
                      X