I'm self-hosting Vaultwarden on my LAN, a Bitwarden-compatible backend written in Rust. I have it running inside a jail on TrueNAS Core (which, alas, is now end-of-life). It hosts its own Web interface, but also is compatible with Bitwarden's Android app and browser plugins.

So far, it's worked out pretty well for me.

...Because no one uses Edge.

Clearly you have never worked in a large corporate environment that has shackled itself to the entire Micros~1 ecosystem -- Office, Outlook, Exchange, OneDrive, Teams, Engage, SharePoint... The whole ball of earwax.

I thought that's what the front page was. It keeps wasting space with things I'm not interested in, or actively dislike.

New Video from The Primagen!
<block channel>

NotAIHonestly Gets Rare Interview with The Primagen!
<block channel>

FrierenFan04 Reacts to !AIH's Interview with Primagen!
<smashes keyboard>

Yes; that more-direct link works too. The link I suggested provides a little more context, perhaps, although to download the document it ends up using exactly the same link that you suggested.

About twenty years ago, I was privileged to be one of the authors of a security specification written at the behest of cable-based telecom companies that described the detailed design of a system for securing phone conversations that were carried over their networks. https://www.cablelabs.com/spec.... The design specifically started with the assumption that the network was penetrated, and was designed to ensure that the attacker could neither disrupt service nor learn anything useful about the traffic (for example, taken from the specification: "All media packets and all sensitive signaling communication across the network [are] safe from eavesdropping. Unauthorized message modification, insertion, deletion and replays anywhere in the network [are] easily detectable and [do] not affect proper network operation").

Once the specification was completed and it came time to deploy, all the telecom companies decided (whether in concert or individually, I do not know) that they were not going to deploy the design. When the lead security VP at one of the major telecom companies explained their decision to me: "We don't need gold-plated security like you've designed: we have firewalls"; I knew that the battle was lost. I also wondered how long it would be before the kind of intrusion like the one described in the article would occur.

Frankly, I'm amazed that it took this long; perhaps, though, what took the time was not the fact of a thorough intrusion, but, rather, the detecting of one.

Not true: I had exactly this happen to me this past week. FWIW, it was the local UPS store... and I got routed to India instead of the phone at the local store despite having called the local number.

Then not only did I have to navigate a phone tree that very nearly caused me to throw the phone across the room, but then (after hitting '0' so many times I lost count) got to speak to two lovely Indians, neither of whom -- as far as I could tell - had more than a very basic grasp of English. I say "as far as I could tell" because both the initial person and her supervisor had accents that were all but incomprehensible. In the end, I slammed the phone down, got into my car, and drove several miles to the store to talk to one of the people there in person (I should mention that they were very nice, sympathetic and apologised for the experience I'd been put through, even though, obviously, there was nothing they could have done about it).

Still, corporate UPS -- like so many companies these days -- are obviously unconcerned about the image they are projecting to the public.

This is how I've come to understand it. I welcome any and all corrections.

Passkeys are a cryptographic key stored in a Secure Element. This is usually a private key inside a small cryptographic engine. You feed it some plaintext along with the key ID, and it encrypts it using that key. The outer software then decrypts the ciphertext using the public key. If the decrypted text matches the original plaintext, then that proves you're holding a valid private key, and authentication proceeds.

The private key can be written to and erased from the Secure Element, but never read back out. All it can do is perform operations using the secret key to prove that it is indeed holding the correct secret key.

On phones, the Secure Element is in the hardware of your handset. On PCs, this is most often the TPM (Trusted Platform Module) chip. In both cases, the platform will ask for your PC's/phone's password/fingerprint/whatever before forwarding the request to the Secure Element.

Yubikeys can also serve as a Secure Element for Passkeys; the private key is stored in the Yubikey itself. Further, the Yubikey's stored credentials may be further protected with a PIN, so even if someone steals your Yubikey, they'll still need to know the PIN before it will accept and perform authentication checks. You get eight tries with the PIN; after that, it bricks itself.

The latest series 5 Yubikeys can store up to 100 Passkeys, and Passkeys may be individually deleted when no longer needed. Older series 5 Yubikeys can store only 25 Passkeys, and can only be deleted by erasing all of them.

Theoretically, you can have multiple Passkeys for a given account (one for everyday access; others as emergency backups). Not all sites support creating these, however.

Is there some reason the write-up didn't include a link to the store?

Congratulations, you feckless imbeciles. You've "innovated" general software package management a mere three $(GOD)-damned decades after Redhat and Debian did it.

While you're at it, why don't you "invent" a tiling window manager that can be driven entirely from the keyboard... Oh, wait...

Honestly... Why is anyone still voluntarily giving money to these chowderheads?

I learned a thing today (on Slashdot, no less!). Thank you very kindly.

Perhaps I'm ignorant of the underlying biology involved, but is anyone besides me having difficulty seeing how "antibodies" can be effective against hemotoxins or neurotoxins?

Sixty billion dollars?

Is there any breakdown of this figure? Even if you paid up front for 100,000 headsets, you might only get to $0.1 billion. Where did all the money go? How many prototypes did they make? Were the optics made out of DeBeers diamonds? Did they use AWS or something?

Indeed, when the first SSDs appeared, I cynically observed at the time that the only reason they existed was to make Micros~1's shitty filesystem seem faster than it was. Thus, it was no surprise when Micros~1 started heavily promoting them -- especially those weird "hybrid" drives that bolted an SSD on the side of a traditional hard drive to use as an extended cache.

A diskless 8-bay Synology DS1821+ NAS will set you back USD$999.99

One. Thousand. Dollars. For 4GiB ECC RAM and no storage.

Contrast with the NAS I built seven years ago around an Intel i3, micro-ATX mobo, 32GiB of ECC RAM, six 4GB Hitachi spindles in a RAIDZ2 vdev, and TrueNAS Core (nee FreeNAS). The 8-bay case isn't quite as sexy as Synology's, but it acquits itself quite well.

It cost me USD$1700.00 at the time. By far, the largest expense was the hard drives and RAM, both of which have significantly fallen in price since then. If I were to build the same specs today, it would be at least $400.00 cheaper.

Even so, it was way cheaper than going with Synology. Now it seems Synology have adopted the HP printer ink business model, except without the tissue-thin "loss leader" justification -- no way is that chassis actually worth a thousand bucks.

Build your own NAS. It ain't hard, it will be more capable, and you'll save money.