It's FOSS

Things Are Quietly Changing at Bitwarden, and People Are Worried

Sourav Rudra — Tue, 19 May 2026 20:41:38 +0530

For a lot of people, Bitwarden became the go-to password manager after the LastPass fiasco. Free, open source, and trustworthy, it has gained a reputation by offering a free tier, keeping the code open, and not pulling the rug.

But that comes at a cost; any hit to its image matters a lot when we are talking about software that holds extremely sensitive information.

So when things start looking a little off, people pay attention. And over the past few months, a few things have looked a little off.

Some things changed at the top

The first change worth noting happened in February. Bitwarden's longtime CEO, Michael Crandell, stepped back to an advisory role. The company said nothing about it publicly, and one would have to check his LinkedIn profile to find out.

The new CEO is Michael Sullivan, who was previously CEO of Acquia and, before that, InsightSoftware. What got people worried was his experience of working across "all facets of mergers and acquisitions," with named private equity firms, including Hg, Vista Equity Partners, and TA Associates.

That is a very particular background for someone to be stepping into a head honcho role at a password manager company. Bitwarden's CFO also changed, where Stephen Morrison left in April and Michael Shenkman, who previously ran InVision, came in as his replacement.

None of these major executive changes were officially announced.

Quiet changes

The term "Always free" has been restored (left), but it was missing for quite some time (right).

I referred to the Wayback Machine and found that the term "Always free" had been on Bitwarden Personal's product page for a long time, sitting inside the plan comparison table.

It disappeared sometime in mid-April and was only restored sometime after May 14.

According to a company employee who posted on the r/Bitwarden subreddit, all of that was supposedly due to an oversight by the Bitwarden marketing team.

Then there's the other issue of values being quietly changed. Bitwarden has used the GRIT acronym to describe its company culture for years, standing for Gratitude, Responsibility, Inclusion, and Transparency.

I again checked the Wayback Machine, and the values were still intact as of March 14, 2026. At some point after that, they were quietly changed. GRIT now stands for Gratitude, Responsibility, Innovation, and Trust.

The 2022 blog post Crandell wrote laying out the original GRIT values was edited to reflect the new ones. Except the editing stopped halfway. The explanatory paragraph further down in the same post still describes Inclusion and Transparency as the values.

📋

Props to ByteHaven for spotting this.

Bitwarden's stance

Sullivan published a blog recently, laying out his first 100 days at Bitwarden and also hashing some things out.

The free tier is not going anywhere. He ruled out a trial model or bait-and-switch and said that the open source foundation and the ability to audit the code, self-host, and verify are what make Bitwarden different from everything else in the space.

He also acknowledged that changes are coming, but those would be explained properly.

Should you be worried?

The post referenced above is the most direct on-record statement Bitwarden has about the free tier. But a pattern of ambiguity has already been established.

For such a sensitive piece of software, unannounced leadership changes and a values rewrite are the kind of thing that should make you nervous. But unless Bitwarden does something drastic like axing the free tier or pulling a Cal.com, there is not much to act on just yet.

Suggested Read 📖: Bitwarden vs. Proton Pass

Wow! Microsoft Now Has a Fedora-based Linux Distro

Sourav Rudra — Tue, 19 May 2026 17:31:11 +0530

At the Open Source Summit this week, Microsoft announced a range of open source-focused updates, ranging from new Linux distro releases to agentic AI tooling.

Brendan Burns, co-founder of Kubernetes and Corporate VP for Azure OSS and Cloud Native at Microsoft, delivered a keynote on their technological shift from cloud native to what the company is calling the "AI native era."

The announcement covered quite a bit of ground, so here's a breakdown.

What was announced?

The Linux part of the announcement has two updates. Azure Linux 4.0 is coming to Azure Virtual Machines as a public preview, though it is still in active development and no downloads are available yet. Microsoft has a sign-up form open for early access.

Azure Container Linux is now generally available, with a full rollout planned during Microsoft Build on June 2. It is an immutable, container-optimized OS, which by design means no package manager and a read-only system image.

