For browser, there is a webapp that can be selfhosted. See here https://github.com/logseq/logseq/blob/master/docs/docker-web-app-guide.md
I think you need chromium browsers due to the API they use, but it should work.
🇮🇹 🇪🇪 🖥
For browser, there is a webapp that can be selfhosted. See here https://github.com/logseq/logseq/blob/master/docs/docker-web-app-guide.md
I think you need chromium browsers due to the API they use, but it should work.
Many encryption algorithms rely on the assumption that the factorizations of numbers in prime numbers has an exponential cost and not a polynomial cost (I.e. is a NP problem and not P, and we don’t know if P != NP although many would bet on it). Whether there are infinite prime numbers or not is really irrelevant in the context you are mentioning, because encryption relies on factorizing finite numbers of relatively fixed sizes.
The problem is that for big numbers like n=p*q (where p and q are both prime) it’s expensive to recover p and q given n.
Note that actually more modern ciphers don’t rely on this (like elliptic curve crypto).
Every point can be supported with an analogy bad enough
Yep, my partner gave one for my birthday, it’s basically plug-and-play. It can automatically harvest credentials, spoof captive portals, etc. I bet that in most places nobody would question something like this hanging on the ceiling indeed.
Just FYI https://shop.hak5.org/products/wifi-pineapple. There are ready-made devices that can do basically what you are describing!
Encrypted DNS doesn’t solve everything. Handshake for TLS sessions is still in clear, you can usually see the SNI, and since we are talking about Wireless, usually this data is available to anybody who is in the vicinity, not just the network owner. This already means that you can see what sites someone is visiting, more or less. TLS 1.3 can mitigate some of this (for those who implement ESNI, but you don’t know that beforehand). Also TLS works until the user is not accepting invalid certificates prompts (HSTS doesn’t work for everything) and there are still tons of HTTP-based redirect (check mailing newsletters and see how many first send you to an HTTP site, for example) that can be used for MiTM attacks.
A VPN moves the trust to a single provider that you can choose, which is much better than trusting every single WiFi network you can attach to and the people connected to it, I would say.
Also if you pay for the VPN (I pay Proton), it’s not true that the company business is based on user data, they are based on subscriptions.
I understand that vision will deteriorate. My question was if using glasses can contribute to the deterioration. If glasses are neutral and don’t harm, then I don’t understand the parent comment.
The way I asked the question was that if using glasses all the time I could - for example - reduce even more certain movements etc. and ultimately cause harm to my vision.
glasses WILL deteriorate your vision further. It’s 100% with glasses and contacts.
Do you have anything to share on this? I am asking because I remember I specifically asked my eye doctor this question, and he said no. (I asked something like if there is any downside in wearing glasses always vs only when needed e.g., reading, watching TV etc.).
I am also wearing the same glasses for almost 13 years now.
I read the post, hence my points. I am not really looking for answers, because I don’t have questions, I had observations. You on the other hand seem to have your whole opinion formed on this inaccurate post, and I would expect someone in your position to look for more perspectives, when you clearly are not. You seem instead on a crusade against the company (good for you), and even if all the post was true, because they spent too much on t-shirts, invested too much in AI products (that I repeat, are opt-in)? Because they don’t comply with a technicality of GDPR? Lol Ok, more power to you.
Also, what I mean by a subscription is that I cancel it and I am done. I didn’t invest in it in any shape or form, what I paid I consumed already, there is no feeling of wasting previous investment in a running subscription.
Judging from your attitude, your lack of content, your very annoying “homie”, your inability to address any point against the content of the article, I am guessing either you are the author and you are butthurt that is not taken as gospel, or you just have ulterior motives and you are here just to stir shit (instead of “spreading awareness”). Either way, I have already invested too much time writing responses to your silly comments. I will show you how good I am in avoiding the sunk cost fallacy and block you, despite the time invested in the conversation.
Cya
I answered with more stuff in other comments, but you didn’t address any of that anyway.
I personally have no brand faith, I am a happy customer and the moment the company doesn’t adhere to my principles I will dump it. There is no sunk cost as it’s a running subscription (you keep mentioning this, so I though I will say it).
