I’m using heylogin. It’s a German company with members or former members of the CCC (Chaos Computer Club) with servers in Germany.
I fucking hate vibe coding and stuff but their usage of AI seems more like autocompletion and tooling around the code. So nothing really frightening from my point of view
Even “generating boilerplate” isn’t a good use case for AI. My coworker gave a presentation on how he used AI to “generate boilerplate” for a Go project and like 90% of the mountain of slop he generated was just not necessary. There’s a snuck premise here that you need to generate a mountains of boilerplate, but that’s not always the case. AI is cementing bad practices at my company.
The most people I see complaining about this kind of AI usage seems to have more a coworker ability / practice issue than an actual problem with AI. Nothing requires to accept AI slop (even for boilerplate) and it does not spare thorough reviews and practices / codestyle fine tuning. To me its more like a bad intern that works really fast and does not learn much. So with good and precise directions you can achieve something, otherwise you can do it yourself faster. It can of course become an issue if your code review loads increase too much due to people pushing AI generated PR
Its weird seeing so many people in a place literally called “Fuck AI” defending AI.
Really?
This is literally where LLMs have probably the most advantageous use with practically no downsides. Their devs aren’t idiots that are suddenly vibe coding. Using an LLM can be an invaluable tool.
Linux already has merged code that had some form of LLM input years ago.
It’s not about whether or not you’re using an LLM as part of your work process, its more about whether or not you’re submitting shitty code.
Even if you want an alternative for this reason, I can probably bet you that several PRs in Vaultwarden were probably looked over by someone’s Claude chat while they were writing and testing it, or straight up took generated code and edited to their needs.
Hell I’d even bet Lemmy has PRs that have been touched by LLMs.
But muh purity!
I wish I could upvote this twice.
That’s alarming.
Seriously can it stop. I just switched to BW.
Faaaaackkkkkkk
SyncThing + KeePass, I’ve been using this setup for a long time. Requires setup and isn’t automagically done for you, but you control everything about it + it’s decentralized and local. I unfortunately don’t have any good guides off-hand, but I can try to give some pointers if you’re interested to know more about it.
On Linux, the only downside is you can’t use the auto-type feature in Wayland, but there are browser plugins to make it less of an issue.
Alternatively, if you are a self-hoster, you can still use the BitWarden local clients with an open source backend server that you control: https://github.com/dani-garcia/vaultwarden
KeyPass had a breach that exposed people’s master passwords to attackers.
It’s worse than Bitwarden
KeePass is an open source application, and that was patched as soon as it was found. Nothing will be 100% resistant to attacks, and you don’t have to make your kdbx available online at all which mitigates that attack entirely. What matters is how the maintainers react.
Calling a local FOSS app worse than a privately owned and centralized SaaS is hilarious.
As a regular user they allowed my master pass to be leaked. So i started using another password manager that didn’t do that.
Regular users don’t host their own password manager apps usually.
You don’t host anything with KeePass, it’s an application that you install. People use this type of software literally every single day. I’m not sure where you get your information from. There was no “leak”, it was an attack that someone could execute if they had access to your physical machine and only used a master password without a keyfile. If someone didn’t have that, they don’t have your master password, because it doesn’t go to the cloud at all. It’s all entirely local. Stop handing out misinformation like candy.
edit: the actual CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-32784
Vulnerabilities happen, end of story. Like I said, what matters is the maintainers’ reaction and how open they are about the details. If you rely on other people/developers to handle your OpSec for you, then you shouldn’t be using computers at all and are putting yourself at risk no matter what software you use.
And if this is your litmus test, then holy shit do I have some bad news for you about iOS/Android/Linux/Windows/macOS/literally any web browser… and I guarantee that whatever you use now for your password manager has it’s own share of issues regarding security, which again points back to taking care of your own OpSec instead of relying on others.
Expect shit to hit the fan, and you’ll always be prepared when it does.
Hm, neat. Thanks for the cve ref. Seems KeePassXC was unaffected.
Issue was residue of typed characters left in memory (managed by .NET). This means the attacker needs to be able to dump memory and search it. If they can do that on your machine, you have other problems. They could probably just keylog you to the same effect with that level of access (on x11 anyways).
Explain to me how someone ‘allows’ leaking a password that is used locally on the user’s machine in an app that only connects to the web to download website icons.
The way password managers work is you sign up and use their app to store passwords.
Explain to me how a regular user signing up for this service is jumping through the hoops of self hosting.
KeePass is a local app, dummy. It doesn’t use any ‘service’.
