phaedrus

I'm not sure that was an AI summary, I think that is OP that wrote that. I don't see anything about a jungle cat in the actual screenshot.

You don't host anything with KeePass, it's an application that you install. People use this type of software literally every single day. I'm not sure where you get your information from. There was no "leak", it was an attack that someone could execute if they had access to your physical machine and only used a master password without a keyfile. If someone didn't have that, they don't have your master password, because it doesn't go to the cloud at all. It's all entirely local. Stop handing out misinformation like candy.

edit: the actual CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-32784

Vulnerabilities happen, end of story. Like I said, what matters is the maintainers' reaction and how open they are about the details. If you rely on other people/developers to handle your OpSec for you, then you shouldn't be using computers at all and are putting yourself at risk no matter what software you use.

And if this is your litmus test, then holy shit do I have some bad news for you about iOS/Android/Linux/Windows/macOS/literally any web browser... and I guarantee that whatever you use now for your password manager has it's own share of issues regarding security, which again points back to taking care of your own OpSec instead of relying on others.

Expect shit to hit the fan, and you'll always be prepared when it does.

You might be right on Vaultwarden, I don't use it and was only making a suggestion that gets you something similar to BitWarden, but under your control, if that is a system you wanted to replicate.

There are several forks of KeePass, they each have their own philosophies. It's kinda like FireFox vs LibreWolf vs any other fork.

KeePass is an open source application, and that was patched as soon as it was found. Nothing will be 100% resistant to attacks, and you don't have to make your kdbx available online at all which mitigates that attack entirely. What matters is how the maintainers react.

Calling a local FOSS app worse than a privately owned and centralized SaaS is hilarious.

SyncThing + KeePass, I've been using this setup for a long time. Requires setup and isn't automagically done for you, but you control everything about it + it's decentralized and local. I unfortunately don't have any good guides off-hand, but I can try to give some pointers if you're interested to know more about it.

On Linux, the only downside is you can't use the auto-type feature in Wayland, but there are browser plugins to make it less of an issue.

Alternatively, if you are a self-hoster, you can still use the BitWarden local clients with an open source backend server that you control: https://github.com/dani-garcia/vaultwarden

TIL: I'm a top, not a bottom

P-Zombie sounds like a sleepwalking syndrome

Rob Miles has some stuff that I think aligns with what you're after. Technical discussion, but tries to keep it reigned in and understandable.

Specifically, this one has some good explanations: https://youtu.be/viJt_DXTfwA

More from Rob on AI Safety:
https://youtube.com/playlist?list=PLzH6n4zXuckquVnQ0KlMDxyT5YE-sA8Ps
https://www.youtube.com/channel/UCLB7AzTwc6VFZrBsO2ucBMg

Top-notch company, right there. Really dotting their t's and crossing their fingers!

Except their candy also has the potential for explosions...

https://www.forbes.com/sites/samlemonick/2016/10/28/that-time-gummy-bears-gave-everyone-diarrhea/

Stop using it, even for testing or mundane shit. All you're doing is creating a sense of demand by using it which people like Altman use to get even more money because "numbers."

You can also turn off the AI suggestions in some search engines, or better yet start using a search engine that doesn't do that shit.

• https://www.mojeek.com/
• https://searx.space/ (open source aggregator, loads of instances to choose from)
• https://mwmbl.org/ (still in development, but getting better as time goes on)

"You're insane if you don't eat candy!"

• The man who sells candy