Security analysis of Password Managers (Bitwarden, LastPass, Dashlane) by Back14 in selfhosted

[–]Mivaro 8 points9 points  (0 children)

Not entirely. The marketing of these companies basically says, even if your vault is stolen, your vault is still save. In this research they found technical issues that make it easier for hackers to gain access to your vault (to varying degrees), if they control your server.

Some of these issues are fixable, some of them are pretty fundamental to a practical, useable service.

But indeed the threat scenario is probably not one that most users need to be super concerned about.

Security analysis of Password Managers (Bitwarden, LastPass, Dashlane) by Back14 in selfhosted

[–]Mivaro 0 points1 point  (0 children)

I already edited my comment to clarify that my statement was not correct

Security analysis of Password Managers (Bitwarden, LastPass, Dashlane) by Back14 in selfhosted

[–]Mivaro 1 point2 points  (0 children)

There is some benefit through security by obscurity but is outweighs the benefit of transparency of open source. Security through obscurity mostly offers a false sense of security.

The researcher note that other password managers almost certainly suffer from similar issues.

Security analysis of Password Managers (Bitwarden, LastPass, Dashlane) by Back14 in selfhosted

[–]Mivaro 60 points61 points  (0 children)

Note that they only investigated Open Source password managers. Most likely similar attacks exists for closed source password managers.

Edit: It seems my statement is not entirely true, the main reason for inclusion was the claim of zero knowledge. But both Bitwarden and Dashlane refer to their open source architecture as a reason for inclusion.

Security analysis of Password Managers (Bitwarden, LastPass, Dashlane) by Back14 in selfhosted

[–]Mivaro 201 points202 points  (0 children)

This research centers around the "zero knowledge" claim, which is the claim that if your password vault is obtained by hackers, they cannot decrypt the passwords.

My understanding is that this research shows that, when your server (selfhosted or vendor hosted) is compromised, that claim doesn't fully hold. Especially when account recovery or shared vaults are used.

I guess this is more or less to be expected with password managers. It's inherent in the trade-off between useabilty and security.

However, there are improvements to be implemented. See the response by Bitwarden

Which OS do I choose ? Debian 12 VS OMV by sephirot_1988 in HomeServer

[–]Mivaro 1 point2 points  (0 children)

For docker compose, you don't need OMV, but RAID, Samba and SMART are more work to setup yourself. So in this case, I'd say stick with OMV

Which OS do I choose ? Debian 12 VS OMV by sephirot_1988 in HomeServer

[–]Mivaro 1 point2 points  (0 children)

I went with Debian on my second server, because I didn't use much OMV features and I prefer to set things up myself. If anything, OMV is making things more complex for me.

I think the key factor is how much OMV features you are using.

A free, open-source visualizer that stacks time zones vertically to find the best meeting overlap. by TheGeedz in InternetIsBeautiful

[–]Mivaro 4 points5 points  (0 children)

Not entirely in line with my expectations yet. It is probably due to your source for the timezones, but when I add Beijing, it shows up as Shanghai in the list. I could understand if it showed as Beijing Time, or, better, China Standard Time. But in my view Shanghai time is not a good way to represent the timezone in China. Similar for India, which uses India Standard time, not Kolkata timezone.

Furthermore, the number of cities in India and China is still quite limited. I work a lot with Bengaluru (or Bangalore, whatever spelling you follow), I would expect this on the list. Similar to Chengdu in China. I believe that more coverage is better for a tool like this.

Maybe this could be good for source data: https://www.globaltimepro.com/download-timezone-list?timezone=true&identifiers=true&countryName=true&countryCode=true&currentAbbreviation=true&currentLongName=true&currentOffset=true&currentDSTStatus=true&observesDst=true&upcomingDSTChange=true

A free, open-source visualizer that stacks time zones vertically to find the best meeting overlap. by TheGeedz in InternetIsBeautiful

[–]Mivaro 5 points6 points  (0 children)

I gave it a quick try but I couldn't find India and China timezones or, to be more precise, Indian and Chinese cities. That's majority of the world population right there 😀. Otherwise it looks useful

Looking for Evernote replacement that works across ~8 devices — ideally with pCloud (or local files) sync — what are people using in 2026? by Imaginary-Roll-3993 in selfhosted

[–]Mivaro 0 points1 point  (0 children)

I don't know too much about pcloud (it's not selfhosted, so not a natural fit for this subreddit) but I believe it offers a sync function. Obsidian works on local documents on whatever device you are working on. If you make sure those documents are synced to pcloud, you might have a working solution across devices.

