-
-
Notifications
You must be signed in to change notification settings - Fork 730
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
If someone was to restart Haven in 2025... #465
Comments
If not, just update the frameworks and replace Signal integration to Matrix. Here is what Bing would do (
@harlo @n8fr8 : no more money from FPF? So sad. If I was an android devel.... Edit: no there could be some #460. Contacting you |
Please fork this and apply your changes then report back. You’ll need to host your own server for Matrix so a solid understanding of networking is required. |
Why someone trying to replace signal with matrix would need to host his own server? This will require to use two accounts here, and to log one in into the phone and the room where to send the alarms. That's it. @lukeswitz i won't start this project. I have not enough knowledge in android development unfortunately. I just try to draft what it would take for someone having the knowledge, having some funds, to entice that person to do it. |
I can’t speak for who takes this over; but money is not the issue or incentive. Sorry for the confusion. I’d love to see this done from scratch and I’d help make that happen. Thanks for the motivation As for your own server, that was for signal as it exists now. Sure you can use existing matrix instances and just create a callback in python or even in native Android Java, or so AI thinks:
At least that’s what AI says 😆 none of this code works. |
Instead of matrix, maybe update w/the cDc's https://veilid.com/ ? I haven't looked into it too far (or built haven for a long, long time) but it might be worth considering. |
I don't fully understand, what is the main problem that prevents from integrating other platforms, beside Signal, Matrix, etc... lets say telegram. There could be an option. Not everyone and every user is equal. Whoever needs Signal/Matrix, they can use, but there are definitely part of user base, who need to use Telegram, so why not add it?
to:
I understand there are more security concerns about it, but you can still add it as an option, but somewhat under "warning" message or whatever. |
I think @fat-tire is right. cDc Velid is a type of guardian project in and of itself. Their defcon talk this year gave me hope. With that came their code and an android app even. Lots to go off of for a reboot. To that end, a rebuild could be quite easy and beneficial. The project was always an adaptation, a fresh start is easier than addressing each sensor problem, etc. Granular settings overhaul, minimal UI and intuitive notifications; including the option for webhooks like @ttodua points out above. Definitely possible. |
but what is the current main problem with Haven, to continue its life? ( at least, before a reboot becomes a reality) |
Seems an agreement on notifications, and a dev(s) with the time to take on said integration. |
I have found this application quite interesting and would like to contribute.Are PR still accepted?. I have already forked and start upgrading things and fixing minor issues. @lukeswitz Telegram support will be the next feature I will try to include |
I've just discovered this so will be actively hunting forks :) for anyone else following this thread The Linux mentality, kiss, let this app do the android and the recording stuff, let other apps handle the rest, keep this simple to maintain and active :) |
hiii @lazee486 I was not aware of this library, thanks. I guess as you said we may use it to simplify the notification/alert system. I am still struggling now updating/replacing old/deprecated libraries and fixing some of those bugs listed. |
I'm more of a sys admin and just use self hosted apps, but if theres something I can help message me, I think this app seems like something worth keeping around, I'm thinking for just around my home :) |
I would avoid any app for evil maid attack mitigation that’s not using encryption. Risk appetites vary, not a chance I’d put my personal space on Telegram servers but that’s me. “Telegram is a steaming hot mess of bad to no encryption” - someone much smarter than I in the cryptography community. I have it working with Signal now that a linked phone number isn’t required. Ironing out the rest of the bugs vs. full rebuild is where I’m at now. |
I would really vouch for matrix. You open and control a channel that is encrypted. Invite guardians if you will. Use it as a baby monitor as well. Tweak the app to detect pitch of your dogs fighting only and warn just on that. We just need to stick with proper technologies that don't require necessarily a phone number to use. That's it. |
matrix would be better than telegram - can be self hosted or even use a public instance, and can use ntfy etc so you can get notifications on even degoogled devices. |
Looking into a veilid chat integration. Rebuild might be iOS & Android. All depends on time constraints. Happy for any help. Cheers all |
This is and has been a great idea, we just never made it happen. |
have to say many thanks for restarting and renewing the project! ..just wanted to mention, ..about Telegram and Matrix support(and m.b. some others messagers or nets): So, in theory, not needed any bots in Telegram/Matrix, i mean - could be possible to have a strait communication, not by a messagers protocol, but ip-to-ip, btw. But, in the hard way, over a nat for example, yes, should be posible to use a messager protocol, like was with the Signal. For the Telegram, a.y.k. there is a MTproto opensourced libs for handling that! |
