On 04/24/2014 04:45 PM, Michael Rogers wrote:
> On 23/04/14 20:45, Hans-Christoph Steiner wrote:
>> That looks like the final detail! I'm even getting the exact same
>> META-INF/MANIFEST.MF, only the two signature files are different.
>> They also have the exact sa
On 04/24/2014 08:03 PM, Nathan of Guardian wrote:
>
>
> On April 24, 2014 7:22:50 PM EDT, Hans-Christoph Steiner
> wrote:
>>
>>
>> On 04/24/2014 04:45 PM, Michael Rogers wrote:
>>> On 23/04/14 20:45, Hans-Christoph Steiner wrote:
>>>> That
A friend just forwarded this to me. For anyone in the Bay Area wanting to
work on free software out of Stripe' SF office, and get some money to boot,
apply by May 31st. Seems like Guardian Project related stuff might fit, since
Stripe does mobile payments.
https://stripe.com/blog/stripe-open-sou
I just stumbled upon http://acra.ch/, its a free software framework for
getting crash reports from Android apps. It supports multiple backends, like
Bugsense and Hockeyapp. It would be nice to add Tor and Redmine support, and
have it set up to submit to our issue tracker :)
Anyone know anything
I couldn't get that APK to download, anyone else? Can it be posted elsewhere?
You might be able to see some interesting links by uploading it to
https://androidobservatory.org/
.hc
On 05/01/2014 09:25 PM, AntiTree wrote:
> This is SecEmail_j from a Samsung S4 that occupies the
> "com.android.em
As part of our Bazaar project, we have been working on ways to enable all
methods of decentralized app distribution, and also experimenting with
incorporating security auditing as part of that process. The goal is to make
a very flexible and secure app store with decentralized trust. This phase
We finally have a new signing key for our official Android releases. We had
to make a new one because the current one is using 1024-bit RSA, like the
large majority of Android signing keys. RSA 1024-bit is considering
deprecated, so we are now signing all new apps with our new 4096-bit signing
On 05/23/2014 05:16 AM, Michael Rogers wrote:
> On 14/05/14 20:20, Hans-Christoph Steiner wrote:
>> We finally have a new signing key for our official Android
>> releases. We had to make a new one because the current one is
>> using 1024-bit RSA, like the large majori
Nice overview of the issues. You might want to look into Omnirom's nice
physical access protection feature. Basically, if the screen is locked and
the phone detects any kind of adb activity on the USB port, it will shut
itself down. adb is what is used to get data off of Android phones, so this
How about deleting all the code in the repo and leave a README.md with a quick
instructions on how to build the android project? That repo has a lot of
forks, so it would be a good way to spread the word.
.hc
On 06/06/2014 11:39 AM, Nathan Freitas wrote:
> We should take it down. You can easily
In case anyone is interested, Nathan and I both responded and were quoted. I
think its a good article, so I'm posting it here:
https://www.fastcolabs.com/3031325/why-we-must-teach-ethics-along-with-programming
.hc
On 05/30/2014 12:28 PM, Joshua Rivera wrote:
> Hi there,
>
> I'm a reporter for
I just set up the first stab at an automatic way to get test builds of our
apps based on FDroid. Testing is an extremely valuable contribution to the
process of making good software, so we want to make that process as easy and
private as possible. The combination of FDroid an this feed will make
Originally, the SecureSmartCam git repo was the center of a bunch of
camera-related work, but it has been only ObscuraCam for a long time now, so
I've renamed that git repo to ObscuraCam:
https://github.com/guardianproject/ObscuraCam
The old name will continue to work as a redirect:
https://git
We've done some nice work on ffmpeg, but it has languished in our own repos,
so now it has bit-rotted and is far from working on recent versions of ffmpeg.
That leaves us stuck on old versions of ffmpeg, and also in charge of
maintaining our version of ffmpeg. Given that there is new StoryMaker a
I'm working on getting the Tomdroid note taking app to support syncing via
.onion addresses. It users Apache HTTP Client for the connections. I was
able to set the HTTP proxy for the httpclient object that accesses the service
itself, but I was not able to get the OAuth stuff working with an htt
nitely on stability and security fundamentals, the broader work
> plan is going to firm up once we have the needs assessment results
> back from our partners.
