I agree. I don’t have the time but someone should point this out to the dev via an issue on GitHub.
Shine Get
I agree. I don’t have the time but someone should point this out to the dev via an issue on GitHub.
So basically don’t use this in anything commercial because the phrase “feel free” is different to legally libre and gratis. I personally wouldn’t touch this until it’s released under a reputable license.
Shame they didn’t use a proper license when publishing.
Reference for the admission?
And it’s made by a Bitwarden developer.
They highlighted it was a bug and said it would be fixed very soon after it was flagged. It was addressed in a matter of days. You can build the server with the /p:DefineConstants=“OSS”
flag still and you can build the clients with the bitwarden_license
folder deleted again (now they’ve fixed it).
I don’t understand why you’re throwing FUD about this. Building without the Bitwarden Licensed code has been possible for years and those components under that license have been enterprise focused (such as SSO). The client is still GPL and the server is still AGPL.
This has been the way for years.
Cool. They got that sorted nice and quickly.
Edit:
I don’t get why people think they’re suddenly doing stuff under a different license to subvert the open nature of the project. They’ve been totally transparent on what isn’t part of the GPL/AGPL licensed code for years.
SSO, the password health service, organisation auth requests, member access report blah blah have been enterprise features under the Bitwarden License for ages and they architected the projects in a clear and transparent way to build without those features since they added them.
Mind blowing and this has to be my favourite Tiny Desk of the year. I can never get enough of Kamasi. Thanks for sharing!
Thank you for the smug response however I did indeed read the article and going from 13 months to 10 days is not a trend but a complete rearchitecture of how certificates are managed.
You have no idea how many orgs have to do this manually as their systems won’t enable it to be automated. Following a KBA once a year is fine for most (yet they still forget and websites break for a few days; this literally happened to NVD of all things a few weeks ago).
This change is a 36x increase in effort with no consideration for those who can’t renew and apply certs programmatically / through automation.
Smells like Apple knows something but can’t say anything. What reason would they want lifespans cut so short other than they know of an attack vector that means more than 10 days isn’t safe?
AFAIK they’re not a CA that sells certs so this can’t be some money making scheme. And they’ll be very aware how unpopular 10 day lifespans would be to services that suck and require manual download and upload every time you renew.
Exactly. Source it from upstream at build time or something so it’s transparent.
You’ve been on vacation for 5+ months?
Also wouldn’t it be best to post this communication in the issue thread?
Given how long this has gone on now, it’d probably be best to inform your community that you’ll be removing BLOBs from the source and for them to be produced during build otherwise this shadow is going to remain.
This was the first time I’ve ever heard of your software and has kind of made me want to steer clear of it.
You’re not wrong. Research into models trained on racially balanced datasets has shown better recognition performance among with reduced biases. This was in limited and GAN generated faces so it still needs to be recreated with real-world data but it shows promise that balancing training data should reduce bias.
Let me guess, UltraAV whitelabels Kaspersky…
Team Ginger all the way!
Microsoft aren’t kicking people out of kernel space but expanding the capabilities in user space to minimize the reasons to need to run security components in kernel mode so they can develop and deploy solutions with minimal risk (no security vendor wants that risk when they’re running on business/enterprise machines like CrowdStrike).
Kicking everyone out of the kernel is a long journey and even Apple, who are much further along this path, still haven’t completely closed the door on kernel extensions. It’ll be several Windows versions yet before kernel drivers are no longer a thing.
Nonsense. If they were perfect, wouldn’t they have used a question mark? Your judgement of character is laughable. What empirical evidence is there that they are perfect?
(How was that?)
Give it to meee
Nice! And MIT too. Perfect; I’ve given it a star now.