• cmrn@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    How many times do I need to pack up and move to the next “best option”

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      In this case, zero, because it’s a packaging bug, not an actual change in direction. Read the update on the article:

      Update: Bitwarden posted to X this evening to reaffirm that it’s a “packaging bug” and that “Bitwarden remains committed to the open source licensing model.”

      Next time, before jumping to conclusions, wait a day or two and see if the project says something.

      • 486@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I really hope that this is actually the case, but I am not very optimistic. This doesn’t seem to be a mistake. They intentionally move functionality of their clients to their proprietary SDK library. The Bitwarden person stated this in the Github issue and you can also check the commit history. Making that library a build-time dependency might actually have been a mistake. That does not change the fact, that the clients are no longer useful without that proprietary library going forward. Core functionality has been move to that lib. I really don’t care if they talk to that library via some protocol or have it linked at build time. I wouldn’t consider this open source, even if that client wrapper that talks to that library technically is still licensed under GPLv3.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          They intentionally move functionality of their clients to their proprietary SDK library.

          Proprietary is a strong word IMO. Here’s the repo, it’s not FOSS, but it is source available. It’s entirely possible they make it more open once it stabilizes, but it’s also possible they make it less open as well. It’s still early, so we don’t know what the longer term plans look like.

          I don’t think we should be panicking just yet, but I’ll certainly be checking back to see what happens once this internal refactor is finished, and I’ll be making some more regular backups just in case they are, in fact, trying to take it proprietary. I don’t think that’s the case (why would they? I don’t see the benefit here…), but I guess we’ll see.

          • 486@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            Proprietary is a strong word IMO. Here’s the repo, it’s not FOSS, but it is source available.

            Yeah, that’s what I meant by “proprietary”. I guess having the source to look at is better than nothing, but it still leaves me uneasy. Their license lets them do anything they want (ignoring that - as it stands - their license is void due to the linkage with GPLv3 code, but they said they want to fix that). I have no idea what their plan is. I don’t think it is in their best interest to go the route they appear to be going. Having truly open source clients seems to be a selling point for quite a few customers. But what do I know…

    • JustARaccoon@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Sadly as many times as needed, complacency is how these companies get “loyal customers” who are willing to put up with bs

      • doktormerlin@feddit.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        That’s far from the best option. It’s working, but it’s super complicated compared to Bitwarden and other cloud password managers. Imagine telling your grandma “just use keepass”, she would never be able to make it work. But Bitwarden? Lastpass? That’s possible

        • cy_narrator@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          2 months ago

          Is it so?

          I feel like anyone who can open up and edit ms word can do it, just double click on the keepass.kdbx file and it opens up prompting for a password.

          Syncing is a bit of a problem and I wrote an article on how I do it here in the easiest way I found. Though MEGA cloud does not have a good reputation among general public, their share link is something you can write in a piece of paper and keep in a safe.

          • doktormerlin@feddit.org
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            “Just double click the keepass.kdbx” is not what it is. You need to go to your explorer, find the file in the folder structure and double click it. You then need to search for the website you are on and copy the password, then you need to go back to the website within 12 seconds and paste the password. That’s inconvenient for everyone, but for a tech-illiterate grandma it’s impossible.

            Compare that to Bitwarden: You go to the website, click on the bitwarden icon and then click on the login details. Or even better, you can enable auto-complete with a single click and it automatically fills the login details when on the website, without clicking anything. That’s far more convenient and easier.

            Just as a FYI: My grandma has a sticky note on her laptop that shows exactly which buttons to press to get to her emails, with things like “Click this twice within 2 second, be fast!!” for a double click. It doesn’t say “lef mouse button”, she draw her touchpad and an arrow. She is not able to find her mails when the website changes the layout.

      • Liz@midwest.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I switched from keepass to Bitwarden because individual entries started randomly disappearing. I’m still discovering missing accounts after switching a couple of weeks ago. Sometime to do with how keepass was opening the files, because when an entry went missing it was gone even from backup files I hadn’t touched since before the entry disappeared.

        • Serinus@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Sound like something you did with replacing files. Bitwarden is dead simple, and that’s why it’s great.

    • fuckingkangaroos@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      I don’t understand.

