Self-hosted Password Manager Round-up

Haven’t you ever set up a network for a specific project and wanted a simple way to manage passwords within the project network while sharing them between the project participants?

Don’t you hate/mistrust the cloud?

For this project, I did a quick rundown on a few available self-hosted password managers that can live inside a network enclave without involving the cloud.

  1. PASSBOLT

I wanted Passbolt to work. Even after I found out the installer* isn’t available beyond CentOS 7 and won’t run under Rocky. Seriously, who uses a closed installer anymore?

So i built a C7 VM and let her rip. Flawless install, got all the way to the point of logging in, and then?

Fucking hell. It REQUIRES a BROWSER EXTENSION to browse the site. That’s a lot of trust you’re asking me to extend. It also requires an email address to validate users. This seems more like a cloud offering hastily made into a self-hosted offering. These are not features I want or need in a closed, self-hosted password manager.

2. BITWARDEN

I wanted to disqualify this one simply for deploying it in Docker. If you know me at all, you know I f’n HATE Docker. And the first set of instructions I found completely validated my hate.

But then I found this. Specifically happens to be for the exact platform I’m working with. https://computingforgeeks.com/running-bitwarden-password-manager-using-docker-container/

Other than dealing with SELinux (either by disabling it or by poking holes in it) and using a different cert mechanism than those described, it was flawless, and I had a Bitwarden instance complete in about an hour.

3. Anything file-based

Immediate automatic disqualification for being file-based. No matter how you share them, sharing them never works out.

4. Integrations

I noticed that NextCloud has a password manager app available for it. So that’s another valid option if it turns out we don’t like Bitwarden.

P.S. I still hate Docker.

PINECIL One Month Later…

A month ago I posted about the PINECIL portable solder iron, and the high-output 65W PD battery bank I had to buy to power it:

https://dc540.org/xxx/2021/08/pinecil-soldering-iron-for-the-win/

So it’s been a month, and no exaggeration here, I have soldered over 10,000 joints since then, and I have zero complaints. It’s my new old-reliable. In fact, during a recent solder party, when my battery bank was depleted (the failure was 100% mine in forgetting it needed to be charged), I gave up soldering for the evening rather than revert to my wired unit or my TS-80. The PINECIL outperforms the others by that much.

Some details:

1) ONCE, it thought it was at temp but had cooled down. Reset it, it went back to normal.

2) Behavior differences:

The TS-80, when left alone for a while, stops pulling power, which causes the old ZeroLemon ToughJuice Battery to shut down. In fact, sometimes it would stop while soldering. This was annoying.

The PINECIL, by contrast, when put down, goes into visible sleep mode, putting z’s on the screen to let you know what it’s doing, and then begins to cool down, reporting the temp as it does so. When you pick it up again, it immediately starts heating back to your preset temp (for me, for what I’m doing, I keep it at 320 C).

The EasyLonger battery (as this is about the combo, not just about the PINECIL) also has better functionality, in my opinion. The ToughJuice would require you to press the on button to start powering objects connected to it. And then shut down when it detected low draw. The EasyLonger powers the object as soon as it’s plugged in, which means it keeps my PINECIL running as long as I have it plugged in. Safety violation, are you wondering? No, because the accelerometer in the PINECIL tells it to go to sleep.

It’s been a month, and I’m using the shit out of the PINECIL and the EasyLonger, and I couldn’t be happier.

In fact, last week I ordered accessories direct from PINE: A fine tip set, a mini stand, a transparent shell, a break-out board, and yes, a second spare PINECIL. They also have a very nice desktop power supply that I will probably go back and order, now that I think about it.

Review: Making Spaces Safer, by Shawna Potter

I was made aware of this book very recently on Twitter in one of the many, many threads calling out shitty behavior, specifically shitty behavior at cons, more specifically shitty behavior at Defcon.

As a person who runs a space and attends cons, it seemed exponentially important for me to read it.