That said, if I see someone claiming they have a “blase” approach to privacy or they don’t care about it, I will point out that this is complete bullshit. Using the missing “download my data” feature to support this claim is outright pathetic.
To be even more precise, as a socialist I don’t like many of Vlad’s ideas that tend towards libertarianism. That said, the company has a good amount of worker ownership, it operates on principles I currently respect and that are miles higher than the standard tech company. I am absolutely in favour of supporting positive business in a field where companies are disgusting on average, and in cases evil.
Now, if you have anything else than childish arguments I am happy to discuss them. I have pointed to a number of inaccuracies in the article, there are outdated data (like the number of employees) and subjective views from the author. You are posting this article everywhere like it’s some kind of holy grail of gotchas, when it’s not. There are some good points (financial reporting exists, is not 100% transparent - which is not due, the amount spent for the t-shirts was IMHO not a great idea, etc.), but the fundamental points against the company are shacky at best. As I said elsewhere, all the shpiel about AI etc. is fully addressed in kagi own site where they clearly explain what they mean, for example. The features are actually pretty nice, even for someone like me who is not a fan of LLMs, and the results are quite accurate (the post author claims they are almost always wrong) from my experience.
BTW my searches are unlimited :)
They don’t own the T-shirt factory. It is a simple sentence, they used a small Serbian (I think) company. The business entity is to import goods.
It’s a formal difference but shows how sloppy that post is.
So, again, sorry for trying to point out that the CEO of Kagi does NOT care about privacy, GDPR, or transparency!
Privacy != anonymity. They satisfy the most important aspects of the GDRP, like data and scope minimization, clear explanation of what data they collect and why, a fantastic privacy policy. They don’t let you download a file with your email address in it, woah.
That article is quite dense with inaccurate information (e.g. they own a T-shirt factory), and a lot of guesses. There is no need to listen to a random guy idea about kagi’s AI approach when they have that documented on their site.
Also, the “blase attitude to privacy” is because of a technicality of GDPR? (Not having the ability to download a file with your email address) I am a big fan of GDPR, and their privacy policy is the best I have seen (I read the pp of every product I use and I often choose products also based on it), so really I don’t care about the technical compliance to GDPR (I am not an auditor), but the substantial compliance.
All-in-all, the article raises some good points, but it is a very random opinion from a random person without any particular competencies in the matter. I would take it for what it is tbh
EDIT: To add a few more:
Source: see https://blog.kagi.com/what-is-next-for-kagi (published ~1 month after the linked post).
An article full of inaccuracies, but the most interesting bit is, all these conversations are possible because they clearly explain their views, which are publicly available on their website (for example, the philosophy behind the use of AI - which BTW is opt-in).
How is that an example of being opaque is beyond me.
FWIW, the default “programming” lens works quite well in Kagi, you can also create your own lens if you have a set of websites from which you routinely search info, and there are tons of bangs already (which can also be mapped to lenses BTW). In addition, you can downrank AI/SEO stuff when you find it (it is downranked by default in kagi), so that over time your results are quite clean.
Agree on the versioning issue. In fact I mentioned that the issue is convenience here. It is also data corruption, but you probably are aware of that if you setup something like this. Manually merging changes is extremely annoying and eventually you end up forgetting it to do it, and you will discover it when you need to login sometime in the future (I used keepass for years in the past, this was constantly an issue for me). With any natively sync’d application this is not a problem at all. Hence +1 for convenience to bitwarden.
However KeePassXC’s sync feature does sync the vault.
How does it work though? From this I see you need to store the database in a cloud storage basically.
For mobile I just give syncthing full permission to run in the background and have never had issues with the syncing on the folders I designate.
I use this method for my notes (logseq). Never had synchronization problem, but a lot of battery drain if I let syncthing running in the background.
Nothing else passes through it unless you opt into using relaying in case you have NAT issues.
