[sph]

Ah for fuck's sake. It keeps happening to all the software I love. I guess I'll have to stop relying on convenience (I was a 1Password user years ago) and go 100% open-source. None of the libre offerings seem to be as convenient and polished, but at least they're not into some VC's pocket ready to squeeze as much profit as possible out of my paid membership.

What's a good OSS alternative that works with iOS and Linux? Anything that's audited? (perhaps that's asking for too much)

[ok_dad]

> Ah for fuck's sake.

I agree, and I wish we had more power in these things than just forking. Now that I know Bitwarden took VC money, I'm also fucking out of this mess, and here I was about to renew for the 5th year in a row.

Fuck VC's, they ruin everything good. Can I say that here? It's true.

[secabeen]

The entire finance industry has a disdain for "lifestyle businesses", that just generate enough profits for the founders and employees to live on, but will never generate an exit beyond that. I get why, but for utility products, a solid lifestyle for the employees and a useful product for users is enough, and should be enough.

[jrochkind1]

And can be enough if you don't need large quantities of investment capital. If you don't _need_ it, but _want_ it to get fabulously wealthy... well, "lifestyle business" is not the path to that, by definition.

It's almost like the interests of those who want to get fabulously wealthy -- whether founders or investors -- become misaligned with the interests of the users, even steeper/faster than when you "just" have a "lifestyle business".

[jjeaff]

The thing is, founders can get fabulously wealthy with a lifestyle business or at least very wealthy, but it might take longer. But all the established money seeking rent parked at VC firms can't get a cut if you don't play ball with them.

[jrochkind1]

Yeah, wealthy enough if not billionaire, true.

> But all the established money seeking rent parked at VC firms can't get a cut if you don't play ball with them.

OK, but why does a founder care about that? Either they think their business model can't get them to a sustainable lifestyle business without external capital investment... or they want to get more-than-lifestyle-business wealthy, right?

[jjeaff]

I'm sure that's what they think. I don't know if the data really indicates that going to VC route will make you richer. It could certainly make you more publicly successful.

[sirsinsalot]

Millions, even tens of millions, for founders isn't unheard of at all for small "lifestyle" businesses.

Not VC billions, but fuck you money is certainly doable.

[jrochkind1]

I don't know if a couple million is "fuck you" money in 2023 (enough to never work again and eventually retire while living a fairly luxurious lifestyle?), but point taken.

[tunesmith]

Lifestyle businesses have a big flaw in American culture though; our safety net is not enough to make "meets expenses" a tenable long-term approach. We basically have to aim for a big wad of savings for later in life, which incentivizes going for exits and cash-outs.

[TedDoesntTalk]

VueScan (hamrick.com) is a very good example of a successful lifestyle business (first release in 1998). The founder and his son work on the product full-time. I don't think they have any other staff, but I could be wrong.

[nightski]

Seeing as only a few % of Americans achieve what you are saying I don’t think it’s strictly true. Maybe if you want to fatfire or something

[secabeen]

Perhaps, I would hope that a sustainable lifestyle business would be able to pay employees and founders enough to build a comfortable retirement nest egg through savings, investments, and compound interest.

[fortuna86]

This also means creation of billion dollar global platforms that Europe and other parts of the world have never accomplished. Trade offs.

[ok_dad]

I feel so happy that we have created "billion dollar global platforms" instead of universal healthcare or ensuring everyone was sleeping indoors. Woo-hoo!

[fortuna86]

Are you implying that there are no homeless people in Europe? Or problems with poverty or access to healthcare?

[karaterobot]

You can definitely say that here. To me the problem isn't exactly VCs, it's the expectation of rapid, open-ended growth that ruins good products and companies. Of course, the driver for that is often VCs, but it can come from other places too.

[worble]

KeepassXC has served me well for many years, synced via my Nextcloud but could just as easily use dropbox or icloud, or even syncthing.

[5e92cb50239222b]

Upvote for keepassxc. I've been using it and its predecessor with the same database file for something like 15 years and have seen many of these services come and go in the meantime. It will outlive Bitwarden for sure.

