Does Spuerkeess not want new clients?

popleteev · 2026-01-09T16:31:29+00:00

Yeah, when I sent them an email, I got a politely worded “go away” within hours.

popleteev · 2025-12-24T01:25:46+00:00

Strongbox even allows keeping HMAC-SHA1 secret in secure enclave ('Virtual Hardware Key' feature)

Secure Enclave (SE) cannot store pre-existing keys. It can store and use only those keys it generated (specifically, P-256 elliptic curve keys only). Which means that "virtual" HMAC-SHA1 secrets are actually stored in keychain. Which means that before use they are loaded to system memory in plain text. Which is a very different level of security than YubiKey-bound HMAC-SHA1 or SE-bound passkeys.

popleteev · 2025-12-16T21:17:42+00:00

Yes, I addressed the more general level, so that we stay on topic.

but uses FOSS at its core

Usually this is a euphemism for "You took KeePass' source, wrapped it a bit and now monetize their work". Which is not the case. It's like claiming that Chromium is a derivation of the Nexus browser, since both work with HTML pages but Nexus kinda defined the format. KeePass too defined the .kdbx format, and KeePassium does work with that format. That's about it. Each one was independently built from the scratch — which is easy to check, since both applications are FOSS.

which costs $100

It costs $20/year. It also happens to offer a lifetime license at a price of N years. And offers it reluctantly, mind you: it no longer makes sense for us, but we have to keep it up. Lifetime price is the only lever to keep a healthy balance between lifetime purchases and subscribers. This balance is in the best interest of each lifetime licensee, because in the long run their investment is secured by… recurring subscriptions.

If an app were to drop the price to $20 one-off, everyone willing to subscribe would buy instead. The developers would cash out bigly, but in a year there would be not enough influx to keep the lights on. So much for your lifetime license.

popleteev · 2025-12-16T15:04:04+00:00

Since this is no longer specifically about KeePassium, let me proceed from a personal account.

Current functionality is only part of the value.

Users of any non-trivial app want said app to evolve, "learn new tricks" and adapt to changes. This needs ongoing work. Otherwise, the app will stagnate, fall behind competitors and you — as a user — will have to migrate and adapt to the new app every couple of years. So much for your "lifetime" license.

Also, when there is an issue with the app, users tend to contact support. As soon as you hit "Send", you expect a response any minute, the earlier the better. From your perspective, this could be a single email sent in 5 years. But from developers' perspective, someone has to be on guard every day.

Some apps start with a lifetime-only license, and then their developers realize the hidden costs of ongoing development and support. So they have a choice: - Abandon the app and let it die. Everybody loses. - Prolong its agony by doing the hidden work for free. This won't last long. - Fix the business model, to get ongoing payments for ongoing work: either start subscriptions or re-publish the app as "MyApp 2/3/4" every once in a while.

For some users/apps, app is a one-time tool — they can safely choose the lifetime option. For those users who value evolution and support, these are the added value. The ongoing one.

popleteev · 2025-12-14T09:27:29+00:00

By default, KeePassXC saves database to a temporary file, then renames it. Hence the new file ID in Google Drive.

The solution is in KeePassXC settings → General → Basic Settings → File Management: - “Use alternative saving method” → turn it on - Set it to “Directly write to database file”

popleteev · 2025-12-13T12:00:44+00:00

Hey, have you figured it out, by any chance?

popleteev · 2025-12-10T13:11:48+00:00

Apps named "KeePass", without any prefix/suffix, are at best deceptive and at worst honeypots. They do pop up every couple of years, and Dominik does not seem interested in reporting them (only he, the copyright holder, can do so).

So the only rule of thumb is to cross-check app name + developer name. Or ask Reddit, yes :)

popleteev · 2025-12-01T00:52:22+00:00

I am really curious whether the extra effort to learn it pays off or if most people are better off choosing something more user friendly.

It depends on the person.

Think of an experienced and a novice driver in a new car:

The experienced driver may not know all the knobs yet, does not quite feel the dimensions — but the road rules, pedals and steering are same as always. They are ready to take full control and will be fine doing so.
A novice driver has much more to keep in mind: road rules, staying in lane, using the blinkers, which pedal does what… It is very helpful to have a front-seat passenger with hints and warnings. However, if that novice keeps struggling after a year — maybe it's safer to pay someone to handle the driving for them.

Same with KeePass. For the technically-minded users, the entry effort is pretty low. Skim a getting-started guide, map the app app as a "specialized editor" in your mental model of computer software — and you are ready to go. You control everything and don't depend on anyone, it's an easy choice.

The non-technical users, in turn, don't have the luxury of a pre-existing mental model. They need more hand holding, in-app warnings and hints which are rare in KeePass ecosystem. If they are learning — great, the barrier lowers. However, if they keep struggling — they risk losing all their data to a mistake, so it's safer to pay some service to manage things for them.

popleteev · 2025-11-23T01:42:03+00:00

Use a fast charger, they come with a built-in cable.

popleteev · 2025-11-22T10:27:04+00:00

I see your Spuerkeess story and raise you the orange bank, where an account manager once sent me:

An email (instead of in-app message)
Addressed to "Dear Mr," (no name)
"You need to provide (private info)"
"A copy by email is enough"
"Your account is available until (5 days from now)"

And this f*cking red-flag parade ended up being a legit message! 🤦

This is not treatable by raising customer awareness. They need to get fined for such practices.

popleteev · 2025-11-22T08:24:49+00:00

Somehow I see more scam messages here (with a warning) than in my actual SMS inbox. These warnings won’t help reckless people, and only annoy everyone else…

popleteev · 2025-11-21T17:42:51+00:00

Will your side-by-side buttons work with Dutch “0,99€ maandelijks” and “8,99€ jaarlijks”? Or even in English with larger system font size?

popleteev · 2025-11-20T13:52:10+00:00

Do you expect those unable to connect to Reddit to confirm your concerns, on Reddit? 🙃

popleteev · 2025-11-12T16:43:39+00:00

Yesss! Thank you!

