You should also not be ysing a corporate laptop for your private stuff. If you do need to use it, you can do use the password manager the old way, just read from your phone and manually type it in.

Lastly, since you’re proposing a corporate scenario, you wouldn’t be able to install a random program on your laptop. IT would either block the installation or you’d have to explain why you’re installing random programs on your work computer.

This is getting pathetic dude, just move on.

Some environments restrict USB access for security reasons.

Where are you even trying to use your password manager??? You’re absolutely batshit dude. I’m not reading this wall of text.

What do you mean by “gargantuan” stack? I have a single docker container for vaultwarden that was very easy to set up and it uses less than 100mb of ram. Not sure about the client claims though. I haven’t really looked into it that much. Are you saying all versions of the client and extensions of BitWarden have issues?

EDIT: Forgot to mention the worst part about KeePassXC. It’s vibecoded crap.

I replied to that comment. You’re assuming that compromising vaultwarden is somehow easier than compromising nextcloud. No idea why. Intercept the password where? I’m using a local client and only syncing the vault. You seem to be pretty unfamiliar with how vaultwarden works.

EDIT: Forgot to mention the worst part about KeePassXC. It’s vibecoded crap.

There’s also this dated technology called a wired connection that some other dated technologies require.

Hotspot does not imply that it needs to be wifi. You can share your internet connection via usb tethering too. (also a wild new technology, I know)

A Bitwarden instance identifies itself as such to every visitor that comes by. It advertises itself as a particularly high value target. By contrast, a lot of what a NextCloud instance hosts is often personal and more valuable to the user than a hacker, so it does not become clear if there’s anything of value inside.

This ignores how modern internet attacks work. Hackers don’t sit around manually browsing websites. Automated botnets scan the entire IPv4 address space 24/7 looking for specific software signatures or known unpatched vulnerabilities. If a Nextcloud exploit drops today, a bot will breach the server before the hacker even knows what is stored inside.

Also, advertises itself to whom? I’m not exposing it to the internet. How many reports can you find of people getting their Vaultwarden instance hacked? This is a lot of assumptions that don’t track with reality.

It also decreases the attack surface of my password manager itself

You’re putting your database file in nextcloud. That increases the attack surface of your solution, a lot.

No device will ever make any contact with the server for password purposes other than to sync the database file

That’s *exactly *what a client for vaultwarden does…

there’s no web interface to inject a password stealing JavaScript file

Vaultwarden has a web interface, true. It’s also true that I’ve literally never used it for anythin other than creating the users. I haven’t opened it in years.

You’re choosing a very petty and small hill to die on, dude. Just admit that you prefer doing it your way even if there are better alternatives.

There’s this wild technology called a hotspot. You can use your already authenticated device to give another device access to your services indirectly.

Even if they break into my NextCloud, they’d have to crack an unreasonable password to break the password database open.

That level of security is exactly the same as exposing your password manager to the “fucking” internet. Not sure why you criticized it before when you (incorrectly) assumed that I was doing that.

You need two apps though and I personally have more faith in vaultwarden being stable than nextcloud.

Glad your “fucking” password manager isn’t exposed to the internet. Mine isn’t exposed either since I use tailscale to access it. Your comment leads me to believe that your NextCloud instance IS exposed to the internet. Wouldn’t that mean that if a hacker gets access to your account they could also get your keepass file as well?

Yup, it is. On one hand, I would have wireguard configured regardless beacause I don’t like publicly exposing my server. On the other, if you had to do it just for this and don’t want to configure wireguard manually, just use zerotier, tailscale or netbird. They can be set up in like 15 minutes and after you get it working you don’t need to touch it again.

Doesn’t keepass only work on a single device? Meaning that you have to handle syncing the database file yourself. I prefer selfhosting vaultwarden. Maybe these changes will make me migrate to something else but for now I’m very satisfied with vaultwarden and the bitwarden client.

Sure thing bud. We’ll see how you do when that code needs to be fixed or maintained. It’ll be fun to see your bills once your agents switch to token based pricing. Short term gains are a fools game.

