Tink VS ntfy

> I wonder what people say when they find a bug despite you using standard crypto?

Not using TLS doesn't automatically mean you need to "roll your own crypto". They could have used a well documentend library such as Google Tink[1] instead of doing their own crypto.

[1] https://github.com/google/tink

I sort of rewrote google's tink project in rust. There is already a rust version by project oak but it didn't exactly jive.

PassManager uses the Tink library for encryption, which provides state-of-the-art** security for your passwords. Tink uses industry-standard encryption algorithms like AES to ensure that your passwords are kept safe from prying eyes.

Note that in the example jwt refers to the Tink jwt package.

What I can't tell is if the new version had any fixes related to the bug being discussed here

Even the slightest hiccup could leave me vulnerable. I don't want to roll my own encryption. I want to use something like tink (a secure crypto library by Google) but unfortunately they don't support node or Javascript (there's a library that was published 2 years ago).

I dont have an answer for you, but 2 resources that are worth checking out: https://developer.android.com/guide/topics/security/cryptography and https://developers.google.com/tink

> Do C (or something where the mapping to C is known), and lots of languages have FFI libs where wrapping that is fairly trivial

That is an interesting idea, yet still a lot of work, sadly. I was hoping somebody had done the legwork already. I looked at Tink [1] and age [2] based on my co-worker's recommendation, but they all seem to have limited implementations in other languages.

[1] https://github.com/google/tink

[2] https://github.com/FiloSottile/age

Slightly related, but I've also been working on and off for a few years on my own Type 1 Diabetes management solution (https://github.com/algao1/iv3).

I haven't had time to work on it recently, but it uses ntfy (https://ntfy.sh/) to send alerts and such.

I was thinking of eventually incorporating some kind of automatic remedial solution eventually to help keep my glucose in range, but haven't had any time to look into it yet.

If you go to the settings, there should be a notification category, which then contains another menu "App Notifications" where you can see all the apps that are allowed to receive notifications, but I don't know if this will stop google play services to receive these identifiers.

I use GrapheneOS, so I don't have any google play services running, but for the apps where I need notifications I use https://unifiedpush.org/ (only a few apps implement it) and I host my own https://ntfy.sh server.

Kind of similar, in the early days of COVID, I accidentally discovered that my state's website would have test results available several hours before they sent out the "view your results" email. So I made a script that would check the site every five or ten minutes and then ping me as soon as the result changed to something besides PENDING.

In the course of that I stumbled on https://ntfy.sh/ which solved the notification problem without needing Twitter, and I've used it since then to let me know when long-running scripts complete.

I connect any app that supports https://unifiedpush.org/ to a self hosted https://ntfy.sh instance for fully self hosted push notifications

changedetection.io just donated to the awesome crew over at ntfy.sh

For further monitoring & alerting about critical cpu temperatures (unlikely now) for example, I plan to use notify & something else. Haven't thought about this much yet though.

I've started tossing https://ntfy.sh/ alerts into my Deno apps to get push notifications for things I'm interested in

ntfy.sh

If it was for fun and to learn how, that's fair. But are you aware of https://ntfy.sh?