For fun, I wanted to see if I could build haven w/modern tools (Android Studio 2024.2.1 Canary 6, Java 17, updated all libraries (that still exist), Gradle 8.10, Kotlin 2.0.10, ndkVersion '27.0.12077973', etc.), targeting SDK 35. Here it is running in the emulator, using the android 15 image w/pixel fold avd: Had to migrate a lot of stuff to newer versions, especially in the manifest. Lots of permissions have changed (ie storage), new things have to be declared. A few of the 3rd-party libraries don't really exist any more, I had to target x86_64 for the emulator, BetterVideoPlayer is deprecated and read-only, renderscript is deprecated and even jcenter is deprecated, etc. But I went on a take-no-prisoners-just-get-it-to-build slash and burn campaign, ignoring most recommendations to replace old stuff for new, but it does build now and runs in the emulator with a min sdk of 21 and a target sdk of 35. Also updated to the latest material components library, though I didn't go through all the xml to use the material elements or anything. There's a SDK 31+ PendingIntent requiring FLAG_IMMUTABLE error, some camera weirdness (though the emulator did show that sample camera input grid thing), and I think the background AlarmManager and background task stuff should be using WorkManager (?). IOW it would be a decent amount of work to get it back up to date, but it's probably possible, especially for someone familiar with the program already. The basic functionality and flow seems to be there in terms of navigating between all the menus-- didn't try flipping every setting or anything or even trying basic functionality. I know that the media player won't work cuz I ripped it out. I just confirmed the shell of it still builds. Was a lot easier than I'd thought it might be, for @lukeswitz or anyone who's thinking of reviving this. Cheers, |
@n8fr8 what funds are available for someone to work on this? What are guidelines to follow up on this and move away of signal? Someone to tag directly from guardian? |
Thanks @fat-tire! Cool to see it build. I’m working on a ground up build for both iOS and Android. A more streamlined build with a lot of granular features like ability to choose between Matrix/Signal/Veilid etc. Best of luck @tlaurion getting paid for FOSS work- by an organization who provides free tools. They’re very kind individuals and will respond better than I. But, if money is your only incentive I believe you’re missing the point of FOSS. |
Rude and without proper background check from you on my FOSS work, for which I apply for grant applications needed for the projects I depend on to thrive. Haven would be dependable if it was still maintained. I won't do this work since I lack expertise to do so, but still want this project to thrive for its user bases, some of which intersects with the ones I FOSS about. IE: https://www.anarsec.guide/posts/qubes/ QubesOS, Heads coreboot. Anybody not wanting to rely on bootguard would depend on this project for their physical security needs. That's my claim and only claim. Reason I poke @n8fr8 is because it was said that guidance/funding (not a lot left) was possible Follow white rabbit:
I opened this issue as a follow-up to tackle the work needing to be done for this project to continue to be maintained from FPF(Freedom of Press Foundation + Guardian) prior of this being worked as a fork under 3rdparty repo. Why this project was dropped is still unanswered AFAIK. It was promising, was used but went unmaintained. Why? Being a maintainer myself, those are legitimate questions needing answers if the goal is to have a thriving project or if we accept it to die again sooner then later. |
Not sure I understand your argument. You want it working, you want to be paid for it, but you have no understanding of how or why? Ok then! |
No. This is becoming personal for no understood reason. Please reread #465 (comment) |
Hi can you upload all those changes to some repo folk? I would like to try it. |
Sure. See here. I just took my massive free-for-all .diff and split it up. Unfortunately Android Studio automatically reformatted a bunch of files I didn't touch, including src and xml files, so I tried to keep these commits to the non-cosmetic changes that I did by-hand. If I missed something, hopefully it will be easy to figure out what to change to complete the build. "if in doubt, comment it out!" A few other things:
ft |
Restart in 2025? Let's do it!
…On Fri, Aug 16, 2024, 5:50 PM Fattire ***@***.***> wrote:
Hi can you upload all those changes to some repo folk? I would like to try
it.
Sure. See here
<master...fat-tire:haven:build-hodgepodge>.
I just took my massive free-for-all .diff and split it up. Unfortunately
Android Studio automatically reformatted a bunch of files I didn't touch,
including src and xml files, so I tried to keep these commits to the
non-cosmetic changes that I did by-hand. If I missed something, hopefully
it will be easy to figure out what to change to complete the build. *"if
in doubt, comment it out!"*
A few other things:
- I tried to split it into a few bite-sized commits that would
highlight groups of things that went together.
- I did a quick replacement from
com.stfalcon.frescoimageviewer.ImageViewer, to
com.stfalcon.imageviewer.StfalconImageViewer, but didn't do the actual
work-- just moved from the old repo to the new one and then commented it
out pretty much as I didn't need to fix it to finish the build.
- As mentioned BetterVideoPlayer is completely commented out.
- I dont' think the abiFilters for the ndk are actually needed because
they were used for the "easyrs" library that worked w/renderscript, which
itself is deprecated
<https://developer.android.com/guide/topics/renderscript/migrate> and
would need to be replaced/ignored now.
- The permission in AndroidStudio.xml for MonitorService is dubious
and now that I think about it there was a background service I turned off
because it was crashy. Hopefully that's in the code somewhere and I didn't
skip it, but if it's still there, look at logcat and turn off whatever's
crashing.
- I also didn't include some files that changed with the gradle update
like gradle-wrapper.jar, gradlew, gradlew.bat, etc. I think this will
update itself, or at least it did in my case, so I didn't see any point in
including them.
