Those getting the most recent software versions, so nothing that should be running in a server.
progandy
joined 1 year ago
I think that was a precaution. The malicious build script ran during the build, but the backdoor itself was most likely not included in the resuling package as it checked for specific packaging systems.
So weit ich weiß, ist in der APK UnifiedPush-Support integriert. Das funktioniert aber nur, wenn ein Server angegeben ist, ansonsten wird der WebSocket als Fallback verwendet. Hast du überprüft, ob deine ntfy instanz die notifications bekommt?
Falls du nichts selbst hostest und jemand anderem mit der Bridge vertraust kenne ich zwei Anbieter
https://adminforge.de/tools/neue-services-mollysocket-und-proxigram/
https://yourdevice.ch/unsere-server-fuer-mehr-privatspaehre/
MollySocket never has any encryption key
MollySocket receives the credentials for a linked device and does not receive any encryption key. Which means:
- Someone with access to MollySocket database can't change the identity key, to impersonate users. See setKeys.
- Someone with access to MollySocket database may be able to use the credentials of linked devices to spam the Signal server and hit the rate limits. I haven't checked if this would temporarily block the account or just the linked device. (Availability risk)
- Someone with access to MollySocket database may be able to change some account field in a destructive way. For instance changing the account Name to something random. The cleartext will be random since these field are encrypted and require encryption keys to be properly encrypted.
Da steht doch auch
UnifiedPush
Molly-UP is a separate app based on Molly-FOSS. It incorporates the ability to receive notifications through a UnifiedPush provider.
Important
Molly-UP requires an instance of mollysocket to work with a UnifiedPush provider. This can be done on a machine you control.
If Molly-UP is set up as a secondary linked device, UnifiedPush notifications will not be available.
Ja, aber du musst mindestens die signal -> ntfy bridge (mollysocket) selber hosten
So ein privates Flugtaxi wäre ja auch ein toller Dienstwagen. Kein Stau mehr. (/s oder doch nicht?)
The take is more like "landed gentry" has too little oversight, they are too independent. They are too far removed from their "king" and dont want to follow his every whim. (If you equate the subreddits to valuable land they were bequeathed)
There is an actively maintained project for github: https://github.com/josegonzalez/python-github-backup
Der flächenmäßig größte Teil liegt ja auch in Asien. Nur von Europa zu sprechen und Russland komplett dazu zu zählen ist daher schwer.
Jitsi meet is the hosted service of the open source project provided by the developers. The proprietary variant is 8x8.com
In that case you should ignore the interface in networkmanager (set it as unmanaged) and add one of the wireguard gnome shell extensions i think. https://extensions.gnome.org/extension/3612/wireguard-indicator/
At least this prevents impersonation of well-known publishers or their software. Maybe all changes to metadata like the description should require a manual review even for established packages.