#Tag · bonfire.cafe

This week in #FDroid (TWIF) is brought to you by SSSE3:

* Polish app guide? Fennec has great translations
* #ArcaneChat #DeltaChat w/ better onboarding
* #Kotatsu stopped development
* #Luanti #Minetest now on #OpenCollective
* #Notesnook caught up
* Anoher big #OSMAnd release
* #Session Messenger vs screenshots
* Repomaker at #DroidCon #Kampala
+ 15 new apps
& 197 updates
- 2 archived

And we have yet to unleash all its power: https://f-droid.org/2025/11/13/twif.html

F-Droid

@fdroidorg@floss.social · last week

This week in #FDroid (TWIF) is brought to you by SSSE3:

And we have yet to unleash all its power: https://f-droid.org/2025/11/13/twif.html

Electronic Frontier Foundation

@eff@mastodon.social · 2 weeks ago

There's a more secure alternative to texting via your phone's native messaging app. Signal is a free app that employs end-to-end encryption and we have a step-by-step guide to help you learn how to use it. https://ssd.eff.org/module/how-to-use-signal

How to: Use Signal

Download location: Google Play Store, Apple App Store System requirements: Android 5 or later, iOS 13 or later Version used in this guide: Android: 7.38.6 iPhone: 7.5.1 License: GPLv3 Level: Beginner Time required: 15-20 minutes Other reading: https://signal.org/ https://support.signal.org/ https://signal.org/blog/ Table of Contents Download and Install Signal Register and Verify...

Demy

@DemyOhr@mastodon.social replied · 2 weeks ago

@eff #Signal is not secure!

1
It supports #surveillance
https://www.counterpunch.org/2025/03/07/the-revolution-will-not-be-signaled/

2
#SignalApp is #Trump friendly
https://therecord.media/signal-no-longer-cooperating-with-ukraine

3
It collects your #Metadata like #WhatsApp
https://primal.net/e/note14hf9d3fkkhrsygkyzz8snuwyukckd4yqx0cq62z35cwp53a20a8suw457j

4
Everyone can spy you
https://heise.de/-10515774

#UnPlugTrump & #DeleteSignal

Check:

https://SecureMessagingApps.com

rate
🟩=3
🟨=1
🟥=0

86 #Threema = Winner

81 #SimpleXChat
80 #Signal
77 #Session
68 #Wire
56 #Element / #Matrix
37 #Apple #iMessage
32 #WhatsApp
27 #Telegram
26 #FB Messenger

Security

What WhatsApp and Signal reveal, despite encryption

Signal is famous for good end-to-end encryption, WhatsApp is following suit. At DEFCON, two Austrians show what the messengers reveal nonetheless.

Signal no longer cooperating with Ukraine on Russian cyberthreats, official says

The encrypted messaging app Signal has stopped responding to requests from Ukrainian law enforcement regarding Russian cyberthreats, a Ukrainian official claimed, warning that the shift is aiding Moscow’s intelligence efforts.

Stefano Marinelli boosted

vermaden

@vermaden@mastodon.bsd.cafe · 3 weeks ago

Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟮 [UPDATE 2] to 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗗𝗲𝘀𝗸𝘁𝗼𝗽 - 𝗣𝗮𝗿𝘁 𝟮𝟳 - 𝗖𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻 - 𝗡𝗲𝘁𝗳𝗹𝗶𝘅 𝗦𝗶𝗴𝗻𝗮𝗹 𝗧𝗲𝗹𝗲𝗴𝗿𝗮𝗺 [FreeBSD Desktop - Part 27 - Configuration - Netflix Signal Telegram] article.

https://vermaden.wordpress.com/2021/09/06/freebsd-desktop-part-27-configuration-netflix-signal-telegram#more

#verblog #session #deltachat #pidgin #freebsd #desktop #laptop @feld

𝚟𝚎𝚛𝚖𝚊𝚍𝚎𝚗

FreeBSD Desktop – Part 27 – Configuration – Netflix Signal Telegram

In this article you will learn how to use Netflix (also other streaming services that require Widevine DRM) and Signal/Telegram on FreeBSD desktop. You may want to check other articles in the FreeB…

vermaden

@vermaden@mastodon.bsd.cafe · 3 weeks ago

https://vermaden.wordpress.com/2021/09/06/freebsd-desktop-part-27-configuration-netflix-signal-telegram#more

