Show newer

๐Ÿ”‘ What password manager do you folks use?

I have recently moved my credentials from NextCloud Passwords to Bitwarden, and I must say that I'm impressed by the quality and the sheer amount of features that such an open-source solution provides.

Their business model is also amazing: the product is free and open-source, you can install anywhere you want, and if you want specific premium features (like cloud backup, Yubico/Duo support etc.) then you pay as little as $10/year. For that price you have a modern, self-hosted password manager that is almost on par with commercial cloud solution like 1Password, for just a small fraction of their price.

I've also been a bit disappointed by NC Passwords. I've really tried my best to use it for the past year, but there are things that you just expect from a password manager in 2022 that NC Passwords still struggles to provide. Like:

- A fast interface: currently NC Passwords basically does a full-table scan of the passwords every time you open your vault. No pagination/query optimization whatsoever. If you have a large vault, it may take up to 10 seconds for your password to show up. Such levels of performance aren't acceptable from a password manager to be used as a daily driver in 2022.

- Better autocomplete: detection and auto-completion of login forms is often broken, so you'll have to manually open the extension/app to get the credentials. Bitwarden also allows a smarter detection of credentials per website by providing the ability to map specific HTML `input` elements to an account, something that NC NextCloud doesn't provide.

- No keybindings to open the extension in the browser:having to get my hands off the keyboard and search for the extension bubble every time I have to input a password can slow productivity on the long run.

- No import/export support for some of the most popular formats (1Password, LastPass, Bitwarden etc.). Import/export from/to other formats can be done by reverse engineering the NC Passwords export format, and writing a small script that maps apples to apples. Definitely not the most user-friendly solution.

- No support for modern forms of MFA (Yubico, Duo, email/sms challenge etc.).

- A primitive way of matching credentials to URLs. Only one URL per credentials entry is supported (i.e. no support for matching against subdomains). And the matching algorithm is also quite strict (i.e. credentials stored for mywebsite.com/login/#auth won't be reported if I'm on mywebsite.com/purchase). And there's no way of adding domain rules (i.e. amazon.de, amazon.nl and amazon.com should all point to the same set of accounts).

It's really a shame, because Bitwarden isn't exactly lightweight to run (especially its mssql container), and I'd rather have everything centralized on NextCloud rather than having another service that I have to run and maintain. But for now I'm happy with my decision - and hope that NextCloud decides to invest more on their password manager: there's a lot of potential in that area, and most of the fruits are low-hanging.

p.s. Mastodon won't allow me to post more than 4 poll options, but if you use anything that is not reported below feel free to list it in the comments :)

When it comes to media, VPNs are used for a simple purpose: some content isn't available in my country, but I want to watch it, so I'll use a VPN.

Had the movie industry been a sane industry, they'd have reached the conclusion that whatever sane industry would reach in a case like this: there's demand for a product that goes beyond the initial boundaries we set, so let's expand the scope of our product - and possibly monetize from it.

But the movie and music industries are not sane industries. They are historically managed by sclerotic and technophobic managers that expect the whole world to understand the idiosyncrasies of their world, while spending the past three decades shouting at every running train (from Napster, to torrents, to VPNs) and using their sheer weight to influence policymaking. In the meantime, they miserably fail to identify the actions that would increase their market share and profits in legal ways by giving people the carrot they want, not only the stick.

Needless to say, their dumb arguments should not be listened. Had it been for these people, we'd still be watching movies on VHS cassettes. If they don't know how to identify the needs of their own customers, and if not only they hold their industries back, but they expect the whole world to give up on vital technologies like VPNs just to protect their narrow interests, then they don't deserve to stay in business.

wired.com/story/hollywood-pira

If software is funded with public money, then it should be openly available to the public as well.

A good example is MAKRO, the economic forecasting model used by the Danish government, recently published on Github, and any of the tools reported on this page that have been open-sourced by their governments.

I would also argue that BOTH code and data (once properly anonymized) should be public. When the data processed by public institutions (funded by public money) is published in paid reports, or put behind a paywall on private portals such as Statista or Trading Economics, the whole world loses transparency.

Everyone wins when the code built by public institutions, as well as the data they process to drive their decisions, are released publicly. Citizens benefit from greater transparency, and the most savvy can easily validate the decisions of their governments by using the same tools and the same data used by the policymakers, instead of relying on second- or third-hand summaries. And the governments can greatly benefit from the feedback loop - they can rely on a passionate army of open-source engineers and scientists to audit and improve their technologies and their decision making process, instead of spending public money to reinvent the wheel, and then keep their newly invented wheel locked in a safe.

Sign the petition if you also agree that open governance means better governance ๐Ÿ‘‡

publiccode.eu/openletter/

this is cool: A mix of experiment and explorative explanations, embedded in the context of #replicationCrisis and a sprinkle of robust statistics / outlier.

How random are you?

pudding.cool/2022/04/random/

A brief history of : the different definitions it has been given over the years, why the problem is difficult to solve at scale, and why the new -based solutions are unlikely to be the answer blog.fabiomanganiello.com/arti

๐ŸŽ‰ New article alert!

I have now put together in one single article all the steps to get you up to speed to build your open-source, self-hosted and multi-device Evernote clone. Happy hacking!

blog.platypush.tech/article/Bu

The Platypush Mastodon network is a place to talk about Platypush (platypush.tech), bring your questions/doubts/proposals/bugs, and talk about topics such as automation, IoT, software architecture, open-source and machine learning more broadly.

Mastodon

A platform about automation, software architecture, data science and tech.