letsencrypt
LibreSignal
letsencrypt | LibreSignal | |
---|---|---|
21 | 49 | |
30,850 | 258 | |
0.3% | 0.8% | |
9.0 | 0.0 | |
22 days ago | about 7 years ago | |
Python | C | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
letsencrypt
-
ACME with Google Domains using a DNS Zone in GCS DNS
This seems to be not implemented in certbot, yet: https://github.com/certbot/certbot/issues/6566
-
OpenSpeedTest in docker through DSM Reverse Proxy - incorrect upload speeds
If you do go with NPM or Traefik, under the covers it's using certbot to request/renew your certificates through Let's Encrypt using the DNS-01 challenge, meaning you can get wildcard certs and don't have to futz around with port forwards. Again I'd think Caddy has similar functionality, I just have not used it personally. Raw NGINX you probably don't want to try out yet considering it requires manually doing the configs
- Certbot run.bat file identified as batloader trojan by windows defender. Windows defender alerted me of a trojan which appears to simply be the startup batch script for certbot. Currently running full system scan, but I suspect it to be a false positive. Any ideas?
-
Snap Store administrators removed signal-desktop from Ubuntu Snap
certbot won't be missed. The code quality is pretty poor.
https://github.com/certbot/certbot/issues 5000 bugs and it most of it can be replaced by much smaller tools
-
Good Use Of Golang?
Here’s a good code reference (Python and rust): https://github.com/certbot/certbot
-
Let's Encrypt Certbot Not Working on FreeBSD
I am trying to migrate off of Linux and back to FreeBSD, but I hit a problem today. The Let's Encrypt Certbot is not installing. A bit surprising, given how important it is. So I thought I would notify the community Here is my bug report. https://github.com/certbot/certbot/issues/9394
-
How to update Certbot on Debian 11
Last release: https://github.com/certbot/certbot/releases (on 28th August 2022 = 1.29.0)
-
Uacme: ACMEv2 client written in plain C with minimal dependencies
Right? It’s so ridiculous how you’re supposed to use Snap to install certbot. The (well, one of..) GitHub discussion is just beyond the pale:
https://github.com/certbot/certbot/issues/8345#issuecomment-...
-
Let’s Encrypt Receives the Levchin Prize for Real-World Cryptography
It goes way beyond, since Let's Encrypt influence the ecosystem a lot and the standards that are used.
If you use Let's Encrypt, you are likely using Certbot, which means that everybody uses a tool that a central authority strongly recommends to you.
I wonder how they generate the key, for example, it may be using secp256r1: https://github.com/certbot/certbot/blob/5c111d0bd1206d864d7c...
-
Setting up nginx+letsencrypt as a reverse proxy
# nginx-ingress-https.conf events { } http { include mime.types; server { listen 443 ssl; listen [::]:443 ssl; server_name sg.horlick.me; ssl_certificate /etc/letsencrypt/live/sg.horlick.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sg.horlick.me/privkey.pem; # taken from https://github.com/certbot/certbot/blob/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1440m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; ssl_dhparam /etc/ssl/certs/dhparam.pem; sendfile on; tcp_nopush on; tcp_nodelay on; location / { proxy_pass http://host.docker.internal:9090/; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } } }
LibreSignal
-
Show HN: Beeper Mini – iMessage Client for Android
>what does this mean?
Moxie (Signal's founder) has thrown fits in the past over the existence of third-party clients using their servers: https://github.com/libresignal/libresignal/issues/37#issueco...
-
Signal: The Pqxdh Key Agreement Protocol
0: https://github.com/libresignal/libresignal/issues/37
I push back when anyone recommends Signal because they are fundamentally not an open network.
-
Hosting Signal frontend on a local server (Like Signal desktop but through website)
OWS has historically been hostile to third party implementations outside of their clients. There are multiple unofficial options but the only one I've been looking at is the bridge with matrix, though setting up a matrix server just for this is likely overkill.
-
After High Court Ruling, Telegram Discloses Names/Numbers/IP of Users
I have to say that I find him fascinating too, but there are a few things that raise my suspicion, but of course do not convict him of anything:
The way he is attacking this alternative Signal client and rules out interoperability:
https://github.com/LibreSignal/LibreSignal/issues/37#issueco...
