Yeah, pretty disappointed by this as well. The app has been getting buggier overtime and I was already considering leaving, so this was the push I needed.
Seems like the most popular players in this space are Bitwarden and KeePass, does anybody have a positive or negative experience to share with either?
I don't like Bitwarden UI/UX. It looks not really polished. Especially the "folders" are akward. How the implemented it, calling them labels and designing them like labels would make way more sense. But the whole UI looks like software developers - and not designers - built it.
I think I tried using it maybe 4 years ago or so, and I had the same feeling. It just felt.. awkward to use, lots of friction. I was hoping it had changed by now, but I guess that hasn't happened.
Bitwarden is a shit product lacking basic niceties: search is terrible (substring match is beyond first page of results), UI is sometimes non-async (typing freezes search), no way to sort by newest/date added, no way to make two note (textarea) fields, no way to expand it, consumes memory and CPU etc
However, it’s open-source, cross platform and sorta works.
Personally I've had issues with Windows Hello integration for a while. It worked for a while but then didn't anymore. Everything is right and best I could find was the team saying it's some weird issue with TPM. Once I put in my master password the Hello integration is fine. It's just storing the key in TPM that doesn't work. So every restart I need to put in the master password. Granted my desktop is a Ryzen 2 system but still.
It's been little things and mainly usability/polish things.
Sometimes the vault doesn't unlock and I have to enter in my password 2-3 times.
It doesn't always capture all information from a page properly when creating a new login and there are additional fields to capture.
The "detecting if a website supports key passes and one time password" feature for Watchtower was overwhelming with lots of information, until I clicked each one and had to ignore it.
These reasons alone are not enough for me to leave, the 3 big problems are below.
1 - I was feeling more uncomfortable having websites promote using passkeys, and I would store that in 1Password, but then I wasn't sure if 1Password as going to make it easy to migrate that stuff out. So, I want to use something open source, so I don't have to worry about losing access/managing that stuff in a propertiery/closed product. It might be easy to export/migrate out today, until something changes and they no longer allow that or make it very difficult/hard to scale/automate.
2 - I have a strong feeling this price increase is being justified by "AI" somehow. I'm sure, like all other companies, 1Password is internally forcing/requiring its developers to use coding models, and sonnet, opus, etc are expensive to use and the cost adds up. Also, I don't like the direction of where things are headed, where people are becoming more relaxed and not reviewing code properly and merging in code that will cause security issues later (perhaps openclaw fits into this bucket) or they are taking open-source code they laundering it for companies internally to use (I can't prove this, but if a model is trained on public data/code, it seems very likely). Something about that just bothers me especially when a company is worth billions of dollars.
3 - I've spent the last 3 years building up my homelab and using Pikapods for hosting various things. I want to support open-source more and run my own things and pay supporters properly to maintain things. I've always been a bit nervous what might happen if 1Password gets hacked, either because of poor security or due to a third party vendor. I still have the problem of my things getting hacked, but I pay more attention to how I secure things and use Tailscale and not publish things on the broad internet (when it makes sense). Also, I would be a hypocrite to dismiss the value of coding llms, as I'm using them myself. But how I'm using them, I'm using them to do security reviews of my docker compose files or kubernetes yaml files. Having coding llms has made it so much easier to maintain a homelab.
> Stalwart Enterprise leverages AI technology to provide unparalleled email security and management. With AI-powered features, Stalwart Enterprise excels in accurately classifying spam, detecting sophisticated phishing attempts, and blocking various types of network attacks. This intelligent approach ensures that your email environment remains secure and reliable. Stalwart Enterprise comes equipped with a pre-trained large language model (LLM), offering robust out-of-the-box protection. Additionally, it supports integration with leading AI providers such as OpenAI, Anthropic, and other cutting-edge platforms, allowing you to enhance and customize your security measures. By utilizing AI, Stalwart Enterprise delivers a smarter, more efficient email solution that proactively safeguards your communications and data.
I've been unemployed for about 1 year now. I was in SF working in tech for about 7 years, and decided I don't want to do that anymore, so I quit.
It's been tough. The hardest part about being unemployed is it is very hard to structure your days because work is no longer the thing that is forcing you to get up, get out, go to bed on time, etc. It's also a strange feeling having to spend from your savings/emergency fund without money coming in, you feel bad and guilty for doing so, it's weird.
I'm changing careers. I've always liked teaching, so I'm doing volunteer english teaching while preparing to apply to go back to school in order to get a Masters in Education.
