Linux & Tech news 📰

Well, that’s two different things.

If I had an M $ partition somewhere, I would try it out. But I don’t have any more.

They just keep doing things people don’t really like or want from them I’m not really sure who their market is anymore.

Bitwarden license betrayal has escalated
I’ll be watching for alternatives. The CEO Michael Crandell is likely trying to prepare for an acquisition since revenue has hit the same inflection points as RightScale did pre-acquisition.

Will this result in the death of Bitwarden? Probably. Will it happen overnight? I hope not, because I’m not ready.

CTO has locked and limited the conversation to try and hide it. They refuse to respond to angry people on Twitter. There are no other avenues to complain directly. I won’t quiet about it though. I paid with my own money expecting to support open source, and they’re changing the terms! Never be quiet about rug pulls!

“You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.”

Thank God we have Vaultwarden and third party clients like Keyguard

They really need to hack anything else other than Internet archive

This just reminds me of what was it? One pass. And how that all went downhill.

It’s why I hope keepassxc doesn’t change up any time soon.

No offense to Keyguard, but they don’t yet have my trust. I don’t feel like they’re as established as they should be for something so critical. It’s not something I could rely on to the same extent in the future, especially if the work is all done by a single person. Even worse, there are never any audits, neither in the past nor scheduled in the future.

From the business security stance that I find myself more frequently in, I can’t justify a switch to them, so with Bitwarden I’m stuck. May the future have mercy on us

They’re not VC funded nor a for-profit company, so it’s likely to be fine into the distant future, assuming the maintainers stay active.

why not to generate your own gpg keys and use it with things like :

and store things where you like , maybe in your own private server or maybe in some online free services and keeping your gpg keys safe somewhere . ???

I mean , yepp it is manual but it is the best you can trust , because you can completely control it’s ins and outs and who else can you trust more than your ownself ?

and I really set it up once and now I have been using it for almost a year .

and for me it is working great

╭─ankur@ankur in ~ 
 ╰─λ pass ls | wc -l
83

I believe that opt-out is not allowed in Europe, but I don’t care because I avoid using closed source.
Unfortunately, more and more companies are moving towards only offering their services in data octopus programs such as WA or only activating security functions (2FA) via their own Android apps. A rogue who thinks evil of this.
The customer becomes a data slave for their personal data.

Short answer: convenience.

Long answer: Average people need solutions that are “normal enough” for their needs. It’s already all I can do to get people away from using their browsers to save identical passwords on every site. Even with an easy interface like Bitwarden or LastPass, there are still plenty of confusions, and that’s just for basic use.

As for the business aspect, imagine trying to get non-technical staff to actually use something like that. The time training alone is far more costly than an annual subscription to something that can otherwise be learned in a 60s video. Likewise, that means users are immediately responsible for a lot of things they otherwise shouldn’t really have to be, and it makes audit logs all but impossible. Then there’s all the other features missing, like a proper mobile client with fingerprint unlock and autofill support, FIDO2 support, granular password delegation and sharing, remote deactivation/lockout, and many more Bitwarden for Enterprise Features Datasheet | Bitwarden Help Center

I envy you for that, here’s my personal…

Well said.

I’m saddened by this Bitwarden affair, since they were the only party (except for KeyPass, obviously) that I was prepared to trust with my passwords (I’m really happy with the Garuda VaultWarden instance, btw).

But even though us tech people will always find a way, it becomes harder and harder to recommend solid solutions to people who are less technically inclined (parents, for example).

This was reported a while ago, but there wasn’t certainty–now there is:

If you ever did a deletion request to the Internet Archive, it’s 100% exposed now. My last request was a lot of years ago (prior to 2018), and I just received this. That must mean they migrated the previous requests to Zendesk. Silly me–thinking deletion request means data gets deleted. I censored an email address and a curse word:

The Internet Archive Team (Internet Archive)

Oct 20, 2024, 05:30 CDT

It’s dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.

As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to ****@archive.org since 2018.

Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy. If not me, it’d be someone else.

Here’s hoping that they’ll get their **** together now.

Yeah I agree it’s honestly why I use the net less and less. Forums and github. An github is already sketchy.

The vulnerabilities impact Intel’s 12th, 13th, and 14th chip generations for consumers and the 5th and 6th generation of Xeon processors for servers, along with AMD’s Zen 1, Zen 1+, and Zen 2 processors.

The attacks undermine the Indirect Branch Predictor Barrier (IBPB) on x86 processors, a core defense mechanism against speculative execution attacks.

In an abrupt and unannounced manner, the source code for Winamp has been taken offline, with no trace of any related data from the GitHub repo being accessible. This comes as no surprise, as there have been signs.

You see, when the source code first appeared on GitHub, there were numerous issues with it. Take, for instance, the fact that forking was not allowed, distribution of modified versions was not allowed, and only official maintainers were allowed to distribute the source code for Winamp.

There were even many bits of proprietary code from the likes of Intel and Microsoft in the source code release, and many believed that this violated the TOS of GitHub.

Honestly, I’m pretty damn fed up with buggy hardware and completely theoretical attacks that have never actually shown themselves to be used in practice.

So I think this time we push back on the hardware people and tell them it’s THEIR damn problem, and if they can’t even be bothered to say yay-or-nay, we just sit tight.

Because dammit, let’s put the onus on where the blame lies, and not just take any random shit from bad hardware and say “oh, but it might be a problem”.

Linus

I envy you lol. Here’s my personal