@dima And ultimately, we should stop using that previous draft, it has been deprecated one month after its publication, nearly 10 years ago

@dima The standard webpush is currently opt-in, with the "standard" parameter: https://docs.joinmastodon.org/methods/push/#create

It means the said clients have set this setting, but the relay doesn't support the standard yet

It looks like @S1m and I had our #UnifiedPush talk accepted for the FOSS on Mobile devroom at #FOSDEM.

A detailed schedule has yet to be released, but the devroom takes place all day on Saturday.

https://fosdem.org/2026/schedule/track/foss-on-mobile/

If you're using UnifiedPush to get push notifications because you can't use the Play Services, we'd be happy to ear from you!

It may be because they aren't available in your region, they weren't included in your phone or because your Android version is too old to be supported.

:boostRequest:

#UnifiedPush #Android

Y'all, the rewrite is in a testable state. If you have already previusly installed a nightly before, please take a backup of your settings, as database migration currently is not working right.

Please test it out and tell me the things you miss from it :D

Try it out at:
https://github.com/LucasGGamerM/moshidon-nightly/releases/tag/nightly-2025-12-07

@Em0nM4stodon Maybe worth adding this recommendation in privacyguides?

Want to know why you should set a strong PIN with Signal?

https://s1m.fr/signal-pin/

#Signal #SignalApp #Android #Privacy

📢 #FOSSWarn 1.0.1 is now on F-Droid. This release addresses some issues with the push-notification setup and fixes some bugs.

One crucial bug fix was related to the coordinates of the subscription bounding box. The coordinates (after a subscription has expired and the resubscribe feature was used) might be swapped (so lat is long instead). Please check your subscription and remove it if it is incorrect, and re-add the place. You can check the bounding box by pressing the icon to the left of the place name.

Other improvements are:
- a notification self-check feature
- an easy check to switch between distributors
- bug fix with a parser error with biwapp alerts

Read the the full release note here:
https://github.com/nucleus-ffm/foss_warn/wiki/Release-notes-for-FOSSWarn-1.0.1

https://github.com/nucleus-ffm/foss_warn/releases/tag/1.0.1

Absolutely love @modal ’s principles. This is the future I want.

https://modal.cx/principles/

Android Studio goes crazy with your CPU ?

Go to Settings > Plugins and disable "Local AI/ML Toos"

#Android #AndroidStudio #Enshittification

And first notification with UnifiedPush on @nextcloud

#UnifiedPush #Nextcloud

RE: https://infosec.exchange/@S1m/115403028128977708

This workaround saved my afternoon for the third time today since this post 🙈

Want to know why you should set a strong PIN with Signal?

https://s1m.fr/signal-pin/

#Signal #SignalApp #Android #Privacy

@nextcloud I've finally managed to do it without an additional setting, so the references to "push notifications" will be actually accurate now. The PR are opened :)

Just five days left to submit a talk at the *FOSS on Mobile* devroom at https://fosdem.org/2026/

The deadline is 1st December at 23:59 UTC. We are looking for presentations on AOSP, Automotive, booting, as well as many other mobile topics. There are more details in the CfP:
https://lists.fosdem.org/pipermail/fosdem/2025q4/003687.html

We look forward to hearing from you!

@aosp_devs

@nextcloud The system notifications are often referred as "push notification" on Nextcloud. This is pretty misleading, I don't know how to name the setting to enable (web) push notifications then

@nextcloud The example is a notification when no tab is opened

🎉 First push notifications on @nextcloud

Next step: UnifiedPush on the mobile apps

#Nextcloud #UnifiedPush #webPush

About 1.5 years ago my friend was (falsely) accused of terrorism.

All of their electronic devices were seized, plus my stash of hard drives (stored at their place for reasons).

Of course police didn’t find any evidence. Culprit that impersonated my friend (and many others) got arrested recently (article in Polish).

Police returned the hardware few months ago and I found that all of my drives are now e-waste thanks to their carelessness, which made me (understandably) furious. I even considered suing them.

Said very good friend of mine entrusted me with their personal phone and pattern to unlock it. I charged and booted it for the first time since February 2024 and were curious how it was pwned. I knew police used cellebrite on it.

My crime is that of curiosity

As it turns out, police forgot to clean after themselves (there was an attempt) and left payloads, logs, and backdoor intact.

Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer on my own. It’s relatively well obfuscated, but I can tell it’s using RNDIS (likely spawning a server?) and TLS-encrypted connection to talk to Cellebrite box.

If you’re a security researcher (or just curious nerd with more spoons than me) and you would like to take a look - here you go.

Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:

• Samsung Z Flip3 5G (SM-F711B)
• Android build SP2A_220305.013.F711BXXS2CVHF

Rough execution flow:

1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules (hid_steam, hid_apple, hid_prodikeys, hid_logitech_hidpp, hid_magicmouse, hid_aksys and tries to exploit quirks)
4. Module 'hid_aksys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload (seemingly) executed as root:
	- /data/local/tmp/chrome-command-line
	- /data/local/tmp/android-webview-command-line
	- /data/local/tmp/webview-command-line
	- /data/local/tmp/content-shell-command-line
	- /data/local/tmp/frida-server-16.1.4-android-arm64
	- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)

Have fun!

Version 1.0.1 is nearly ready to go. This includes bug fixes and some useful features for the UnifiedPush setup. If you want to help us with testing, you can find the alpha release on GitHub: https://github.com/nucleus-ffm/foss_warn/releases/tag/pre-1.0.1-alpha_1. Join the Matrix space to give feedback.