This is aimed at teams handling regulated or security-sensitive deployments, with the intent to keep the attack surface relatively limited while Microsoft maintains the supply chain end to end.

For agentic AI, Microsoft is pushing several building blocks for what it calls an open agentic stack. The Microsoft Agent Framework is an open source SDK and runtime for multi-agent systems, consolidating earlier work from Semantic Kernel and AutoGen into one foundation.

Alongside that is the Agent Governance Toolkit, which covers identity, policy, and audit controls for AI agent deployments and A2A (agent-to-agent) protocols for cross-vendor, cross-framework agent communication.

We saw this coming

The announcement doesn't mention Fedora once, but the Azure Linux 4.0 branch on the project's GitHub paints a different picture.

The README file for 4.0 explicitly describes Fedora as an "upstream base" for Azure Linux, describing the distro as a set of TOML configuration files and targeted overlays applied on top of Fedora.

Likewise, packages come straight from Fedora's upstream repositories, with any deviations from that kept minimal and clearly documented.

Last month, we reported on discussions from a Fedora ELN SIG meeting where it became clear Microsoft was backing a proposal to build x86-64-v3 packages for Fedora 45.

Kyle Gospodnetich, a Linux engineer at Microsoft, was co-authoring the change proposal, with the motivation tied directly to Azure Linux's need for x86-64-v3 performance gains.

There was also talk of Microsoft forking the distribution entirely at one point, but they were guided toward working within the Fedora ecosystem instead. We called it "a big if" at the time.

Now, the 4.0 branch confirms it. 🤓

As for why Microsoft stayed quiet about the Fedora connection in its announcement blog post. Fedora is effectively Red Hat's upstream, and Red Hat is both an Azure partner and a competitor in the enterprise Linux space. I presume that it would make for an awkward read in that context.

Suggested Read 📖: Fedora Hummingbird Debuts As a Hardened Linux Distro

The Famous Linux System Cleaner BleachBit Now Has a TUI (And I Tried It Out)

Sourav Rudra — Tue, 19 May 2026 09:59:16 +0530

It is a matter of preference to use system cleanup utilities on a computer or smartphone. On Linux, we have many such tools that handle everything from clearing browser caches and old package archives to shredding files and wiping free space.

They range from quick CLI scripts to full-blown graphical applications. Some focus on browser data; others go deeper into system logs, package caches, and temporary files.

One of the more popular offerings among those is BleachBit, which is a free and open source system cleaner for Linux and Windows that handles all that. It's developers have now given everyone an early look into how its text-based user interface (TUI) is shaping up.

BleachBit TUI works well

The TUI is simple to navigate. The space bar toggles cleaning options on or off, and Enter expands a category to show the file list underneath.

For previewing what would be cleaned, there are two options: lowercase p runs a full preview across all selected items, while uppercase P previews just the focused component.

📋

You can use either Shift or Caps Lock for switching to uppercase.

The two preview options (full, focused) on the alpha TUI of BleachBit.

Once done, d handles deletion for everything selected, and D deletes the focused component specifically. On my first attempt, the deletion failed because I had not launched the TUI with elevated privileges.

Re-launching with sudo python3 bleachbit_tui.py fixed that. Once initiated, I had to press Y to confirm the action, and when it completed, a dialog appeared in the bottom-right showing the files deleted and space recovered.

Using sudo fixed the errors I was getting.

There is also a palette menu, accessible via Ctrl+P. From there, you can search commands, maximize a selected component, quit BleachBit, save a screenshot, and bring up the keys/help side panel.

Since the TUI shares its backend with the regular BleachBit GUI, it picks up all the same settings automatically. That covers your selected cleaning options, keep list, custom cleaning list, and cookie keep list.

It also supports changing display themes and some mouse interaction alongside keyboard navigation, including the scroll wheel. On Windows, the TUI ships as both an installer and a portable package, compiled as a native 64-bit binary, unlike the 32-bit stable GUI and CLI builds.

If you want to try it out on Linux, the official announcement has quick-start instructions for running the TUI on Ubuntu, and if that doesn't suit you, then you could build from source.

🚧

This is still being developed. If you go ahead with testing it, expect things to break.