I’ve been around a while. I’ve seen shitty behavior. I’ve seen shitty behavior at Defcon. Combine people who have never had their bad behavior challenged with the Vegas factor and the perception of anonymity, and it’s easy to see how things can go off the rails really quickly.

Going into this book, I felt like I had done the work. I’ve worked on myself over the years. I’ve intervened and confronted on behalf of others. I’ve been that person that discreetly notifies staff that a problem might be brewing. After reading this book, I know there’s even more to do. I was surprised. In fact, I was surprised at how surprised I was.

Shawna (Twitter: @ShawnaPotterWOW) does a fantastic job at describing the problems faced by marginalized people — people of color, women, LGBTQIA+, etc. — and then takes it farther by giving real world examples of both shitty behavior and legit strategies that can be employed by community space staff, allies and even bystanders. None of it is extreme or difficult. In fact, 99% of it costs nothing, and much of it aims for not only de-escalation of a situation and how to support the victim in the moment, but also changing the behavior using confrontation, education and specifically targeted strategies on dealing with the person who has been harmed as well as the person causing the harm.

I feel like this book is a great starting point for anyone who manages a group or opens up a space to the public. I still have questions, of course, but as the book points out, these behaviors and their reactions can be nuanced and require thinking outside of the box, and there will be situations that come up that feel like gray areas. But the book does a fine job of guiding the reader into the mindset of a victim-centered approach.

The important thing is that it makes situations that may seem unmanageable seem more manageable by providing you with a toolset for dealing with them.

Going forward, there’ll be a copy in the DC540 library. Members who are interested are encouraged to consider reading it. Or get your own copy:

Amazon (affiliate link)

Also available on audiobook at libro.fm

Review: Mayan EDMS

I was feeling like I would literally drown in paperwork. Stacks and stacks of unfiled documents. Statements, legal documents, mortgage paperwork, car loans, instructions, you name it.

I had been looking casually for years for a solution to paper clutter. I always felt like just a shared drive was somehow insufficient. Sure you can store things in folders and name them properly, but that’s not enough — for me, anyway.

I wanted something that I could scan directly into (over the network — it has to live on a server, not on my desktop), something that I could replicate file cabinet functionality without storing the paper.

I finally got around to putting focus on it. I looked at PaperMerge. I like the layout and responsiveness of PaperMerge, but when I got to messing with the import and API upload functionality, neither one of them worked despite following the somewhat convoluted instructions to a T. Then I looked at their support page, and it really feels like it’s just one person doing the development, and that one person might be a little bit overwhelmed. There were comments about completely rewriting a portion of it, and I didn’t want any part of that. However, in PaperMerge’s own materials, a comparison is made between PM and two other products, one of which is Mayan EDMS.

I gave it a shot. I built an Ubuntu server VM, followed the detailed yet streamlined installation instructions, and it worked on the first try. I messed with the API, and it responded as expected. And then I found the import feature, and it was everything I wanted and more. I set up a Samba share on the server for the scanner (a Ricoh all-in-one) to drop files into, and started scanning. Documents started flowing into the EDMS. I created cabinets and assigned documents to cabinets. I renamed documents. Then I realized that all of those documents weren’t just being imported, they were also being OCR’d. With no additional effort on my part, I can now text search documents I scanned.

It’s not perfect. The interface gets a little bit clunky and less responsive once you have a page full of documents to display. I hope to dig in and find out of there’s a way to make that more snappy, maybe disable the previews, or reduce the number of documents per screen or something. I went to the website to see if there was a support forum — I guess I won’t be contacting THEM for support, holy crap. They want $699 per MONTH for support. It feels like a great product, but I’ll keep my eyes peeled for community support or just dig into the internals myself. Or maybe I’ll buy the book and see if I learn anything from that.

One thing I’m really curious about is whether it’s possible to have it automatically categorize/”cabinet” new documents for me during the OCR stage, based on keywords. That’d be amazing.

Oh, and it supports LDAP. That’s cool. I don’t think Papermerge does.