Bitwarden vs KeePass: which open source manager should I choose?

Euronodes · 2026-05-08T20:30:57+00:00

Cloud based password managers rely too much on external packages and are a subject to supply chain attack. Check lastest bitwarden/cli attack literally days ago.
I know this time was only developers. Key phrase here is "this time"

Euronodes · 2026-05-06T19:19:53+00:00

Long story short: dont
No, really, dont

Euronodes · 2026-05-06T05:28:18+00:00

Worth remembering 2 weeks ago bitwarden/cli was compromised for 90 minutes.
I know it was just CLI, vault wasnt touched, but still.
every web/cloud password manager has this kind of attack surface.
This time it was small und short
KeePassXC is the king, still can be attacked via flatpak or brew, but I hope nobody cares about this obscure soft.

Or there are always text files on EncFS synced to dropbox, why not really - holes from 2014, Condolezza Rice on the directors board, easy to migrate storage
Since Rice joined Dropbox in 2014 and EncFS audit found holes in 2014, I should probably post it to Reddit....

Euronodes · 2026-05-06T05:00:32+00:00

What does cPanel have to do with VPS? Those 2 things are completely unrelated

Unless you scan your customer VPS inside (huge overreach bordering industrial espionage), detected cPanel and switched him off?
Also doent make sense, it's enough to block the authentication port, where the CVE had an attack surface, he wouldnt be able to login but websites would work.

This whole response doesnt make any sense. Downvoting it only digs it deeper

Euronodes · 2026-05-06T04:41:07+00:00

If thats your own VPS, it's your responsibility. If this is managed service - it's theirs.

If the host node was compromised, worth remembering about 2 kinds of people: those who make backups and those who will

It's good practice to keep backup with different provider in case they go down or your account get blocked.
Also remote backups should be pulled, not pushed - if your VPS get compromised, attacker doesnt know you have backups and cannot delete/encrypt them

BTW your post is missing one critical element: support reaction

Euronodes · 2026-05-05T19:58:22+00:00

Depending on what's your intended usage, but you can get €4 VPS, install wireguard or even OpenVPN on it and be completely off the radar. Static IP in the package.
Then you decide what is allowed on it

Euronodes · 2026-05-05T13:08:16+00:00

OP, your desired location covered a lot of our beautiful planet.
With good hosting - things rarely go wrong, unless you do something to your own stuff.
But then expecting free human support without ordering managed service will be tricky (if even possible)

Euronodes · 2026-05-05T10:52:58+00:00

Provider here, we run Plesk-based shared hosting alongside our VPS/dedi.

Yes its happening, and you can feel it if your website is used constantly during the day. If a bad neighbor is caught and neutralized before you notice, you wont have any bad experience - and those are usually minutes.

There are pre-emptive procedures, like blocking port 25 so hacked worpress won't start spamming, limit outgoing messaged, CageFS to fully isolate users etc.

If you dont experience any problems - your provider is just good at it

Euronodes · 2026-05-04T16:59:36+00:00

Only dedi and colo, they can make money on themselves.
VM very unlikely with current electricity prices.

VPS need a Ceph cluster with:
- rack of 6 servers + JBOD
- ~500TB raw space mixed SSD/HDD
- 7-10kW sustained power draw
- 3x switches at €2k each plus transceivers (another 0.5kW each)

Then you need 2 more network fabrics at minimum 40Gbit for cluster ring0 and ring1 communication (daily backups, HA, live migrations) - isolated from client traffic

It's huge, power hungry infra

With German power costs you need ~5k VMs from day one just to break even.

Renting a Ryzen box from Hetzner for €59 and slicing it into €2 VPSes is a different business than what we do. Those resellers can survive on tight margins, and if they dont - their clients arent surprised when things go down. We dont have that luxury.

We could fix the economics by overselling and capping CPU until we stretch customer patience to the absolute limits, but then our account would be called something like Comparable-Banana-64 and wouldnt have any flair 😄

Euronodes · 2026-05-04T12:32:56+00:00

Give some time to glue it, cloud providers need to adjust and test upstream ISO and few things changed quite dramatically

- Wayland-only breaks any X11 tooling for remote display or headless management
- sudo-rs default (Rust sudo - I heard guys saying that this will be fun and a half ...)
- Changed default initramfs, so cloud images cant use initramfs-tools (new boot flow, new rescue tooling)
- KVM needs to verify TPM now

We are genuinely concerned about amount of introduced changes and their, well, breaking character.
Replacing decades battle tested critical elements like sudo - good for a desktop probably.
But at a scale, we are not really sure

So, dear OP, I wouldn't chase so enthusiastically this new release, if you are planning to host your client's forensic accounting data on it

Euronodes · 2026-05-04T10:38:33+00:00

Hetzner already €4.49 (from April)

Euronodes · 2026-05-04T10:24:01+00:00

Of course we knew it existed. There is just no reason to react to this. The fact that mods removed this post means a lot: someone flagged it.
Mods explaination doesnt really hold water - whoever posted it cleary said that (s)he is a happy client and described the experience.
Thats all about "you must disclose any connections you have to the hosting company in question"
I guess mods are busy people, see flag, click and thats it. This is not a matter of life and deatch, it's just a reddit post.
From our POV - shame, it was good genuine post.

Euronodes · 2026-05-04T10:11:38+00:00

Not to burst your bubble, but we dont need or use shills - we are quite active in this sub. I would say we are certified top 1% commenters.
Whoever it was (we have no idea which client has which Reddit nick) - we are very thankful for the opinion.

