bitwarden, enshittification, etc., personal frustration
And once again, a "FOSS" thing that people *assured* me was legitimate FOSS when I refused to use it because of its commercial VC-y setup... is starting to lock down their project after increased VC funding.
How many times does this need to happen before people stop trying to argue about this shit with me and just accept that there is a very good reason I will not touch anything that looks VC-y, no matter how "we're FOSS, honest, promise" it claims to be?
When will people learn that corporate FOSS with an unclear business model *will* end up backstabbing them, and it's just a matter of 'when', not a matter of 'if'?
"But this one is different!" No it's fucking not, and I fucking *told* you that this would happen and why, but you didn't want to listen did you?
bitwarden, enshittification, etc., personal frustration (2)
@joepie91 bitwarden made the SDK GPLv3 now, see: https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977 and https://github.com/bitwarden/sdk-internal/commit/db648d7ea85878e9cce03283694d01d878481f6b
Of course that is no guarantee that they won't get up to something at a later time.
bitwarden, enshittification, etc., personal frustration
@joepie91 Absolutely! If the funding model is "it's a hobby project, I have spare server capacity" that's OK, I use a lot of code like that, maybe not for something security-critical though. (Which is why I haven't released my own password manager.) If it's "corporate sponsorship", that sponsorship will go away some day and I want to know your plans for when it does. If it's VC, the org is already dead, just still walking.
@joepie91 projects I hopped from that each fucked me over:
Vault, SmallStep, Teleport, BastionZero, Tail scale, Bitwarden.. the list goes on.
@joepie91 VCs seem particularly predatory with any kind of "Zero trust cyber security edge cloud" bullshit bingo.
@joepie91 bring back boring security
@arianvp That's one of the industries it happens for, yeah, the thing with the infosec industry is that they're extremely easy to buy goodwill from, you just hire a couple security folks who are well-liked in the community, have them write a couple really interesting and cool blogposts with knowledge that's hard to find in a concise format elsewhere, and bam, you've bought the market.
See also: Cloudflare, Tailscale, ...
(There's some other industries where this happens, DevOps is another one, but it's why this particular predatory model happens so often in specific industries)
bitwarden, enshittification, etc., personal frustration
@joepie91 what did Bitwarden do?
bitwarden, enshittification, etc., personal frustration
@kmeisthax There's a couple news articles about it but basically they're starting to try and insert a proprietary SDK into everything, and also have conveniently hired the developer of another FOSS 'compatible' client
bitwarden, enshittification, etc., personal frustration (2)
So like, consider this your early warning for Tailscale and all the other currently-hip "open-source-friendly" things that are rapidly buying goodwill with neat technical blogposts. We'll see where they are in a year or five.
(And this one isn't exactly an 'early' warning anymore, but Microsoft "embracing open-source" is absolutely one of these as well.)