[kornhole]

Yes KeepassXC is great. Nextcloud passwords is actively developed and looking good except for the Linux app failing on Arch.

[lotsofpulp]

I use KeepassXC and Strongbox.

[forsakenharmony]

syncthing works really well imo, can also tell it to keep 3 versions as a backup

[vetinari]

I had conflicts that needed manual intervention too often. It is not something that most users would put up with.

[dcow]

In your opinion, what would the ideal password management business model be? A non-profit like Signal? (Not rhetorical, actually curious what people want here.)

As a thought experiment, let's say there are 1000 people who get annoyed when a software product they use takes VC funding. For those 1000 people to sustain a software product with a team of 5 for 10 years at 150k average per head. you'd need 7.5MM dollars just to break even. That's $7,500 per user, or $750 per year. I doubt many people would be willing to pay that just to have a product that never takes VC funding.

And note that's just to cover labor costs. If you want it audited, that's a solid 25k per audit. Operating costs for website and infrastructure, etc. Now if the product was exceptional and beat out other products in the space and generally had a slice of the pie, the number of users would increase and per user cost would decrease. But also doing as much with a team of 5 is no small feat.

[aceazzameen]

I'm not sure if there is a good business model in password management. I can't answer that question. What I do know is, a good password manager is the type of software that should strive to be feature complete. And at that point resources should be used for maintenance, security, and software/OS compatibility updates. In other words, a low-if-any growth, but profitable business assuming the software is good.

But once you get into VC funding or acquisitions, businesses tend to want to grow and bloat their products by adding features no one asked for to increase their perceived value. I know I'm tired of seeing this happen to beloved software time and time again.

[dcow]

Perhaps then software utilities are better suited for a crowd funding model?

[vanilla_nut]

Non-profit like Signal that sells cloud hosting to pay the bills, standard protocol with self-hosting option for the server like email/browsers agreed upon decades ago, anyone can create an interoperable desktop/browser/mobile client. Fully encrypted such that even the non-profit doesn't have the decryption keys.

That being said: it's unclear if anyone really understands how to build an open source product with cloud hosting covering the bills. Almost everyone either makes a deal with the devil (VC funding) or upsells too aggressively anyway.

Cloud storage and CPU usage is basically negligible per-user for a password manager. I imagine you could service hundreds of millions of users on just a couple of capable machines, similar to HN's setup. Even with hundreds of passwords, most users total mere MB's of usage -- it's even simpler than email! I think this is one of the rare cases where corporate users can pay for big accounts with special sharing features and completely subsidize a free product for individual users. Or you could charge individual users $5 a year to cover cloud costs (more than enough), with self-hosting as an option for highly technical users to save a buck.

[franga2000]

> sells cloud hosting to pay the bills, standard protocol with self-hosting option for the server like email/browsers agreed upon decades ago, anyone can create an interoperable desktop/browser/mobile client. Fully encrypted such that even the non-profit doesn't have the decryption keys

All of those are true of Bitwarden, except for the non-profit part...

> Or you could charge individual users $5 a year to cover cloud costs

And who pays for the development?? Bitwarden already charges only 10€/year, so they're basically doing exactly what you're proposing, but paying for development with VC money.

Even if servers were literally free (they're far from it!), do you have any idea how many users they'd need to cover just the minimal amount of developers, one business person and either an in-house or external security auditor? And who would pay for all of that during the time it took them to build up that user base??

I hate the VC culture as much as the next guy, but unless the founder is already crazy rich, you need external capital to start up any large decently company - or even a non-profit.

[lumb63]

I use KeePass. It’s up to you to sync passwords and they’re stored locally. I see those as features despite that they’re inconvenient.

[noirscape]

Another advantage to KeePass is that there's about half a million clients and most are actually written to be used for their platforms.

Lots of more "modern" password managers (as well as generally other software) kinda suffer from having this weird mixed mobile and desktop interface, inheriting all the downsides of each interface while gaining the advantages of neither. (Not to mention all the issues with porting stuff between two different OSes; Mac and Windows have completely different ideas on what an interface should look like.)

