End-to-end usually means only the data's owner (aka the customer) holds the keys needed. The term most used across password managers and similar tools is "zero knowledge encryption", where only you know the password to a vault, needed to decrypt it.
There's a "data encryption key", encrypted with a hash derived of your username+master password, and that data encryption key is used locally to decrypt the items of your vault. Even if everything is stored remotely, unless the provider got your raw master password (usually, a hash of that is used as the "password" for authentication), your information is totally safe.
A whole other topic is communications, but we're talking decryption keys here
That was also my first impression when I saw the site. The color scheme in general looked more like "boring b2b SaaS" and not a personal budgeting app and not really something where I'd look forward to spending a lot of time in (Which ideally you should in a budgeting app).
I think it could benefit from a personal, playful kind of touch to appeal to more mainstream users.
Indeed. The capitalization and punctuation inconsistencies are a huge turn off. My instinct was that people behind the software don’t have attention to detail.
This is a pretty interesting claim...I have a few C110 and C200 that work just fine offline after null routing them.
You may need to enable RTSP (https://www.tp-link.com/us/support/faq/2680/) to get a feed off them directly, it works fine in Frigate and any other viewer that can consume RTSP.
I am not defending TP-Link, but it's a pretty big claim for you to say their devices don't work offline and will immediately power down, without any supporting technical evidence.
I have the same C200 camera and recently had a 24hr+ internet outage and the camera stayed on just fine. I am also using RTSP with Frigate and Scrypted.
Ugh. This 100% shows how janky and unmaintained their setup is.
All the hand waving and excuses around global supply chains, quotes, etc...it took pretty long for them to acquire commodity hardware and shove it in a special someone's basement and they're trying to make it seem like a good thing?
F-Droid is often discussed in the GrapheneOS community, the concerns around centralization and signing are valid.
I understand this is a volunteer effort, but it's not a good look.
As someone that has run many volunteer open source communities and projects for more than 2 decades, I totally get how big "small" wins like this are.
The internet is run on binaries compiled in servers in random basements and you should be thankful for those basements because the corpos are never going to actually help fund any of it.
"I understand this is a volunteer effort, but it's not a good look."
I would agree, that it is not a good look for this society, to lament so much about the big evil corporations and invest so little in the free alternatives.
I don't have a problem with an open source project I use (and I do use F-Froid) hosting a server in a basement. I do have a problem with having the entire project hosted on one server in a basement, because it means that the entire project goes down if that basement gets flooded or the house burns down or the power goes out for an extended period of time, etc.
Having two servers in two basements not near each other would be good, having five would be better, and honestly paying money to put them in colo facilities to have more reliable power, cooling, etc. would be better still. Computer hardware is very cheap today and it doesn't cost that much money to get a substantial amount of redundancy, without being dependent on any single big company.
This sounds reasonable. But this is a build server, not the entire project infrastructure.
I bet the server should be quite powerful, with tons of CPU, RAM and SSD/NVMe to allow for fast builds. Memory of all kinds was getting more and more expensive this year, so the prolonged sourcing is understandable.
The trusted contributor, as the text says, is considered more trustworthy than an average colocation company. Maybe they have an adequate "basement", e.g. run their own colo company, or something.
It would be great to have a spare server, but likely it's not that simple, including the organization and the trust. A build server would be a very juicy attack target to clandestinely implant spyware.
I concur, and given the amount of apps they build it makes sense to spend the money on a good build server to me, especially if it is someone with experience hosting trusted servers as mentioned as well as a contributor already. If people do not want to use it, the source code to build yourself is still available for the apps they supply.
It is not your bank. You don't need 99.999999999999999% availability of the build server of an app store. Especially if the apps packages can still be downloaded from regular https servers.
As long as you don't need RAM or hard drives. It's getting more expensive all the time too. This isn't the ideal moment to replace a laptop let alone a server.
> their incessant mud slinging at any service that isn't theirs is tiresome at best.
100%. But you know, sadly I've noticed that non-experts are impressed by elitism. So you don't have to be good, you just have to shit on others, and passerbys will interpret that as being very competent.