>
> -Josh
>
> On Mon, Jun 9, 2014 at 8:41 AM, Hans-Christoph Steiner
> wrote:
>>
>> We've done
I've been using it and enjoying it. Nice to have all my feeds going through
Tor by default, and yet have a nice, easy, modern UI.
And for those who like to test using the bleeding edge builds, you can get
Courier from our nightly test build repo for FDroid:
https://guardianproject.info/2014/06/0
It seems like it should be pretty straightforward to scan APKs for "Master
Key" exploits, and perhaps other exploits are similarly straightforward to
look for. So I was wondering whether anyone knows about a free software APK
scanner. There are a bunch of proprietary ones, but I'd like to includ
Great to see progress on this! The combo of Serverless XMPP and OTRDATA will
make for a really easy and secure way for transferring files between devices,
so it would be great to have wide support for them.
On 06/17/2014 05:12 PM, David Brodsky wrote:
> I've been working on rebasing the serverle
:
> I'm getting a 404 error when trying to follow the (non-onion) link to
> the F-Droid repo.
>
> Cheers,
> Michael
>
> On 16/06/14 22:52, Hans-Christoph Steiner wrote:
>
>> I've been using it and enjoying it. Nice to have all my feeds
>> going thr
There is work underway for making a "Google-free" version of TextSecure, i.e.
a version of TextSecure that does not require Google's GCM service.
https://github.com/WhisperSystems/TextSecure/issues/1000
Join in the test by installing it via the FDroid test repo (testing only, not
a secure build o
Try running Lil' Debi on an Android device. It's easy to run a webserver, and
most Debian things run just fine. The key difference is that it is the
Android Linux kernel, not Debian's, so depending on your device, that kernel
might not have all the things you need.
https://github.com/guardianpr
I won't make it there, unfortunately, but do let us know if you are in NYC.
Any chance of a preview of what about GPG you will be talking about?
.hc
On 06/19/2014 02:41 PM, Tim Bray wrote:
> Anyone coming? I’m doing a keynote and GPG will certainly be mentioned.
> If there are going to be a fe
I have the first working version of the TrustedIntents library. It is
currently set up as an "Android Library Project" but it could easily be a jar
too, the code is currently quite simple, but I plan on adding more convenience
methods and also support for TOFU/POP. For usage examples, check out
On 06/24/2014 06:28 PM, Mark Murphy wrote:
> On Tue, Jun 24, 2014, at 18:06, Hans-Christoph Steiner wrote:
>> I have the first working version of the TrustedIntents library.
>
> Very cool!
>
> Your "trusted chooser" will be important. I would expect as muc
FDroid repos are similar to Debian apt repos in that they do not rely on the
security of the server they are on or the network transmission method. Once
you trust a signing key, then it can verify whether all files in the repo are
what they should be.
Keep in mind the https://s3.amazonaws.com/gu
Hey Josh,
You mentioned in the storymaker kickoff summary that you are planning on
building out a build server with devices attached. I'm assuming you're
planning on making that a Jenkins box.
It would be awesome if this could be available to other GP projects, and if it
did not have to produce
06/25/2014 04:59 PM, Hans-Christoph Steiner wrote:
>
> FDroid repos are similar to Debian apt repos in that they do not rely on the
> security of the server they are on or the network transmission method. Once
> you trust a signing key, then it can verify whether all files in the rep
We now have an official FDroid app repository that is available via three
separate methods, to guarantee access to a trusted distribution channel
throughout the world! To start with, you must have FDroid installed. I
recommend using the latest test release since it has support for Tor and
.onion
On 07/01/2014 10:50 AM, shm...@riseup.net wrote:
>
>
> Hans-Christoph Steiner:
>>
>> I finally finalized the new official FDroid repo for Guardian Project apps,
>> including this copy on S3!
