• 2 Posts
  • 12 Comments
Joined 10 days ago
cake
Cake day: June 26th, 2026

help-circle
  • I’ll reply to you since you first brought it up, but it’s a question to anyone here recommending Molly: what makes you cofident that Molly is secure (i.e. they’re not fucking up Signal’s cryptography by accident) and maintained by trustworthy people. Signal does get audits from time to time, Molly doesn’t.

    Mind you, I’m not trying to shit all over Molly; Unified Push looks great. I’m trying to approach this with due caution though.









  • Thank you! While that does allay most security concerns, it does beg the question how useful such a vulnerability tracker is if it doesn’t actually show any relevant vulnerabilies and you constantly have to second-guess what it says. Warning signs that aren’t actually warnings because it’s “just a false alarm” quickly teach personell to not take warnings seriously - unti, onel day, it’s not a false alarm…


  • Thanks for your detailed reply!

    To make that happen, the attacker must […] already have access to the server to upload and process the file, which means that security has already failed.

    Do I correctly assume that by axis you mean shell or even root level access? If not, any of my regular users (turned rogue…) could upload a poisoned raw file which nextcloud would process to, for instance, generate a thumbnail.