Migrating from BitWarden to 1Password

I’ve been using Bitwarden for a year or two now, after switching from 1Password when they opted to add some dumb crypto nonsense to the app. It works really well and I don’t really have any major complaints about it - the UI’s not all that great and I miss the additional record types that 1Password had, but it has a Linux client and it’s open-source and I can run the cloud portion of it myself. But, I kept seeing the new stuff that the Agile Bits team was doing and, well, FOMO, so I decided to switch back to 1Password to see what the deal was. Doing that required me to move my stuff back from Bitwarden to 1Password.

The easiest-slash-obvious way to do this is to use the native 1Password importer, which will take a CSV formatted file and allow you to match the fields in the file to what’s available in 1P itself. This is a great approach but it seemed like a lot of work for my use case. (I migrated my 1P data into Bitwarden, so I have something like 12 years of data? It’s a lot.) But, this is probably the easiest way to do this if your Bitwarden vault is smaller or better organized (and especially if you don’t keep your credit card info in it or use secure notes).

The more complex method is to try to figure out some way to convert the Bitwarden vault export into a 1Password-compatible file (either a 1pif or a PUC file). Bitwarden will export in both CSV and JSON formats and the JSON format is very much the best way to go. Agile Bits doesn’t document the format of their interchange formats. At this point, my thought was to write up some quick Python to split out the Bitwarden JSON export into a few export CSVs so I could re-import them into 1Password using the CSV importer.

Fortunately, there was another way. When digging for a format for the 1pif format, I found this post on the 1Password community site which pointed me to a suite of converters that were written by the poster there, MrC: Moving to 1Password from another password manager This actually does everything necessary.

The MrC Converter Suite is a Perl app that includes a ton of conversion modules for various different password managers, and Bitwarden is among them. It works with the JSON export too, which is the best way to do it as it allows it to work natively with the different types of record and the varying fields that are present in each record. Finally, it can export that data into either the PUC or the 1pif foramts. It being a Perl app makes it multiplatform too (though the included instructions only support native Windows and macOS). I found the docs to be pretty good and the code is pretty readable, which is amazing for Perl. (Only sort of joking - I used to write a lot of Perl around the turn of the millennium and there are still scars.)

In my case, I didn’t want to install Perl on my Windows machine (and I was feeling lazy and didn’t want to do this on the Mac in another room, because I’d have to get up), so I did this on WSL using a Ubuntu 22.04 install. I needed to install a bunch of packages, which I opted to do via apt rather than try to wrangle CPAN into installing it. (Some of them failed installing in CPAN, and by that I mean they failed to compile things, and I had already gotten super tired of waiting for the compile for XML::XPath. It took forever on a fast machine.) These are the packages I installed:

sudo apt install libdate-calc-perl libarchive-zip-perl libxml-xpath-perl

There were a couple others I searched for but they ended up being installed - just searching for the CPAN module name worked fine. These were archive::zip and bit:vector.

After doing this, I ran the conversion utility: perl convert.pl -v bitwarden <file>. This failed - not sure but something about my input file broke it and I kept getting duplicate key errors. The fix for this was to specify the 1pif output format, rather than the default PUC file. So, the command was perl convert.pl -v -F 1pif bitwarden <filename> -o <outpufile> (by default it’ll try to put your output file in ~/Desktop, which I didn’t have).

The other problem was importing the file. The latest version of 1Password actually doesn’t support importing their own files. Or, rather, it doesn’t support importing their 1pif format ones. So, I installed 1Password 7, which is still handily available on the website under the ‘Using an older computer?’ heading at the bottom. I’ll upgrade to 8 later. I think 8 was part of the reason I was also sort of annoyed with 1Password too so maybe I won’t do that, actually.. Anyway, once you have 1Password 7 installed, you can import the file. I opted to do this into a fresh vault. Everything seemed to work fine, though the create and modify dates all got trashed. That’s a minor thing, though. Importantly, my credit card info is in there right, the secure notes all look good, and the actual passwords are all in the right spot. My tags seem to work too, including my all important Security Questions one. (Because security questions are terrible and bad, I just generate passwords for ‘em.)

If I’m being honest, one thing I don’t like about this whole process is that the conversion suite isn’t somewhere more visible. It’d be nice if it were up on GitHub or something. Maybe I can use it as inspiration (or at least a spec) to make up some Python packages for the file formats.

So, this all worked fine, and now other than the logistics of installing it everywhere and updating browser plugins, I’m pretty much back to 1Password.