>>
>> https://s3.amazonaws.com/guardianproject/index.html
>>
On 07/01/2014 01:04 PM, Chris Croome wrote:
> Hi
>
> On Wed 02-Jul-2014 at 12:50:38AM +1000, shm...@riseup.net wrote:
>>
>> its disappointing & shocking (?) that Amazon doesn't support any DHE or
>> ECDHE ciphers
>>
>> this means every time most android devices connect they'll default back
>> to
On 07/01/2014 04:47 PM, Angel Vicente wrote:
> El Thu, 26 Jun 2014 02:11:06 -0004
> Nathan of Guardian escribió:
>>
>>
>> On Wed, Jun 25, 2014 at 4:49 PM, Angel Vicente
>> wrote:
>>> I'm not sure if is a problem with ChatSecure:
>>> I have a phone LG with ChatSecure and a Google account, and o
The latest article from the Snowden leak, and this type they finally included
some source code!
http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html
Definitely worth reading the whole thing.
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B
That permission was added so that Orbot can reliably write out the debug log
out to the SDCard, and share it to other apps.
.hc
On 07/06/2014 01:20 AM, Delton Barnes wrote:
> Hello,
>
> Why does Orbot 14.0.4.3 newly need the following permissions:
>
> - modify or delete the contents of your US
A few of us have been trying to figure out how to improve Debian's software
distribution so that the software that people are using remains more private
and difficult to snoop on a mass scale.
You can follow the discussions here:
* https://bugs.debian.org/750522
* https://lists.debian.org/debian-
Android. We ended up
> writing a blog post [1] and linking to it from within the App Store,
> giving us something to reference down the road.
>
> [1] http://zetetic.net/blog/2014/4/21/strip-for-android-permissions.html
>
> On 7/7/14, 11:25 AM, Hans-Christoph Steiner wrote:
>&
wrote:
> you could also add this to 70debconf and update over Tor
>
> Acquire::http::Proxy "http://localhost:8118";;
> Acquire::https::SslForceVersion "TLSv1";
>
>
>
> Hans-Christoph Steiner:
>>
>> A few of us have been trying to figure ou
Unfortunately, RedPhone only completely encrypts the voice stream, lots of
metadata is very much visible. Same goes with any existing secure call system.
.hc
On 07/15/2014 01:14 PM, Nathan of Guardian wrote:
> Not sure agree Redphone is the same story, in that what they created was a
> user ex
Also, apparently the US Dept of Homeland Security has sponsored a testing
service called SWAMP. It is based on cppcheck, findbugs and others. cppcheck
and findbugs are in Debian and Ubuntu, and have Jenkins plugins. cppcheck has
already caught a number of notable issues in our own project and G
using cppcheck and
findbugs with our own Jenkins instances.
.hc
On 07/29/2014 09:09 PM, Josh Steiner wrote:
> Aside from an amazing acronym, at a glance I can't really figure out
> what this... is. -j
>
> On Tue, Jul 29, 2014 at 5:01 PM, Hans-Christoph Steiner
> wrote:
>>
Yes indeed. I plan on getting this integrated into the fdroid tools so that
it'll upload releases to fdroid repos via ssh and Amazon S3, and upload
directly to Google Play also, all with a single command, and integrated into
the offline signing process. :-D
Anyone seen anything like this for any
We'd like to support gradle for all of our libraries and apps, but most of us
are not using gradle yet, so patches are welcome.
gradle looks quite promising, but it is still very much a moving target. So
right now the effect of using gradle is to shift the build system pain from
the daily develo
and gradle
>> is tricky enough to have blocked something I'm working on for a couple
>> of days now. Gradle seems to me unreasonably big for what it does,
>> and not in the slightest intuitive. But I'm on the most painful part
>> of the learning curve, maybe I'll
Thanks for this report! 0.70 seems to have a few bugs, if you to get it
working now, I've been using 0.69. 0.71 should be out anyday now and it
includes fixes for lots of things, including the issue connecting to Amazon S3.
As for the corrupted download, I haven't seen those really at all, maybe
Nathan of Guardian wrote:
>
>
> On 08/02/2014 09:10 AM, Hans-Christoph Steiner wrote:
>> As for the corrupted download, I haven't seen those really at all, maybe once
>> or twice. Can you send more info?