Which is super ironic, from a project which about privacy but only supports hardware built by the biggest surveillance company.
> this server is physically held by a long time contributor with a proven track record of securely hosting services.
This is effectively a rando's basement. It doesn't matter that they've been a contributor or whatever. Individuals change, relationships sour. Securely hosting how ? By locking the front door ? By being a random tech company in the midwest ? Or by having proper access control ?
As a little reminder, F-Droid has _all_ the signing keys on its build server. Compromising that is somewhere between "oh that's awful" and "stop the world". These builds go out as automatic updates too. So uh, yeah, I'd like it if it was hosted by someone serious and not my buddy joe who's a sysadmin don't worry
The not knowing is the point. From a security perspective, you have to assume the worst.
And maybe that is F-Droid's point: Security through obscurity. If the build infrastructure with the signing keys is unknown, then it's that much harder for Bad Actor to do things like backdoor E2E encrypted communication apps. This is, of course, the weakness in E2E encryption in apps obtained from mainstream/commercial app stores. For all we know, these may already be backdoored depending on where it came from.
However, the obscurity makes F-Droid hard to trust as an outsider to the project.
I read it a bit differently: you don't need to be a mega-corp with millions of servers to actually make a difference for the better. It really doesn't take much!
The issue isn’t the hardware, it’s the fact that it’s hosted somewhere private in conditions they wont name under the control of a single member. Typically colo providers are used for this.
Eh. It's just a different set of trade-offs unless you start doing things super-seriously like Let's Encrypt.
With f-droid their main strength has always been replicable builds. We ideally just need to start hosting a second f-droid server somewhere else and then compare the results.
> F-Droid is often discussed in the GrapheneOS community, the concerns around centralization and signing are valid.
Clearly the GrapheneOS community is clueless then.
You can host F-Droid yourself, which is the opposite of centralized. If the GrapheneOS community actually is concerned about centralization they can host an instance as well.
Futhermore, each author signs their own software, which again is the opposite of centralized. One authority signing everything would be centralized.
So F-Droid is decentralized in authorship and distribution. Google store is only decentralized in authorship.
If I were running a volunteer project, I would be dumping thousands a month into top-tier hosting across multiple datacenters around the world with global failover.
the _if_ is doing a lot of heavy lifting there. You're free to complain about it but Fdroid has been running fine for years and I'd rather have a volunteer manage the servers than some big corporation
They quite notably haven't been running fine for years: https://news.ycombinator.com/item?id=44884709 Their recent public embarrassment resulting from having such an outdated build server is likely what triggered them to finally start the process of obtaining a replacement for their 12 year old server (that was apparently already 7 years old when they started using it?).
In what world is it embarrassing to not buy hardware you don't need? The servers worked fine for years. When there was an actual reason to spend money, they bought something new. Sounds like good stewardship of the donations they receive.
I finally just upgraded my 9 year old computer with an i5-6600k to a Ryzen 9 5950x because I wanted to be able to edit home videos. I already rarely even used 1 core on the old CPU, the new one is 7x more powerful, and it's an ebay part from 5 years ago. I don't foresee needing to upgrade again for another decade. I probably would've been good for another 15-20 years if I had upgraded to a DDR5 platform, but RAM prices had already spiked, so I just swapped the motherboard and CPU.
Nah, if you actually read into what's available there, it's clear that the compilers have never implemented features to make this broadly usable. You only get runtime instruction selection if you've manually tagged each individual function that uses SIMD to be compiled with function multi-versioning, so that's only really useful for known hot spots that are intended to use autovectorization. If you just want to enable the latest SIMD across the whole program, GCC and clang can't automatically generate fallback versions of every function they end up deciding could use AVX or whatever.
The alternative is to make big changes to your build system and packaging to compile N different versions of the executable/library. There's no easy way to just add a compiler flag that means "use AXV512 and generate SSE2 fallbacks where necessary".
The people that want to keep running new third-party binaries on 12+ year old CPUs might want to work with the compiler teams to make it feasible for those third parties to automatically generate the necessary fallback code paths. Otherwise, there will just be more and more instances of companies like Google deciding to start using the hardware features they've been deploying for 15+ years.
