Right, but if you’re transferring things that frequently, there are better solutions.

Wow, that’s unfortunate. At least it’s Apache 2.0 licensed, which is nice.

Why would you do that? That sounds awful…

BitWarden

Yeah, the level of effort required is extremely low, and it’s really nice for things like sharing passwords with an SO for things where separate logins don’t work.

So yeah, I use Bitwarden. I plan to self-host soon (vaultwarden), I’m just figuring out how password sharing works before I go and switch my SO’s stuff over. But it’s audited, FOSS, and generally the dev makes decent decisions (though I hate the new UX overhaul).

I self-host a bunch of stuff too. I am transitioning from Nextcloud to OwnCloud Infinite Scale now that I posixfs is in experimental status (I only use file hosting from Nextcloud anyway). However, my password manager has been very far down the list for me, because the level of effort required exceeds the value I’d get from it, especially compared to other things I can set up.

The hard thing to teach people is that, you don’t actually need to know those 50+ passwords, nor should you care what they are.

Exactly. Use literally any password manager that uses MFA, and set up MFA (Google Authenticator works, I personally use Aegis). I also recommend BitWarden, but there are several decent options available.

The most important thing for them to know is that passwords should be different between services, and you can and should automate that.

I’m the opposite. I loved the more realistic feel of GTA IV, which really fit the vibe of Liberty City and the more gritty story of Niko. I don’t like GTA Vs whole vibe.

My tier list of GTA:

1. SA
2. IV - feels unique
3. III - for nostalgia
4. VC
5. V

I hate pretty much everything about V and ended up hate-finishing it so I could properly complain. It lost most of the satire, all main characters were unlikeable IMO, the map felt empty, and the story sucked.

I recommend WireGuard instead of OpenVPN. WireGuard is baked into the kernel so it should work better.

And then there’s my instance:

• sh.itjust.works - pretty chill, and things tend to work pretty well

I’m not sure what else to say about the culture.

There are lots of options:

• extension, as you mentioned
• Tauri app - like election, but uses system web view instead of baking in a browser
• PWA - service workers to make it work offline in the browser

Each is pretty easy, and the PWA means you can basically get the Tauri app feel for free.

what you are looking for is right here: https://squoosh.app/

That’s a fantastic name for a project.

I don’t see a server, so shouldn’t this be “a collection of offline tools”? Throw in a service worker to cache everything (maybe it has one?) and there’s no reason to ever hit the server after first load.

Good list. I’ve played about half of those, and most of the rest are on my wishlist. Now my wishlist is a little longer.

It’s absolutely risky, but sometimes the risk is low enough that it makes sense, like you’re at a relative’s house and setting up access to some self hosted stuff. I use it sometimes on a new install/work computer where I don’t want to set up the password manager long term.

The USB drive works in all those cases, but I rarely bring USB drives with me, especially since I only need to access it like 1-2x/year.

And building a simple web page around that would be a few dozen lines of Python. NBD.

True. However, if a vulnerability is well known and nobody is bothering to patch it, I doubt most would call it a zero day. At that point it goes back to being an unpatched vulnerability.

So I’d call something a zero day between discovery and an official response from the vendor (either a patch or confirmation that it’s not getting patched). That’s how I use it, not sure about others.

And that’s how it should be. In fact, I switched banks to the only one I could find that had MFA, because I value security as an option.

Where do you live that “local electronics repair place” is a thing you can casually just find? We have tons of mobile repair places, but they generally just do screens and batteries, and maybe they’ll send it in somewhere if it’s more than that.

We have a TV repair place, but I don’t know if they do smaller electronics like drives. They have to exist, I just don’t know how to find them.

Probably non-payment?

And do yourself a favor and get MFA on that password manager. That dramatically increases the skill level needed to hack your master pass.

My main issue is that it doesn’t solve the “borrowing someone’s computer” problem. With a hosted password manager, you can login to an online vault to get your passwords, but that’s not an option with keepass.

That’s a pretty rare use case though, but it is something I run into periodically.

And change the master password every year or two, which likely also upgrades the key used to encrypt your secrets. Someone breaking into your password manager is a lot less likely than someone breaking into one of the dozens or even hundreds of services you probably reuse passwords on.