>
> Could the corrupted download be actually an
We have a library for managing SQLCipher and IOCipher passwords, its called
Cacheword:
https://github.com/guardianproject/cacheword
It is used in Courier, InformaCam, ChatSecure and others, so you can look
there for examples.
.hc
Cédric Jeanneret wrote:
> Hello,
>
> I'm considering using SQLC
This does not look good for Xiaomi phones. It seems that they "silently sent
out user details to a remote server":
https://www.f-secure.com/weblog/archives/2731.html
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
___
Cédric Jeanneret wrote:
> On August 11, 2014 3:41:41 PM CEST, Nathan of Guardian
> wrote:
>>
>>
>> On 08/11/2014 03:01 AM, Cédric Jeanneret wrote:
>>> Hello,
>>>
>>> Currently working on orwall[1], a user submitted an interesting
>> issue[2].
>>>
>>> First, I thought "I'll need some lib [netCip
Cedric Jeanneret wrote:
>
>
> On 08/14/2014 06:07 PM, Hans-Christoph Steiner wrote:
>>
>>
>> Cédric Jeanneret wrote:
>>> On August 11, 2014 3:41:41 PM CEST, Nathan of Guardian
>>> wrote:
>>>>
>>>>
>>>> On 08/11/
0.6 from the .onion repo with proxy disabled !!!
>
> not stoned - got the screengrab too ;-)
>
> ya'll have a good W.E. GP
>
> que sera sera / laissez-faire
>
>
> shm...@riseup.net wrote:
>>
>>
>> Hans-Christoph Steiner wrote:
>>>
str4d wrote:
> On 08/15/2014 01:43 AM, Hans-Christoph Steiner wrote:
>
>
>> Cedric Jeanneret wrote:
>>> Just for information: I've a similar request regarding i2p
>>> support in Tor, and there's currently a client library being
>>> developed.
Since we're often caught in hellish loops of jar version conflicts and the
like, I'd like to remove as many dependencies from cacheword as possible. For
example, it looks like the only thing we really need spongycastle is to
support Android 2.2 and older (i.e. older than android-9). ChatSecure,
Yeah, anonymity is hard. I wonder if they even encrypt stuff they write to
local storage.
Good to see that Snapchat got busted for their grand claims backed by weak
implementations:
http://www.ftc.gov/news-events/press-releases/2014/05/snapchat-settles-ftc-charges-promises-disappearing-messages-
In the interest of simplifying cacheword deployment, I'm proposing to ship the
core functionality as a plain jar file, then have a "helpers" library project
that people could use as a library project, or just copy the classes and
modify them as they see fit.
This means that cacheword.jar will onl
Looks quite nice! Just gave it a quick try. The UX is definitely a lot
better. A couple of little details:
* when creating a key, the "name" text field does not seem to be set to handle
names (i.e. android:inputType="textPersonName")
* the default hash algorithm shouldn't be SHA-512 since tha
Dominik Schuermann wrote:
> Hey,
>
> On 08/29/2014 08:35 PM, Hans-Christoph Steiner wrote:
>> * when creating a key, the "name" text field does not seem to be set to
>> handle
>> names (i.e. android:inputType="textPersonName")
>
> tha
After unexpected complexity for adding mount/unmount logic and lots of
testing, I think IOCipher v0.2 is ready for release. It can be used as an
Android library project:
git clone https://github.com/guardianproject/IOCipher
Or as a jar with native .so files:
https://guardianproject.info/releases/
So I've just wrapped up a big push to nail down the CacheWord API and simply
the library as much as possible. I'll eventually make a proper release with a
jar file, but for now it is just in git:
https://github.com/guardianproject/cacheword
Here are the notable changes, feedback welcome:
* the
We've been running a private Jenkins instance for a while now, and its quite
useful to us. The build logs are also useful to other people, so I've set up
a public Jenkins instance so that anyone can view the build logs.
