N.E.P.T.R

QUIK SMS implements turning “blank liked message” into the proper format, but that still doesnt allow sending emoji reactions.

I was pretty sure that RCS id centralized and requires using the existing infrastructure, which requires some contract with Google or other providers.

Either way, no open source Messenger (that I know of) exists which supports RCS.

That is why I said sending them. You can’t send reactions that people can also see without RCS. QUIK SMS converts received reactions into the proper format but still can’t send them.

Sending them requires the proprietary RCS protocol. Only google messages and a couple others can do it. Infrastructure for RCS is owned by Google, Apple, and some carriers IIRC

QKSMS has been dead for years. QUIK SMS is a revival QKSMS: https://f-droid.org/packages/dev.octoshrimpy.quik.fdroid

Flatpak apps cant use namespaces. Flatpak (the software) uses namespaces but Flatpak apps can not.

Yes, I understand Flatpak does some seccomp syscall filtering. It still isn’t enough to consider a secure sandbox where the threat model is that the app is untrusted. Bubblewrap is generally considered a weak sandbox and isn’t “secure by default”, allowing for easy footguns.

LXC/Incus does support proper VMs but it isnt as common.

Neither are really designed to run untrusted apps.

I guess I just don’t understand your question. Explain in more detail.

1. Who is the threat actor? (State, APT, Hackivist, etc)
2. What is their goal (what do they want)? (Money, data, persistent access, blackmail)
3. What tools do they have?

Really think about the Ws (who, what, where, when, how).

If you want to protect against an “advanced” threat actor, you can not do that without multiple layers of isolation, including but not limited to virtualization, MAC (SELinux), namespaces, seccomp.

All protections are meaningless without a clear understanding of what assets you are protecting, the threat you face, and they want from you.

Distrobox is design to be the opposite of confined. Its goal is integration. The container is stripped away as much as possible to allow for sharing host resources.

As it says on the Distrobox website:

Security implications

Isolation and sandboxing are not the main aims of the project, on the contrary it aims to tightly integrate the container with the host. The container will have complete access to your home, pen drive, and so on, so do not expect it to be highly sandboxed like a plain docker/podman container or a Flatpak.

I would also argue calling “plain docker/podman container or a Flatpak” being “highly sandboxed” is also quite wrong and a misuse of those technology.

It uses Docker/Podman which is not a security sandbox. The purpose is app containers, not a security boundary. It shares the sane kernel as the host, which makes kernel vulnerabilities a source of container escapes. Docker (the default) runs as root and could be a source of privilege escalation. Best case is use gVisor or SELinux. Still not a secure sandbox.

Similar problems with Flatpak. Not a secure sandbox. Doesn’t Barely filters syscalls (and in a general way instead of per-app), barely reduces attack surface, granting frequently required permissions often significantly reduces the strength of the sandbox, shares a kernel with the host (and no application kernel like gVisor or sydbox), weak use MAC (like SELinux). Most of this can also be said of the previous 2 container software (and also LXC/LXD/Incus).

Also, don’t use browsers with Flatpak, they have a significantly weaker sandbox because it is missing a layer of sandboxing (namespaces). This makes attack exponential more likely by reducing the need chain another major vulnerability to execute a successful sandbox break.

What you want is a VM. It is designed to be a secure sandbox but needs some configuring.

Licenses don’t matter when corpos don’t care anyways. Especially for training LLMs. They don’t care about copyright. I choose to use tools based on there merits over simply going “it has my favorite license.” Even though I say that, I still prefer AGPL even though I understand that of the corpos want to steal, they’ll steal it.

Anything really. Just use Docker/Podman or LXC and then the base OS won’t matter.

• Ubuntu is still fine
• Debian I have personally used and it is good
• I used openSUSE Slowroll for a while as well
• Fedora server is just as good as RHEL derivatives IMO

Next thing I am looking at is secureblue for Fedora CoreOS. Security matters and a rock solid base with hardened defaults is really nice. It also is Atomic and because it is effectively just CoreOS, you install it with a JSON file (I think). Using the provided example butane file it took like 30 seconds to install. Now I need to customize it further.

I am not trying to say that SailfishOS (or Jolla) isnt a cool project, it just doesnt belong here. Whenever people post Obsidian.md in here I say the same thing for the same reason. Try posting in the Linux phones community. I don’t subscribe to this community to see proprietary software invade the FOSS space.

AOSP is open source, Google’s Certified Android is not. You can contest that if you want.

That doesn’t change that SailfishOS is straight up proprietary for most of its developed compotents. It does not belong in this community. The Wikipedia page for SailfishOS says under license “proprietary with some open source components”.

Sailfish OS is proprietary. It does not belong in this community.

I still dont understand /e/OS. Just use LineageOS. It supports all the same devices and doesnt lag as far behind. You can choose to run an insecure OS if you like (see: all Windows 10 users) but definitely don’t recommend it to others.

You cannot have privacy without at least basic security. Targeted attacks are not the most common kind of attack by long shot. Threat actors scan for vulnerable devices and use automated scripts to execute attacks. Android is one of the most exploited targets. With an outdated OS your browser could be exploited and used to get a sandbox escape, possibly chaining it into root escalation. It all depends on the vulnerabilities found and the longer you wait the more likely for the “stars to align” for the perfect attack. Look at CVE-2025-48593 for an example, zero-click RCE. In recent memory there was also a zero-click RCE utilizing specially crafted MMS, meaning an threat actor could send messages to all phone numbers and try the attack in mass.

/e/OS is by far the most behind on updating security patch levels of the AOSP ROMs (at ~2 months), iode is ~1 and everything else is better than those two.

Privacy without security is not real privacy, it is a mirage.

Security without privacy is like a fortress with cameras inside, a known threat (eg. Gapps Android).

Privacy with security is like a fortess with no known threats at all (eg. AOSP with timely security patches).

Privacy without security is like a fortress where some of the locks have rusted through and if someone tries they can open the doors. It is like replacing the walls with cardboard. “No one can spy on me now” you say in your cardboard castle.

There is no privacy without security. Android is one of the most widely exploited OSes and every month a dozen or more critical severity vulnerabilities are patched. Being 1-2 months behind on security patches is inexcusable for a privacy project.

From the description of this repo:

OpenCal is a web-based open-source software designed to make online appointment scheduling effortless and efficient. Whether you’re managing a team or running a business, OpenCal takes the hassle out of coordinating appointments, eliminating the need for endless back-and-forth emails. With OpenCal, you can streamline communication, save time, and focus on what really matters.

Can you give a description instead of just posting a plain link. Low effort post.

Most include micro iirc

Can you at least credit the OP who originally posted this when reposting? What community did you get this from?

Screensharing is the only thing i dont think it does. Voice and video good. See snikket or conversations.im