Damn, I just switched from Bitwarden to KeepPassXC.
Clearly just in time. Lol.
Damn, I just switched from Bitwarden to KeepPassXC.
Clearly just in time. Lol.
A few questions out of ignorance. How different is this to gitlab's open core model? Is this a permanent change? Is the involvement of investors the root of this? Are we overreacting as it doesn't meet our strict definition of foss?
Ever since BitWarden got mired in capitalism, I've been dreading that something like this would happen.
Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.
- the SDK and the client are two separate programs
- code for each program is in separate repositories
- the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3
Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.
I.e. "fuck you and your foss"
Pretty much the opposite
I doubt it. What'll probably happen is them moving more and more of the logic into the SDK (or adding the back-end of new features there), and leaving the original app to be more or less an agpl-licensed ui, while the actual logic becomes source-available. Soo, somewhat red-hat-esque vibes: no-no, we don't violate no stupid licenses, we just completely go against their spirit.
Looks like I might be moving to Proton Pass after all! I'll give them some time to see what they do about this, but will happily give my money to someone else and migrate friends/family as well.
I know little about Proton Pass, but how confident are you they don't also used a proprietary SDK with their open source apps?
i was about to replace my glorified encrypted text file for a password manager. guess relying on 3rd parties in a late-stage capitalist world is not a viable alternative.
ill stay with my encrypted text file until they privatize encryption. by then ill probably be carving my passwords out on stone. or burning down the servers of these fucking pigs trying to make us identify ourselves for everything on the internet now.
@bitwarden bitwarden locked and limited conversation to collaborators
They also locked the thread 16 hours ago (as of writing this comment), with no explanation.
pass is enough (+ xdotool + rofi + pass-menu). Synchronization via git or Syncthing.
How does this play with mobile?
The GnuPG implementation for Android is called OpenKeychain. To configure it, just go to the "key management" menu and import the previously created secret key. The only drawback of OpenKeychain for me personally is that there is no fingerprint unlocking.
The pass implementation for Android is called android-password-store, or simply APS.
Install and launch APS. Before synchronizing the password store, go to the "Settings" menu. There we will need the following items:
Git server settings
. The resulting URL should be the same as that specified on the repository page on github. Authorization type - OpenKeychain
.
Git utils
. In this section, specify the username and email from the gpg key.
OpenPGP provider
. Select OpenKeychain
.
Autofill
.
Now you can clone. Select "clone from server" on the main screen, specify the desired location of the repository, check the git settings.
Of course, pass is not that easy to set up. However, this price buys confidence that the tools we use will not one day be declared obsolete, will not change their data format, and will not be left without support.
I'm familiar with pass and familiar-ish with rofi. What do the other two do?
A small script for entering passwords into various windows via rofi, I take passwords from pass.
Example script:
#!/bin/bash
# Sample file rofi_pass.sh
passwords=$(find /home/fireshell/.password-store/ -type f -name *.gpg)
selected_pass=$(echo -e "$passwords" | awk -F "/" '{printf "%s > %s\n", $5, $6}' | rofi -dmenu -p Pass)
item=$(echo "$selected_pass" | awk '{printf "%s/%s", $1, $3}' | sed 's/\.gpg//g')
data=$(pass show $item)
pass=$(echo -e "$data" | head -n1)
login=$(echo -e "$data" | grep -e "^login: " | sed 's/^login: //g')
xdotool type "$login"
xdotool key Tab
xdotool type "$pass"
In awesome wm
I bound a key that calls it like this:
awful.key({ modkey}, "p", function () awful.spawn.with_shell("/home/fireshell/Scripts/rofi_pass.sh") end ,
{description = "rofi pass", group = "launcher"}),
I turn on the computer, press the key combination and the script works, or I run this script from the terminal (~/Scripts/rofi_pass.sh
), select the password - it works (if necessary, pinentry is called to enter the main password), after that I press the key combination, select the desired entry
passmenu: extremely useful and wonderful dmenu script.
I was copying and pasteing from pass but that looks much cooler, thanks!
Does this affect valtwarden?
Vaultwarden is only the server, no? So any clients that you use to access Vaultwarden are built and maintained by 8bit solutions a.k.a. Bitwarden, including the desktop client that is the subject of this post.
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.