http://qssio5fppcrojdh3.onion:8080
A couple notes on usage:
* no login nec
http://engineering.bittorrent.com/2014/09/17/how-does-bleep-work/?shareadraft=baba133_5418786f2fdc2
The Distributed Hash Table (DHT) for finding contacts looks quite nice. A
notable downside is that Bleep negotiates a direct SIP/RTP connection between
the two users. That means anyone that can s
Nathan of Guardian wrote:
>
>
> On Fri, Sep 19, 2014, at 08:55 AM, Tom Ritter wrote:
>> The way I'd exploit it is by sending you a link via
>> email/txt/chatsecure when I think/hope you're on your phone with some
>> enticing subject like "Someone just dropped a ChatSecure 0day on
>> ExploitDB.
There have been some big new features implemented in Lil' Debi, mostly due to
the work of Kumar Sukhani (aka sdkie), who was the Google Summer of Code
student working on Lil' Debi.
* integrated boot process via /etc/init.d/rc so that when you start Lil' Debi,
any services (sshd, nginx, etc.) that
Nathan of Guardian wrote:
>
>
> On Mon, Sep 22, 2014, at 03:16 PM, Delton Barnes wrote:
>> Delton Barnes:
>>> Is the Guardian F-Droid repository deprecated? (The new one at
>>> https://guardianproject.info/fdroid/repo, not the old one.) I installed
>>> Orbot 14.0.7.1 from it. Orbot 14.0.8.2
Nathan of Guardian wrote:
>
>
> On Fri, Sep 19, 2014, at 12:16 PM, Hans-Christoph Steiner wrote:
>> Yet another stark reminder that the web only really works with public
>> information. Running applications on the web is really just a terrible
>> idea
>> fro
Hans-Christoph Steiner wrote:
>
>
> Nathan of Guardian wrote:
>>
>>
>> On Fri, Sep 19, 2014, at 12:16 PM, Hans-Christoph Steiner wrote:
>>> Yet another stark reminder that the web only really works with public
>>> information. Running applications
I find it quite useful to have a log of the websites that I have visited.
Then I don't need to make bookmarks, I can just search my history. But as far
as I understand it, browsers always make the browsing history available to all
sites that run javascript.
Is there a way to store browser histor
I'll repost my reply from the d...@openitp.org list:
FDroid already provides most of what you describe, all of the over 1000 APKs
(except Firefox, that's in the works) are built only from 100% publicly
available source. I'm in the midst of finalizing a funding proposal to add
deterministic builds
Tom Ritter wrote:
> On 24 September 2014 13:11, Hans-Christoph Steiner
> wrote:
>> But as far
>> as I understand it, browsers always make the browsing history available to
>> all
>> sites that run javascript.
>
> That's not true. You cannot simply c
I just found this interesting morsel, with already 2000+ installs:
http://cafebazaar.ir/app/info.guardianproject.otr.app.im/?l=en
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
___
Guardian-dev mailing list
Post: Guardian
> - cooper
> On 09/24/2014 01:31 PM, Hans-Christoph Steiner wrote:
>> I just found this interesting morsel, with already 2000+ installs:
>>
>> http://cafebazaar.ir/app/info.guardianproject.otr.app.im/?l=en
>>
>> .hc
>>
>
> _
very modern in design.
.hc
Cooper Quintin wrote:
> Has anyone been able to get the APK of this? I would love to poke around
> at it, but it seems the only way to get it is to download bazaar, which
> I am less than keen to do.
>
> - cooper
> On 09/24/2014 01:31 PM, Hans-Christoph S
dash is still the default /bin/sh, for speed and security, but you can change
that to bash if you want:
https://wiki.debian.org/DashAsBinSh
Ubuntu also uses dash by default:
https://wiki.ubuntu.com/DashAsBinSh
.hc
Lee Azzarello wrote:
> This output is from a Debian stable base system built with
ystem to use it as default. Am I misunderstanding
> something?
>
> -lee
>
> On Thursday, September 25, 2014, Hans-Christoph Steiner <
> h...@guardianproject.info> wrote:
>
>>
>> dash is still the default /bin/sh, for speed and security, but you can
er.
> Perhaps debootstrap or my platform build scripts override the default
> shell for root to be bash?