Minor Updates

This is mostly a post to try to keep up with the blogging habit: I’m currently evaluating Linux distributions on my laptop and putting together a post of random stuff makes for a good test of the Docker install on here, and keeps me remembering to write things here. So, here’s some random stuff.

The Mastodon server has been up for a month and a half now, which has been nice. I’ve mostly decided to keep with the individual instance rather than move to a different one (though I did stake a claim on the mastodon.mit.edu server - I’m @jkachel@mastodon.mit.edu there). I’ve been following the story of the hachyderm.io instance by dint of following Kris Nóva over there and that’s been interesting - that instance would probably be where I move to if I get tired of running my own; they’re doing a pretty great job with it. I’ve mostly given up on Twitter. My apartment has heating so I don’t really need the ever-larger dumpster fire that it’s become.

I’ve pulled the Twitter widget from the sidebar - sometime soon I’ll put up either a RSS embed or an ActivityPub thing to grab my Mastodon timeline. (Did you know that most, if not all, Mastodon timelines can be subscribed to via RSS? It’s true. Just append .rss to the end and you get an RSS feed. Like so.)

Some Linux distro tryouts are commencing at the moment. I’m sort of planning a new system build now that all the new AMD stuff is out, and the plan is for it to be a red team build and also a Linux build. So, I’m fiddling a bit with Linux distributions on my Lenovo Yoga laptop. I’ve tried straight Debian 11 and Linux Mint 21 so far. I liked Linux Mint anyway but I may try Fedora or Alma or Rocky too. Debian 11 gave me some flashbacks nostalgia for old times installing Linux - out of the box, the wireless didn’t work, it dropped me into a screen to choose from any of dozens of ancient Ethernet drivers for my modern Gigabit Realtek card for some reason (i.e., unnecessarily), and it wouldn’t take my password. Reminded me a bit of installing Debian 1.3.1 off of some like $2 CheapBytes CDs back around, oh, 1998 or so. I don’t think I ever got that installed properly. (In my defense, I was a Slackware user at that point and more familiar with the “compile everything” sort of situation that existed at the time. Package management was a new thing back then - Red Hat and Debian were leading the way on it with managers that actually cared about dependencies - and man oh man were things broken for a long time.)

I have succumbed to YouTuber sponsorship spots and now I own a bunch of Vessi shoes. (Not that I do YouTube, but I do watch a lot of it.) They’re pretty comfy. I had some but got more because of a bundle deal with some gloves and a toque (they’re Canadian, so..), but also because I’m a bit afraid of wearing out the pair I wear all the time.

I’ll probably be working on testing out my 10Gb Ethernet switch some more over the holiday break and will write up a thing about that. I don’t have any SFP+ cables yet but I should at least be able to get to a console and use the lone GigE port on it. I’ve gotten a NetApp 1U 16-port switch with redundant power supplies; it’s gotten a full Noctua fan swap so might be interesting to do a bit of writing about. So far I’m only about $200ish in on 10GbE rollout - the switch was < $100 and the 4 dual-port NICs I bought were like $25/ea. Cabling will be another couple hundred (from FS.com, probably) but these are entirely reasonable prices.

That’s it for now - time to see if this publishes properly.

Stupid Computer Drag Racing

Two mini PCs, facing off against each other in a race that’s somewhat network dependent. What fun!

I got a couple of those weird mini NUC-style PCs. They’re very cosmetically similar PCs, of the “AK2” variety, that you can get on the Amazon for between $70 and $175 depending on what deals are going on and spec. They were bought for other things, but I figured why not see what the difference is between a couple of generations of Celeron?

Similar things on each: both have 2x HDMI ports, a smattering of USB 2 and 3 ports, RTL8111-family GbE network, onboard single-port SATA, AC wireless (one with an Intel card, one with a Realtek). The differences are memory, CPU, and storage (outside the SATA).

AK2: J3455 - Celeron J3455 Apollo Lake (4c4t), 6GB RAM, 64GB eMMC, no NVMe slot (there is an open slot but it’s Mini-PCI for some reason)
AK2 “Pro”: N5095 - Celeron N5095 Jasper Lake (4c4t), 12GB RAM, 256GB NVMe SSD (this came with an SSD that threw a ton of errors during Ubuntu installation.. swapped it for a known-good 256GB drive but not sure if that was just weirdness or that the pack-in drive is flaky)

To do the drag race, I set both of these up with Ubuntu Server 22.04 LTS with full updates, pyenv, and Docker Engine; and connected them to my network via Ethernet. The Ethernet connection is somewhat bottlenecked as I’m using the two Ethernet ports on the TP-Link Deco P9 mesh pod in the room where they are, and that’s generally using the slower HomePNA powerline backhaul to the rest of the netwrok. But, they ranged from 7-10MB/s when both were hitting the network simultaneously to about 15MB/s when one got full shouting rights over the cable, and they were run so they were both basically sharing space all the time.