But you already know all that, since we discussed it four months ago. So why are you pretending like what you're asking for is easy when you know the tools that exist today aren't up to the task?
Apart from the "someone's basement", as objected to in this thread, it also doesn't say they acquired "commodity hardware"; I took it to suggest the opposite, presumably for good reason.
> it also doesn't say they acquired "commodity hardware"; I took it to suggest the opposite, presumably for good reason.
This seems entirely like wishful thinking. They were using a 12 year old server that was increasingly unfit for the day-to-day task of building Android applications. It doesn't seem like they were in a position to acquire and deploy any exotic hardware (except to the extent that really old hardware can be considered exotic and no longer a commodity). I'd be surprised if the new server is anything other than off the shelf x86 hardware, and if we're lucky then maybe they know how to do something useful with a TPM or other hardware root of trust to secure the OS they're running on this server and protect the keys they're signing builds with.
I'm just reading what was written, especially "the specific components we needed", and assuming they're not as incompetent as is being suggested, given they've served me well. Perhaps you haven't been tendering for server hardware recently, even bog-standard stuff, and seen the responses that even say they can't quote a fixed price currently. At least, that's in my part of the world, in an operation buying a good deal of hardware. We also have systems over ten years old running.
They didn't say what conditions it's held in. You're just adding FUD, please stop. It could be under the bed, it could be in a professional server room of the company ran by the mentioned contributor.
100%. Just as an example I have several racks at home, business fiber, battery backup, and a propane generator as a last resort. Also 4th amendment protections so no one gets access without me knowing about it. I host a lot of things at home and trust it more than any DC.
> Also 4th amendment protections so no one gets access without me knowing about it.
If there's ever a need for a warrant for any of the projects, the warrant would likely involve seizure of every computer and data storage device in the home. Without a 3rd party handling billing and resource allocation they can't tell which specific device contains the relevant data, so everything goes.
So having something hosted at home comes with downsides, too. Especially if you don't control all of the data that goes into the servers on your property.
Isn't a business line quite expensive to maintain per month along with a hefty upfront cost? For a smaller team with a tight budget, just going somewhere with all of that stuff included is probably cheaper and easier like a colo DC.
> Also 4th amendment protections so no one gets access without me knowing about it
> Also 4th amendment protections so no one gets access without me knowing about it.
Hahaha
at best you're getting a warrant. Slightly better you're getting a warrant _and_ a gag order. Then it escalates, and having your door kicked in at 6AM is about the best you can hope for.
But sure, you'll know about it. Most likely. Maybe.
Just don't keep anything important in there eh ?
(Note, this definitely applies to colocations too. It's just maybe a tiny bit harder to find which rack is yours, and companies of that size generally have lawyers to prevent that from happening. I'll take my chance with the hosting company.)
A home setup might be able to rival or beat an “edge” enterprise network closet.
It’s not going to even remotely rival a tier 3/4 data center in any way.
The physical security, infrastructure, and connectivity will never come close. E.g. nobody is doing full 2N electrical and environmental in their homelab. And they certainly aren’t building attack resistant perimeter fences and gates around their homes, unless they’re home labbing on a compound in a war torn country.
> The physical security, infrastructure, and connectivity will never come close. E.g. nobody is doing full 2N electrical and environmental in their homelab. And they certainly aren’t building attack resistant perimeter fences and gates around their homes, unless they’re home labbing on a compound in a war torn country.
Why would you need all of that if what they have works? Nobody is going to raid a repo of open source software, you can just download everything for free.
I'd bet F-Droid probably is colocated. Nothing in their statement precludes this.
But the assertion by commenters above that home-hosting is a viable or even a better option for a project like this is silly. Colocating a single server is cheaper than a single a Comcast Business internet connection. Air conditioners fail. Electrical failures happen. These things might not be a problem for a personal project, but they're easily and cheaply mitigable risks at commercial scale.
It's gotten inoperable on AT&T recently, and the Graphene team doesn't seem to care because RCS isn't completely E2EE (due to Apple dragging their feet) and therefore not a priority
If 90% of customers are in the US, they're probably going to comply.
reply