I guess this can be very common or even always the case for people using some ISPs. In general though, you are right. There is of course still the overall risk of compromise/CVEs etc. that can lead to your (encrypted) data being sent elsewhere, but if all your devices can establish direct connections between each other, your (encrypted) data is less exposed than using a fixed server.
If you are paranoid, the software is open source and you can host your own relays privately,
This would also defeat basically all the advantages of using keepass (and family) vs bitwarden. You would still have your data in an external server, you still need to manage a service (comparable to vaultwarden), and you don’t get all the extra benefits on bitwarden (like multi-user support etc.).
To be honest I don’t personally think that the disclosure of a password manager encrypted data is a big deal. As long as a proper password is used, and modern ciphers are used, even offline decryption is not going to be feasible, especially for the kind of people going after my passwords. Besides, for most people the risk of their client device(s) being compromised and their vault being accessible (encrypted) is in my opinion way higher than -say- Bitwarden cloud being compromised (the managed one). This means that for me there are no serious reasons to use something like keepass (anymore) and lose all the convenience that bitwarden gives. However, risk perception is personal ultimately.
Few reasons, with the most important being convenience. Syncthing is going to see just a binary blob as the password storage is encrypted. This means it is impossible for syncthing to do proper synchronization of items inside the vault. Generally this is not a problem, but it is if you happen to edit the vault on multiple devices and somehow syncthing didn’t sync yet the changes (this is quite common for me on android, where syncthing would drain the battery quite quickly if it’s always actively working). For bitwarden on the other hand the sync happens within the context of the application, so you can have easy n-way merge of changes because its change is part of a change set with time etc.
Besides that, the moment you use syncthing from a threat model point of view, you are essentially in the same situation: you have a server (in case of syncthing - servers) that sees your encrypted password data. That’s exactly what bitwarden clients do, as the server only has access to encrypted data, the clients do the heavy lifting. If the bitwarden server is too much of a risk, then you should worry also of the (random, public, owned by anybody) servers for syncthing that see your traffic.
Keeshare from my understanding does use hosting, it uses cloud storage as a cloud backend for stateful data (Gdrive, Dropbox etc.), so it’s not very different. The only difference would be if you use your private storage (say, Synology Drive), but then you could use the same device to run the bit/vaultwarden server, so that’s the same once again.
The thing is, from a higher level point of view the security model can only be one of a handful of cases:
The more you go down in the list, the more you get convenience but you introduce a bit of risk. Tl;Dr keepass with keyshare/syncthing has the same risks (or more) than a Bitwarden setup with bitwarden server.
In addition to all the above, bitwarden UX is I would say more developed, it has a better browser plugin, nice additional tools and other convenience features that are nice bonuses. It also allows me to have all my family using a password manager (including my tech illiterate mom), without them having to figure out anything, with the ability to share items, perform emergency accesses etc.
I can’t really make an exhaustive comparison. I think k3s was a little too opinionated for my taste, with lots of rancher logic in it (paths, ingress, etc.). K0s was a little more “bare”, and I had some trouble in the past with k3s with upgrading (encountered some error), while with k0s so far (about 2 years) I never had issues. k0s also has some ansible role that eases operations, I don’t know if now also k3s does. Either way, they are quite similar overall so if one is working for you, rest assured you are not missing out.
Yeah, but you don’t need anything besides the runtime with kubernetes. Podman is completely unnecessary since kubelet does the container orchestration based on Kubernetes control plane. Running podman is like running docker, unnecessary attack surface for an API that is not used by anybody (in Kubernetes).
I run k0s at home, FWIW, tried k3s too :)
FWIW, my partner is Ukrainian and I asked what’s the general mood in the Ukrainian circles. Apparently the unpredictability of Trump is seen as a potential positive. There was quite a lot of disillusionment about the fact that Harris would have continued with the Biden’s approach focused on soft politics and weapons given drop by drop.
In fact, the general public was quite unhappy with the cautious american support. If some of the weapons were given much earlier and all at once, the war could now be going very differently.
I don’t know if this is now building a narrative that doesn’t make you lose hope or if it’s the reality. For sure the vibe was for Harris before the elections, but it was definitely as clear cut (due to the above).