Also, none of what you said disproves any of the drawbacks I pointed out.

Lastly, yes, it does matter what you think and what you do. Silence and obedience is complicity.

It can’t replace people. There are numerous examples where that has been attempted and it worked horribly. There are also plenty of reports confirming that it has not improved productivity much (if at all). However, you do understand how AI works, right? Not only is it incredibly inefficient, it also requires input data to generate that output you like so much. If it does replace an entire profession, then that would mean that everything regarding that profession stagnates. AI, by definition, cannot create anything that’s actually new. For example, if I were to release an entirely new programming language, it would have absolutely no idea how to use it.

Have you personally used Mythos?

My man, how many new models have claimed to be groundbreaking and etc, only to then prove to be marginally better?

If not, I’m not confident in your assessment, especially given your self-admitted bias in this area.

Ok then, be confident by actually reading studies about AI performance and its real impact in a work environment.

It is difficult to get a man to understand something, when his salary depends on his not understanding it.

I understand it very well. And, being a programmer and an electronics engineer, I do not fear at all for my salary. As I’ve already said, even if the mythical perfect model is released at some point, the technology itself is not economically viable. There are also numerous reports about how unsustainable the current business model is and how wildly expensive it would be if you actually had to pay for the computing cost. There’s a reason why the whole circular funding scheme exists too. This is a giant bubble that’s going to either pop or slowly deflate but it will not survive.

I’m getting “pissy” about ignorant, uninformed laymen repeating false headlines and promoting a technology that is actively killing the planet, worsening the lives of everyone (even more if you’re near a datacenter) and preparing to cause unprecedented harm to the global economy. Again, you’re promoting something built to enshitify your life. It’s incredibly dumb.

Except that it is? There’s nothing particularly special about mythos and it’s not “too dangerous” to release. LLMs make it easier for people to find potential vulnerabilities, true. But they cannot actually confirm that they’re real wothout an actual person verifying it. Lots of reports are bogus.

Do I hate AI? Of course I do. It literally has nothing positive unless you’re an ai company’s ceo. It’s being sold at a heavily subsidized price that is literally unmaintainable. All models will have to use token based pricing and that’s wgen you’ll see what it actually costs (spoiler alert, it’s a fuckton of money). This awfyl technology is also why a lot of tech is getting increasingly expensive.

Not to mention that for these models to exist, all of these companies stole unfathomable amounts of data and caused chaos in the job market. Aaron Swartz’s life was turned into hell for much less.

You’re literally defending a product that’s enshitifying your life. It’s absolutely moronic.

Nope, not in denial. You just read the inital, overhyped, marketing coverage. Maybe do some research before repeating dumb, uninformed headlines. Here’s an article that can better inform you.

Drinking the kool-aid, are we?

You think you really understand how controllers/drivers work. Unfortunately, you do not.

If the controller can work through steam then it can work through a stripped down version of steam that does not have the store, library, community, etc features. That’s what I’m asking. A program that can work as a compatibility layer and does not require you to log in to anything or give your data to valve in any way.

Yes, steam does give you a workaround. A workaround that involves giving them user data.

I specifically said “standalone driver”. That does not equate to xinput support. You still have not understood what I said.

What an absolutely absurd non-argument. How can someone with no access to their codebase extract the bit of steam that makes the controller work? I’m not going to spend $100 on a controller amd then do Valve’s work for them.

Valve made the controller and they did add support for their controller inside steam. Just extract the controller compatibility layer and make it standalone. Don’t force people to use steam. It’s not a wild thing to ask. I also never said they should use xinput.

Stop defending rich corporations, it’s lame.

Why would using a 3rd party program be acceptable? I mean, how can someone outside Valve make that but Valve themselves cannot? It’s pretty ridiculous.

Firstly, xinput support would still be useful. Reduced functionality >> no functionality. Secondly, it a standalone druver would only need to remove the steam itself and keep what makes the controller work. It would not require any extra work from any game dev. Stop making excuses for rich corporations providing half-baked support. It’s kinda pathetic.