Andromxda 🇺🇦🇵🇸🇹🇼 @ Andromxda @lemmy.dbzer0.com

Mastodon: @Andromxda@infosec.exchange

---

Read more

Posts

50

Comments

1,790

Joined

1 yr. ago

Moderating

---

Just make sure to set up UnifiedPush if you want to receive notifications while your Molly database is locked. I recommend the new Sunup UP distributor. I wanted to make a post about it in !unifiedpush@lemmy.dbzer0.com, but never got around to do it.

For Mollysocket, there are a few public instances. molly.adminforge.de is one of them. You can also set up your own on Fly.io, check out this repo: https://github.com/pcrockett/mollysocket-fly
Or you can obviously self-host it on any VPS or hardware that you own

Or via Accrescent

Thanks, I mean I used to work as a Java developer before, and I'm quite interested in the Android platform, so I'm familiar with the SDK and build tools, and know how app signatures work

But it's really not that hard to figure out. There are countless guides on the internet, and as I said, Signal even has a quick guide for how to verify the APK signature on the download page

Netdata is exactly what you're looking for. It's basically an all in one monitoring and and alerting suite that collects and analyzes data, and provides a gorgeous web dashboard for you to view.

You can also manually replicate this using Prometheus, Grafana and other tools, but that requires a much bigger effort to set up.

Edit: There's a public demo instance where you can try everything out: https://frankfurt.netdata.rocks/

I remember having used Blink a few years ago. If you want a full Linux environment on the iPad, you can also check out iSH. It obviously also allows you to use SSH.

Unfortunately no

Please rename the thread to "Signal in the Guardian project F-Droid repo" or something like that to avoid confusion, because as you have noticed, it's not available in the main F-Droid repo, just in the third-party repo maintained by the Guardian project

Oh sorry, I misread that

Takes like 2 minutes 😅

There's nothing inherently wrong with Sup, but it's very new and hasn't had the chance to stand the test of time yet. It also has very few users and isn't as intuitive as straightforward as Signal, which is basically just a carbon copy of WhatsApp (UI/UX-wise). Network effect is a very important aspect.
Federated networks aren't easy to explain to users, this is already a huge issue for Mastodon, and it's probably why it hasn't taken over social media.
As other comments here have pointed out, Sup would be a closer alternative to stuff like Facebook Messenger than to WhatsApp. I'd say Signal is still the best option for private and secure instant messaging.

Sup Signal = WhatsApp

I know, it even says so in the post:

I just noticed today that Signal (not talking Molly) is now available on F-Droid via the "Guardian" repository.

I think they ship prebuilt binaries, i.e. the exact same ones you find on the Signal website

AFAIK this also applies to Tor Browser, Orbot and other third-party apps distributed by Guardian

Edit: I downloaded the files and manually verified the signatures. They are indeed the exact same files.

Because I didn't really know how to grab an APK from the Guardian F-Droid repo, I used their S3 bucket and downloaded the Signal APK. It's named Signal-Android-website-prod-universal-release-7.30.2.apk, which is the exact same file name as the one of the APK you can get from the Signal website.

I then used keytool to print the signature certificate fingerprint: (renamed the files to make it less confusing)

    
keytool -printcert -jarfile signal-website.apk


  

    
Signer #1:

Certificate #1:
Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 17:24:42 CEST 2010 until: Tue May 16 17:24:42 CEST 2045
Certificate fingerprints:
     SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
     SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 1024-bit RSA key (weak)
Version: 3

  

    
keytool -printcert -jarfile signal-guardian.apk


  

    
Signer #1:

Certificate #1:
Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 17:24:42 CEST 2010 until: Tue May 16 17:24:42 CEST 2045
Certificate fingerprints:
     SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
     SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 1024-bit RSA key (weak)
Version: 3

  

The fingerprints are identical.

Another edit: I just noticed that Signal even has official instructions for checking the signature on their APK download page. They use apksigner instead of keytool, but it's basically the same process.

It's probably not an official thing. F-Droid can't distribute apps in the official repo via their own policy if the developer doesn't agree. Third-party repos like Guardian can.

Yeah and I love it but this is still very tech niche and looking for an instant messaging solution.

Signal

OSMAnd is another option, it's better in some ways, but worse in others.

There's also qBitControl for iOS btw. But you have to sideload it using AltStore (which is pretty easy if you're in the EU).

A lot of the macOS networking stack (at a lower level) comes from FreeBSD.

Yeah, but they added a bunch of high-level abstractions on top over the years. Nowadays it's much closer to the way you do networking on mobile operating systems like iOS and Android.

I’m a Ruby developer but I tried to port a Linux application written in C to macOS before and it was mostly rearranging positional arguments to system API calls

But I imagine the Ruby standard library also takes away a lot of the complexity, right?

I don’t know why i2p would be flaky on macOS.

That was just my assumption, because the modern macOS network stack is not exactly similar to Linux, so some changes would be required, and since it's not that widely used (at least in the I2P community) it wouldn't get tested and developed that much. But again, that was just my assumption.

I run i2pd (hate Java)

As a former Java dev: Completely understandable. i2pd is the only I2P implementation I will ever touch, the Java client is just a buggy mess with bad performance.

Corporate, VC-funded bullshit