this post was submitted on 20 Oct 2024
627 points (87.4% liked)

Technology

59454 readers
4931 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 111 points 1 month ago* (last edited 4 weeks ago) (3 children)

EDIT: The article has been updated and it was described as a “packaging bug” and not an intended change.

How many times do I need to pack up and move to the next “best option”

[–] [email protected] 49 points 1 month ago

Sadly as many times as needed, complacency is how these companies get "loyal customers" who are willing to put up with bs

[–] [email protected] 24 points 4 weeks ago (1 children)

Just go to Keepass and its over

[–] [email protected] 4 points 4 weeks ago (1 children)

That's far from the best option. It's working, but it's super complicated compared to Bitwarden and other cloud password managers. Imagine telling your grandma "just use keepass", she would never be able to make it work. But Bitwarden? Lastpass? That's possible

[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Is it so?

I feel like anyone who can open up and edit ms word can do it, just double click on the keepass.kdbx file and it opens up prompting for a password.

Syncing is a bit of a problem and I wrote an article on how I do it here in the easiest way I found. Though MEGA cloud does not have a good reputation among general public, their share link is something you can write in a piece of paper and keep in a safe.

[–] [email protected] 2 points 3 weeks ago

"Just double click the keepass.kdbx" is not what it is. You need to go to your explorer, find the file in the folder structure and double click it. You then need to search for the website you are on and copy the password, then you need to go back to the website within 12 seconds and paste the password. That's inconvenient for everyone, but for a tech-illiterate grandma it's impossible.

Compare that to Bitwarden: You go to the website, click on the bitwarden icon and then click on the login details. Or even better, you can enable auto-complete with a single click and it automatically fills the login details when on the website, without clicking anything. That's far more convenient and easier.

Just as a FYI: My grandma has a sticky note on her laptop that shows exactly which buttons to press to get to her emails, with things like "Click this twice within 2 second, be fast!!" for a double click. It doesn't say "lef mouse button", she draw her touchpad and an arrow. She is not able to find her mails when the website changes the layout.

[–] [email protected] 4 points 4 weeks ago (2 children)

In this case, zero, because it's a packaging bug, not an actual change in direction. Read the update on the article:

Update: Bitwarden posted to X this evening to reaffirm that it's a "packaging bug" and that "Bitwarden remains committed to the open source licensing model."

Next time, before jumping to conclusions, wait a day or two and see if the project says something.

[–] [email protected] 1 points 4 weeks ago (1 children)

I really hope that this is actually the case, but I am not very optimistic. This doesn't seem to be a mistake. They intentionally move functionality of their clients to their proprietary SDK library. The Bitwarden person stated this in the Github issue and you can also check the commit history. Making that library a build-time dependency might actually have been a mistake. That does not change the fact, that the clients are no longer useful without that proprietary library going forward. Core functionality has been move to that lib. I really don't care if they talk to that library via some protocol or have it linked at build time. I wouldn't consider this open source, even if that client wrapper that talks to that library technically is still licensed under GPLv3.

[–] [email protected] 1 points 4 weeks ago (1 children)

They intentionally move functionality of their clients to their proprietary SDK library.

Proprietary is a strong word IMO. Here's the repo, it's not FOSS, but it is source available. It's entirely possible they make it more open once it stabilizes, but it's also possible they make it less open as well. It's still early, so we don't know what the longer term plans look like.

I don't think we should be panicking just yet, but I'll certainly be checking back to see what happens once this internal refactor is finished, and I'll be making some more regular backups just in case they are, in fact, trying to take it proprietary. I don't think that's the case (why would they? I don't see the benefit here...), but I guess we'll see.

[–] [email protected] 1 points 4 weeks ago (1 children)

Proprietary is a strong word IMO. Here’s the repo, it’s not FOSS, but it is source available.

Yeah, that's what I meant by "proprietary". I guess having the source to look at is better than nothing, but it still leaves me uneasy. Their license lets them do anything they want (ignoring that - as it stands - their license is void due to the linkage with GPLv3 code, but they said they want to fix that). I have no idea what their plan is. I don't think it is in their best interest to go the route they appear to be going. Having truly open source clients seems to be a selling point for quite a few customers. But what do I know…

[–] [email protected] 1 points 4 weeks ago

Agreed. If they end up not making this component FOSS, I'll probably leave and take my paltry $10/year with me (which I don't need to pay since the features I use are all in the free version). But I'll give them a year or so to work out whatever refactoring they're doing before making that call, I'm certainly not going to jump ship just because a new component is merely source-available.

[–] [email protected] 1 points 4 weeks ago

Not sure who downvoted you, you literally quoted the article.