Our great sponsors
-
> Bitwarden requires at least 2GB of RAM, so make sure to choose a plan with enough memory during creation
Yeah, I recalled that for-real Bitwarden uses dotnet and mssql so I'm sure Digital Ocean loves the situation where someone needs a huge instance
I was curious given the mention of "docker-compose" how exactly that worked (did it have them set with "restart: always" and similar operational sanity?) but while digging into it:
Having a self-modifying script that curls from some malware-looking domain defeats the purpose of having tagged scripts, doesn't it? https://github.com/bitwarden/server/blob/v1.48.1/scripts/bit...
Don't worry, even the redirected "self-host" version does the same trick for inexplicable reasons: https://github.com/bitwarden/self-host/blob/master/bitwarden...
I never found the docker-compose files, so I guess their emitted as a side-effect of running the "bitwarden/setup" docker image or something: https://github.com/bitwarden/self-host/blob/master/run.sh#L1...
-
> Bitwarden requires at least 2GB of RAM, so make sure to choose a plan with enough memory during creation
Yeah, I recalled that for-real Bitwarden uses dotnet and mssql so I'm sure Digital Ocean loves the situation where someone needs a huge instance
I was curious given the mention of "docker-compose" how exactly that worked (did it have them set with "restart: always" and similar operational sanity?) but while digging into it:
Having a self-modifying script that curls from some malware-looking domain defeats the purpose of having tagged scripts, doesn't it? https://github.com/bitwarden/server/blob/v1.48.1/scripts/bit...
Don't worry, even the redirected "self-host" version does the same trick for inexplicable reasons: https://github.com/bitwarden/self-host/blob/master/bitwarden...
I never found the docker-compose files, so I guess their emitted as a side-effect of running the "bitwarden/setup" docker image or something: https://github.com/bitwarden/self-host/blob/master/run.sh#L1...
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
Wow. This is insanely shitty if you ask me. I can't think of any non-malicious reason why it's done this way.
I recommend using vaultwarden instead to self-host bitwarden: https://github.com/dani-garcia/vaultwarden
Related posts
- /r/Technology Bi-Weekly Tech Support / General Discussion Thread. Have you a tech question or want to discuss tech?
- LastPass users warned their master passwords are compromised
- Does anyone know if Bitwarden that is hosted on Premise is vulnerable to the log4j exploit?
- Does LastPass work without bugs in LineageOS?
- Passwort Manager übergreifend iOS/Android/Windows 10/11