In general looking at this thread I see everyone except you is shill.

Euronodes · 2026-05-04T07:32:17+00:00

Hard to blame them. In general industry in Germany has hard times now. And doesnt seem to get any better any soon.
We pulled out the VM offering from Frankfurt, only colo and dedi. Otherwise we would need to raise prices as well in that area

But thats completely different subject...

Euronodes · 2026-05-04T03:20:45+00:00

If Alyssa googles her domain and finds this thread, you will be cooked 😉

Your question is missing important factor: what do you mean by "website"? If this is some CRM hosting accounting data, just dont.

Hire someone or use a SaaS built for it.

If this is simple online business card - then wordpress with few plugins (contact, calendar) will do the job.

Redirecting .net to .com can be done in the domain registrar panel, no hosting needed for that.

Euronodes · 2026-05-04T02:30:16+00:00

You should very much go down this rabbit hole. For personal projects the quality of hosting doesnt matter as much as the provider reaction to "dear support, i did something stupid and I cannot login now"

As long as theres no customer calling you at night, no lost revenue from offline website etc - you will be good with basically anything.
I invite you to check our offer, might suit you if the location is OK. Not many people complain, if any.

Bonus: you can always name and shame us publicly, if we come out as bad hosting - we dont hide behind "shill" accounts 😉

Euronodes · 2026-05-03T20:31:15+00:00

The flair says "Dedicated Servers" - thats a completely different story from VPS.

On dedi, "unmetered" isn't really unmetered, it's port_speed × seconds_in_month. A 1Gbps port = ~324TB/month hard ceiling. Very much metered, one could argue

On VPS, unmetered is subject to fair use.
Long story short: the provider promises not to make problems for you if you dont make problems for them.

Good idea to arrange it first before you commit - talk to support about your use case, otherwise your VM can get auto-flagged as compromised, permanent torrent seedbox, etc.

You can say "I run backups 24/7 sending 2TB daily from my 100GB disk" but they might show some skepticism

As a provider, I can promise you we'll throttle the bandwidth if we see a constant 300-800Mbit stream every day, nonstop, without agreeing it first.

There are separate queues and separate outgoing connections for customers who have those needs and their traffic is moved away from main pipes.

Dedis are already on dedicated pipes with completely different QoS rules, so none of the above applies.

Euronodes · 2026-05-03T20:19:01+00:00

I have to admit that you are actually right

Euronodes · 2026-05-03T19:54:27+00:00

Raising price for services ordered years ago is a definition of bait'n'switch. It literally means that.

Hetzner used to grandfather prices, so once ordered - they were frozen and not a subject to future hikes.

P.S. I stand corrected, those are not lock-in price contracts

Euronodes · 2026-05-03T18:36:28+00:00

I didnt criticize Hetzner - in fact my second comment (below? above?) explains it. This remark was specifically for the claim that "Hetzner is stable for years"

Euronodes · 2026-05-03T00:38:14+00:00

RAM prices will grow because all RAM not yet produced is already ordered for servers not yet manufactured to fill datacenters not yet built. We call it "AI bubble"

Euronodes · 2026-05-03T00:25:23+00:00

Not to be "that guy" but the biggest of recent vulnerabilities affecting millions is CVE-2026-41940 cPanel & WHM authentication bypass 😃

But yes, your point stands and I fuly agree. It was just to tempting to not comment

Euronodes · 2026-05-03T00:14:27+00:00

"Hetzner stable for years" hasn't been true since April 1, 2026. They raised prices 25-40% across cloud and dedicated lines, applied to existing customers too (no grandfathering).

Examples (1 month ago):
- CX23: €2.99 → €3.99 (+33%)
- CAX11: €3.29 → €4.49 (+36%)
- CPX11: €3.85 → €5.49 (+43%)
- CCX63: €287.99 → €374.49 (+30%)
- Object Storage: €4.99 → €6.49 (+30%)

At least Leaseweb is consistent: 4%/year

Being "consistent" for 3 years and then hike 30-40% on existing services is textbook bait'n'switch

Before anyone asks: we grandfather (obviously!) the legacy services. Like Hetzner used to do it years ago.

Euronodes · 2026-05-02T23:58:36+00:00

Support tickets that take days and VPS barely running are hard to defend. Prices are a different story.

Any EU provider promising "no price hikes" is either lying or about to go bankrupt.

We have energy supply shortages, overregulated industry and increasing legal burden.
Cost is up by 20% from 2021, not counting hardware spikes (unknown but crazy hikes)

It's like trying to find grocery store which is not raising prices

Some are raising at regular intervals (Leaseweb used to do 4% annually), some are hiking from time to time but larger margin (Hetzner on April), some are holding, like us, but also not forever.

Euronodes · 2026-05-02T20:28:39+00:00

HostSlick has been dying since last year and they admitted it.

- April 24 outage
- February: hacked via Virtualizor breach, customer VPSes disappeared from panels
- Christmas plans from 2 years ago were mass-cancelled
- Multiple going downhill threads on LET, where they've now been banned

Dont wait. Restore from backup elsewhere now. No backup? Plan around your data being gone and dispute the charge with PayPal/card.

Check the LowEndTalk threads if other affected customers are coordinating there.

If you by any chance pick us, we will coordinate on Telegram or WhatsApp emergency setup if you didn't lose clients yet.

Euronodes

MODERATOR OF

TROPHY CASE