In the mean time, I'm also doing other small things. Learning about AI, going to board game meetups, doing some traveling, overall it's not the most fun part of my life, but I'm treating it as I will look back on this and realize this was necessary.
> The hardest part about being unemployed is it is very hard to structure your days
The irony is that it takes a lot more personal discipline to remain productive without any sort of feedback loop, but the unemployed are presumptively regarded as flawed and lazy :-)
I was in tech for over 20 years, and went from being good at my job/successful to being permanently disabled. My entire life was wired around providing for my family and supporting everyone around me both financially, and via my success.
I've lost that identity, and despite extensive therapy, meds, etc. I still haven't found myself yet.
I have that identity, ie being the pillar of stability and support for those around me.
One thing I worry about is getting a stroke or become blind, paralyzed or similar.
Having lost people around me or seen them fall seriously ill , made me realize things can change so quickly.
I admire ppl like yourself who keep going.
Or people like Paul De Gelder, who lost the majority of their limbs and then just keep going and seem to thrive.
I wonder how ppl like that change their mindset after such life events. What happens in the brain? Is it via therapy or effectively deciding to make the best with the cards you’ve been dealt.
From what you wrote, it sounds like you haven’t lost a core pillar of your identity, which is a positive mindset.
A friend at my coworking spot had a stroke a month ago. I was coming in on a monday morning and he was being carted off in the ambulance right as I got there. As in... door was open and his coffee and laptop were there, lunch in the fridge, and... I did't make the connection. I didn't see anyone being loaded in the ambulance, lights weren't on, etc. His family came by later to pick up his stuff.
He's been in an intensive care neuro unit for the past month. I visited about 10 days ago and he was having trouble talking, and... I suspect it might be long lasting or permanent.
We'd just spoken the Friday before, and had a meeting planned that morning. It all changed instantly, and there's no going back. It shook me up some, and I'm not affected at all, really, but seeing this happen to someone you know directly is... hard to take (for me anyway).
Here is a feature request. I want a Google chrome extension so that as I'm browsing the web, similar to how pocket used to work, I can bookmark a page to read more about it later.
Not super familiar with fly.io, but with a quick look at that page it should work just fine.
Just instead of dropping that camellia.conf to the WireGuard MacOS client or Linux wg-quick, spin up the TailGuard container somewhere (pretty much anywhere, but with good ping to fly.io). That way you should have the fly.io private network accessible in your Tailscale tailnet, it runs wg-quick internally alongside Tailscale anyway, just with a bit of scripting to automatically configure the network and the firewall to avoid connections leaking.
If it doesn't work, feel free to raise an issue and I can have a look.
My main concern with these browser agents are how are they handling prompt injection. This blog post on Perplexity's Comet browser comes to mind: https://brave.com/blog/comet-prompt-injection/.
This is a very valid concern. Here are some of our initial considerations:
1. Security of these agentic system is a hard and important problem to solve. We're indexing heavily on it, but it's definitely still early days and there is still a lot to figure out.
2. We have a critic LLM that assesses among other things whether the website content is leading a non-aligned initiative. This is still subject to the LLM intelligence, but it's a first step.
3. Our agents run in isolated browser sessions and, as per all software engineering, each session should be granted minimum access. Nothing more than strictly needed.
4. These attacks are starting to resemble social engineering attacks. There may be opportunities to shift some of the preventative approaches to the LLM world.
Thanks for asking this, we should probably share a write-up on this subject!
> 2. We have a critic LLM that assesses among other things whether the website content is leading a non-aligned initiative. This is still subject to the LLM intelligence, but it's a first step.
> [...]
> 4. These attacks are starting to resemble social engineering attacks. There may be opportunities to shift some of the preventative approaches to the LLM world.
With current tech, if you get to the point where these mitigations are the last line of defense, you've entered the zone of security theater. These browser agents simply cannot be trusted. The best assumption you can make is they will do a mixture of random actions and evil actions. Everything downstream of it must be hardened to withstand both random & evil actions, and I really think marketing material should be honest about this reality.
I agree, these mitigations alone can't be sufficient, but they are all necessary within a wider framework.
The only way to make this kind of agents safe is to work on every layer. Part of it is teaching the underlying model to see the dangers, part of it is building stronger critics, and part of it is hardening the systems they connect to. These aren’t alternatives, we need all of them.
Sure, but to clarify, so you are probably setting temperature to close to 0 in order to try to get as consistent output as possible based on the input? Have you made any changes to top k and/or top p that you have found makes agents output more consistent/deterministic?
Seems like the most popular players in this space are Bitwarden and KeePass, does anybody have a positive or negative experience to share with either?
reply