#verblog #session #deltachat #pidgin #freebsd #desktop #laptop @feld

𝚟𝚎𝚛𝚖𝚊𝚍𝚎𝚗

FreeBSD Desktop – Part 27 – Configuration – Netflix Signal Telegram

Felix Palmen :freebsd: :c64:

@zirias@mastodon.bsd.cafe · 6 months ago

First step towards implementing #JWT in #swad done, just committed a good 1000 LOC and now my #poser lib can do #JSON 😎
https://github.com/Zirias/poser/commit/7f1772e85c869d544f8a12099ed6545e163dc163

Felix Palmen :freebsd: :c64:

@zirias@mastodon.bsd.cafe replied · 6 months ago

Doing some first experiments, here's how a #JWT for #swad might look like, containing a custom property that has the "auth info" that's currently stored in the server-side #session ... 🤔

Now add a JOSE header, base64-encode and sign that beast...

ThePfromtheO

@ThePfromtheO@social.vivaldi.net · 6 months ago

@Tutanota
𝖴𝗉 𝗍𝗈 𝖽𝗈𝗐𝗇, 𝗅𝖾𝖿𝗍 𝗍𝗈 𝗋𝗂𝗀𝗁𝗍:
#DeepL; #VivaldiWebmail #Calendar; #Brave_Search/ #DuckDuckGo_Search; #ProtonPass; #Session; #VivaldiBrowser; #OnlyOffice; #Aurora_Store/ #FDroid; #e_OS (𝙣𝙤𝙩 𝙮𝙚𝙩); #Ente_Photo; #Logseq; #Heliboard; #ProtonMail/ #VivaldiWebmail/ #TutaMail; #MiroTalk_SFU; #Ente_Auth; #ProtonDrive/ #filen_io; #LibreTube; #OsmAnd

Felix Palmen :freebsd: :c64:

@zirias@mastodon.bsd.cafe · 6 months ago

I now decided I'll at least aim for some middle grounds: Rework #swad so it only needs a (server-side) #session once a user is #authenticated!

This does have some implications, e.g. passing a redirect argument to the authentication endpoint won't work any more. But experimentation shows a workaround would be to use an "internal redirect" to the login endpoint in #nginx.

We'll see where I end up. Having sessions only for authenticated users should reduce the need for server-side RAM significantly, so I hope 😉

Felix Palmen :freebsd: :c64:

@zirias@mastodon.bsd.cafe · 7 months ago

More #poser improvements:

* Use arc4random() if available, avoids excessive syscalls just to get high-quality random data
* Add a "resolver" to do #reverse #DNS lookups in a batch, remove the reverse lookup stuff from the connection which was often useless anyways, when a short-lived connection was deleted before resolving could finish 🙈

As a result, #swad can now reliably log requests with reverse lookups enabled 🥳

#C #coding

syslog excerpt of swad's request logging with resolving remote hosts enabled

Felix Palmen :freebsd: :c64:

@zirias@mastodon.bsd.cafe replied · 7 months ago

About the #random thingie ... I need random data in #swad to generate unpredictable #session IDs.

I previously had an implementation trying the #Linux-originating #getrandom if available, with a fallback to a stupid internal #xorshift #PRNG, which could be disabled because it's obviously NOT cryptographically secure, and WAS disabled for the generation of session IDs.

Then I learned #arc4random is available on many systems nowadays (#FreeBSD, #NetBSD, even Linux with a recent-enough glibc), so I decided to add a compile check for it and replace the whole mess with nothing but an arc4random call IF it is available.

arc4random originates from #OpenBSD and provides the only sane way to get cryptographically secure random data. It automatically and transparently (re-)seeds from OS entropy sources, but uses an internal CSPRNG most of the time (nowadays typically #ChaCha20, so it's a misnomer, but hey ...). It never fails, it never blocks. It just works. Awesome.