KeePass's official client being windows-only is a blessing in disguise since it means that each client developer can specifically focus on making it look good on whatever specific platform they're targeting.

[qwerpy]

I use cloud storage to store the kdbx file and sync it across a PC and my phone. It’s pretty awesome 99% of the time and just works. Once in a while you get a merge conflict and it’s not so good.

[lcnPylGDnU4H9OF]

Even merge conflicts have been a lot better for me in recent years. My only worry with KeePass is that I have to rely on potentially sketchy client applications but I'm also fortunate enough to have the skills to make my own if I really felt the need. It's one of the few "not-my-solution" pieces of software which continually gives me a sense of data ownership.

[lumb63]

I run an SSH server on my laptop and SFTP it to my phone via Strongbox when I’m local.

[jimt1234]

I love Bitwarden. I've been a customer for years. Great product. Great team. However, I recently quit for this exact reason (evil VC influence), and migrated all of my secrets to KeePass. Yes, a slight inconvenience to manually sync across devices, but I sleep better at night knowing my secrets are no longer in the hands of some VC suit.

[kdmccormick]

If a simple git-based CLI solution is appealing to you, then try https://www.passwordstore.org/. I wouldn't recommend it someone non-technical, but personally, I've never looked back.

There are iOS and Android clients, too. Not especially polished, but they do the job.

[jmcphers]

Love passwordstore, been using it for almost 6 years with zero issues while watching my friends run frantically from one compromised or greedy password manager to another.

[yoavm]

As mentioned in other comments, BitWarden has both OSS client and server implementations. You can keep using it and if something goes wrong (or earlier, if you wish) you can always run it yourself.

[Y_Y]

I haven't seen, but would love to, a tech startup that is guaranteed not to sell out. I don't mean a promise from the founder on a blog, but a legal structure. I'm not sure what what form this would take or if it's such anathema that it could never be but it would be great to see.

I'm sure I'm not the only one who's tired of the bait-amd-switch of companies who are all about freedom until they get acquired by a giant and then start hastily walling their garden.

[aaronax]

Cooperative

Customers are members/owners.

Examples: Tessitura, NISC

[Y_Y]

Someone posted this list of such co-ops recently: https://tech-coops.xyz/

Is it true that they couldn't sell out though? I imagine if the buyer offered a pile of money then the majority of the owner-workers would go for it, even at the expense of the users.

[aaronax]

Interesting how your list focuses on worker-owned cooperatives. I had mostly thought about customer-owned cooperatives up until this point. Most of my exposure is with customer-owned ones, perhaps due to living in an agricultural area (grain elevator co-ops, fuel co-ops, rural electric co-ops, rural broadband co-ops). And working for one!

I think that a worker-owned cooperative is not really in line with what I would consider to be the traditional cooperative spirit.

Customer-owned has a clear mission to deliver value to its owners. That value would be to provide various services essentially at cost. Workers are paid market rate to get the work done. Profits are given back to the owners (customers).

Worker-owned also has the mission to deliver value to the owners. The workers are going to value making as much money as possible, though being careful to not go past the point where they would find themselves without a job. So this type of co-op will be trying to extract maximum value out of the customer. This is a significantly different proposition. This type of co-op seems more like a company with an ESOP.

I could see either type choosing to sell out. I guess either the workers or customers would think they have better places to invest the capital. So I guess co-ops too have up and down lifecycles like a standard company. As the co-op becomes ineffective or no longer needed, the capital invested in it would be re-deployed.

[weaksauce]

bitwarden is opensource. you can self host. the apps in the store are compatible with the self hosted options just change the url to your server. you can also fork any of the projects and build it yourself if you don't trust them.

[crossroadsguy]

I have accepted that one has to keep moving around. Password manager, backup software, it goes on.

Right now I am hunting for a non-subscription note taking setup that will replace SimpleNote.

So I’ll move to the next option from BW, just like I moved to it from LP.

[trinsic2]

Yeah, the very reason I'll stick with keepass.

[attentive]

keypassxc