Simply Self-Hosted Bitwarden for Local Use

I find password managers to be extremely convenient, especially when they can be easily synced. However, after last year’s security breach at Lastpass, I decided to reevaluate my use case and strategy going forward. Changing over 150 passwords gave me plenty of time to do so.

Requirements:

  • Password access and sync
  • Browser-based plugin
  • Local network use only

Optionally:

  • Remote access

I’m not going to discuss Bitwarden or cryptography in depth. Firstly, there are plenty of reviews on different password managers available, and secondly, I don’t have much knowledge on cryptography. So let me share my rationale: cloud-based solutions are very convenient, and I’m sure every password manager out there is doing their best to protect your data. Unfortunately, security is not an easy matter and, let’s face it, everyone makes mistakes. Lastpass made a few mistakes, and now I don’t know when my metadata and/or passwords will surface. So, the only question I had to ask myself was “Do I actually need to take the chance again?”. My answer was “no” and here’s how I achieved it.

  • Host Bitwarden on your local network – choose a machine and give it a static IP (ex.: 192.168.0.2).
  • Use Docker and the unified deployment method, note that the unified deployment is still in BETA.

It took me some time, but I managed to create the simplest docker-compose file that actually works:

version: '3'

services:
  bitwarden:
    depends_on:
      - db
    image: bitwarden/self-host:beta
    restart: always
    ports:
      - "8080:8080"
    volumes:
      - ./bitwarden:/etc/bitwarden
    environment:
      BW_DOMAIN: "bitwarden"
      BW_DB_PROVIDER: "mariadb"
      BW_DB_SERVER: "db"
      BW_DB_DATABASE: "bitwarden_vault"
      BW_DB_USERNAME: "bitwarden"
      BW_DB_PASSWORD: "db_password"
      BW_INSTALLATION_ID: "get it from bitwarden.com/host/"
      BW_INSTALLATION_KEY: "get it from bitwarden.com/host/"

  db:
    environment:
      MARIADB_USER: "bitwarden"
      MARIADB_PASSWORD: "db_password"
      MARIADB_DATABASE: "bitwarden_vault"
      MARIADB_RANDOM_ROOT_PASSWORD: "true"
    image: mariadb:10.6.11
    restart: always
    volumes:
      - ./data:/var/lib/mysql

Here are some important limitations to consider:

  • Email confirmation will not occur since I don’t have an email server and don’t see the need to set one up

  • You will have to use the Bitwarden Web app to import data, as it can’t be done via the browser plugin – more
  • Bitwarden Web only seems to work from localhost, otherwise you’ll get an error that says this.subtle is null

Once you have set everything up, the rest is smooth sailing. The Bitwarden browser plugin doesn’t seem to care about the IP address, and it works great. If I need remote access, instead of exposing Bitwarden through a reverse proxy, I would prefer to use a VPN so I can log into my home network and access Bitwarden that way (I think it is safer this way).

I hope this idea is useful, and that Bitwarden will fix some of these limitations in the future.

Cheers.

Teaching programming to a kid

I have been slowly teaching my kid a bit of programming. Programming is not easy, and teaching it to a child is quite a challenge, so anything that makes it easier is welcome.

Initially, I have been using Scratch to teach programming, however, I moved away from it because it is not really that easy to use once you want to make something a bit more complex (even I had some issues following online tutorials) or teach a kid about some programming concepts such as for-loops.

Next, I tried Swift Playground, it is awesome, however, I got stuck on explaining for-loops. It might be easy for grown-ups to get a grasp of syntax and associated concepts, but for a child, it is a challenge.

I have been thinking about what to do next. Python? Well, maybe it is a good direction, but again syntax will get in the way of learning programming concepts… Today, I discovered Hedy and it looks very promising.

Checkout GOTO2022 talk:

Designing Data-Intensive Applications

I chose this book among others because I wanted to get out of reading about programming, methodologies, and other related stuff. I wanted to read something more abstract, not necessarily applicable to my immediate work, and boy did I get what I bargained for.

Well, let me start with complaints. First and foremost, the book is a bit long. I feel like it could have been compressed a bit. No, there isn’t much fluff, just several chapters could have been reorganized. Second, and no less subjective, the book at some point turns into a “horror movie,” where each passing chapter, things get more dangerous, complicated, and helpless. But I have to admit, there is a certain charm to such a delivery. Last grumble of mine: few examples of highly scaled and/or distributed systems. I would love to see more examples and discussions about them. Now I know the grumble isn’t entirely fair, since I got what I wanted – “more abstract” – but by the end of the book, I was left wanting more. I guess appetite comes during a meal.