The workload I chose was setting up an Open edX devstack instance on each from scratch. Open edX is a pretty big thing - a full “large and slow” setup ends up with 14 Docker containers - and there’s a smattering of compiling stuff and decompression and database ops and all that, so it seemed like a good fit. (Plus, I’m really familiar with it. The day job mostly entails writing software that interfaces with Open edX in some manner, so I’ve run it on much faster systems than these two.) However, it’s worth noting that some of these steps are very network bound, and those steps are noted as such. I did include the preliminary Python setup steps here too, so that’s a lot more compiling.

Here’s the results. The times listed are the Real time from time(1).

J3455 N5095
pyenv install 3.11.0 10m40s 05m20s
pyenv virtualenv 00m12s 00m05s
make requirements 01m35s 01m09s - this step is pretty network dependent
make dev.clone.https 04m56s 05m00s - this step is pretty much just network access (cloning GH repos)
make dev.pull.l&s 10m20s 09m39s - yup a lot more network, this time Docker stuff
make dev.provision 108m54s 51m32s - this one is not network

Round 2: now with identical TeamGroup AX2 SATA SSDs (512GB) connected to onboard storage and fresh install of Ubuntu Server 22.04. Some of the network speeds went up here; the machines got kinda out of sync and so they had the network to themselves for a bit.

J3455 N5095
pyenv install 3.11.0 10m40s 05m22s
pyenv virtualenv 00m12s 00m05s
make requirements 03m35s 01m11s - this step is pretty network dependent
make dev.clone.https 04m04s 06m33s - this step is pretty much just network access (cloning GH repos)
make dev.pull.l&s 09m22s 07m31s - yup a lot more network, this time Docker stuff
make dev.provision 90m03s 43m48s - this one is not network

The most telling of these is the first and last result - pyenv install 3.11.0 and make dev.provision are places where you can really tell what the difference a couple of generations of Intel architecture enhancement make. As a reminder, these two chips are about 5 years apart (Skylake to Ice Lake; 6th gen Core to 11th gen). Interestingly, the performance difference is about the same as the cost difference. The J3455 system was about $75 and the N5095 system was about $150.

Neither of these systems are particularly performant (and they’re probably gonna lose those 512GB SSDs) but they make good point of need systems for lower-end tasks. They’re pretty small - roughly 5in square and about 3in high. The J3455 is going to be a Home Assistant box because it’ll outperform the Raspberry Pi 3 that’s currently doing that task and it’ll fit nearly anywhere.

A couple weird hardware things I’ve noticed:

  • They both have a USB-C under the lid. You can get power out of it, but it doesn’t seem to do anything. I plugged a drive into it and nothing.
  • The J3455 has a micro SD card reader on the board (that evidently works). The N5095 one doesn’t.
  • The J3455 has a mini PCI slot on it. I was thinking maybe I could put a M.2 2242 drive but nope! I suppose you could use it for a WwAN modem or something, though.. do they still make those in mini-PCI? I have a CDMA one floating around, I could try it to see if it works in the slot..
  • If you get one and take it apart, be careful about the WiFi antennas. I disconnected one taking apart the J3455 unit and in the process of trying to wedge the connector underneath the plastic thing they glued down to the top of the WiFi module (to keep the antennas connected..) I really broke the other one. Surprisingly it still connects to my local network, but that may be a function of it being basically next to one of the mesh pods.
  • I also learned that Realtek USB WiFi NICs are less than great for use in Linux.

Most of this was from some videos by Goodmonkey on YouTube. He had some better luck with the AK2/GK2 pricing than I did. (But I might also look at deploying these TP-Link Omada WiFi dingles..)

Some More Information For Y'all

Hi, I'm James. Some people call me 'murgee'.

I'm a web developer, general computer nerd, and music geek based in Memphis, TN.

This blog is powered by Hexo, Bootstrap, and coffee. Hosting by DigitalOcean (referral). Fonts by Google Fonts.

Background image: unsplash-logoTara Evans

Because I have to: unless otherwise noted, © 2019-2023 James Kachel.

The Socials

Social media links and stuff:

The Toot Machine

Coming soon! Until then, you can click here to see my timeline.