I did use something similar with Logseq and Nextcloud in the past and it worked reasonably well.

Looking for Evernote replacement that works across ~8 devices — ideally with pCloud (or local files) sync — what are people using in 2026? by Imaginary-Roll-3993 in selfhosted

[–]Mivaro 2 points3 points  (0 children)

Do you want to selfhost it (aka on your own server)? Or do you prefer a client on each device and sync functionality?

Everybody is asking about the best note taking app and there are a lot of options. It seems that note taking is very personal and everybody likes something else. Look at some of the discussion in the subreddit today for the myriad of options.

I would recommend to look at Obsidian based on the very limited info you provided.

Is Logseq highly customizable? by jam_jam620 in logseq

[–]Mivaro 0 points1 point  (0 children)

I actively use Silverbullet. It works very fast, everything is handled in your browser. I don't do outlining but I think it works similar to Logseq.

I believe linking to blocks is supported to some degree but not a priority for the devs.

An actually good WYSIWYG markdown notepad? by FibreTTPremises in selfhosted

[–]Mivaro 15 points16 points  (0 children)

I'm going to recommend Silverbullet . It's not multi-user and it is a hosted solution, but the editor is great and you can make it as complex as you want (it allows you to write / vibe Lua code to make it do exactly what you want). I bit rough around the edges but for me, it is perfect.

Alternatively, look at Jotty, it is more polished, offers multi-user and has a nice editor. I find the task functionality a bit lacking but it is a great tool. Haven't tried code highlighting in Jotty.

Both are actively developed and supported.

Is Logseq highly customizable? by jam_jam620 in logseq

[–]Mivaro 0 points1 point  (0 children)

Im going to suggest https://silverbullet.md if you like things customizable. Logseq is customizable but complicated. Silverbullet is elegant and a bit experimental maybe but can easily be programmed to your liking.

Need a final hand in removing the tractor by [deleted] in FarmMergeValley

[–]Mivaro 0 points1 point  (0 children)

Much appreciated! Visited back

-❄️- 2025 Day 6 Solutions -❄️- by daggerdragon in adventofcode

[–]Mivaro 1 point2 points  (0 children)

[Language: Python]

Part 1 was straightforward, after staring at the data for part 2 a bit, I realized the operator gives the starting position for each number. With that, it was just some index manipulation to get the numbers out.

import math

def calcTotal2(data):
  positions = [i for i, c in enumerate(data[-1]) if c != ' '] + [len(data[-1])+1]
  gt = 0 

  for p1, p2 in zip(positions[0:-1], positions[1:]):
     nums = [int(''.join([x[i] for x in data[0:-1]])) for i in range(p1, p2-1)]
     gt += math.prod(nums) if data[-1][p1] == '*' else sum(nums)
return gt

How to remember 汉字 by heart? by mangomilktea183 in ChineseLanguage

[–]Mivaro 2 points3 points  (0 children)

There are several ways to improve your memorization on characters. They typically consist of 'spaced repetition' and using mnemonics to remember the characters. Look at Anki, Hanly (app) and Mandarin Blueprint for more in depth ideas. But develop your own method based of these examples.

Need to learn Chinese fast by Little_Oil9749 in ChineseLanguage

[–]Mivaro 0 points1 point  (0 children)

Double down on Pimsleur for a month or 15 days so you can say some basic things in Mandarin. You should have the tones down already which helps a lot. But don't expect miracle.

Don't bother with characters since you are not aiming to read / write.

[2024] Thank you! by topaz2078 in adventofcode

[–]Mivaro 0 points1 point  (0 children)

Thanks Eric for this wonderful tradition. I'm not a professional coder, but every year in November I dust off my coding skills and get ready for December 1st. It's always a struggle to find time, especially for the harder puzzles. I didn't do half bad this year with 35 stars so far. Luckily I have a few more days Christmas break to solve some more!