      Are you saying it’s a bait and switch like Google, where they suck people in with a good product then enshittify it once they’re hooked?

      • ArkyonVeil@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I’m not thoroughly aware of their dealings, but these amounts of private investment aren’t going to pay for themselves. If you raise 100 million, investors typically want a billion back, or more.

        From the looks of it, Bitwarden might’ve tried to go with the Open Source model to get free development resources, trust (because it’s an open source PASSWORD manager), and general goodwill. But now that they’ve deemed that got enough of a market share (or investors are starting to breathe down their necks), it’s time to start raising the walled garden.

        Even if they claim after the fact that it was a “Bug” that the client couldn’t be built without their proprietary sdk. The very fact one exists is a bad enough sign, specially when its influence is spreading.

        VC is a devil’s bargain. Raising VC money is NEVER a good sign.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Honestly, if he can replace the current Bitwarden BE w/ Vaultwarden, that would be awesome! The last time I looked at the Bitwarden self-hostable BE, it was super heavy, which is the entire reason I was interested in Vaultwarden.

      • Magnus Åhall@lemmy.ahall.se
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I’m running a couple of Vaultwarden instances, and it would be really nice if Bitwarden employed Garcia to improve the Rust backend. But as the bitter cynic I am, I guess it is an effort to shut down and control as much of the open source use of Bitwarden as possible.

        The worst case, someone will most likely fork Vaultwarden and we can still access it with Keyguard on mobile and the excellent Vaultwarden web interface :)

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          And I am an ardent optimist, hence why I see it as a good thing.

          But yes, worst case someone will fork it, and I’ll probably use that fork.

        • Magnus Åhall@lemmy.ahall.se
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Phew, looks good on the news with the packaging bug (if they didn’t just got cold feet for worse PR/backlash than they expected and this is a backtracking).

          In this case, hopefully Garcia is employed for his expertise and can be deployed to further open source relations :)

  • mli@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Update: Bitwarden posted to X this evening to reaffirm that it’s a “packaging bug” and that “Bitwarden remains committed to the open source licensing model.”

    According to Bitwardens post here, this is a “packaging bug” and will be resolved.

  • Routhinator@startrek.website
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Alright does anyone have opinions on Nextcloud Passwords? There’s apps for it and it would sync to my Nextcloud.

    I hate this. Bitwarden has been a good app.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Bitwarden has been a good app.

      And it still is. There’s no reason to stop using Bitwarden, and I will continue my plans to switch to Vaultwarden.

      As @Krzd@lemmy.world said, it’s a packaging bug, not an actual change in license. If you read the article, it says as much in the update.

    • GHiLA@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Nextcloud passwords is just a client for a KeePass vault.

      I guess it’s as good or bad as that can be, but I’m sure it’s limited in functionality to KeePassxc with plugins.

      • Wispy2891@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Are you sure?

        Because last time I tried that it was THE worst password manager that i ever tried in my life. I’d feel safer with the ie6 password manager

      • NanoooK@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        That’s what I’m using mostly, but the convenience of having auto fill in firefox and being able to share some logins made me want to try bitwarden. Also, it’s not complicated to sync between several devices.

    • asudox@programming.devOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      The server is not open source and I wouldn’t trust a business that is not just working on password managers.

      • Cris@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Its worth noting I don’t think they’re actually a company anymore, I think they’re now a non-profit (I may be mistaken, but that’s my present understanding)

      • DarkThoughts@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        and I wouldn’t trust a business that is not just working on password managers.

        Because…? They’re a privacy tool oriented company, no?

        • asudox@programming.devOP
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Because they aren’t focused on just one single service. Bitwarden is a single business only focusing on their password manager, whereas proton has a suite of tools. Passwords need to be stored absolutely in a robust and safe way. I don’t trust proton with anything at all, and the proton pass is no exception. The client might be open source, but the backend is not. It’s also not as mature as bitwarden.

          • Broken@lemmy.ml
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            These are valid points. There are many password managers, most of which it wouldn’t take much to poke holes in, especially if open source is a main criteria.

            What are some that you would consider with Bitwarden now being off the table?

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Update: Bitwarden posted to X this evening to reaffirm that it’s a “packaging bug” and that “Bitwarden remains committed to the open source licensing model.”