>
> Anyhoo, I think most people prefer Bash because it is very close to a
> real programming language. This shellshock shitstorm might be a
> setback for popular programming cu
less secure, as we are
seeing with these exploits. dash makes a much better /bin/sh
.hc
Lee Azzarello wrote:
> If I'm not mistaken, you just recommended not using bash as a
> solution. is that correct?
>
> -lee
>
> On 9/26/14, 1:24 PM, Hans-Christoph Steiner wrote:
>
't know.
>
> Anecdote: I had a short gig not too long ago to install some esoteric
> enterprise database on Solaris 10 for some financial institution. The
> default shell for Solaris 10 is...wait for it...
>
> C shell!
>
> *mind blown*
>
> I never thought I
If you have a headset with a mic plugged into your phone, then it is basically
the same process to listen to the headset mic as it is to listen to the
internal mic.
.hc
Matej Kovacic wrote:
> Hi,
>
> I have a question regarding earphones... when you switch them to a
> mobile phone, what happens
Nathan of Guardian wrote:
>
>
> On Wed, Oct 1, 2014, at 09:42 AM, Nathan of Guardian wrote:
>>
>>
>> On Wed, Oct 1, 2014, at 09:29 AM, Nathan of Guardian wrote:
>>>
>>>
>>> On Wed, Oct 1, 2014, at 08:18 AM, Michael Rogers wrote:
Interesting idea! With old school Bluetooth you can't make an
Matej Kovacic wrote:
> Hi,
>
>> I do think though, at an API level, you can target specific microphones,
>> regardless of what the user has done. Will have to check that though
>
> Well, that is important question for those, who would like to use
> JackPair device. It is a separate device,
Hey all,
I'm going to be doing a "secure mobile communications" training in November,
so I thought I'd take this opportunity to gather relevant materials, organize
it, and hopefully get it incorporated into https://www.level-up.cc
Any suggestions for materials, please send my way! It can be sli
My experience with WiFi Direct is the exact opposite. I spend a day with it
and couldn't get anything working. So my guess is that the quality of WiFi
Direct support varies widely based on ROM and hardware.
.hc
Nathan of Guardian wrote:
>
>
> On Thu, Oct 2, 2014, at 04:07 PM, Chris Ballinger
Michael Rogers wrote:
> On 02/10/14 21:07, Chris Ballinger wrote:
>> However, I think it would be beneficial to utilize other transports
>> for Android<-->Android and iOS<-->iOS for increased overall range /
>> mesh quality. The iOS MultipeerConnectivity framework uses Wifi /
>> Bluetooth in a pr
Nathan of Guardian wrote:
>
>
> On Fri, Oct 3, 2014, at 11:29 AM, Hans-Christoph Steiner wrote:
>> My experience with WiFi Direct is the exact opposite. I spend a day with
>> it
>> and couldn't get anything working. So my guess is that the quality of
>>
Hans-Christoph Steiner wrote:
>
>
> Michael Rogers wrote:
>> On 02/10/14 21:07, Chris Ballinger wrote:
>>> However, I think it would be beneficial to utilize other transports
>>> for Android<-->Android and iOS<-->iOS for increased overall range /
&g
Nathan of Guardian wrote:
>
>
> On Fri, Oct 3, 2014, at 11:43 AM, Hans-Christoph Steiner wrote:
>> Before diving too deep into implementing more on this discovery hack, I
>> think
>> the important question to ask is what we would actually do with a low
>> ba
Hans-Christoph Steiner wrote:
>
>
> Nathan of Guardian wrote:
>>
>>
>> On Fri, Oct 3, 2014, at 11:43 AM, Hans-Christoph Steiner wrote:
>>> Before diving too deep into implementing more on this discovery hack, I
>>> think
>>> the important q
Hey Paul,
Good to see your comments here, since you're deep in the mesh. I wanted to
get your thoughts on a question: since this bluetooth name hack is a
broadcast-only transport, I fear it will also have the same limitations as all
other mesh transports with rely on some kind of broadcast messa
If there is DNS communication, that means there is IP communication already
setup. Or is there some kind of special DNS for wifi direct? If there is IP,
then I think you'll get a lot more efficient data transfer using IP protocols
like UDP broadcasts or multicast.