Now let’s flip the page and go in the opposite direction: the examples in the book are quite interesting and educational. I loved the discussion about Twitter’s design and a couple more along the way. I personally don’t work with databases or other data-related systems that much, so the author fascinated me quite a bit. Some discussions are quite lengthy and detailed, mostly due to the complexity of the subject, but that’s what makes them so good, opening up your mind to different ways of thinking about programs, structures, and networks. The “horror movie” comes and goes, it makes you doubt everything you took for granted, even a CPU’s ability to add two numbers together. The author seems to project a lot of paranoia, the levels are similar to the amount of paranoia exhibited by system administrators. It sure gives a lot of perspective to developers, since lots of things are assumed to work properly and not to fail at the most opportune moment. One last thing: as I was reading the book, it reminded me of a bit of fun I had reading research papers at university. Some of the design patterns did emerge from academia, and perhaps it is a good direction if you have an interest in it.

I believe the title speaks for itself. If you want to design data-intensive applications, the book might be a good start. Perhaps it will give you a good insight and/or wider perspective. But if you are looking for hands-on material, the book might disappoint you. It is hard to tell whether the book is worth it or not. I had fun reading it; I believe it is well written, and I can see that the author put a lot of work into it. So I’ll leave you with this: if you are curious about the subject, go for it!

In a nutshell:
+: Well written
+: Broadens horizons
+: Lots of discussions and examples
+: No requirement for specialized knowledge
-/+: In a way, a long book; in a way, it needs to be longer
=: If you have any interest in application design, the book is an awesome way to start your journey.

Title: Designing Data-Intensive Applications
Author: Martin Kleppmann
Cover:

Goodbye 2022

Just a blink of an eye and 2022 is gone. In the past few years, I was quite optimistic about the upcoming years, but this year finally broke my back… Covid, inflation, and finally war. I hate to sound like an old fart, but it’s getting harder to look optimistically into the future. I wonder if I’m just getting grumpier or if the world is making less and less sense – perhaps both are the same side of the same coin.

In any case, I’m happy that 2022 is finally over. I’m looking forward to 2023 and the victory of Ukraine. Perhaps after the war is over, the world will slow down just a bit and become a little boring for a while, giving us all time to catch our breath. I hope the economy will survive without going into a deep recession and that we can all just get a break. Well, at least I can dream and wish.

Pragmatic Programmer

I been developing software for a while now and managed to read few books on the subject. Some books are general purpose, some with narrow focus on a particular subject in the development process. Pragmatic programmer is general purpose book on the subject.

I picked up the book in hopes of learning something new, something I haven’t seen or read before. Surprising enough I did find few things, but not nearly enough to justify going through the entire book. Now let me be very clear, the book itself is a good book, if you are starting out and want to improve your skills and understand what’s out there. However it might be a waste of time if you been in the game for a while and read a few things here and there. Also I can’t help but notice that some topics are not well covered even at a basic level (IMHO).

Since negatives are largely based on the amount of knowledge/experience a developer has, let’s talk about positives. The book is well written and relatively short. There is no fluff or metaphysical discussions, just practical and pragmatic advice. The book outlines and talks about all the useful basics that each developer should have, like: structures, clean code, testing, design, refactor, thought processes, personal & team behaviour, project organization and development methodologies. There is no deep dive into any subject, just essentials – which should spark enough interest in a developer to start researching more on any particular subject of interest. The author’s personal experience also comes in handy, some things don’t change over decades.

Overall, the book is good for inexperienced developers and for the experienced developers this book might be a trip down memory lane.

In a nutshell:
+: Well written & short
+: All the basics
+: Discussions
+: Some hands-on examples
-: Some subjects are not well covered even at basic level
=: Good book for new developers, but not much value for experienced devs.

Title: The Pragmatic Programmer, 20th Anniversary Edition your journey to mastery
Authors: Andy Hunt, David Thomas
Cover:

The Pragmatic Programmer, 20th Anniversary Edition: your journey to ...

Ukraine is fighting for 7 months now

Couple of days ago, putler announced “partial mobilization” of 300 thousand men. In reality it is a full mobilization and numbers looking towards a million. It is not a good news for Ukraine, but let’s not forget, at the beginning of the war, situation was much worse.

As I was thinking about the mobilization, I decided to find a trailer for a documentary and it brought back memories of how fearlessly and courageously Ukrainians fought and continuing to fight. Mobilization will not help putler, it will not save anyone or anything, just one more stop on the way to hell.