        I’m not going to jump ship just yet, though I may get around to updating my backup.

        There are plenty of alternatives, so feel free to shop around. But don’t jump the gun just because of a random Phoronix article with an update that says basically the opposite of what the article claims. Wait some time to see if there are actual changes coming.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            Maybe. Here’s what they say in the readme of the project people are complaining about:

            The password manager SDK is not intended for public use and is not supported by Bitwarden at this stage. It is solely intended to centralize the business logic and to provide a single source of truth for the internal applications. As the SDK evolves into a more stable and feature complete state we will re-evaluate the possibility of publishing stable bindings for the public. The password manager interface is unstable and will change without warning.

            There are two ways to take this:

            • this is temporary as they’re refactoring code to reduce duplication across clients
            • refactoring is an excuse to create fully proprietary clients going forward

            Until I see evidence of the latter, I’ll stick with the project, but I’ll be more consistent about creating backups so I can switch easily if I need to.

  • ShittyBeatlesFCPres@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Oh, for fuck’s sake. Can we have a decent password manager that isn’t tied to a browser or company? I pay for Bitwarden. I’m not being cheap. But open source is more secure. We can look at the code ourselves if there’s a concern.

    • asap@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      2 months ago

      Nothing in the article or in the Bitwarden repo suggests that it’s moving away from open source

      • coolmojo@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        It is a license problem. The license condition of the SDK which is required to build the client app change to limit the usage of it. The new license states that you can only use the Bitwarden SDK for Bitwarden. It is against the Freedoom-0 of the Free Software Foundation. The limitation of English language is that it is hard to differentiate between Free (as in Free bear) and Free (as in Freedoom). Also open source which could mean complaining with FOSS and that source is available. This been unfortunately have been abused before.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          From the article, it’s a packaging bug, not a change in direction.

          Update: Bitwarden posted to X this evening to reaffirm that it’s a “packaging bug” and that “Bitwarden remains committed to the open source licensing model.”

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              Here is the code in question. Basically, it’s a source-available, but not FOSS internal SDK, with the following language:

              The password manager SDK is not intended for public use and is not supported by Bitwarden at this stage. It is solely intended to centralize the business logic and to provide a single source of truth for the internal applications. As the SDK evolves into a more stable and feature complete state we will re-evaluate the possibility of publishing stable bindings for the public. The password manager interface is unstable and will change without warning.

              So I think the “bug” here is in not linking the original repo in the NPM package, and there’s a decent chance that this internal SDK will become FOSS in the future once it stabilizes. That said, it’s currently not FOSS, but it’s too early IMO to determine whether Bitwarden is moving in a non-FOSS direction, or if they’re just trying to keep things simple while they do some heavy refactoring to remove redundancy across apps.

              Given their past, I’m willing to give them the benefit of the doubt, but I’ll be making sure I have regular backups in case things change.

          • pmc@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            They now require a non-free Bitwarden SDK component. That’s what this whole conversation is about.

            • fmstrat@lemmy.nowsci.com
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              Only the desktop client. And the response is that not being able to compile sans SDK is an issue they will resolve.

              I still think this is bad directionally, but we need to see what happens.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              And the whole conversation is about a bug, not a change in direction…

              Update: Bitwarden posted to X this evening to reaffirm that it’s a “packaging bug” and that “Bitwarden remains committed to the open source licensing model.”

        • Bilb!@lem.monster
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          This need not be the case, though! There’s an open source client on Android called Keyguard. I don’t think the desktop app was at all useful anyway. You can just log into your Vaultwarden through any browser. The desktop app is pointless.

      • sigmaklimgrindset@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Love Keepass. Love that I can sync it however I want. Love that there are multiple open source client options across several operating systems.

        • saddlebag@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Android syncthing announced they’re stopping development this year. Open source got fucked double today

          • prosp3kt@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            terrible day. There is a fork called syncthing-fork that is under current development. I hope both projects merge.

  • quissberry@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Well, I guess not having password manager yet did had some benefit because now I know not to use bitwarden

  • kingthrillgore@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    I’m going to keep using Bitwarden because KeepassXC sucks, but not as a paying user. Once this package inclusion is removed, if it is removed, i’ll pay again.