I have bad news for you https://www.malwarebytes.com/blog/news/2025/08/clickjack-attack-steals-password-managers-secrets
Yeah password managers are just insecure
So you switching again?
I can’t find anything regarding KeePass’s stance on AI submissions.
Vaultwarden’s maintainer doesn’t seem to be averse to LLM contributions based on this, right?
At least getting Copilot to review stuff makes sense if it catches something that people miss, or just to catch more-obvious stuff before having a final review by the project owner.
You might be right on Vaultwarden, I don’t use it and was only making a suggestion that gets you something similar to BitWarden, but under your control, if that is a system you wanted to replicate.
There are several forks of KeePass, they each have their own philosophies. It’s kinda like FireFox vs LibreWolf vs any other fork.
Would recommend VaultWarden
Why would you like undocumented LLM usage better than documented LLM usage? I also recommend vaultwarden, but not for this reason
Can you prove that Vaultwarden devs use LLM generated code?
Well fuck me I guess. Can’t even use vaultwarden now
ew
Ugh I really didn’t want to migrate password managers again 🤦♀️
Goddam it wtf
You’re going to have to stop using all software in the next five years or so if you want to keep up the LLM boycott.
Hopefully people who care will start (and for those that already are, continue) to contribute to open software projects that don’t include this shit.
You say “this shit” while not understanding what they are doing. As per their listed guidelines, they use it for documentation, generating boilerplate and other kinds of repetitive tasks. Newsflash, that’s how it is used in most companies I know, since chatGPT’s inception. This is not vibe coding, this is using the tool as intended.
You do use autocomplete and autocorrect in your phone, right?
You say “this shit” while not understanding what they are doing.
Oh, I understand fine.
I’m a software developer, and the company I currently work for has mandated that we make ai coding tools (aka “this shit”) part of our daily workflows. I’ve been using this shit every day for the last year and a half. I’m not a “vibe coder”, either. I have 15 years of experience in this industry, and this shit has universally made my job worse. Even for simple or repetitive tasks it requires constant babysitting, and when it does actually produce functional code, it’s always messy, verbose, and fails to match the style guidelines of our app, meaning I have to waste even more time cleaning THIS SHIT up (or prompting it through that cleanup process — which wastes my time AND my patience).
And most people I work with are a lot lazier with it than I am, which means now I have to spend twice as much time on code reviews to make sure that no one is pushing MORE OF THIS BROKEN FUCKING SHIT into our codebase. There have already been several major production outages at the company because of AI generated code committed by other teams, and in general the quality of our apps has fallen a lot.
Maybe AI tools are fine in isolation, I don’t know. I’ve never asked one to build shitty node.js app #1743168… But if you set THIS SHIT lose on a mature codebase, that codebase immediately gets worse. It introduces bugs, makes the code harder to read, makes the code harder to maintain, and worst of all, it decreases the code literacy of all the developers using it.
When you write your own code, there’s a self-reinforcement mechanism at play, the same as how taking notes in class helps you retain the information better than just passively listening. You don’t get that when you just auto-generate and then passively review code, so we’re starting to see a real “brain drain” where AI tools are harming developers’ understanding of the apps they work on. This isn’t hypothetical, I’ve seen this first hand. A year ago I could ask fellow developers to explain to me in detail the code they wrote three or four weeks ago and they could do it just fine. Now, devs can barely explain code from last week — which, as I’m sure you can imagine, greatly slows down the inevitable debugging that follows when the code they don’t fully understand inevitably breaks.
So yeah, I understand perfectly well what’s going on with this stupid, wasteful, tech-debt producing SHIT, and even though I can’t avoid it in the software I write, I’m sure as shit going to avoid it in the software I use.
Shit.
Yep, I’ve noticed the people who have to use AI the most are usually the most noob people on the team. Reviewing the mountain of slop code they post is aggravating. Honestly, I don’t even review it anymore. Fuck it. If you’re not gonna take the time to write something good, I’m not gonna take the time to give you an honest review.
They’ll reap what they sow. More bugs, more shit.
Fucking tools. Was gonna use Bitwarden but fuck that noise
Came across this the other day and considered setting it up to replace Vaultwarden. Definitely need to sit down and do that now, a vibe coded password manager sounds like an absolute fucking nightmare.
Read the guidelines posted there, using it as an autocomplete and a helper for docs is NOT vibe coding.
Thanks for the suggestion. That looks like a pretty cool option.
I was looking into vault warden, an open source bit warden compatible system
Vaultwarden + keyguard