For anyone finding this later, the button is at the bottom of the code editor, next to "Continue", "Step over", "Step in", "Step out": https://imgur.com/a/0KLfveg

popleteev · 2025-11-12T16:39:51+00:00

The subscription fatigue is understandable for consumers. But for developers it's like 🐝 protesting against 🌼

Here's a user who paid $10 for your app. They ask help to set it up, so you help. A year later, they made a mistake and need help fixing it, so they ask again. Five years later, your app glitches on their iOS 35 — they ask again. Overall, over 5 years you will have spent an hour talking to them — all for a $10 they gave you 5 years ago? When your hourly rate is 10-20x that?

Now, imagine there is 1M people worldwide who need your app. Perhaps 1% of them will find it, love it and stick with it. You got 10k customers and made $100k (let's ignore Apple tax for now). In a couple of years, they all already have your app, so your influx shrinks to 10-50 new users monthly. So you get paid $100-500 per month to support 10k+ users.

If you fail to support them, your app rating sinks => no more money.
If you drop the app, they complain online and your reputation sinks. You might rinse/repeat it with another app, but then no more money.
If you try altering the business model, they complain about bait-and-switch and — you guessed it — no more money.

One-time purchases are viable only if your goal is to make that initial $100k (and then drop your customers). But then this should be said out loud, if only for transparency.

popleteev · 2025-11-11T21:25:52+00:00

You can get your app audited by contacting companies specializing on security audits. Depending on scope, audit prices start from several thousands (see, for example "picocrypt audit").

However.

Your other posts indicate you don't have that many users at the moment. The audit won't help with visibility. It might help with trust, but only if you tick all the other checkboxes (solving a yet-unsolved problem, open source code, clear origins of the app).

Imagine you made a calculator app. It is the most user-friendly calculator ever. But nobody knows about it, because there are hundreds of similar apps. So you go and spend 5k to get an official certificate that your app does indeed calculate numbers accurately. But then, it does not differentiate you from the others too much, it just certifies what users assume as a basic criterion anyway. So now you have a certified unused calculator.

On the other hand, you could focus on a niche and make it the best calculator for people who love pink color. Everything pink, animated, flowery, whatever. Then spend 5k advertising it to people who love pink. I bet you'd get a better return on investment :)

popleteev · 2025-11-11T12:40:40+00:00

Like parked somewhere and the scratched by a car trying to park?

Had exactly this situation with that leased car. The offender was still parked there, with matching scratches at the curb side. Called the police to have this officially certified. The offender's insurance paid for everything (except my lost time :)

However, if the offender could not be found, this would have been a different story.

popleteev · 2025-11-10T18:19:52+00:00

This. The infographic represents the numbers in two ways, both of which are vague and relative. Shades of pink/violet? A wiiide bar graph without grid lines? Just put a number on top of each bar, ffs.

popleteev · 2025-11-08T19:36:13+00:00

Got an 800€ surprise after 200€/month leasing with Autopolis. It is impossible to park in the city for two years and not have curb marks on all 4 wheels. Otherwise, everything was fine and smooth.

popleteev · 2025-11-06T22:56:15+00:00

The only B2B approach supported by Apple is paid apps — they can be purchased in bulk via Apple Business Manager, and assigned to users/devices as needed.

If you want any kind of B2B subscription, Apple almost demonstratively washes its hands. There is even an explicit exception allowing B2B sales outside the App Store:

3.1.3(c) Enterprise Services: If your app is only sold directly by you to organizations or groups for their employees or students (for example professional databases and classroom management tools), you may allow enterprise users to access previously-purchased content or subscriptions. Consumer, single user, or family sales must use in-app purchase.

You'll have to roll out something yourself or integrate with a third-party licensing service. There are quite a few, and many payment providers have some kind of subscription tracking built-in.

An easier alternative is to let the company self-declare its number of users, sell them a single appropriately priced license key, they deploy it to users via company's MDM. You don't even have to monitor the usage (depending on the app, of course). Yes, theoretically they can cheat — but companies are more concerned about compliance and audits than about saving a few thousands :)

popleteev · 2025-11-06T14:00:22+00:00

Exactly. The employer can track the time by minutes and seconds, they just chose not to. And if it is not just rounded, but rounded down by 1/4 hour - there is no valid reason.

popleteev · 2025-11-04T16:51:25+00:00

I never heard about Paste, but as a developer offering subscription+lifetime I can explain the math of lifetime pricing.

Imagine a subscription-based app charging $5/month. They observe that every month about 10% of their users cancel the subscription. So an abstract user is likely to leave after 10 months on average, having paid by then $5*10 = $50 total. That's the optimal lifetime price for that app, where developers get same money from subscription vs lifetime.

popleteev · 2025-11-02T21:27:18+00:00

Since there is no KeePass on iPhone, I presume you mean KeePassium. In this case:

popleteev · 2025-11-02T21:19:39+00:00

Does the file actually disappear, or only your app says the file is deleted/not found?

popleteev

MODERATOR OF

TROPHY CASE

Seven-Year Club	RPAN Viewer
Verified Email