.hc
Paul Gardner-Stephen wrot
ve-by data systems
working.
Here's an article about it:
http://news.bbc.co.uk/2/hi/technology/6506193.stm
The organization is apparently based in Cambridge, MA, maybe you could say
hello, Nathan:
http://www.unitedvillages.com/
http://www.firstmilesolutions.com/
.hc
Hans-Christoph Steiner wrot
Yeah, I saw that in the NDK. Its bad. We'll have to ship two versions of all
native binaries, since PIE support is pretty new in Android.
.hc
Nathan of Guardian wrote:
> Seems like we need to review all our cross-compiling code...
>
> "While using native executables in our existing Android ap
Should directly apply. Zetetic is in the process of updating SQLCipher to be
based on SQLite 3.8.7. I think the next release (3.2) is supposed to be based
on 3.8.7.
.hc
Josh Steiner wrote:
> Wonder how much of this will rub off on SqlCipher / IOCipher?
>
> http://permalink.gmane.org/gmane.comp
y PIE binaries.
.hc
Josh Steiner wrote:
> Ug, lots of rumors that L might be launching as early as this week. -j
>
> On Sat, Oct 11, 2014 at 8:44 PM, Hans-Christoph Steiner
> wrote:
>>
>> Yeah, I saw that in the NDK. Its bad. We'll have to ship two versions of
&g
The good news is that Chrome is also affected, so it looks like the
Chromium/Chrome developers are working on a strategy to handle supporting ICS
with PIE binaries:
https://code.google.com/p/chromium/issues/detail?id=373219
.hc
Hans-Christoph Steiner wrote:
>
> Here's how to do thi
I've just been playing with owncloud, and despite my hatred of PHP, I have to
say owncloud is really quite impressive. It provides a dropbox-like service,
web calendar + caldav sync, and now I just found out that it can do XMPP
webchat with OTR and webrtc:
http://www.jsxc.org/
This could be a s
Nathan of Guardian wrote:
>
>
> On Mon, Oct 13, 2014, at 11:30 AM, Hans-Christoph Steiner wrote:
>>
>> I've just been playing with owncloud, and despite my hatred of PHP, I
>> have to
>> say owncloud is really quite impressive. It provides a dropbox-lik
e for production”.
>
> On Mon, Oct 13, 2014 at 8:42 AM, Nathan of Guardian <
> nat...@guardianproject.info> wrote:
>
>>
>>
>> On Mon, Oct 13, 2014, at 11:30 AM, Hans-Christoph Steiner wrote:
>>>
>>> I've just been playing with owncloud, a
jsxc is just a javascript XMPP+OTR client. It can be embedded in owncloud.
.hc
Lee Azzarello wrote:
> Is this a Linux distro with application installed by default?
>
> -lee
>
> On 10/13/14, 11:30 AM, Hans-Christoph Steiner wrote:
>>
>> I've just been playi
n? Why is it easier to use Owncloud for an XMPP server,
> versus for example, Debian?
>
> -lee
>
> On 10/13/14, 3:58 PM, Hans-Christoph Steiner wrote:
>>
>> jsxc is just a javascript XMPP+OTR client. It can be embedded in owncloud.
>>
>> .hc
>>
>
SQLCipher, IOCipher, android-ffmpeg, Orbot, GnuPrivacyGuard, and Lil Debi are
affected. CacheWord, NetCipher, TrustedIntents, and F-Droid are not affected.
If your minimum target SDK is android-16 (aka 4.1) then it will be easy to
deal with. Otherwise, it'll be a chunk of work that is annoying
urity to
>> install these apps, they shouldn't be running them on obsolete hardware,
>> especially if their device manufacturer stopped shipping OS / security
>> updates.
>>
>> On Tue, Oct 14, 2014 at 10:32 AM, Hans-Christoph Steiner <
>> h...@guardianproject.inf
1 - 100 of 553 matches
Mail list logo