Signal was a word before he decided to turn it into a brand.
The signal server source code repo was not updated for a year. Communication intransparent.
https://www.androidpolice.com/2021/04/06/it-looks-like-signa...
I am not even against crypto integration, but I found the choice of MobileCoin odd. Instead of integrating an existing privacy coin or working with the community, he decided to integrate MOB and to be one of their "advisors":
https://techcrunch.com/2018/04/24/mobilecoin-moxie-marlinspi...
https://www.coingecko.com/en/coins/mobilecoin
-
Snap Store administrators removed signal-desktop from Ubuntu Snap
Is that so surprising? Signal had always a hostile attitude to alternative clients. They have this weird disconnect of the new CEO saying they want to be available to as many people as possible and be a fully commited FOSS app, and then have no version on F-Droid (while Telegram has!) and actively fight alternative clients (see https://github.com/LibreSignal/LibreSignal/issues/37#issueco...)
Because of this hostility Signal is not a trustworthy organization at all.
-
Signal discontinuing SMS support.
LibreSignal existed before Moxie was like “no, don’t”: https://github.com/LibreSignal/LibreSignal
- Combattez la censure Iranienne en hébergeant un proxy Signal
-
Nokia 1680 phone gets new PCB, runs mainline Linux
They have shut down third party clients, and resve the roght to continue that.
https://github.com/LibreSignal/LibreSignal/issues/37#issueco...
-
Office 365 implementing AI to detect employees colluding, leaving and more
1) You need to audit that code, which.. everyone will have to do.
2) https://signal.org/blog/reproducible-android/
> the Signal Android codebase includes some native shared libraries that we employ for voice calls (WebRTC, etc). At the time this native code was added, there was no Gradle NDK support yet, so the shared libraries aren’t compiled with the project build.
a good answer in my opinion, but it means what you run from the play store is not reproducible and thus can never really be confirmed to be what the sources actually include. There are also binary blobs needed for interacting with Google Play.
3) Signal is openly hostile to third party client implementations: https://github.com/LibreSignal/LibreSignal/issues/37
-
Axolotl: First cross-plattform Signal client
Moxie Marlinspike on May 5th 2016:
> I'm not OK with LibreSignal using our servers, and I'm not OK with LibreSignal using the name "Signal." You're free to use our source code for whatever you would like under the terms of the license, but you're not entitled to use our name or the service that we run.
> If you think running servers is difficult and expensive (you're right), ask yourself why you feel entitled for us to run them for your product.
Moxie Marlinspike left Signal this January[2] 2022.
Whose to say whether there will be any change, but it's been interesting seeing Signal as a somewhat defended property. Although various third party clients/tools/libraries do exist already.
The claim that running servers is expensive would have been more interesting, imo, had there been any viable way to run your own. But for a long while Signal server source code wasn't being updated at all.
[1] https://github.com/LibreSignal/LibreSignal/issues/37#issueco...
[2] https://signal.org/blog/new-year-new-ceo/
What are some alternatives?
acme.sh - A pure Unix shell script implementing ACME client protocol
mollyim-android - Enhanced and security-focused fork of Signal.
lego - Let's Encrypt/ACME client and library written in Go
TextSecure - A private messenger for Android.
dehydrated - letsencrypt/acme client implemented as a shell-script – just add water
signal-cli - signal-cli provides an unofficial commandline, JSON-RPC and dbus interface for the Signal messenger.
Cloud-Init - unofficial mirror of Ubuntu's cloud-init
calyxos-fdroid-repo
dehydrated-bigip-ansible - Ansible based hooks for dehydrated to enable ACME certificate automation for F5 BIG-IP systems
Signal-Android - Patches to Signal for Android removing dependencies on closed-source Google Mobile Services and Firebase libraries. In branches whose names include "-FOSS". Uses new "foss" or "gms" flavor dimension: build with "./gradlew assemblePlayFossProdRelease".
SaltStack - Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
Signal-iOS - A private messenger for iOS.