- I did this *really quick* on request so don't expect anything good,
proper, or complete here, and I'd hope that anyone doing an actual update
would re-do what is needed the "right way"(tm) rather than the way I did
it. (But you DID ask for this heheh)
ft
—
Reply to this email directly, view it on GitHub
<#465 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AILFOIMGFLXCSDKSJPR6M6TZRZ62JAVCNFSM6AAAAAA37GTZBWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOJUGQYTIOJSGI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
It needs a full rebuild. This is reliant on incredibly outdated third party libraries and frameworks. A user back in 2018 contacted me about why it doesn’t work consistently, as they had something awful happen and relied on Haven to capture it. Redundancy aside, they’d have been better off with simple & stealth usb charger camera. I was crushed, they got in trouble for an app that didn’t even work to protect them. My point, which some take as an insult, is that this needs stability to be an offering for physical security- otherwise it’s a false sense of it at best. Forget notifications choices for a minute and get core functionality done. When it’s working locally then add more features. There’s so many good libraries for media playback etc. now. Or doing it natively ourselves is very simple. Reworking what’s there is an option, but a bandaid fix at best. Sacrificing quality for time is not a shortcut I’ll take when it’s at the cost of freedom & safety. So I’m doing what I can with what I have. CEOs and their money can do as they do. While it would be a shame to see Haven go the way of a paid service like @tlaurion is pushing, it’s likely given the constraints on devs today. Privacy over profits. End rant. |
This is not what I'm promoting. I linked to past funding possibilities. And said there are other grant opportunities to assist this project to do things correctly. This needs a reboot. How about it's made correctly this time? Your points are valid. Why can't you consider mine just for what they are? I'm not suggesting this becomes a paid service, I'm stating that developers need to be paid to do things correctly and funding sources need to be existing for this to become a physical security platform as it was promoted to be and then failed its own promises. |
What about to tell protomail team to own the project ,,😁 |
Anyway, imo need to start just with renew the old build, based with only Tor Net, it was and is VERY workable for using!!! |
@fat-tire already attempted this effort in the past at #458 and did it again at #465 (comment) It's a good start and I do not intent to stop any effort here in moving this forward but this needs leadership change is what i'm saying and a clear plan to act upon, which leadership will state where the merging bar will be for this repo or a new repository and a new home for this project. Who needs to be talked into this? I do not know. Who knows? @n8fr8 said in 2022 under #456 (comment) and I repeat, once more:
The person willing to take leadership of rebooting Haven needs to talk to @n8fr8 first. |
I would also like to see this project rebooted. If money is a problem I can put you in touch with people that regularly sponsor privacy tools.
I think this might have been the day the current project died. No fault of the maintainer, everybody has significant life events that change its direction. QA is not an unsolvable issue with enough effort. @fat-tire @tlaurion I think we should start with definite yay or nay from you - "Would you be willing to work on a fork of this project?" |
@fireice-uk unfortunately my hands are full and also under-funded to maintain Heads open source firmware, as said previously, this is not my area of work, but would welcome any hints you have on funding of privacy tools, myself. You can contact me over matrix at @insurgo:matrix.org. I think @fat-tire could be a good candidate from what I saw here. |
Re-reading my comment I got a tone of "right, I'm taking over here" 😂 Sorry about that, this is not what I meant.
Know rich people.... Unfortunately at 501c3 donation level (we are talking budgets in 5, 6 or low 7 figures) it is more about who you know. Tell me more on matrix I might be able to pitch it to the right people.
Cool. I'm working 12 hour crunches this week (probably a contributing factor to my tone), but I will drop in on Saturday. |
catching up on the posts...I'd say one reason it got dropped would be liability...if it crashed or didnt catch something. so any people supporting it need to make sure they clear dont treat this as your be all end all security tool. and maybe if it gets going a list of devices that are LIKELY to run well needs to be done so underspec (ideally it runs on cheap, but what if someones throwing it on an 8 year old under spec device) devices arent tried. for alerts maybe just use something like https://github.com/caronc/apprise so the varied protocols are not needing to be maintained with this project, also for the communication layer, maybe dont focus on tor, make it just to IP, and the user can run tailscale/zerotier/wireguard/netbird/tor or whatever vpn layer they prefer. that simplifies this project to record audio, camera, motion and push to apprise for alerts. would still need sftp/s3 or some backend to store the recordings but that would be over the vpn. |
This is going in all directions.
For the rest I lost track, but to me those were prior design decisions. Haven could do better ones.
I think the messaging part went south. And the project died from having chosen signal for messaging notifications. Matrix, or any other federated, tor friendly and with nice Api could be chosen here. Motion/sound triggers a notification, that notification is sent through established secure communication with link to onion site to access recordings and logs. No? |
@n8fr8 what are the good choices Haven made? Which frameworks are still good and maintained?
I found those:
: How to use OpenCV
: How to use AudioRecord
: How to use SensorManager
: How to use NetCipher
The text was updated successfully, but these errors were encountered: