From 5eeb5022cb11428a5c4617c92b9f1f695ce7d7d8 Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Thu, 13 Jul 2023 12:30:00 -0700 Subject: [PATCH] Draft Fixups --- ...2023-07-14-cwtch-ui-reproducible-builds.md | 23 +++++++++++-------- build-staging/404.html | 4 ++-- build-staging/assets/js/0991cafe.43489a9e.js | 1 - build-staging/assets/js/0991cafe.a097f6b1.js | 1 + build-staging/assets/js/814f3328.0e4f9c9a.js | 1 - build-staging/assets/js/814f3328.2c1aa583.js | 1 + ...005ae.c6681c92.js => a6f005ae.14b0ebfe.js} | 2 +- build-staging/assets/js/a84d2af0.0ba3901c.js | 1 - build-staging/assets/js/a84d2af0.e901c84c.js | 1 + build-staging/assets/js/b2f554cd.173c6b6d.js | 1 + build-staging/assets/js/b2f554cd.813c313e.js | 1 - build-staging/assets/js/d548bd8c.29648df2.js | 1 + build-staging/assets/js/d548bd8c.a7ba3afd.js | 1 - ...n.11fb6ff1.js => runtime~main.cc052f09.js} | 2 +- build-staging/blog/archive/index.html | 6 ++--- build-staging/blog/atom.xml | 4 ++-- build-staging/blog/autobindings-ii/index.html | 6 ++--- build-staging/blog/autobindings/index.html | 6 ++--- .../index.html | 6 ++--- .../cwtch-android-reproducibility/index.html | 6 ++--- .../cwtch-bindings-reproducible/index.html | 6 ++--- .../cwtch-developer-documentation/index.html | 6 ++--- .../blog/cwtch-documentation/index.html | 6 ++--- .../blog/cwtch-nightly-1-11/index.html | 6 ++--- .../blog/cwtch-nightly-1-12/index.html | 6 ++--- .../blog/cwtch-nightly-v.11-74/index.html | 6 ++--- .../blog/cwtch-platform-support/index.html | 6 ++--- .../blog/cwtch-stable-api-design/index.html | 6 ++--- .../index.html | 6 ++--- .../cwtch-stable-roadmap-update/index.html | 6 ++--- build-staging/blog/cwtch-testing-i/index.html | 6 ++--- .../blog/cwtch-testing-ii/index.html | 6 ++--- .../index.html | 8 +++---- build-staging/blog/feed.json | 4 ++-- build-staging/blog/index.html | 6 ++--- build-staging/blog/page/2/index.html | 6 ++--- .../blog/path-to-cwtch-stable/index.html | 6 ++--- build-staging/blog/rss.xml | 4 ++-- build-staging/blog/tags/api/index.html | 6 ++--- .../blog/tags/autobindings/index.html | 6 ++--- build-staging/blog/tags/bindings/index.html | 6 ++--- .../blog/tags/cwtch-stable/index.html | 6 ++--- .../blog/tags/cwtch-stable/page/2/index.html | 6 ++--- build-staging/blog/tags/cwtch/index.html | 6 ++--- .../blog/tags/cwtch/page/2/index.html | 6 ++--- .../tags/developer-documentation/index.html | 6 ++--- .../blog/tags/documentation/index.html | 6 ++--- build-staging/blog/tags/index.html | 6 ++--- build-staging/blog/tags/libcwtch/index.html | 6 ++--- build-staging/blog/tags/nightly/index.html | 6 ++--- build-staging/blog/tags/planning/index.html | 6 ++--- build-staging/blog/tags/release/index.html | 6 ++--- build-staging/blog/tags/repliqate/index.html | 6 ++--- .../blog/tags/reproducible-builds/index.html | 6 ++--- .../blog/tags/security-handbook/index.html | 6 ++--- build-staging/blog/tags/support/index.html | 6 ++--- build-staging/blog/tags/testing/index.html | 6 ++--- build-staging/de/404.html | 4 ++-- .../de/assets/js/0991cafe.15b4ddd6.js | 1 - .../de/assets/js/0991cafe.3758bbb7.js | 1 + .../de/assets/js/291c70d7.1e94d9a9.js | 1 - .../de/assets/js/291c70d7.feb635ca.js | 1 + .../de/assets/js/814f3328.3bf27fe6.js | 1 - .../de/assets/js/814f3328.602b4477.js | 1 + ...005ae.a53b1d1a.js => a6f005ae.d29420e9.js} | 2 +- .../de/assets/js/a84d2af0.30e386c4.js | 1 - .../de/assets/js/a84d2af0.8e09d4bb.js | 1 + .../de/assets/js/d548bd8c.266c7b79.js | 1 + .../de/assets/js/d548bd8c.51f8d258.js | 1 - ...n.aa548e73.js => runtime~main.a8c29139.js} | 2 +- build-staging/de/blog/archive/index.html | 6 ++--- build-staging/de/blog/atom.xml | 4 ++-- .../de/blog/autobindings-ii/index.html | 6 ++--- build-staging/de/blog/autobindings/index.html | 6 ++--- .../index.html | 6 ++--- .../cwtch-android-reproducibility/index.html | 6 ++--- .../cwtch-bindings-reproducible/index.html | 6 ++--- .../cwtch-developer-documentation/index.html | 6 ++--- .../de/blog/cwtch-documentation/index.html | 6 ++--- .../de/blog/cwtch-nightly-1-11/index.html | 6 ++--- .../de/blog/cwtch-nightly-1-12/index.html | 6 ++--- .../de/blog/cwtch-nightly-v.11-74/index.html | 6 ++--- .../de/blog/cwtch-platform-support/index.html | 6 ++--- .../blog/cwtch-stable-api-design/index.html | 6 ++--- .../index.html | 6 ++--- .../cwtch-stable-roadmap-update/index.html | 6 ++--- .../de/blog/cwtch-testing-i/index.html | 6 ++--- .../de/blog/cwtch-testing-ii/index.html | 6 ++--- .../index.html | 8 +++---- build-staging/de/blog/feed.json | 4 ++-- build-staging/de/blog/index.html | 6 ++--- build-staging/de/blog/page/2/index.html | 6 ++--- .../de/blog/path-to-cwtch-stable/index.html | 6 ++--- build-staging/de/blog/rss.xml | 4 ++-- build-staging/de/blog/tags/api/index.html | 6 ++--- .../de/blog/tags/autobindings/index.html | 6 ++--- .../de/blog/tags/bindings/index.html | 6 ++--- .../de/blog/tags/cwtch-stable/index.html | 6 ++--- .../blog/tags/cwtch-stable/page/2/index.html | 6 ++--- build-staging/de/blog/tags/cwtch/index.html | 6 ++--- .../de/blog/tags/cwtch/page/2/index.html | 6 ++--- .../tags/developer-documentation/index.html | 6 ++--- .../de/blog/tags/documentation/index.html | 6 ++--- build-staging/de/blog/tags/index.html | 6 ++--- .../de/blog/tags/libcwtch/index.html | 6 ++--- build-staging/de/blog/tags/nightly/index.html | 6 ++--- .../de/blog/tags/planning/index.html | 6 ++--- build-staging/de/blog/tags/release/index.html | 6 ++--- .../de/blog/tags/repliqate/index.html | 6 ++--- .../blog/tags/reproducible-builds/index.html | 6 ++--- .../de/blog/tags/security-handbook/index.html | 6 ++--- build-staging/de/blog/tags/support/index.html | 6 ++--- build-staging/de/blog/tags/testing/index.html | 6 ++--- .../building-an-echobot/index.html | 4 ++-- .../core-concepts/index.html | 4 ++-- .../building-a-cwtch-app/intro/index.html | 4 ++-- .../category/building-a-cwtch-app/index.html | 4 ++-- build-staging/de/developing/intro/index.html | 4 ++-- .../de/developing/release/index.html | 4 ++-- .../de/docs/category/appearance/index.html | 4 ++-- .../de/docs/category/behaviour/index.html | 4 ++-- .../de/docs/category/contribute/index.html | 4 ++-- .../de/docs/category/conversations/index.html | 4 ++-- .../de/docs/category/experiments/index.html | 4 ++-- .../docs/category/getting-started/index.html | 4 ++-- .../de/docs/category/groups/index.html | 4 ++-- .../de/docs/category/platforms/index.html | 4 ++-- .../de/docs/category/profiles/index.html | 4 ++-- .../de/docs/category/servers/index.html | 4 ++-- .../de/docs/category/settings/index.html | 4 ++-- .../accept-deny-new-conversation/index.html | 4 ++-- .../de/docs/chat/add-contact/index.html | 4 ++-- .../de/docs/chat/block-contact/index.html | 4 ++-- .../chat/conversation-settings/index.html | 4 ++-- .../de/docs/chat/delete-contact/index.html | 4 ++-- .../de/docs/chat/introduction/index.html | 4 ++-- .../docs/chat/message-formatting/index.html | 4 ++-- .../de/docs/chat/reply-to-message/index.html | 4 ++-- .../chat/save-conversation-history/index.html | 4 ++-- .../share-address-with-friends/index.html | 4 ++-- .../de/docs/chat/share-file/index.html | 4 ++-- .../de/docs/chat/unblock-contact/index.html | 4 ++-- .../de/docs/contribute/developing/index.html | 4 ++-- .../docs/contribute/documentation/index.html | 4 ++-- .../de/docs/contribute/stickers/index.html | 4 ++-- .../de/docs/contribute/testing/index.html | 4 ++-- .../de/docs/contribute/translate/index.html | 4 ++-- .../supported_platforms/index.html | 4 ++-- .../groups/accept-group-invite/index.html | 4 ++-- .../de/docs/groups/create-group/index.html | 4 ++-- .../de/docs/groups/edit-group-name/index.html | 4 ++-- .../de/docs/groups/introduction/index.html | 4 ++-- .../de/docs/groups/leave-group/index.html | 4 ++-- .../groups/manage-known-servers/index.html | 4 ++-- .../de/docs/groups/send-invite/index.html | 4 ++-- build-staging/de/docs/intro/index.html | 4 ++-- .../de/docs/platforms/tails/index.html | 4 ++-- .../profiles/availability-status/index.html | 4 ++-- .../de/docs/profiles/change-name/index.html | 4 ++-- .../docs/profiles/change-password/index.html | 4 ++-- .../profiles/change-profile-image/index.html | 4 ++-- .../docs/profiles/create-a-profile/index.html | 4 ++-- .../docs/profiles/delete-profile/index.html | 4 ++-- .../profiles/exporting-profile/index.html | 4 ++-- .../profiles/importing-a-profile/index.html | 4 ++-- .../de/docs/profiles/introduction/index.html | 4 ++-- .../de/docs/profiles/profile-info/index.html | 4 ++-- .../docs/profiles/unlock-profile/index.html | 4 ++-- .../de/docs/servers/create-server/index.html | 4 ++-- .../de/docs/servers/delete-server/index.html | 4 ++-- .../de/docs/servers/edit-server/index.html | 4 ++-- .../de/docs/servers/introduction/index.html | 4 ++-- .../de/docs/servers/share-key/index.html | 4 ++-- .../de/docs/servers/unlock-server/index.html | 4 ++-- .../appearance/change-language/index.html | 4 ++-- .../appearance/light-dark-mode/index.html | 4 ++-- .../appearance/streamer-mode/index.html | 4 ++-- .../settings/appearance/ui-columns/index.html | 4 ++-- .../block-unknown-connections/index.html | 4 ++-- .../behaviour/notification-content/index.html | 4 ++-- .../behaviour/notification-policy/index.html | 4 ++-- .../experiments/clickable-links/index.html | 4 ++-- .../experiments/file-sharing/index.html | 4 ++-- .../experiments/group-experiment/index.html | 4 ++-- .../index.html | 4 ++-- .../experiments/message-formatting/index.html | 4 ++-- .../settings/experiments/qrcodes/index.html | 4 ++-- .../experiments/server-hosting/index.html | 4 ++-- .../de/docs/settings/introduction/index.html | 4 ++-- build-staging/de/docs/tor/index.html | 4 ++-- build-staging/de/index.html | 4 ++-- .../category/connectivity--tor/index.html | 4 ++-- .../category/cwtch-components/index.html | 4 ++-- .../de/security/category/cwtch-ui/index.html | 4 ++-- .../de/security/category/cwtch/index.html | 4 ++-- .../de/security/category/tapir/index.html | 4 ++-- .../components/connectivity/intro/index.html | 4 ++-- .../components/cwtch/groups/index.html | 4 ++-- .../components/cwtch/key_bundles/index.html | 4 ++-- .../cwtch/message_formats/index.html | 4 ++-- .../components/cwtch/server/index.html | 4 ++-- .../components/ecosystem-overview/index.html | 4 ++-- .../de/security/components/intro/index.html | 4 ++-- .../tapir/authentication_protocol/index.html | 4 ++-- .../components/tapir/packet_format/index.html | 4 ++-- .../security/components/ui/android/index.html | 4 ++-- .../components/ui/image_previews/index.html | 4 ++-- .../security/components/ui/input/index.html | 4 ++-- .../components/ui/overlays/index.html | 4 ++-- .../de/security/deployment/index.html | 4 ++-- .../de/security/development/index.html | 4 ++-- build-staging/de/security/intro/index.html | 4 ++-- .../de/security/references/index.html | 4 ++-- build-staging/de/security/risk/index.html | 4 ++-- .../building-an-echobot/index.html | 4 ++-- .../core-concepts/index.html | 4 ++-- .../building-a-cwtch-app/intro/index.html | 4 ++-- .../category/building-a-cwtch-app/index.html | 4 ++-- build-staging/developing/intro/index.html | 4 ++-- build-staging/developing/release/index.html | 4 ++-- .../docs/category/appearance/index.html | 4 ++-- .../docs/category/behaviour/index.html | 4 ++-- .../docs/category/contribute/index.html | 4 ++-- .../docs/category/conversations/index.html | 4 ++-- .../docs/category/experiments/index.html | 4 ++-- .../docs/category/getting-started/index.html | 4 ++-- build-staging/docs/category/groups/index.html | 4 ++-- .../docs/category/platforms/index.html | 4 ++-- .../docs/category/profiles/index.html | 4 ++-- .../docs/category/servers/index.html | 4 ++-- .../docs/category/settings/index.html | 4 ++-- .../accept-deny-new-conversation/index.html | 4 ++-- .../docs/chat/add-contact/index.html | 4 ++-- .../docs/chat/block-contact/index.html | 4 ++-- .../chat/conversation-settings/index.html | 4 ++-- .../docs/chat/delete-contact/index.html | 4 ++-- .../docs/chat/introduction/index.html | 4 ++-- .../docs/chat/message-formatting/index.html | 4 ++-- .../docs/chat/reply-to-message/index.html | 4 ++-- .../chat/save-conversation-history/index.html | 4 ++-- .../share-address-with-friends/index.html | 4 ++-- build-staging/docs/chat/share-file/index.html | 4 ++-- .../docs/chat/unblock-contact/index.html | 4 ++-- .../docs/contribute/developing/index.html | 4 ++-- .../docs/contribute/documentation/index.html | 4 ++-- .../docs/contribute/stickers/index.html | 4 ++-- .../docs/contribute/testing/index.html | 4 ++-- .../docs/contribute/translate/index.html | 4 ++-- .../supported_platforms/index.html | 4 ++-- .../groups/accept-group-invite/index.html | 4 ++-- .../docs/groups/create-group/index.html | 4 ++-- .../docs/groups/edit-group-name/index.html | 4 ++-- .../docs/groups/introduction/index.html | 4 ++-- .../docs/groups/leave-group/index.html | 4 ++-- .../groups/manage-known-servers/index.html | 4 ++-- .../docs/groups/send-invite/index.html | 4 ++-- build-staging/docs/intro/index.html | 4 ++-- build-staging/docs/platforms/tails/index.html | 4 ++-- .../profiles/availability-status/index.html | 4 ++-- .../docs/profiles/change-name/index.html | 4 ++-- .../docs/profiles/change-password/index.html | 4 ++-- .../profiles/change-profile-image/index.html | 4 ++-- .../docs/profiles/create-a-profile/index.html | 4 ++-- .../docs/profiles/delete-profile/index.html | 4 ++-- .../profiles/exporting-profile/index.html | 4 ++-- .../profiles/importing-a-profile/index.html | 4 ++-- .../docs/profiles/introduction/index.html | 4 ++-- .../docs/profiles/profile-info/index.html | 4 ++-- .../docs/profiles/unlock-profile/index.html | 4 ++-- .../docs/servers/create-server/index.html | 4 ++-- .../docs/servers/delete-server/index.html | 4 ++-- .../docs/servers/edit-server/index.html | 4 ++-- .../docs/servers/introduction/index.html | 4 ++-- .../docs/servers/share-key/index.html | 4 ++-- .../docs/servers/unlock-server/index.html | 4 ++-- .../appearance/change-language/index.html | 4 ++-- .../appearance/light-dark-mode/index.html | 4 ++-- .../appearance/streamer-mode/index.html | 4 ++-- .../settings/appearance/ui-columns/index.html | 4 ++-- .../block-unknown-connections/index.html | 4 ++-- .../behaviour/notification-content/index.html | 4 ++-- .../behaviour/notification-policy/index.html | 4 ++-- .../experiments/clickable-links/index.html | 4 ++-- .../experiments/file-sharing/index.html | 4 ++-- .../experiments/group-experiment/index.html | 4 ++-- .../index.html | 4 ++-- .../experiments/message-formatting/index.html | 4 ++-- .../settings/experiments/qrcodes/index.html | 4 ++-- .../experiments/server-hosting/index.html | 4 ++-- .../docs/settings/introduction/index.html | 4 ++-- build-staging/docs/tor/index.html | 4 ++-- build-staging/es/404.html | 8 +++---- .../es/assets/js/0991cafe.e01c2db3.js | 1 - .../es/assets/js/0991cafe.f14e1324.js | 1 + .../es/assets/js/814f3328.3e0cbbbe.js | 1 - .../es/assets/js/814f3328.50c95b15.js | 1 + .../es/assets/js/95c68178.a9d25d45.js | 1 - .../es/assets/js/95c68178.bcf8d14c.js | 1 + ...005ae.5fbb162c.js => a6f005ae.75f47ef9.js} | 2 +- .../es/assets/js/a84d2af0.01c0f65a.js | 1 + .../es/assets/js/a84d2af0.40e9846c.js | 1 - .../es/assets/js/d548bd8c.59ba6fe8.js | 1 + .../es/assets/js/d548bd8c.63711a54.js | 1 - .../js/{main.c49ce330.js => main.cd707e0e.js} | 4 ++-- ...CENSE.txt => main.cd707e0e.js.LICENSE.txt} | 0 ...n.c812ae38.js => runtime~main.9bb05eff.js} | 2 +- build-staging/es/blog/archive/index.html | 10 ++++---- build-staging/es/blog/atom.xml | 4 ++-- .../es/blog/autobindings-ii/index.html | 10 ++++---- build-staging/es/blog/autobindings/index.html | 10 ++++---- .../index.html | 10 ++++---- .../cwtch-android-reproducibility/index.html | 10 ++++---- .../cwtch-bindings-reproducible/index.html | 10 ++++---- .../cwtch-developer-documentation/index.html | 10 ++++---- .../es/blog/cwtch-documentation/index.html | 10 ++++---- .../es/blog/cwtch-nightly-1-11/index.html | 10 ++++---- .../es/blog/cwtch-nightly-1-12/index.html | 10 ++++---- .../es/blog/cwtch-nightly-v.11-74/index.html | 10 ++++---- .../es/blog/cwtch-platform-support/index.html | 10 ++++---- .../blog/cwtch-stable-api-design/index.html | 10 ++++---- .../index.html | 10 ++++---- .../cwtch-stable-roadmap-update/index.html | 10 ++++---- .../es/blog/cwtch-testing-i/index.html | 10 ++++---- .../es/blog/cwtch-testing-ii/index.html | 10 ++++---- .../index.html | 12 +++++----- build-staging/es/blog/feed.json | 4 ++-- build-staging/es/blog/index.html | 10 ++++---- build-staging/es/blog/page/2/index.html | 10 ++++---- .../es/blog/path-to-cwtch-stable/index.html | 10 ++++---- build-staging/es/blog/rss.xml | 4 ++-- build-staging/es/blog/tags/api/index.html | 10 ++++---- .../es/blog/tags/autobindings/index.html | 10 ++++---- .../es/blog/tags/bindings/index.html | 10 ++++---- .../es/blog/tags/cwtch-stable/index.html | 10 ++++---- .../blog/tags/cwtch-stable/page/2/index.html | 10 ++++---- build-staging/es/blog/tags/cwtch/index.html | 10 ++++---- .../es/blog/tags/cwtch/page/2/index.html | 10 ++++---- .../tags/developer-documentation/index.html | 10 ++++---- .../es/blog/tags/documentation/index.html | 10 ++++---- build-staging/es/blog/tags/index.html | 10 ++++---- .../es/blog/tags/libcwtch/index.html | 10 ++++---- build-staging/es/blog/tags/nightly/index.html | 10 ++++---- .../es/blog/tags/planning/index.html | 10 ++++---- build-staging/es/blog/tags/release/index.html | 10 ++++---- .../es/blog/tags/repliqate/index.html | 10 ++++---- .../blog/tags/reproducible-builds/index.html | 10 ++++---- .../es/blog/tags/security-handbook/index.html | 10 ++++---- build-staging/es/blog/tags/support/index.html | 10 ++++---- build-staging/es/blog/tags/testing/index.html | 10 ++++---- .../building-an-echobot/index.html | 8 +++---- .../core-concepts/index.html | 8 +++---- .../building-a-cwtch-app/intro/index.html | 8 +++---- .../category/building-a-cwtch-app/index.html | 8 +++---- build-staging/es/developing/intro/index.html | 8 +++---- .../es/developing/release/index.html | 8 +++---- .../es/docs/category/appearance/index.html | 8 +++---- .../es/docs/category/behaviour/index.html | 8 +++---- .../es/docs/category/contribute/index.html | 8 +++---- .../es/docs/category/conversations/index.html | 8 +++---- .../es/docs/category/experiments/index.html | 8 +++---- .../docs/category/getting-started/index.html | 8 +++---- .../es/docs/category/groups/index.html | 8 +++---- .../es/docs/category/platforms/index.html | 8 +++---- .../es/docs/category/profiles/index.html | 8 +++---- .../es/docs/category/servers/index.html | 8 +++---- .../es/docs/category/settings/index.html | 8 +++---- .../accept-deny-new-conversation/index.html | 8 +++---- .../es/docs/chat/add-contact/index.html | 8 +++---- .../es/docs/chat/block-contact/index.html | 8 +++---- .../chat/conversation-settings/index.html | 8 +++---- .../es/docs/chat/delete-contact/index.html | 8 +++---- .../es/docs/chat/introduction/index.html | 8 +++---- .../docs/chat/message-formatting/index.html | 8 +++---- .../es/docs/chat/reply-to-message/index.html | 8 +++---- .../chat/save-conversation-history/index.html | 8 +++---- .../share-address-with-friends/index.html | 8 +++---- .../es/docs/chat/share-file/index.html | 8 +++---- .../es/docs/chat/unblock-contact/index.html | 8 +++---- .../es/docs/contribute/developing/index.html | 8 +++---- .../docs/contribute/documentation/index.html | 8 +++---- .../es/docs/contribute/stickers/index.html | 8 +++---- .../es/docs/contribute/testing/index.html | 8 +++---- .../es/docs/contribute/translate/index.html | 8 +++---- .../supported_platforms/index.html | 8 +++---- .../groups/accept-group-invite/index.html | 8 +++---- .../es/docs/groups/create-group/index.html | 8 +++---- .../es/docs/groups/edit-group-name/index.html | 8 +++---- .../es/docs/groups/introduction/index.html | 8 +++---- .../es/docs/groups/leave-group/index.html | 8 +++---- .../groups/manage-known-servers/index.html | 8 +++---- .../es/docs/groups/send-invite/index.html | 8 +++---- build-staging/es/docs/intro/index.html | 8 +++---- .../es/docs/platforms/tails/index.html | 8 +++---- .../profiles/availability-status/index.html | 8 +++---- .../es/docs/profiles/change-name/index.html | 8 +++---- .../docs/profiles/change-password/index.html | 8 +++---- .../profiles/change-profile-image/index.html | 8 +++---- .../docs/profiles/create-a-profile/index.html | 8 +++---- .../docs/profiles/delete-profile/index.html | 8 +++---- .../profiles/exporting-profile/index.html | 8 +++---- .../profiles/importing-a-profile/index.html | 8 +++---- .../es/docs/profiles/introduction/index.html | 8 +++---- .../es/docs/profiles/profile-info/index.html | 8 +++---- .../docs/profiles/unlock-profile/index.html | 8 +++---- .../es/docs/servers/create-server/index.html | 8 +++---- .../es/docs/servers/delete-server/index.html | 8 +++---- .../es/docs/servers/edit-server/index.html | 8 +++---- .../es/docs/servers/introduction/index.html | 8 +++---- .../es/docs/servers/share-key/index.html | 8 +++---- .../es/docs/servers/unlock-server/index.html | 8 +++---- .../appearance/change-language/index.html | 8 +++---- .../appearance/light-dark-mode/index.html | 8 +++---- .../appearance/streamer-mode/index.html | 8 +++---- .../settings/appearance/ui-columns/index.html | 8 +++---- .../block-unknown-connections/index.html | 8 +++---- .../behaviour/notification-content/index.html | 8 +++---- .../behaviour/notification-policy/index.html | 8 +++---- .../experiments/clickable-links/index.html | 8 +++---- .../experiments/file-sharing/index.html | 8 +++---- .../experiments/group-experiment/index.html | 8 +++---- .../index.html | 8 +++---- .../experiments/message-formatting/index.html | 8 +++---- .../settings/experiments/qrcodes/index.html | 8 +++---- .../experiments/server-hosting/index.html | 8 +++---- .../es/docs/settings/introduction/index.html | 8 +++---- build-staging/es/docs/tor/index.html | 8 +++---- build-staging/es/index.html | 8 +++---- .../category/connectivity--tor/index.html | 8 +++---- .../category/cwtch-components/index.html | 8 +++---- .../es/security/category/cwtch-ui/index.html | 8 +++---- .../es/security/category/cwtch/index.html | 8 +++---- .../es/security/category/tapir/index.html | 8 +++---- .../components/connectivity/intro/index.html | 8 +++---- .../components/cwtch/groups/index.html | 8 +++---- .../components/cwtch/key_bundles/index.html | 8 +++---- .../cwtch/message_formats/index.html | 8 +++---- .../components/cwtch/server/index.html | 8 +++---- .../components/ecosystem-overview/index.html | 8 +++---- .../es/security/components/intro/index.html | 8 +++---- .../tapir/authentication_protocol/index.html | 8 +++---- .../components/tapir/packet_format/index.html | 8 +++---- .../security/components/ui/android/index.html | 8 +++---- .../components/ui/image_previews/index.html | 8 +++---- .../security/components/ui/input/index.html | 8 +++---- .../components/ui/overlays/index.html | 8 +++---- .../es/security/deployment/index.html | 8 +++---- .../es/security/development/index.html | 8 +++---- build-staging/es/security/intro/index.html | 8 +++---- .../es/security/references/index.html | 8 +++---- build-staging/es/security/risk/index.html | 8 +++---- build-staging/index.html | 4 ++-- build-staging/it/404.html | 4 ++-- .../it/assets/js/0991cafe.482a43f0.js | 1 - .../it/assets/js/0991cafe.a9057a72.js | 1 + .../it/assets/js/0a2b8ac2.13582857.js | 1 + .../it/assets/js/0a2b8ac2.3bbb0f78.js | 1 - .../it/assets/js/814f3328.2705309e.js | 1 + .../it/assets/js/814f3328.e77df9de.js | 1 - ...005ae.057a4e3a.js => a6f005ae.5384cc62.js} | 2 +- .../it/assets/js/a84d2af0.7f27d724.js | 1 + .../it/assets/js/a84d2af0.af8ccc6b.js | 1 - .../it/assets/js/d548bd8c.87b8b92d.js | 1 + .../it/assets/js/d548bd8c.f842d24b.js | 1 - ...n.511bb481.js => runtime~main.acad40c6.js} | 2 +- build-staging/it/blog/archive/index.html | 6 ++--- build-staging/it/blog/atom.xml | 4 ++-- .../it/blog/autobindings-ii/index.html | 6 ++--- build-staging/it/blog/autobindings/index.html | 6 ++--- .../index.html | 6 ++--- .../cwtch-android-reproducibility/index.html | 6 ++--- .../cwtch-bindings-reproducible/index.html | 6 ++--- .../cwtch-developer-documentation/index.html | 6 ++--- .../it/blog/cwtch-documentation/index.html | 6 ++--- .../it/blog/cwtch-nightly-1-11/index.html | 6 ++--- .../it/blog/cwtch-nightly-1-12/index.html | 6 ++--- .../it/blog/cwtch-nightly-v.11-74/index.html | 6 ++--- .../it/blog/cwtch-platform-support/index.html | 6 ++--- .../blog/cwtch-stable-api-design/index.html | 6 ++--- .../index.html | 6 ++--- .../cwtch-stable-roadmap-update/index.html | 6 ++--- .../it/blog/cwtch-testing-i/index.html | 6 ++--- .../it/blog/cwtch-testing-ii/index.html | 6 ++--- .../index.html | 8 +++---- build-staging/it/blog/feed.json | 4 ++-- build-staging/it/blog/index.html | 6 ++--- build-staging/it/blog/page/2/index.html | 6 ++--- .../it/blog/path-to-cwtch-stable/index.html | 6 ++--- build-staging/it/blog/rss.xml | 4 ++-- build-staging/it/blog/tags/api/index.html | 6 ++--- .../it/blog/tags/autobindings/index.html | 6 ++--- .../it/blog/tags/bindings/index.html | 6 ++--- .../it/blog/tags/cwtch-stable/index.html | 6 ++--- .../blog/tags/cwtch-stable/page/2/index.html | 6 ++--- build-staging/it/blog/tags/cwtch/index.html | 6 ++--- .../it/blog/tags/cwtch/page/2/index.html | 6 ++--- .../tags/developer-documentation/index.html | 6 ++--- .../it/blog/tags/documentation/index.html | 6 ++--- build-staging/it/blog/tags/index.html | 6 ++--- .../it/blog/tags/libcwtch/index.html | 6 ++--- build-staging/it/blog/tags/nightly/index.html | 6 ++--- .../it/blog/tags/planning/index.html | 6 ++--- build-staging/it/blog/tags/release/index.html | 6 ++--- .../it/blog/tags/repliqate/index.html | 6 ++--- .../blog/tags/reproducible-builds/index.html | 6 ++--- .../it/blog/tags/security-handbook/index.html | 6 ++--- build-staging/it/blog/tags/support/index.html | 6 ++--- build-staging/it/blog/tags/testing/index.html | 6 ++--- .../building-an-echobot/index.html | 4 ++-- .../core-concepts/index.html | 4 ++-- .../building-a-cwtch-app/intro/index.html | 4 ++-- .../category/building-a-cwtch-app/index.html | 4 ++-- build-staging/it/developing/intro/index.html | 4 ++-- .../it/developing/release/index.html | 4 ++-- .../it/docs/category/appearance/index.html | 4 ++-- .../it/docs/category/behaviour/index.html | 4 ++-- .../it/docs/category/contribute/index.html | 4 ++-- .../it/docs/category/conversations/index.html | 4 ++-- .../it/docs/category/experiments/index.html | 4 ++-- .../docs/category/getting-started/index.html | 4 ++-- .../it/docs/category/groups/index.html | 4 ++-- .../it/docs/category/platforms/index.html | 4 ++-- .../it/docs/category/profiles/index.html | 4 ++-- .../it/docs/category/servers/index.html | 4 ++-- .../it/docs/category/settings/index.html | 4 ++-- .../accept-deny-new-conversation/index.html | 4 ++-- .../it/docs/chat/add-contact/index.html | 4 ++-- .../it/docs/chat/block-contact/index.html | 4 ++-- .../chat/conversation-settings/index.html | 4 ++-- .../it/docs/chat/delete-contact/index.html | 4 ++-- .../it/docs/chat/introduction/index.html | 4 ++-- .../docs/chat/message-formatting/index.html | 4 ++-- .../it/docs/chat/reply-to-message/index.html | 4 ++-- .../chat/save-conversation-history/index.html | 4 ++-- .../share-address-with-friends/index.html | 4 ++-- .../it/docs/chat/share-file/index.html | 4 ++-- .../it/docs/chat/unblock-contact/index.html | 4 ++-- .../it/docs/contribute/developing/index.html | 4 ++-- .../docs/contribute/documentation/index.html | 4 ++-- .../it/docs/contribute/stickers/index.html | 4 ++-- .../it/docs/contribute/testing/index.html | 4 ++-- .../it/docs/contribute/translate/index.html | 4 ++-- .../supported_platforms/index.html | 4 ++-- .../groups/accept-group-invite/index.html | 4 ++-- .../it/docs/groups/create-group/index.html | 4 ++-- .../it/docs/groups/edit-group-name/index.html | 4 ++-- .../it/docs/groups/introduction/index.html | 4 ++-- .../it/docs/groups/leave-group/index.html | 4 ++-- .../groups/manage-known-servers/index.html | 4 ++-- .../it/docs/groups/send-invite/index.html | 4 ++-- build-staging/it/docs/intro/index.html | 4 ++-- .../it/docs/platforms/tails/index.html | 4 ++-- .../profiles/availability-status/index.html | 4 ++-- .../it/docs/profiles/change-name/index.html | 4 ++-- .../docs/profiles/change-password/index.html | 4 ++-- .../profiles/change-profile-image/index.html | 4 ++-- .../docs/profiles/create-a-profile/index.html | 4 ++-- .../docs/profiles/delete-profile/index.html | 4 ++-- .../profiles/exporting-profile/index.html | 4 ++-- .../profiles/importing-a-profile/index.html | 4 ++-- .../it/docs/profiles/introduction/index.html | 4 ++-- .../it/docs/profiles/profile-info/index.html | 4 ++-- .../docs/profiles/unlock-profile/index.html | 4 ++-- .../it/docs/servers/create-server/index.html | 4 ++-- .../it/docs/servers/delete-server/index.html | 4 ++-- .../it/docs/servers/edit-server/index.html | 4 ++-- .../it/docs/servers/introduction/index.html | 4 ++-- .../it/docs/servers/share-key/index.html | 4 ++-- .../it/docs/servers/unlock-server/index.html | 4 ++-- .../appearance/change-language/index.html | 4 ++-- .../appearance/light-dark-mode/index.html | 4 ++-- .../appearance/streamer-mode/index.html | 4 ++-- .../settings/appearance/ui-columns/index.html | 4 ++-- .../block-unknown-connections/index.html | 4 ++-- .../behaviour/notification-content/index.html | 4 ++-- .../behaviour/notification-policy/index.html | 4 ++-- .../experiments/clickable-links/index.html | 4 ++-- .../experiments/file-sharing/index.html | 4 ++-- .../experiments/group-experiment/index.html | 4 ++-- .../index.html | 4 ++-- .../experiments/message-formatting/index.html | 4 ++-- .../settings/experiments/qrcodes/index.html | 4 ++-- .../experiments/server-hosting/index.html | 4 ++-- .../it/docs/settings/introduction/index.html | 4 ++-- build-staging/it/docs/tor/index.html | 4 ++-- build-staging/it/index.html | 4 ++-- .../category/connectivity--tor/index.html | 4 ++-- .../category/cwtch-components/index.html | 4 ++-- .../it/security/category/cwtch-ui/index.html | 4 ++-- .../it/security/category/cwtch/index.html | 4 ++-- .../it/security/category/tapir/index.html | 4 ++-- .../components/connectivity/intro/index.html | 4 ++-- .../components/cwtch/groups/index.html | 4 ++-- .../components/cwtch/key_bundles/index.html | 4 ++-- .../cwtch/message_formats/index.html | 4 ++-- .../components/cwtch/server/index.html | 4 ++-- .../components/ecosystem-overview/index.html | 4 ++-- .../it/security/components/intro/index.html | 4 ++-- .../tapir/authentication_protocol/index.html | 4 ++-- .../components/tapir/packet_format/index.html | 4 ++-- .../security/components/ui/android/index.html | 4 ++-- .../components/ui/image_previews/index.html | 4 ++-- .../security/components/ui/input/index.html | 4 ++-- .../components/ui/overlays/index.html | 4 ++-- .../it/security/deployment/index.html | 4 ++-- .../it/security/development/index.html | 4 ++-- build-staging/it/security/intro/index.html | 4 ++-- .../it/security/references/index.html | 4 ++-- build-staging/it/security/risk/index.html | 4 ++-- .../category/connectivity--tor/index.html | 4 ++-- .../category/cwtch-components/index.html | 4 ++-- .../security/category/cwtch-ui/index.html | 4 ++-- .../security/category/cwtch/index.html | 4 ++-- .../security/category/tapir/index.html | 4 ++-- .../components/connectivity/intro/index.html | 4 ++-- .../components/cwtch/groups/index.html | 4 ++-- .../components/cwtch/key_bundles/index.html | 4 ++-- .../cwtch/message_formats/index.html | 4 ++-- .../components/cwtch/server/index.html | 4 ++-- .../components/ecosystem-overview/index.html | 4 ++-- .../security/components/intro/index.html | 4 ++-- .../tapir/authentication_protocol/index.html | 4 ++-- .../components/tapir/packet_format/index.html | 4 ++-- .../security/components/ui/android/index.html | 4 ++-- .../components/ui/image_previews/index.html | 4 ++-- .../security/components/ui/input/index.html | 4 ++-- .../components/ui/overlays/index.html | 4 ++-- build-staging/security/deployment/index.html | 4 ++-- build-staging/security/development/index.html | 4 ++-- build-staging/security/intro/index.html | 4 ++-- build-staging/security/references/index.html | 4 ++-- build-staging/security/risk/index.html | 4 ++-- 631 files changed, 1652 insertions(+), 1647 deletions(-) delete mode 100644 build-staging/assets/js/0991cafe.43489a9e.js create mode 100644 build-staging/assets/js/0991cafe.a097f6b1.js delete mode 100644 build-staging/assets/js/814f3328.0e4f9c9a.js create mode 100644 build-staging/assets/js/814f3328.2c1aa583.js rename build-staging/assets/js/{a6f005ae.c6681c92.js => a6f005ae.14b0ebfe.js} (77%) delete mode 100644 build-staging/assets/js/a84d2af0.0ba3901c.js create mode 100644 build-staging/assets/js/a84d2af0.e901c84c.js create mode 100644 build-staging/assets/js/b2f554cd.173c6b6d.js delete mode 100644 build-staging/assets/js/b2f554cd.813c313e.js create mode 100644 build-staging/assets/js/d548bd8c.29648df2.js delete mode 100644 build-staging/assets/js/d548bd8c.a7ba3afd.js rename build-staging/assets/js/{runtime~main.11fb6ff1.js => runtime~main.cc052f09.js} (95%) delete mode 100644 build-staging/de/assets/js/0991cafe.15b4ddd6.js create mode 100644 build-staging/de/assets/js/0991cafe.3758bbb7.js delete mode 100644 build-staging/de/assets/js/291c70d7.1e94d9a9.js create mode 100644 build-staging/de/assets/js/291c70d7.feb635ca.js delete mode 100644 build-staging/de/assets/js/814f3328.3bf27fe6.js create mode 100644 build-staging/de/assets/js/814f3328.602b4477.js rename build-staging/de/assets/js/{a6f005ae.a53b1d1a.js => a6f005ae.d29420e9.js} (77%) delete mode 100644 build-staging/de/assets/js/a84d2af0.30e386c4.js create mode 100644 build-staging/de/assets/js/a84d2af0.8e09d4bb.js create mode 100644 build-staging/de/assets/js/d548bd8c.266c7b79.js delete mode 100644 build-staging/de/assets/js/d548bd8c.51f8d258.js rename build-staging/de/assets/js/{runtime~main.aa548e73.js => runtime~main.a8c29139.js} (96%) delete mode 100644 build-staging/es/assets/js/0991cafe.e01c2db3.js create mode 100644 build-staging/es/assets/js/0991cafe.f14e1324.js delete mode 100644 build-staging/es/assets/js/814f3328.3e0cbbbe.js create mode 100644 build-staging/es/assets/js/814f3328.50c95b15.js delete mode 100644 build-staging/es/assets/js/95c68178.a9d25d45.js create mode 100644 build-staging/es/assets/js/95c68178.bcf8d14c.js rename build-staging/es/assets/js/{a6f005ae.5fbb162c.js => a6f005ae.75f47ef9.js} (78%) create mode 100644 build-staging/es/assets/js/a84d2af0.01c0f65a.js delete mode 100644 build-staging/es/assets/js/a84d2af0.40e9846c.js create mode 100644 build-staging/es/assets/js/d548bd8c.59ba6fe8.js delete mode 100644 build-staging/es/assets/js/d548bd8c.63711a54.js rename build-staging/es/assets/js/{main.c49ce330.js => main.cd707e0e.js} (99%) rename build-staging/es/assets/js/{main.c49ce330.js.LICENSE.txt => main.cd707e0e.js.LICENSE.txt} (100%) rename build-staging/es/assets/js/{runtime~main.c812ae38.js => runtime~main.9bb05eff.js} (96%) delete mode 100644 build-staging/it/assets/js/0991cafe.482a43f0.js create mode 100644 build-staging/it/assets/js/0991cafe.a9057a72.js create mode 100644 build-staging/it/assets/js/0a2b8ac2.13582857.js delete mode 100644 build-staging/it/assets/js/0a2b8ac2.3bbb0f78.js create mode 100644 build-staging/it/assets/js/814f3328.2705309e.js delete mode 100644 build-staging/it/assets/js/814f3328.e77df9de.js rename build-staging/it/assets/js/{a6f005ae.057a4e3a.js => a6f005ae.5384cc62.js} (77%) create mode 100644 build-staging/it/assets/js/a84d2af0.7f27d724.js delete mode 100644 build-staging/it/assets/js/a84d2af0.af8ccc6b.js create mode 100644 build-staging/it/assets/js/d548bd8c.87b8b92d.js delete mode 100644 build-staging/it/assets/js/d548bd8c.f842d24b.js rename build-staging/it/assets/js/{runtime~main.511bb481.js => runtime~main.acad40c6.js} (96%) diff --git a/blog/2023-07-14-cwtch-ui-reproducible-builds.md b/blog/2023-07-14-cwtch-ui-reproducible-builds.md index d845c6e1..ad7a0f56 100644 --- a/blog/2023-07-14-cwtch-ui-reproducible-builds.md +++ b/blog/2023-07-14-cwtch-ui-reproducible-builds.md @@ -1,5 +1,5 @@ --- -title: Cwtch UI Reproducible Builds (Linux) +title: Progress Towards Reproducible UI Builds description: "" slug: cwtch-ui-reproducible-builds-linux tags: [cwtch, cwtch-stable, reproducible-builds, bindings, repliqate] @@ -43,27 +43,34 @@ For reproducible linux builds we had to modify the generated `linux/CMakeLists.t * `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts * `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data. -We also define a new [link script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections. +We have also defined a new [linker script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections. ### Tar Archives -Finally, following the [guide at https://reproducible-builds.org/docs/archives/](https://reproducible-builds.org/docs/archives/) we defined standard metadata for the generated Tar archives to make them also reproducible. +Finally, following the [guide at reproducible-builds.org](https://reproducible-builds.org/docs/archives/) we have defined standard metadata for the generated Tar archives to make them also reproducible. ## Limitations and Next Steps -The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script +The above changes mean that official linux builds of the same commit will now result in identical artifacts. -However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others. +The next step is to roll these changes into [repliqate](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) as we have done with our bindings builds. + +However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others. In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate. ### Pinned Dependencies -While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. +Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). -However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from. +However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward. + +## Stay up to date! + +We expect to make additional progress on this in the coming weeks and months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development. + ## Help us go further! @@ -78,6 +85,4 @@ For more information about donating to Open Privacy and claiming a thank you gif ![A Photo of Cwtch Stickers](/img/stickers-new.jpg) -## Stay up to date! -This is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development. diff --git a/build-staging/404.html b/build-staging/404.html index 037671d9..3cba6537 100644 --- a/build-staging/404.html +++ b/build-staging/404.html @@ -12,13 +12,13 @@ - +
Skip to main content

Page Not Found

We could not find what you were looking for.

Please contact the owner of the site that linked you to the original URL and let them know their link is broken.

- + \ No newline at end of file diff --git a/build-staging/assets/js/0991cafe.43489a9e.js b/build-staging/assets/js/0991cafe.43489a9e.js deleted file mode 100644 index e032fa2b..00000000 --- a/build-staging/assets/js/0991cafe.43489a9e.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[5876],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var n=a(7294);function o(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function r(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function i(e){for(var t=1;t=0||(o[a]=e[a]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(o[a]=e[a])}return o}var s=n.createContext({}),c=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var a=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=c(a),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||r;return a?n.createElement(m,i(i({ref:t},p),{},{components:a})):n.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=a.length,i=new Array(r);i[0]=u;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[h]="string"==typeof e?e:o,i[1]=l;for(var c=2;c{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var n=a(7462),o=(a(7294),a(3905));const r={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"July 5, 2023",tags:[{label:"cwtch",permalink:"/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/blog/tags/cwtch-stable"},{label:"planning",permalink:"/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Cwtch UI Reproducible Builds (Linux)",permalink:"/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/blog/cwtch-nightly-1-12"}},s={authorsImageUrls:[void 0]},c=[{value:"Update on the Cwtch Stable Roadmap",id:"update-on-the-cwtch-stable-roadmap",level:2},{value:"Next Steps, Refinements, Additional Work",id:"next-steps-refinements-additional-work",level:2},{value:"Get Involved",id:"get-involved",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],p={toc:c},h="wrapper";function d(e){let{components:t,...r}=e;return(0,o.kt)(h,(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,o.kt)("strong",{parentName:"p"},"Beta")," to ",(0,o.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,o.kt)("p",null,"This post ",(0,o.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,o.kt)("p",null,(0,o.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})),(0,o.kt)("h2",{id:"update-on-the-cwtch-stable-roadmap"},"Update on the Cwtch Stable Roadmap"),(0,o.kt)("p",null,"Back in March we extended and updated several goals from ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/path-to-cwtch-stable"},"our January roadmap")," that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing."),(0,o.kt)("p",null,"(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A Cwtch Release Process Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/#official-releases"},"Release Process")),(0,o.kt)("li",{parentName:"ul"},"A Cwtch Packaging Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/"},"Packaging Documentation")),(0,o.kt)("li",{parentName:"ul"},"Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new ",(0,o.kt)("a",{parentName:"li",href:"/docs/contribute/documentation"},"documentation style guide"),", and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have also released developer-centric documentation including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A guide to building Cwtch-apps using official libraries \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/category/building-a-cwtch-app"},"Building a Cwtch App")),(0,o.kt)("li",{parentName:"ul"},"Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. "))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th June 2023")," the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"An implementation of ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129"},"Conversation Search")," \ud83d\udfe1 - currently in ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518"},"active development")),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27"},"Profile statuses")," and other associated information \u2705 - released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")),(0,o.kt)("li",{parentName:"ul"},"An update to the network handling code to allow for ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593"},"better Protocol Engine management")," \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12"),". We now believe these changes will be complete in Cwtch Beta 1.13."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st July 2023")," the Cwtch team will have completed several infrastructure upgrades including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/openprivacy/repliqate"},"Repliqate")," to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks."),(0,o.kt)("li",{parentName:"ul"},"Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below)."),(0,o.kt)("li",{parentName:"ul"},"New testing environments for F-droid, Whonix, Raspberry Pi and other ",(0,o.kt)("a",{parentName:"li",href:"/docs/getting-started/supported_platforms"},"partially supported systems")," \ud83d\udfe1 - we have already launched an environment for testing ",(0,o.kt)("a",{parentName:"li",href:"/docs/platforms/tails"},"Tails"),". Other platforms are underway."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st August 2023")," the Cwtch team will have a released Cwtch Stable Release Candidate:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable."),(0,o.kt)("li",{parentName:"ul"},"Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security."),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("strong",{parentName:"li"},"This does not mark an end to Cwtch development"),", or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.")))),(0,o.kt)("h2",{id:"next-steps-refinements-additional-work"},"Next Steps, Refinements, Additional Work"),(0,o.kt)("p",null,"As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. "),(0,o.kt)("p",null,"Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like."),(0,o.kt)("p",null,"However, ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")," featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing."),(0,o.kt)("p",null,"The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup."),(0,o.kt)("p",null,"We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards."),(0,o.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,o.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,o.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,o.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,o.kt)("h2",{id:"get-involved"},"Get Involved"),(0,o.kt)("p",null,"We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/developing"},"Developing Cwtch")," - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on."),(0,o.kt)("p",null,"We also also updated our guides on ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/translate"},"Translating Cwtch")," and ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/testing"},"Testing Cwtch"),"."),(0,o.kt)("p",null,"If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to ",(0,o.kt)("inlineCode",{parentName:"p"},"team@cwtch.im")," (or open an issue) with any questions. All types of contributions ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/stickers"},"are eligible for stickers"),"."),(0,o.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,o.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,o.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,o.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,o.kt)("p",null,"Donations of ",(0,o.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,o.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"A Photo of Cwtch Stickers",src:a(4515).Z,width:"1024",height:"768"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/assets/js/0991cafe.a097f6b1.js b/build-staging/assets/js/0991cafe.a097f6b1.js new file mode 100644 index 00000000..8ba09e83 --- /dev/null +++ b/build-staging/assets/js/0991cafe.a097f6b1.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[5876],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var n=a(7294);function o(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function r(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function i(e){for(var t=1;t=0||(o[a]=e[a]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(o[a]=e[a])}return o}var s=n.createContext({}),c=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var a=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=c(a),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||r;return a?n.createElement(m,i(i({ref:t},p),{},{components:a})):n.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=a.length,i=new Array(r);i[0]=u;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[h]="string"==typeof e?e:o,i[1]=l;for(var c=2;c{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var n=a(7462),o=(a(7294),a(3905));const r={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"July 5, 2023",tags:[{label:"cwtch",permalink:"/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/blog/tags/cwtch-stable"},{label:"planning",permalink:"/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Progress Towards Reproducible UI Builds",permalink:"/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/blog/cwtch-nightly-1-12"}},s={authorsImageUrls:[void 0]},c=[{value:"Update on the Cwtch Stable Roadmap",id:"update-on-the-cwtch-stable-roadmap",level:2},{value:"Next Steps, Refinements, Additional Work",id:"next-steps-refinements-additional-work",level:2},{value:"Get Involved",id:"get-involved",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],p={toc:c},h="wrapper";function d(e){let{components:t,...r}=e;return(0,o.kt)(h,(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,o.kt)("strong",{parentName:"p"},"Beta")," to ",(0,o.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,o.kt)("p",null,"This post ",(0,o.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,o.kt)("p",null,(0,o.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})),(0,o.kt)("h2",{id:"update-on-the-cwtch-stable-roadmap"},"Update on the Cwtch Stable Roadmap"),(0,o.kt)("p",null,"Back in March we extended and updated several goals from ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/path-to-cwtch-stable"},"our January roadmap")," that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing."),(0,o.kt)("p",null,"(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A Cwtch Release Process Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/#official-releases"},"Release Process")),(0,o.kt)("li",{parentName:"ul"},"A Cwtch Packaging Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/"},"Packaging Documentation")),(0,o.kt)("li",{parentName:"ul"},"Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new ",(0,o.kt)("a",{parentName:"li",href:"/docs/contribute/documentation"},"documentation style guide"),", and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have also released developer-centric documentation including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A guide to building Cwtch-apps using official libraries \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/category/building-a-cwtch-app"},"Building a Cwtch App")),(0,o.kt)("li",{parentName:"ul"},"Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. "))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th June 2023")," the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"An implementation of ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129"},"Conversation Search")," \ud83d\udfe1 - currently in ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518"},"active development")),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27"},"Profile statuses")," and other associated information \u2705 - released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")),(0,o.kt)("li",{parentName:"ul"},"An update to the network handling code to allow for ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593"},"better Protocol Engine management")," \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12"),". We now believe these changes will be complete in Cwtch Beta 1.13."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st July 2023")," the Cwtch team will have completed several infrastructure upgrades including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/openprivacy/repliqate"},"Repliqate")," to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks."),(0,o.kt)("li",{parentName:"ul"},"Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below)."),(0,o.kt)("li",{parentName:"ul"},"New testing environments for F-droid, Whonix, Raspberry Pi and other ",(0,o.kt)("a",{parentName:"li",href:"/docs/getting-started/supported_platforms"},"partially supported systems")," \ud83d\udfe1 - we have already launched an environment for testing ",(0,o.kt)("a",{parentName:"li",href:"/docs/platforms/tails"},"Tails"),". Other platforms are underway."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st August 2023")," the Cwtch team will have a released Cwtch Stable Release Candidate:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable."),(0,o.kt)("li",{parentName:"ul"},"Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security."),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("strong",{parentName:"li"},"This does not mark an end to Cwtch development"),", or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.")))),(0,o.kt)("h2",{id:"next-steps-refinements-additional-work"},"Next Steps, Refinements, Additional Work"),(0,o.kt)("p",null,"As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. "),(0,o.kt)("p",null,"Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like."),(0,o.kt)("p",null,"However, ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")," featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing."),(0,o.kt)("p",null,"The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup."),(0,o.kt)("p",null,"We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards."),(0,o.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,o.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,o.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,o.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,o.kt)("h2",{id:"get-involved"},"Get Involved"),(0,o.kt)("p",null,"We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/developing"},"Developing Cwtch")," - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on."),(0,o.kt)("p",null,"We also also updated our guides on ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/translate"},"Translating Cwtch")," and ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/testing"},"Testing Cwtch"),"."),(0,o.kt)("p",null,"If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to ",(0,o.kt)("inlineCode",{parentName:"p"},"team@cwtch.im")," (or open an issue) with any questions. All types of contributions ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/stickers"},"are eligible for stickers"),"."),(0,o.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,o.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,o.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,o.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,o.kt)("p",null,"Donations of ",(0,o.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,o.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"A Photo of Cwtch Stickers",src:a(4515).Z,width:"1024",height:"768"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/assets/js/814f3328.0e4f9c9a.js b/build-staging/assets/js/814f3328.0e4f9c9a.js deleted file mode 100644 index e043b4cb..00000000 --- a/build-staging/assets/js/814f3328.0e4f9c9a.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2535],{5641:t=>{t.exports=JSON.parse('{"title":"Recent Logs","items":[{"title":"Cwtch UI Reproducible Builds (Linux)","permalink":"/blog/cwtch-ui-reproducible-builds-linux"},{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update-june"},{"title":"Cwtch Beta 1.12","permalink":"/blog/cwtch-nightly-1-12"},{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/blog/cwtch-nightly-v.11-74"},{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/blog/cwtch-developer-documentation"},{"title":"Availability Status and Profile Attributes","permalink":"/blog/availability-status-profile-attributes"},{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update"},{"title":"Cwtch Beta 1.11","permalink":"/blog/cwtch-nightly-1-11"},{"title":"Updates to Cwtch Documentation","permalink":"/blog/cwtch-documentation"},{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/blog/autobindings-ii"},{"title":"Autogenerating Cwtch Bindings","permalink":"/blog/autobindings"},{"title":"Notes on Cwtch UI Testing (II)","permalink":"/blog/cwtch-testing-ii"},{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/blog/cwtch-android-reproducibility"},{"title":"Notes on Cwtch UI Testing","permalink":"/blog/cwtch-testing-i"},{"title":"Cwtch UI Platform Support","permalink":"/blog/cwtch-platform-support"},{"title":"Making Cwtch Bindings Reproducible","permalink":"/blog/cwtch-bindings-reproducible"},{"title":"Cwtch Stable API Design","permalink":"/blog/cwtch-stable-api-design"},{"title":"Path to Cwtch Stable","permalink":"/blog/path-to-cwtch-stable"}]}')}}]); \ No newline at end of file diff --git a/build-staging/assets/js/814f3328.2c1aa583.js b/build-staging/assets/js/814f3328.2c1aa583.js new file mode 100644 index 00000000..2fc6030c --- /dev/null +++ b/build-staging/assets/js/814f3328.2c1aa583.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2535],{5641:t=>{t.exports=JSON.parse('{"title":"Recent Logs","items":[{"title":"Progress Towards Reproducible UI Builds","permalink":"/blog/cwtch-ui-reproducible-builds-linux"},{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update-june"},{"title":"Cwtch Beta 1.12","permalink":"/blog/cwtch-nightly-1-12"},{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/blog/cwtch-nightly-v.11-74"},{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/blog/cwtch-developer-documentation"},{"title":"Availability Status and Profile Attributes","permalink":"/blog/availability-status-profile-attributes"},{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update"},{"title":"Cwtch Beta 1.11","permalink":"/blog/cwtch-nightly-1-11"},{"title":"Updates to Cwtch Documentation","permalink":"/blog/cwtch-documentation"},{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/blog/autobindings-ii"},{"title":"Autogenerating Cwtch Bindings","permalink":"/blog/autobindings"},{"title":"Notes on Cwtch UI Testing (II)","permalink":"/blog/cwtch-testing-ii"},{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/blog/cwtch-android-reproducibility"},{"title":"Notes on Cwtch UI Testing","permalink":"/blog/cwtch-testing-i"},{"title":"Cwtch UI Platform Support","permalink":"/blog/cwtch-platform-support"},{"title":"Making Cwtch Bindings Reproducible","permalink":"/blog/cwtch-bindings-reproducible"},{"title":"Cwtch Stable API Design","permalink":"/blog/cwtch-stable-api-design"},{"title":"Path to Cwtch Stable","permalink":"/blog/path-to-cwtch-stable"}]}')}}]); \ No newline at end of file diff --git a/build-staging/assets/js/a6f005ae.c6681c92.js b/build-staging/assets/js/a6f005ae.14b0ebfe.js similarity index 77% rename from build-staging/assets/js/a6f005ae.c6681c92.js rename to build-staging/assets/js/a6f005ae.14b0ebfe.js index 8b5ad200..8db51fc5 100644 --- a/build-staging/assets/js/a6f005ae.c6681c92.js +++ b/build-staging/assets/js/a6f005ae.14b0ebfe.js @@ -1 +1 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3412],{3905:(e,t,a)=>{a.d(t,{Zo:()=>s,kt:()=>m});var r=a(7294);function n(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function o(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,r)}return a}function i(e){for(var t=1;t=0||(n[a]=e[a]);return n}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(n[a]=e[a])}return n}var c=r.createContext({}),p=function(e){var t=r.useContext(c),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},s=function(e){var t=p(e.components);return r.createElement(c.Provider,{value:t},e.children)},h="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var a=e.components,n=e.mdxType,o=e.originalType,c=e.parentName,s=l(e,["components","mdxType","originalType","parentName"]),h=p(a),d=n,m=h["".concat(c,".").concat(d)]||h[d]||u[d]||o;return a?r.createElement(m,i(i({ref:t},s),{},{components:a})):r.createElement(m,i({ref:t},s))}));function m(e,t){var a=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var o=a.length,i=new Array(o);i[0]=d;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l[h]="string"==typeof e?e:n,i[1]=l;for(var p=2;p{a.r(t),a.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>u,frontMatter:()=>o,metadata:()=>l,toc:()=>p});var r=a(7462),n=(a(7294),a(3905));const o={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"July 5, 2023",tags:[{label:"cwtch",permalink:"/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/blog/tags/cwtch-stable"},{label:"planning",permalink:"/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Cwtch UI Reproducible Builds (Linux)",permalink:"/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/blog/cwtch-nightly-1-12"}},c={authorsImageUrls:[void 0]},p=[],s={toc:p},h="wrapper";function u(e){let{components:t,...o}=e;return(0,n.kt)(h,(0,r.Z)({},s,o,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,n.kt)("strong",{parentName:"p"},"Beta")," to ",(0,n.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,n.kt)("p",null,"This post ",(0,n.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})))}u.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>r});const r=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3412],{3905:(e,t,a)=>{a.d(t,{Zo:()=>s,kt:()=>m});var r=a(7294);function n(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function o(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,r)}return a}function i(e){for(var t=1;t=0||(n[a]=e[a]);return n}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(n[a]=e[a])}return n}var c=r.createContext({}),p=function(e){var t=r.useContext(c),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},s=function(e){var t=p(e.components);return r.createElement(c.Provider,{value:t},e.children)},h="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var a=e.components,n=e.mdxType,o=e.originalType,c=e.parentName,s=l(e,["components","mdxType","originalType","parentName"]),h=p(a),d=n,m=h["".concat(c,".").concat(d)]||h[d]||u[d]||o;return a?r.createElement(m,i(i({ref:t},s),{},{components:a})):r.createElement(m,i({ref:t},s))}));function m(e,t){var a=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var o=a.length,i=new Array(o);i[0]=d;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l[h]="string"==typeof e?e:n,i[1]=l;for(var p=2;p{a.r(t),a.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>u,frontMatter:()=>o,metadata:()=>l,toc:()=>p});var r=a(7462),n=(a(7294),a(3905));const o={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"July 5, 2023",tags:[{label:"cwtch",permalink:"/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/blog/tags/cwtch-stable"},{label:"planning",permalink:"/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Progress Towards Reproducible UI Builds",permalink:"/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/blog/cwtch-nightly-1-12"}},c={authorsImageUrls:[void 0]},p=[],s={toc:p},h="wrapper";function u(e){let{components:t,...o}=e;return(0,n.kt)(h,(0,r.Z)({},s,o,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,n.kt)("strong",{parentName:"p"},"Beta")," to ",(0,n.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,n.kt)("p",null,"This post ",(0,n.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})))}u.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>r});const r=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/assets/js/a84d2af0.0ba3901c.js b/build-staging/assets/js/a84d2af0.0ba3901c.js deleted file mode 100644 index 91069f6d..00000000 --- a/build-staging/assets/js/a84d2af0.0ba3901c.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[890],{3905:(e,t,i)=>{i.d(t,{Zo:()=>d,kt:()=>m});var a=i(7294);function n(e,t,i){return t in e?Object.defineProperty(e,t,{value:i,enumerable:!0,configurable:!0,writable:!0}):e[t]=i,e}function r(e,t){var i=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),i.push.apply(i,a)}return i}function o(e){for(var t=1;t=0||(n[i]=e[i]);return n}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,i)&&(n[i]=e[i])}return n}var s=a.createContext({}),c=function(e){var t=a.useContext(s),i=t;return e&&(i="function"==typeof e?e(t):o(o({},t),e)),i},d=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var i=e.components,n=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),p=c(i),h=n,m=p["".concat(s,".").concat(h)]||p[h]||u[h]||r;return i?a.createElement(m,o(o({ref:t},d),{},{components:i})):a.createElement(m,o({ref:t},d))}));function m(e,t){var i=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var r=i.length,o=new Array(r);o[0]=h;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[p]="string"==typeof e?e:n,o[1]=l;for(var c=2;c{i.r(t),i.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var a=i(7462),n=(i(7294),i(3905));const r={title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},o=void 0,l={permalink:"/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Cwtch UI Reproducible Builds (Linux)",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"July 14, 2023",tags:[{label:"cwtch",permalink:"/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/blog/tags/bindings"},{label:"repliqate",permalink:"/blog/tags/repliqate"}],readingTime:4.06,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/blog/cwtch-stable-roadmap-update-june"}},s={authorsImageUrls:[void 0]},c=[{value:"Building the Cwtch UI",id:"building-the-cwtch-ui",level:2},{value:"Changes we made for reproducible builds",id:"changes-we-made-for-reproducible-builds",level:2},{value:"Tar Archives",id:"tar-archives",level:3},{value:"Limitations and Next Steps",id:"limitations-and-next-steps",level:2},{value:"Pinned Dependencies",id:"pinned-dependencies",level:3},{value:"Help us go further!",id:"help-us-go-further",level:2},{value:"Stay up to date!",id:"stay-up-to-date",level:2}],d={toc:c},p="wrapper";function u(e){let{components:t,...r}=e;return(0,n.kt)(p,(0,a.Z)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,n.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,n.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,n.kt)("p",null,(0,n.kt)("img",{src:i(9469).Z,width:"1005",height:"480"})),(0,n.kt)("h2",{id:"building-the-cwtch-ui"},"Building the Cwtch UI"),(0,n.kt)("p",null,"The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the ",(0,n.kt)("inlineCode",{parentName:"p"},"stable")," channel."),(0,n.kt)("p",null,"All builds are conducted through the ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter")," tool e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter build"),". We inject two build flags as part of the official build ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE"),":"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"}," flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\n")),(0,n.kt)("p",null,"These flags are defined to be identical to Cwtch Bindings. ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," is the latest git tag: ",(0,n.kt)("inlineCode",{parentName:"p"},"git describe --tags --abbrev=1")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE")," is the date of the latest commit on the branch ",(0,n.kt)("inlineCode",{parentName:"p"},"echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE")),(0,n.kt)("p",null,"All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in ",(0,n.kt)("inlineCode",{parentName:"p"},"LIBCWTCH-GO.version"),", and fetched via the fetch-libcwtch scripts)."),(0,n.kt)("p",null,"The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process."),(0,n.kt)("h2",{id:"changes-we-made-for-reproducible-builds"},"Changes we made for reproducible builds"),(0,n.kt)("p",null,"For reproducible linux builds we had to modify the generated ",(0,n.kt)("inlineCode",{parentName:"p"},"linux/CMakeLists.txt")," file to include the following compiler and linker flags:"),(0,n.kt)("ul",null,(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"-fno-ident")," - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries."),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--hash-style=gnu")," - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts"),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--build-id=none")," - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.")),(0,n.kt)("p",null,"We also define a new ",(0,n.kt)("a",{parentName:"p",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x"},"link script")," that differs from the default by removing all ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," sections from object files. We do this because the linking process links in non-project artifacts like ",(0,n.kt)("inlineCode",{parentName:"p"},"crtbeginS.o")," which, in most systems, us compiled with a ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," section (the default linking script already removes the ",(0,n.kt)("inlineCode",{parentName:"p"},".note.gnu*")," sections."),(0,n.kt)("h3",{id:"tar-archives"},"Tar Archives"),(0,n.kt)("p",null,"Finally, following the ",(0,n.kt)("a",{parentName:"p",href:"https://reproducible-builds.org/docs/archives/"},"guide at https://reproducible-builds.org/docs/archives/")," we defined standard metadata for the generated Tar archives to make them also reproducible."),(0,n.kt)("h2",{id:"limitations-and-next-steps"},"Limitations and Next Steps"),(0,n.kt)("p",null,"The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script"),(0,n.kt)("p",null,"However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"crti.o")," with full branch protection enabled. On 64-bit systems this results in an ",(0,n.kt)("inlineCode",{parentName:"p"},"endcr64")," instruction being inserted at the start of the ",(0,n.kt)("inlineCode",{parentName:"p"},".init")," and ",(0,n.kt)("inlineCode",{parentName:"p"},".fini")," sections, among others."),(0,n.kt)("p",null,"In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate."),(0,n.kt)("h3",{id:"pinned-dependencies"},"Pinned Dependencies"),(0,n.kt)("p",null,"While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. "),(0,n.kt)("p",null,"The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). "),(0,n.kt)("p",null,"However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from."),(0,n.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,n.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,n.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,n.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,n.kt)("p",null,"Donations of ",(0,n.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,n.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"A Photo of Cwtch Stickers",src:i(4515).Z,width:"1024",height:"768"})),(0,n.kt)("h2",{id:"stay-up-to-date"},"Stay up to date!"),(0,n.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,n.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,n.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,n.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."))}u.isMDXComponent=!0},9469:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/assets/js/a84d2af0.e901c84c.js b/build-staging/assets/js/a84d2af0.e901c84c.js new file mode 100644 index 00000000..f208bf44 --- /dev/null +++ b/build-staging/assets/js/a84d2af0.e901c84c.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[890],{3905:(e,t,i)=>{i.d(t,{Zo:()=>d,kt:()=>m});var a=i(7294);function n(e,t,i){return t in e?Object.defineProperty(e,t,{value:i,enumerable:!0,configurable:!0,writable:!0}):e[t]=i,e}function r(e,t){var i=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),i.push.apply(i,a)}return i}function o(e){for(var t=1;t=0||(n[i]=e[i]);return n}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,i)&&(n[i]=e[i])}return n}var s=a.createContext({}),c=function(e){var t=a.useContext(s),i=t;return e&&(i="function"==typeof e?e(t):o(o({},t),e)),i},d=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var i=e.components,n=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),p=c(i),h=n,m=p["".concat(s,".").concat(h)]||p[h]||u[h]||r;return i?a.createElement(m,o(o({ref:t},d),{},{components:i})):a.createElement(m,o({ref:t},d))}));function m(e,t){var i=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var r=i.length,o=new Array(r);o[0]=h;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[p]="string"==typeof e?e:n,o[1]=l;for(var c=2;c{i.r(t),i.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var a=i(7462),n=(i(7294),i(3905));const r={title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},o=void 0,l={permalink:"/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Progress Towards Reproducible UI Builds",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"July 14, 2023",tags:[{label:"cwtch",permalink:"/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/blog/tags/bindings"},{label:"repliqate",permalink:"/blog/tags/repliqate"}],readingTime:4.16,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/blog/cwtch-stable-roadmap-update-june"}},s={authorsImageUrls:[void 0]},c=[{value:"Building the Cwtch UI",id:"building-the-cwtch-ui",level:2},{value:"Changes we made for reproducible builds",id:"changes-we-made-for-reproducible-builds",level:2},{value:"Tar Archives",id:"tar-archives",level:3},{value:"Limitations and Next Steps",id:"limitations-and-next-steps",level:2},{value:"Pinned Dependencies",id:"pinned-dependencies",level:3},{value:"Stay up to date!",id:"stay-up-to-date",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],d={toc:c},p="wrapper";function u(e){let{components:t,...r}=e;return(0,n.kt)(p,(0,a.Z)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,n.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,n.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,n.kt)("p",null,(0,n.kt)("img",{src:i(9469).Z,width:"1005",height:"480"})),(0,n.kt)("h2",{id:"building-the-cwtch-ui"},"Building the Cwtch UI"),(0,n.kt)("p",null,"The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the ",(0,n.kt)("inlineCode",{parentName:"p"},"stable")," channel."),(0,n.kt)("p",null,"All builds are conducted through the ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter")," tool e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter build"),". We inject two build flags as part of the official build ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE"),":"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"}," flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\n")),(0,n.kt)("p",null,"These flags are defined to be identical to Cwtch Bindings. ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," is the latest git tag: ",(0,n.kt)("inlineCode",{parentName:"p"},"git describe --tags --abbrev=1")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE")," is the date of the latest commit on the branch ",(0,n.kt)("inlineCode",{parentName:"p"},"echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE")),(0,n.kt)("p",null,"All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in ",(0,n.kt)("inlineCode",{parentName:"p"},"LIBCWTCH-GO.version"),", and fetched via the fetch-libcwtch scripts)."),(0,n.kt)("p",null,"The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process."),(0,n.kt)("h2",{id:"changes-we-made-for-reproducible-builds"},"Changes we made for reproducible builds"),(0,n.kt)("p",null,"For reproducible linux builds we had to modify the generated ",(0,n.kt)("inlineCode",{parentName:"p"},"linux/CMakeLists.txt")," file to include the following compiler and linker flags:"),(0,n.kt)("ul",null,(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"-fno-ident")," - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries."),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--hash-style=gnu")," - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts"),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--build-id=none")," - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.")),(0,n.kt)("p",null,"We have also defined a new ",(0,n.kt)("a",{parentName:"p",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x"},"linker script")," that differs from the default by removing all ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," sections from object files. We do this because the linking process links in non-project artifacts like ",(0,n.kt)("inlineCode",{parentName:"p"},"crtbeginS.o")," which, in most systems, us compiled with a ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," section (the default linking script already removes the ",(0,n.kt)("inlineCode",{parentName:"p"},".note.gnu*")," sections."),(0,n.kt)("h3",{id:"tar-archives"},"Tar Archives"),(0,n.kt)("p",null,"Finally, following the ",(0,n.kt)("a",{parentName:"p",href:"https://reproducible-builds.org/docs/archives/"},"guide at reproducible-builds.org")," we have defined standard metadata for the generated Tar archives to make them also reproducible."),(0,n.kt)("h2",{id:"limitations-and-next-steps"},"Limitations and Next Steps"),(0,n.kt)("p",null,"The above changes mean that official linux builds of the same commit will now result in identical artifacts."),(0,n.kt)("p",null,"The next step is to roll these changes into ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate"},"repliqate")," as we have done with our bindings builds."),(0,n.kt)("p",null,"However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"crti.o")," with full branch protection enabled. On 64-bit systems this results in an ",(0,n.kt)("inlineCode",{parentName:"p"},"endcr64")," instruction being inserted at the start of the ",(0,n.kt)("inlineCode",{parentName:"p"},".init")," and ",(0,n.kt)("inlineCode",{parentName:"p"},".fini")," sections, among others."),(0,n.kt)("p",null,"In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate."),(0,n.kt)("h3",{id:"pinned-dependencies"},"Pinned Dependencies"),(0,n.kt)("p",null,"Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. "),(0,n.kt)("p",null,"The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). "),(0,n.kt)("p",null,"However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward."),(0,n.kt)("h2",{id:"stay-up-to-date"},"Stay up to date!"),(0,n.kt)("p",null,"We expect to make additional progress on this in the coming weeks and months. Subscribe to our ",(0,n.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,n.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,n.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,n.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,n.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,n.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,n.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,n.kt)("p",null,"Donations of ",(0,n.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,n.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"A Photo of Cwtch Stickers",src:i(4515).Z,width:"1024",height:"768"})))}u.isMDXComponent=!0},9469:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/assets/js/b2f554cd.173c6b6d.js b/build-staging/assets/js/b2f554cd.173c6b6d.js new file mode 100644 index 00000000..9987b05e --- /dev/null +++ b/build-staging/assets/js/b2f554cd.173c6b6d.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[1477],{10:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"cwtch-ui-reproducible-builds-linux","metadata":{"permalink":"/blog/cwtch-ui-reproducible-builds-linux","source":"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md","title":"Progress Towards Reproducible UI Builds","description":"","date":"2023-07-14T00:00:00.000Z","formattedDate":"July 14, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"repliqate","permalink":"/blog/tags/repliqate"}],"readingTime":4.16,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Progress Towards Reproducible UI Builds","description":"","slug":"cwtch-ui-reproducible-builds-linux","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update-june"}},"content":"Earlier this year we talked about the changes we have made to make [Cwtch Bindings Reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible).\\n\\nIn this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. \\n\\nThis will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Building the Cwtch UI\\n\\nThe official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the `stable` channel.\\n\\nAll builds are conducted through the `flutter` tool e.g. `flutter build`. We inject two build flags as part of the official build `VERSION` and `COMMIT_DATE`:\\n\\n\\t\\tflutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\\n\\nThese flags are defined to be identical to Cwtch Bindings. `VERSION` is the latest git tag: `git describe --tags --abbrev=1` and `COMMIT_DATE` is the date of the latest commit on the branch ``echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE``\\n\\nAll Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in `LIBCWTCH-GO.version`, and fetched via the fetch-libcwtch scripts).\\n\\nThe binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.\\n\\n## Changes we made for reproducible builds\\n\\nFor reproducible linux builds we had to modify the generated `linux/CMakeLists.txt` file to include the following compiler and linker flags:\\n\\n* `-fno-ident` - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.\\n* `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts\\n* `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.\\n\\nWe have also defined a new [linker script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections.\\n\\n### Tar Archives\\n\\nFinally, following the [guide at reproducible-builds.org](https://reproducible-builds.org/docs/archives/) we have defined standard metadata for the generated Tar archives to make them also reproducible.\\n\\n## Limitations and Next Steps\\n\\nThe above changes mean that official linux builds of the same commit will now result in identical artifacts.\\n\\nThe next step is to roll these changes into [repliqate](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) as we have done with our bindings builds.\\n\\nHowever, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others.\\n\\nIn order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.\\n\\n### Pinned Dependencies\\n\\nAdditionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. \\n\\nThe major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). \\n\\nHowever this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.\\n\\n## Stay up to date!\\n\\nWe expect to make additional progress on this in the coming weeks and months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update-june","metadata":{"permalink":"/blog/cwtch-stable-roadmap-update-june","source":"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","date":"2023-07-05T00:00:00.000Z","formattedDate":"July 5, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/blog/tags/planning"}],"readingTime":5.26,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","slug":"cwtch-stable-roadmap-update-june","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Progress Towards Reproducible UI Builds","permalink":"/blog/cwtch-ui-reproducible-builds-linux"},"nextItem":{"title":"Cwtch Beta 1.12","permalink":"/blog/cwtch-nightly-1-12"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the Cwtch Stable Roadmap\\n\\nBack in March we extended and updated several goals from [our January roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document \u2705 - [Release Process](https://docs.cwtch.im/developing/release/#official-releases)\\n - A Cwtch Packaging Document \u2705 - [Packaging Documentation](https://docs.cwtch.im/developing/release/)\\n - Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new [documentation style guide](/docs/contribute/documentation), and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries \u2705 - [Building a Cwtch App](https://docs.cwtch.im/developing/category/building-a-cwtch-app)\\n - Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. \\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129) \ud83d\udfe1 - currently in [active development](https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information \u2705 - released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12)\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593) \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12). We now believe these changes will be complete in Cwtch Beta 1.13.\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms) \ud83d\udfe1 - we have already launched an environment for testing [Tails](/docs/platforms/tails). Other platforms are underway.\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\n\\n## Next Steps, Refinements, Additional Work\\n\\nAs you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. \\n\\nOther work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.\\n\\nHowever, [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12) featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.\\n\\nThe work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.\\n\\nWe are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-12","metadata":{"permalink":"/blog/cwtch-nightly-1-12","source":"@site/blog/2023-06-16-cwtch-1.12.md","title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","date":"2023-06-16T00:00:00.000Z","formattedDate":"June 16, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"release","permalink":"/blog/tags/release"}],"readingTime":2.455,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","slug":"cwtch-nightly-1-12","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog13_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update-june"},"nextItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/blog/cwtch-nightly-v.11-74"}},"content":"[Cwtch 1.12 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new features like [profile attributes](https://docs.cwtch.im/docs/profiles/profile-info), support for new platforms like [Tails](https://docs.cwtch.im/docs/platforms/tails), and multiple improvements to performance and stability.\\n\\n![](/img/devlog13.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic1.12.png)](/img/picnic1.12.png)\\n\\n
A screenshot of Cwtch 1.12
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Profile Attributes** - profiles can now be augmented with [additional public information](https://docs.cwtch.im/docs/profiles/profile-info)\\n - **Availability Status** - you can now notify contacts that you [are **away** or **busy**](https://docs.cwtch.im/docs/profiles/availability-status)\\n - **Five New Supported Localizations**: **Japanese**, **Korean**, **Slovak**, **Swahili** and **Swedish**\\n - **Support for Tails** - adds an [OnionGrater](https://docs.cwtch.im/docs/platforms/tails) configuration and a new `CWTCH_TAILS` environment variable that enables special Tor behaviour.\\n- **Bug Fixes / Improvements:**\\n - Based on Flutter 3.10\\n - Inter is now the main UI font\\n - New Font Scaling setting\\n - New Network Management code to better manage Tor on unstable networks\\n - File Sharing Experiment Fixes\\n \\t- Fix performance issues for file bubble\\n \\t- Allow restarting of file shares that have timed out\\n \\t- Fix NPE in FileBubble caused by deleting the underlying file\\n \\t- Move from RetVal to UpdateConversationAttributes to minimze UI thread issues\\n - Updates to Linux install scripts to support more distributions\\n - Add a Retry Peer connection to prioritize connection attempts for certain conversations\\n - Updates to `_FlDartProject` to allow custom setting of Flutter asset paths\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Slovak**, **Spanish**, **Swahili**, **Swedish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Japanese** (29%), **Korean** (23%), **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n## Reproducible Bindings\\n\\nCwtch 1.12 is based on libCwtch version `libCwtch-autobindings-2023-06-13-10-50-v0.0.5`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-v.11-74","metadata":{"permalink":"/blog/cwtch-nightly-v.11-74","source":"@site/blog/2023-06-07-new-nightly.md","title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","date":"2023-06-07T00:00:00.000Z","formattedDate":"June 7, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/blog/tags/developer-documentation"}],"readingTime":1.845,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","slug":"cwtch-nightly-v.11-74","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog10_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.12","permalink":"/blog/cwtch-nightly-1-12"},"nextItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/blog/cwtch-developer-documentation"}},"content":"We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog10.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-06-05-17-36-v1.11.0-74-g0406](https://build.openprivacy.ca/files/flwtch-2023-06-05-17-36-v1.11.0-74-g0406/).\\n\\nThis version has a large number of improvements and bug fixes including:\\n\\n* A new Font Scaling setting\\n* Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.\\n* Updated UI font styles\\n* Dependency updates, including a new base of Flutter 3.10.\\n* A fix for stuck file downloading notifications on Android\\n* A fix for missing profile images in certain edge cases on Android\\n* Japanese, Swedish, and Swahili translation options\\n* A new retry peer connection button for prompting Cwtch to prioritize specific connections\\n* [Tails support](/docs/platforms/tails)\\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-developer-documentation","metadata":{"permalink":"/blog/cwtch-developer-documentation","source":"@site/blog/2023-04-28-developer-docs.md","title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","date":"2023-04-28T00:00:00.000Z","formattedDate":"April 28, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/blog/tags/developer-documentation"}],"readingTime":2.595,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","slug":"cwtch-developer-documentation","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/blog/cwtch-nightly-v.11-74"},"nextItem":{"title":"Availability Status and Profile Attributes","permalink":"/blog/availability-status-profile-attributes"}},"content":"One of the larger remaining goals outlined in our [Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents. \\n\\nIn this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!\\n\\nWe are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog9.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Cwtch Development Handbook\\n\\nWe have created a new documentation section, [the developers handbook](/developing/intro). This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).\\n\\n### Release and Packaging Process\\n\\nThe new handbook features a breakdown of [Cwtch release processes](/developing/release) - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.\\n\\n### Cwtch Application Development and Cwtchbot v0.1.0!\\n\\nFor the first time ever we now have [comprehensive documentation on how to build a Cwtch Application](/developing/category/building-a-cwtch-app). This section of the development handbook covers everything from [choosing a Cwtch library](/developing/building-a-cwtch-app/intro#choosing-a-cwtch-library), to [building your first application](/developing/building-a-cwtch-app/building-an-echobot).\\n\\nTogether with this new documentation we have also [released version 0.1 of the Cwtchbot framework](https://git.openprivacy.ca/sarah/cwtchbot), updating calls to use the [new Cwtch Stable API](/blog/cwtch-stable-api-design).\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-04-26-20-57-v1.11.0-33-gb4371](https://build.openprivacy.ca/files/flwtch-2023-04-26-20-57-v1.11.0-33-gb4371/).\\n\\nThis version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the [in-development Tails support](/docs/platforms/tails). \\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"availability-status-profile-attributes","metadata":{"permalink":"/blog/availability-status-profile-attributes","source":"@site/blog/2023-04-06-availability-and-profile-attributes.md","title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","date":"2023-04-06T00:00:00.000Z","formattedDate":"April 6, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"nightly","permalink":"/blog/tags/nightly"}],"readingTime":1.445,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","slug":"availability-status-profile-attributes","tags":["cwtch","cwtch-stable","nightly"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/blog/cwtch-developer-documentation"},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update"}},"content":"Two new Cwtch features are now available to test in nightly: [Availability Status](/docs/profiles/availability-status) and [Profile Information](/docs/profiles/profile-info).\\n\\nAdditionally, we have also published draft guidance on [running Cwtch on Tails](/docs/platforms/tails) that we would like volunteers to test and report back on.\\n \\nThe Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like\\nours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Availability Status\\n\\nNew in this nightly is the ability to notify your conversations that you are \\"Away\\" or \\"Busy\\".\\n\\n
\\n\\n[![](/img/profiles/status-tooltip-busy-set.png)](/img/profiles/status-tooltip-busy-set.png)\\n\\n
\\n
\\n\\nRead more: [Availability Status](/docs/profiles/availability-status)\\n\\n## Profile Attributes\\n\\nAlso new is the ability to augment your profile with a few small pieces of **public** information.\\n\\n
\\n\\n[![](/img/profiles/attributes-set.png)](/img/profiles/attributes-set.png)\\n\\n
\\n
\\n\\nRead more: [Profile Information](/docs/profiles/profile-info)\\n \\n## Downloading the Nightly\\n\\n[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-18-28-v1.11.0-7-g0290** are available below.\\n\\n* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/)\\n* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n* Mac: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/)\\n* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update","metadata":{"permalink":"/blog/cwtch-stable-roadmap-update","source":"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","date":"2023-03-31T00:00:00.000Z","formattedDate":"March 31, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/blog/tags/planning"}],"readingTime":5.61,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","slug":"cwtch-stable-roadmap-update","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Availability Status and Profile Attributes","permalink":"/blog/availability-status-profile-attributes"},"nextItem":{"title":"Cwtch Beta 1.11","permalink":"/blog/cwtch-nightly-1-11"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap](/blog/path-to-cwtch-stable) we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the January Roadmap\\n\\nBack in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \u274c not started.)\\n\\n- By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). \u2705\\n- By **1st February 2023**, the Cwtch team will have [finalized a feature set that defines Cwtch Stable](/blog/cwtch-stable-api-design) and established a timeline for including these features in upcoming Cwtch Beta releases. \u2705\\n- By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:\\n - [Security and Design Documents](/security/intro) \u2705\\n - Infrastructure and [Support](/docs/getting-started/supported_platforms) \ud83d\udfe1\\n - in addition to a new development blog. \u2705\\n- By **31st March 2023**, the Cwtch team will have created:\\n - a [style guide for documentation](/docs/contribute/documentation), and \u2705\\n - have used it to ensure that all Cwtch features have consistent documentation available, \ud83d\udfe1\\n - with at least one screenshot (where applicable). \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have published: \\n - a Cwtch [Interface Specification Document](/blog/cwtch-stable-api-design) \u2705\\n - a Cwtch Release Process Document \ud83d\udfe1\\n - a Cwtch [Support Plan document](/blog/cwtch-platform-support) \u2705\\n - a Cwtch Packaging Document \ud83d\udfe1\\n - a document describing the [Reproducible Builds Process](/blog/cwtch-bindings-reproducible) \u2705\\n - These documents will be available on the newly expanded Cwtch Documentation website \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. \u2705\\n- By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \u274c\\n- By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable \u2705 (this post!)\\n\\nWhile we didn\'t hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:\\n\\n* [Cwtch Autobindings](/blog/autobindings) with [compile-time optional experiments](/blog/autobindings-ii)\\n* [Cwtch 1.11](/blog/cwtch-nightly-1-11) - with support for reproducible bindings, two new localizations (Slovak and Korean), in addition to a myriad of bug fixes and performance improvements.\\n* [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) - a tool for testing and confirming reproducible builds processes based on Qemu, and a Debian Cloud image.\\n\\n## A Timeline for Cwtch Stable\\n\\nNow for the big news, we plan on releasing a candidate Cwtch Stable release during **Summer 2023**. Here is our plan for getting there:\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document\\n - A Cwtch Packaging Document\\n - Completion of documentation of existing Cwtch features, including relevant screenshots.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries\\n - Automatically generated API documentation for libCwtch\\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593)\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms)\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-11","metadata":{"permalink":"/blog/cwtch-nightly-1-11","source":"@site/blog/2023-03-29-cwtch-1.11.md","title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","date":"2023-03-29T00:00:00.000Z","formattedDate":"March 29, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"release","permalink":"/blog/tags/release"}],"readingTime":2.365,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","slug":"cwtch-nightly-1-11","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog12_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update"},"nextItem":{"title":"Updates to Cwtch Documentation","permalink":"/blog/cwtch-documentation"}},"content":"[Cwtch 1.11 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new [reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) and [automatically generated](https://docs.cwtch.im/blog/autobindings) bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.\\n\\n![](/img/devlog12.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic.png)](/img/picnic.png)\\n\\n
A screenshot of Cwtch 1.11
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Based on new Reproducible Cwtch Stable Autobuilds** - this is the first release of cwtch based on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) in addition to our new [automatically generated](https://docs.cwtch.im/blog/autobindings)\\n - **Two New Supported Localizations**: **Slovak** and **Korean**\\n- **Bug Fixes / Improvements:**\\n - When preserving a message draft, quoted messages are now also saved\\n - Layout issues caused by pathological unicode are now prevented\\n - Improved performance of message row rendering\\n - Clickable Links: Links in replies are now selectable\\n - Clickable Links: Fixed error when highlighting certain URIs \\n - File Downloading: Fixes for file downloading and exporting on 32bit Android devices\\n - Server Hosting: Fixes for several layout issues\\n - Build pipeline now runs automated UI tests\\n - Fix issues caused by scrollbar controller overriding\\n - Initial support for the Blodeuwedd Assistant (currently compile-time disabled)\\n - Cwtch Library:\\n - [New Stable Cwtch Peer API](/blog/cwtch-stable-api-design)\\n - Ported File Downloading and Image Previews experiments into Cwtch\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Spanish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n\\n\\n## Reproducible Bindings\\n\\nCwtch 1.11 is based on libCwtch version `2023-03-16-15-07-v0.0.3-1-g50c853a`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-documentation","metadata":{"permalink":"/blog/cwtch-documentation","source":"@site/blog/2023-03-10-cwtch-documentation.md","title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","date":"2023-03-10T00:00:00.000Z","formattedDate":"March 10, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"documentation","permalink":"/blog/tags/documentation"},{"label":"security-handbook","permalink":"/blog/tags/security-handbook"}],"readingTime":2.57,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","slug":"cwtch-documentation","tags":["cwtch","cwtch-stable","documentation","security-handbook"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.11","permalink":"/blog/cwtch-nightly-1-11"},"nextItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/blog/autobindings-ii"}},"content":"One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.\\n\\n![](/img/devlog9.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Cwtch Secure Development Handbook\\n \\nOne of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.\\n\\nWe have [now ported the the handbook to this documentation site](/security/intro), along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation. \\n\\n## Volunteer Development\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Next Steps\\n\\nWe still have more work to do on the documentation front:\\n\\n* Ensuring all pages [implement the new documentation style guide](/docs/contribute/documentation), and include appropriate screenshots and descriptions.\\n* Expanding the security handbook to provide information on [reproducible builds](/blog/cwtch-bindings-reproducible), [the new Cwtch Stable API](/blog/cwtch-stable-api-design) and upcoming improvements around fuzz testing.\\n* Creating new documentation sections on the [libCwtch autobindings API](/blog/autobindings) and building applications on top of Cwtch.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings-ii","metadata":{"permalink":"/blog/autobindings-ii","source":"@site/blog/2023-03-03-autobindings-optional-experiments.md","title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","date":"2023-03-03T00:00:00.000Z","formattedDate":"March 3, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"autobindings","permalink":"/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/blog/tags/libcwtch"}],"readingTime":4.655,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","slug":"autobindings-ii","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Updates to Cwtch Documentation","permalink":"/blog/cwtch-documentation"},"nextItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/blog/autobindings"}},"content":"[Last time we looked at autobindings](https://docs.cwtch.im/blog/autobindings) we mentioned that one of the next steps was introducing support for **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)**. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## The Structure of an Application Experiment\\n\\nAn application-level experiment consists of:\\n\\n1. A set of top-level APIs, e.g. `CreateServer`, `LoadServer`, `DeleteServer` - these are the APIs that we want to expose to calling applications.\\n2. An encapsulating structure for the set of APIs, e.g. `ServersFunctionality` - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.\\n3. A global variable that exists at the top level of libCwtch, e.g. `var serverExperiment *servers.ServersFunctionality servers` - our single pointer to the underlying functionality.\\n4. A set of management-related APIs, e.g. `Init`, `UpdateSettings`, `OnACNEvent` - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are\\nchanged (e.g. if the server hosting experiment is disabled we need to tear down all active servers).\\n5. Management code within `_startCwtch` and `_reconnectCwtch` that calls the management APIs on the global variable.\\n\\nFrom a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead\\nof on `application` or a specific `profile`.\\n\\nMost of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.\\n\\n### New Required Management APIs\\n\\nTo achieve this weaving, we now require application-level experiments to implement an `EventHandlerInterface` interface and expose itself via an\\ninitialize constructor `Init(acn, appDir) -> EventHandlerInterface`, and `Enable(app, acn)`.\\n\\nFor now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.\\n\\nWe can then generate, and optionally include blocks of code like:\\n\\n\\t\\t = .Init(&globalACN, appDir)\\n\\t\\teventHandler.AddModule()\\n\\t\\t.Enable(application, &globalACN)\\n\\nand place them at specific points in the code. `EventHandler` has also been extended to maintain a collection of `modules` so that it can\\npass on interesting events.\\n\\n### Adding Support for Application Experiments in the Spec File\\n\\nWe have introduced a new `!` operator which can be used to gate APIs behind a configured experiment. Along with a new\\ntemplating option `exp` which will call the function on the configured experiment, and `global` to allow the setting up\\nof a global functionality within the library.\\n\\n\\t\\t# Server Hosting Experiment\\n\\t\\t!serverExperiment import \\"git.openprivacy.ca/cwtch.im/cwtch-autobindings/experiments/servers\\"\\n\\t\\t!serverExperiment global serverExperiment *servers.ServersFunctionality servers\\n\\t\\t!serverExperiment exp CreateServer application password string:description bool:autostart\\n\\t\\t!serverExperiment exp SetServerAttribute application string:handle string:key string:val\\n\\t\\t!serverExperiment exp LoadServers application acn password\\n\\t\\t!serverExperiment exp LaunchServers application acn\\n\\t\\t!serverExperiment exp LaunchServer application string:handle\\n\\t\\t!serverExperiment exp StopServer application string:handle\\n\\t\\t!serverExperiment exp StopServers application\\n\\t\\t!serverExperiment exp DestroyServers\\n\\t\\t!serverExperiment exp DeleteServer application string:handle password\\n\\n### Generation-Time Inclusion\\n\\n Without any arguments provided `generate-bindings` will not generate code for any experiments.\\n\\n In order to determine what experimental code to generate, `generate-bindings` now interprets arguments as enabled compile time experiments, e.g. `generate-bindings serverExperiment` will turn on\\n generation of server hosting code, per the spec file above.\\n\\n### Cwtch UI Integration\\n\\nThe UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. `c_LoadServers` - if it doesn\'t then the UI is safe to assume the\\nfeature is not available.\\n\\n
\\n\\n![](/img/dev9-host-disabled.png)\\n\\n
A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.
\\n
\\n\\n## Nightlies & Next Steps\\n\\nWe are now publishing [nightlies](https://build.openprivacy.ca/files/libCwtch-autobindings-v0.0.2/) of autobinding derived libCwtch-go, along with [Repliqate scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.2) for reproducibility.\\n\\nWith application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced\\nin the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.\\n\\nHowever, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:\\n\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs).\\n * **Documentation generation**: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings","metadata":{"permalink":"/blog/autobindings","source":"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md","title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","date":"2023-02-24T00:00:00.000Z","formattedDate":"February 24, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"autobindings","permalink":"/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/blog/tags/libcwtch"}],"readingTime":4.545,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","slug":"autobindings","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/blog/autobindings-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/blog/cwtch-testing-ii"}},"content":"The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of\\nwhat the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to **automatically generate** these bindings: [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings).\\n\\nThis this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the [path to Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable).\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## A Brief History of Cwtch Bindings\\n\\nPrior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by [therecipe/qt](https://github.com/therecipe/qt). However, after encountering numerous\\ncrash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.\\n\\nAs part of early prototyping efforts for Flutter we built out a first version of [libCwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go), and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.\\n\\nThis approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular [experimental features](https://docs.cwtch.im/blog/cwtch-stable-api-design#the-cwtch-experiment-landscape) - handle settings, [duplication of logic between Cwtch and libCwtch-go](https://docs.cwtch.im/blog/cwtch-stable-api-design#bindings), and [special behaviour in libCwtch-go that better belongs in the core Cwtch library](https://docs.cwtch.im/blog/cwtch-stable-api-design#appendix-a-special-behaviour-defined-by-libcwtch-go).\\n\\nAs part of a broader effort to [refine the Cwtch API in preparation for Cwtch Stable](https://docs.cwtch.im/blog/cwtch-stable-api-design) we have taken the opportunity to fix many of these problems.\\n\\n## Cwtch Autobindings\\n\\nThe current `lib.go` file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the `BlockContact` API implementation is:\\n\\n\\t//export c_BlockContact\\n\\tfunc c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {\\n\\t\\tBlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))\\n\\t}\\n\\n\\tfunc BlockContact(profileOnion string, conversationID int) {\\n\\t\\tprofile := application.GetPeer(profileOnion)\\n\\t\\tif profile != nil {\\n\\t\\t\\tprofile.BlockConversation(conversationID)\\n\\t\\t}\\n\\t}\\n\\nAll that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.\\n\\nIn the new [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings) we reduce these multiple lines to [a single one](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec#L19):\\n\\n\\tprofile BlockConversation conversation\\n\\nDefining a `profile`-level function, called `BlockConversation` which takes in a single parameter of type `conversation`.\\n\\nUsing a similar boilerplate-reduction for the reset of `lib.go` yields [5-basic function prototypes](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/README.md#spec-file-format):\\n\\n* Application-level functions e.g. `CreateProfile`\\n* Profile-level functions e.g. `BlockConversation`\\n* Profile-level functions that return data e.g. `GetMessage`\\n* Experimental Profile-level feature functions e.g. `DownloadFile`\\n* Experimental Profile-level feature functions that return data e.g. `ShareFile`\\n\\nOnce aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be [described in fewer than 50 lines, including comments](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec). Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).\\n\\n## Next Steps\\n\\nCwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:\\n\\n * **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)** (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on `cwtch-server`). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don\'t support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart-side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs)\\n * **Documentation generation**: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n * **Cwtch API**: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the [Cwtch Stable API redesign](https://docs.cwtch.im/blog/cwtch-stable-api-design). In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-ii","metadata":{"permalink":"/blog/cwtch-testing-ii","source":"@site/blog/2023-02-17-cwtch-testing-ii.md","title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","date":"2023-02-17T00:00:00.000Z","formattedDate":"February 17, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"support","permalink":"/blog/tags/support"},{"label":"testing","permalink":"/blog/tags/testing"}],"readingTime":1.75,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","slug":"cwtch-testing-ii","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog7_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/blog/autobindings"},"nextItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/blog/cwtch-android-reproducibility"}},"content":"In this development log, we investigate some text-based UI bugs encountered by [Fuzzbot](https://docs.cwtch.im/docs/contribute/testing#running-fuzzbot), add more [automated UI tests](/blog/cwtch-testing-i) to the pipeline, and announce a new release of the Cwtchbot library.\\n\\n![](/img/devlog7.png)\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Constraining Cwtch UI Fields\\n\\nFuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this\\ndoesn\'t pose a safety issue, it is unsightly.\\n\\n
\\n\\n[![](/img/dl7-before.png)](/img/dl7-before.png)\\n\\n
Screenshot demonstrating how certain strings would violate the bounds of their containers.
\\n
\\n\\nThese cases were fixed by parenting impacted elements in a `Container` with `clip: hardEdge` and `decoration:BoxDecoration()` (note that both of these are required as Container widgets in Flutter cannot set clipping logic\\nwithout an associated decoration).\\n\\n
\\n\\n[![](/img/dl7-after.png)](/img/dl7-after.png)\\n\\n
Now these clipped strings are tightly constrained to their container bounds.
\\n
\\n\\nThese fixes are available in the [latest Cwtch Nightly](/docs/contribute/testing#cwtch-nightlies), and will be officially released in Cwtch 1.11.\\n\\n## More Automated UI Tests\\n\\nWe have added two new sets of automated UI tests to our pipeline:\\n\\n- *02: Global Settings* - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. ([PR: 628](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/628))\\n- *04: Profile Management* - these tests check that creating, unlocking, and deleting a profile work as expected. ([PR: 632](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/632))\\n\\n## New Release of Cwtchbot\\n\\n[Cwtchbot](https://git.openprivacy.ca/sarah/cwtchbot) has been updated to use the latest Cwtch 0.18.10 API.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-android-reproducibility","metadata":{"permalink":"/blog/cwtch-android-reproducibility","source":"@site/blog/2023-02-10-android-reproducibility.md","title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","date":"2023-02-10T00:00:00.000Z","formattedDate":"February 10, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"repliqate","permalink":"/blog/tags/repliqate"}],"readingTime":2.92,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","slug":"cwtch-android-reproducibility","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog6_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/blog/cwtch-testing-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing","permalink":"/blog/cwtch-testing-i"}},"content":"In this development log, we continue our previous work on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible), uncovering the final few sources of variation between our [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!\\n\\n![](/img/devlog6.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Changes Necessary for Reproducible Android Bindings\\n\\nAfter a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:\\n\\n- **Insufficient path stripping introduced by Android NDK tools** - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 [changed the binutils and default linker](https://github.com/android/ndk/wiki/Changelog-r22) to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our [long term support plan](https://docs.cwtch.im/blog/cwtch-platform-support), we will be moving towards adopting the latest NDK in the future.\\n- **Paths in DWARF entries** - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.\\n\\n
\\n\\n[![](/img/aar-diff.png)](/img/aar-diff.png)\\n\\n
Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
\\n
\\n\\n- **Go Compiler Acquisition** - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there *was* a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.\\n\\n## Repliqate Scripts\\n\\nWith those issues now fixed, Cwtch Android bindings are **officially reproducible!** The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under [cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script) in the [Cwtch Repliqate scripts repository](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/).\\n\\nThis is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-i","metadata":{"permalink":"/blog/cwtch-testing-i","source":"@site/blog/2023-02-03-cwtch-testing-i.md","title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","date":"2023-02-03T00:00:00.000Z","formattedDate":"February 3, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"support","permalink":"/blog/tags/support"},{"label":"testing","permalink":"/blog/tags/testing"}],"readingTime":4.74,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","slug":"cwtch-testing-i","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog5_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/blog/cwtch-android-reproducibility"},"nextItem":{"title":"Cwtch UI Platform Support","permalink":"/blog/cwtch-platform-support"}},"content":"We first [introduced UI tests last January](https://openprivacy.ca/discreet-log/23-cucumber-testing/). At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.\\n\\nOne of the main threads of work that needs to be complete early in the [Cwtch Stable roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.\\n\\n![](/img/devlog5.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Current Limitations of Flutter Gherkin\\n\\nThe original [flutter_gherkin](https://pub.dev/packages/flutter_gherkin) is under semi-active development; however, the latest published versions don\'t support using it with `flutter test`.\\n\\n- **Flutter Test** was originally intended to run single widget/unit tests for a Flutter project.\\n- **Flutter Drive** was originally intended to run integration tests *on a device or an emulator*.\\n\\nHowever, in recent releases these lines have become blurred. The new [integration_test](https://docs.flutter.dev/testing/integration-tests) package that comes built into newer Flutter releases has support for both `flutter drive` and `flutter test`. This was a great change because it decreases the required overhead to run larger integration tests (`flutter drive` sets up a host-controller model that requires a dedicated control channel to be setup, whereas `flutter test` can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).\\n\\nThere is thankfully code in the `flutter_gherkin` repository that supports running tests with `flutter test`, however this code currently has a few issues:\\n\\n- The test code generation produces code that doesn\'t compile without minor changes.\\n- Certain functionality like \\"take a screenshot\\" does not work on desktop.\\n\\nAdditionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:\\n\\n- Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.\\n- Certain Flutter widgets like `DropdownButton` are not compatible with built-in steps like `tap` because they internally contain multiple copies of the same widget.\\n\\nBecause of the above issues we have chosen to [fork flutter_gherkin](https://git.openprivacy.ca/openprivacy/flutter_gherkin) to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.\\n\\n## Integrating Tests into the Pipeline\\n\\nOne of the major limitations of `flutter test` is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.\\n\\nThankfully it is possible to use [Xfvb](https://en.wikipedia.org/wiki/Xvfb) to create a virtual framebuffer, and set `DISPLAY` to render to that buffer:\\n\\n export DISPLAY=:99\\n Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &\\n\\nThis allows us to neutralize our main issue with `flutter test`, and efficiently run tests in our pipeline.\\n\\n## Catching Bugs!\\n\\nThis small amount of integration work has already caught its first bug.\\n\\nOnce we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. [02_save_load.feature](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/integration_test/features/01_general/02_save_load.feature) simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on\\ndevelopment environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.\\n\\nThe cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory `$USER_HOME/Downloads` didn\'t exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.\\n\\nAs we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!\\n\\n## Next Steps\\n\\n- **More automated tests:** We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.\\n- **More platforms:** Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across [our target platforms](https://docs.cwtch.im/docs/getting-started/supported_platforms). We expect to start this work soon; expect more news in a future Cwtch Testing update!\\n\\n- **More steps:** One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the `expect to see the message` step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. `send a file` or `set profile picture`.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-platform-support","metadata":{"permalink":"/blog/cwtch-platform-support","source":"@site/blog/2023-01-27-platform-support.md","title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","date":"2023-01-27T00:00:00.000Z","formattedDate":"January 27, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"support","permalink":"/blog/tags/support"}],"readingTime":10.535,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","slug":"cwtch-platform-support","tags":["cwtch","cwtch-stable","support"],"image":"/img/devlog4_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing","permalink":"/blog/cwtch-testing-i"},"nextItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/blog/cwtch-bindings-reproducible"}},"content":"One of the [tenets for Cwtch Stable is **Universal Availability and Cohesive Support**](https://docs.cwtch.im/blog/path-to-cwtch-stable#tenets-of-cwtch-stable):\\n\\n> \\"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\"\\n\\nThis development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.\\n\\nThe questions we aim to answer in this post are: \\n\\n- What systems do we currently support?\\n- How do we decide what systems are supported?\\n- How do we handle new OS versions?\\n- How does application support differ from library support?\\n- What blockers exist for systems we wish to support, but currently cannot e.g ios?\\n\\n![](/img/devlog4.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Constraints on support\\n\\nFrom CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems. \\n\\nIn this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.\\n\\n### Limitations on general-purpose computing \\n\\nIn order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to *other* onion services). \\n\\nOn desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, **blocked entirely**. \\n\\nThis is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.\\n\\nWhile we expect that [Arti](https://gitlab.torproject.org/tpo/core/arti) will improve the management of onion services and connections, there is no way around the need to have an active process managing such services. \\n\\nAs Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.\\n\\nWe encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don\'t place restrictions on what you can do with your own device.\\n\\n### Constraints introduced by the Flutter SDK\\n\\nThe Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by [platforms that are supported by the Flutter SDK](https://docs.flutter.dev/development/tools/sdk/release-notes/supported-platforms).\\n\\nTo summarize, as of writing this document those platforms are:\\n\\n- Android API 16 and above (arm, arm64, and amd64)\\n- Debian-based Linux Distributions (64-bit only)\\n- macOS El Capitan (10.11) and above\\n- Windows 7 & above (64-bit only)\\n\\nTo put it plainly, without porting Cwtch UI to a different UI platform **we cannot support a 32-bit desktop version**.\\n\\n### Constraints introduced by Appstore Policy \\n\\nAs of writing, [Google is pushing applications to target API 31 or above](https://developer.android.com/google/play/requirements/target-sdk). This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.\\n\\n### CPU Architecture and Cwtch Bindings\\n\\nWe currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.\\n\\nIt is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.\\n\\n| Architecture / Platform | Windows | Linux | macOS | Android |\\n|--------------------------|---------|-----|-------| -------------|\\n| arm | \u274c | \u274c | \u274c | \u2705\ufe0f| \\n| arm64 | \u274c | \ud83d\udfe1 | \u2705 | \u2705\ufe0f | \\n| x86-64 / amd64 | \u2705 | \u2705 | \u2705\ufe0f | \u2705\ufe0f |\\n\\n\\"\ud83d\udfe1\\" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).\\n\\n### Testing and official support\\n\\nAs a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the [Cwtch Release Candidate Testers](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.\\n\\nWe officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.\\n\\n### End-of-life platforms\\n\\nOperating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. [Windows 7 fell out of support on January 14, 2020](https://www.microsoft.com/en-us/windows/end-of-support), Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.\\n\\nLikewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.\\n\\nThe same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. [Cwtch currently requires libc 2.31+](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#linux-specific-considerations).\\n\\nAndroid versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our [Cwtch Release Candidate Testers groups](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to help us understand the limitations of Android support across different API versions.\\n\\n## How we decide to officially support a platform\\n\\nTo help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:\\n\\n1. **The target platform needs to be officially supported by our development tools** - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.\\n2. **The target operating system needs to be supported by the Vendor** - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).\\n3. **The target platform must be backwards compatible with the most recent version in general use** - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch *may* run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).\\n4. **People want to use Cwtch on that platform** - We will generally only consider new platform support if people ask us about it. If Cwtch isn\'t available for a platform you want to use it on, then please get in touch and ask us about it!\\n\\n## Summary of official support\\n\\nThe table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023). \\n\\nIn many cases we are looking for testers to confirm that various functionality works. A version of this table will be [maintained as part of the Cwtch Handbook](/docs/getting-started/supported_platforms).\\n\\n**Legend:**\\n\\n- \u2705: **Officially Supported**. Cwtch should work on these platforms without issue. Regressions are treated as high priority.\\n- \ud83d\udfe1: **Best Effort Support**. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.\\n- \u274c: **Not Supported**. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.\\n\\n\\n\\n| Platform | Official Cwtch Builds | Source Support | Notes |\\n|-----------------------------|-----------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------|\\n| Windows 11 | \u2705 | \u2705 | 64-bit amd64 only. |\\n| Windows 10 |\u2705 | \u2705 | 64-bit amd64 only. Not officially supported, but official builds may work. |\\n| Windows 8 and below | \u274c | \ud83d\udfe1 | Not supported. Dedicated builds from source may work. Testing Needed. |\\n| OSX 10 and below | \u274c | \ud83d\udfe1 | 64-bit Only. Official builds have been reported to work on Catalina but not High Sierra |\\n| OSX 11 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 12 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 13 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| Debian 11 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Debian 10 | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. |\\n| Debian 9 and below | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies. |\\n| Ubuntu 22.04 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Other Ubuntu | \ud83d\udfe1 | \u2705 | 64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies. | \\n| CentOS | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Gentoo | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Arch | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Whonix | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support. ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550) |\\n| Raspian (arm64) | \ud83d\udfe1 | \u2705 | Builds from source work. |\\n| Other Linux Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Android 9 and below | \ud83d\udfe1 | \ud83d\udfe1 | Official builds may work. |\\n| Android 10 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 11 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 12 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 13 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| LineageOS | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support.](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/607) |\\n| Other Android Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-bindings-reproducible","metadata":{"permalink":"/blog/cwtch-bindings-reproducible","source":"@site/blog/2023-01-20-reproducible-builds-bindings.md","title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","date":"2023-01-20T00:00:00.000Z","formattedDate":"January 20, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"repliqate","permalink":"/blog/tags/repliqate"}],"readingTime":7.915,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","slug":"cwtch-bindings-reproducible","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog3_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Platform Support","permalink":"/blog/cwtch-platform-support"},"nextItem":{"title":"Cwtch Stable API Design","permalink":"/blog/cwtch-stable-api-design"}},"content":"From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.\\n\\nBut open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.\\n\\nThe whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can **independently verify** that the binaries we release are built from the Cwtch source code.\\n\\nIn this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n\x3c!--truncate--\x3e\\n\\n## How Cwtch Bindings are Built\\n\\nSince we launched Cwtch Beta we have used Docker containers as part of our continuous build process.\\n\\nWhen a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.\\n\\nThe Cwtch Bindings build pipeline results in four compiled libraries:\\n\\n- **libcwtch.so** \u2013 For Linux Platforms, built using the [official golang:1.19.X Docker Image](https://hub.docker.com/_/golang)\\n- **libcwtch.dll** \u2013 For Windows Platforms, built using our own [mingw-go Docker Image](https://git.openprivacy.ca/openprivacy/mingw-go)\\n- **libcwtch.ld** \u2013 For OSX Platforms, built using our dedicated OSX build server (Big Sur 11.6.1)\\n- **cwtch.aar** \u2013 For Android Platforms, built using our own [Android/GoMobile Docker Image](https://git.openprivacy.ca/openprivacy/android-go-mobile)\\n\\nThese compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.\\n\\n## Making libCwtch Reproducible\\n\\nDocker containers alone aren\'t enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:\\n\\n* **Go Build ID**: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.\\n* **Build Paths and Go Environment Variables**: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary \u2013 ostensibly to aid with debugging. These can be removed using the `trimPath` option, which we now specify for all bindings builds.\\n\\n### Linux Specific Considerations\\n\\nAfter the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.\\n\\nOur Drone/Docker build environments are based on [Debian Bullseye](https://www.debian.org/releases/bullseye/) which provides [libc6-dev version 2.31](https://packages.debian.org/bullseye/i386/libc6-dev). Other development setups will likely link libc-dev 2.34+.\\n\\nlibc6-dev 2.34 is notable [because it removed dependencies on libpthread and libdl](https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread) \u2013 neither are used in libCwtch, but they are currently referenced \u2013 which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.\\n\\nThis means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on [Next Steps](#next-steps) for more information).\\n\\n### Windows Specific Considerations\\n\\nThe headers of PE files technically contain a timestamp field. In recent years an [effort has been made to use this field for other purposes](https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705), but by default `go build` will still include the timestamp of the file when producing a DLL file (at least when using CGO).\\n\\nFortunately this field can be zeroed out through passing `-Xlinker \u2013no-insert-timestamp` into the `mingw32-gcc` process.\\n\\nWith that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.\\n\\n\\n### Android Specific Considerations\\n\\nWith the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:\\n\\n* Cwtch makes use of [GoMobile](https://github.com/golang/mobile) for compiling Android libraries. We pin to a specific version `43a0384520996c8376bfb8637390f12b44773e65` in our Docker containers. Unlike `go build`, the `trimpPath` parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized `/tmp/go-build*` references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.\\n* We still use [sdk-tools](https://developer.android.com/studio/releases/sdk-tools) instead of the new [commandline-tools](https://developer.android.com/studio/command-line). The latest version of sdk-tools is `4333796` and available from: [https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip](https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip). As part of our plans for Cwtch Stable we will be updating this dependency.\\n* Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated `openjdk:8` image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency. \\n\\nAll of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.\\n\\n### OSX Specific Considerations\\n\\nPerhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.\\n\\nAs with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.\\n\\nIn order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.\\n\\nIn an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a [proprietary SDK](https://www.apple.com/legal/sla/docs/xcode.pdf). There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.\\n\\nBecause of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.\\n\\n## Introducing Repliqate!\\n\\nWith all the above changes, **Cwtch Bindings for Linux and Windows are fully reproducible!**\\n\\nThat alone is great, but we also want to make it easier for **you** to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.\\n\\nTo make this process accessible we are releasing a new tool called [repliqate](https://git.openprivacy.ca/openprivacy/repliqate).\\n\\nRepliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.\\n\\nRepliqate runs [build-scripts](https://git.openprivacy.ca/openprivacy/repliqate#writing-a-build-script) to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from [builds.openprivacy.ca](https://build.openprivacy.ca/files/).\\n\\nWe now provide [Repliqate build-scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts) for reproducible both [Linux libCwtch.so builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-linux.script), [Windows libCwtch.dll builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-windows.script)!\\n\\nWe also have a partially repeatable [Android cwtch.aar build](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-android.script) script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.\\n\\nYou can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.\\n\\n## Next Steps\\n\\nReproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.\\n\\nAs we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-api-design","metadata":{"permalink":"/blog/cwtch-stable-api-design","source":"@site/blog/2023-01-13-cwtch-stable-api-design.md","title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","date":"2023-01-13T00:00:00.000Z","formattedDate":"January 13, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/blog/tags/planning"},{"label":"api","permalink":"/blog/tags/api"}],"readingTime":17.28,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","slug":"cwtch-stable-api-design","tags":["cwtch","cwtch-stable","planning","api"],"image":"/img/devlog2_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/blog/cwtch-bindings-reproducible"},"nextItem":{"title":"Path to Cwtch Stable","permalink":"/blog/path-to-cwtch-stable"}},"content":"Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications. \\n\\nAs we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.\\n\\nAs we move out of Beta and [towards Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable) it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.\\n\\nIn this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.\\n\\n![](/img/devlog2.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Clarifying Terminology\\n\\nOver the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:\\n\\n- **Cwtch** refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application. \\n- **Cwtchlib** refers to the [reference implementation of the Cwtch Protocol](https://git.openprivacy.ca/cwtch.im/cwtch) / Application framework, currently written in Go.\\n- **Bindings** refers to C/Java/Kotlin/Rust bindings (primarily [libcwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go)) that act as an interface between Cwtchlib and downstream applications.\\n- `CwtchPeer` is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).\\n- `ProtocolEngine` is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, `ProtocolEngine` is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.\\n\\n\\n### Tenets of the Cwtch API Design\\n\\nBased on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:\\n\\n- **Robustness** - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.\\n- **Completeness** - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.\\n- **Security** \u2013 experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.\\n\\n### The Cwtch Experiment Landscape\\n\\nA summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.\\n\\n- **Groups** \u2013 the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized `ProtocolEngine` functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup. \\n - **Hybrid Groups** - we have plans to upgrade the Groups experience to a more flexible \u201chybrid-groups\u201d protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.\\n- **Filesharing** \u2013 like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in `ProtocolEngine`.\\n- **Profile Images** \u2013 based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.\\n- **Server Hosting** \u2013 the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.\\n- **Message Formatting** \u2013 notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history\\n- **Search / Microblogging** \u2013 proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.\\n- **Status / Profile Metadata** \u2013 proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.\\n\\n### The Problem with Experiments\\n\\nWe have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the `SendMessages` interface that only allows callers to send messages.\\n\\nWe have also worked to package experimental functionality into so-called **Gated Functionalities** that are only available if a given experiment is turned on.\\n\\nTogether, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:\\n\\n- The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. `SendMessages` \u2013 there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).\\n- The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.\\n- This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.\\n\\n### Restricting Powerful Cwtch APIs\\n\\nTo carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:\\n\\n- Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through `Application` and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.\\n- Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a `RestrictedCwtchConversationInterface` which decorates a Cwtch Profile interface such that it can only interact with a single conversation \u2013 these can then be passed into hooks and interface functions to limit their impact.\\n- Registered Hooks at pre-specified points with restricted capabilities \u2013 to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow `CwtchPeer` to control which experiments get access to which events at a given time.\\n\\n#### Pre-Registered Hooks\\n\\nIn order to implement certain functionality actions need to take place in-between events handled by `CwtchPeer`. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).\\n\\nThis is currently only possible with invasive changes to the `CwtchPeer` interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.\\n\\nWe are introducing a new set of Cwtch APIs designed for this purpose:\\n\\n- `OnNewPeerMessage` - hooked prior to inserting the message into the database.\\n- `OnPeerMessageConfirmed` \u2013 hooked after a peer message has been inserted into the database.\\n- `OnEncryptedGroupMessage` \u2013 hooked after receiving an encrypted message from a group server.\\n- `OnGroupMessageReceived` \u2013 hooked after a successful decryption of a group message, but before inserting it into the database.\\n- `OnContactRequestValue` \u2013 hooked on request of a scoped (the permission level of the attribute e.g. `public` or `conversation` level attributes), zoned ( relating to a specific feature e.g. `filesharing` or `chat`), and keyed (the name of the attribute e.g. `name` or `manifest`) value from a contact.\\n- `OnContactReceiveValue` \u2013 hooked on receipt of a requested scoped,zoned, and keyed value from a contact.\\n\\nIncluding the following APIs for managing hooked functionality:\\n\\n- `RegisterEvents` - returns a set of events that the extension is interested processing.\\n- `RegisterExperiments` - returns a set of experiments that the extension is interested in being notified about\\n- `OnEvent` - to be called by `CwtchPeer` whenever an event registered with `RegisterEvents` is called (assuming all experiments registered through `RegisterExperiments` is active)\\n\\n#### `ProtocolEngine` Subsystems\\n\\nAs mentioned in our experiment summary, some functionality needs to be implemented directly in the `ProtocolEngine`. The `ProtocolEngine` is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).\\n\\nSome types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a `ProtocolEngine`.\\n\\nAt the moment is this done through the concept of informal \u201csubsystems\u201d, modular add-ons to `ProtocolEngine` that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider `ProtocolEngine` ecosystem. \\n\\nWe are formalizing this subsystem into an interface, similar to the hooked functionality in `CwtchPeer`:\\n\\n- `RegisterEvents` - returns a set of events that the subsystem needs to consume to operate.\\n- `OnEvent` \u2013 to be called by `ProtocolEngine` whenever an event registered with `RegisterEvents` is called (when all the experiments registered through `RegisterExperiments` are active)\\n- `RegisterContexts` - returns the set of contexts that the subsystem implements e.g. `im.cwtch.filesharing`\\n\\nThis also requires a formalization of two *engine specific* events (for use on the event bus):\\n\\n- `SendCwtchMessage` \u2013 encapsulating the existing `CwtchPeerMessage` that is used internally in `ProtocolEngine` for messages between subsystems.\\n- `CwtchMessageReceived` \u2013 encapsulating the existing `handlePeerMessage` function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.\\n\\nAnd the introduction of three **additional** `ProtocolEnine` specific events:\\n\\n- `StartEngineSubsystem` \u2013 replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.\\n- `StopEngineSubsystem` \u2013 replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.\\n- `SubsystemStatus` \u2013 a generic event that can be published by subsystems with a collection of fields useful for debugging\\n\\nThis will allow us to move the following functionality, currently part of `ProtocolEngine` itself, into generic subsystems:\\n\\n- **Attribute Lookup Handling** - this functionality is currently part of the overloaded `handlePeerMessage` function, filtered using the `Context` parameter of the `CwtchPeerMessage`. As such it can be entirely delegated to a subsystem. \\n- **Filesharing Chunk Request Handling** \u2013 this is also part of handlePeerMessage, also filtered using the `Context` parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by `handlePeerMessage`)\\n- **Filesharing Start File Share/Stop File Share** \u2013 this is currently part of the `handleEvent` behaviour of `ProtocolEngine` and can be moved into an `OnEvent` handler of the file sharing subsystem (where such events are already processed).\\n\\nThe introduction of pre-registered hooks in combination with the formalizations of `ProtocolEngine` subsystems will allow the follow functionality, currently implemented in `CwtchPeer` or libcwtch-go to be moved to standalone packages:\\n\\n- **Filesharing** makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension. \\n - Filesharing also depends on the file sharing subsystem to be enabled in a `ProtocolEngine`. This subsystem is responsible for processing chunk requests.\\n- **Profile Images** \u2013 we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)\\n- **Legacy Groups** \u2013 while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.\\n- **Status/Profile Metadata** \u2013 status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.\\n \\n#### Impact on Enabling (Powerful) New Functionality\\n\\nNone of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:\\n\\n- **Search** \u2013 a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.\\n- **Non Chat Conversation Contexts** - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.\\n\\n## Application Experiments\\n\\nOne kind of experiment we haven\u2019t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting \u2013 this allows a Cwtch desktop client to setup and manage Cwtch Servers.\\n\\nThis kind of functionality doesn\u2019t belong in Cwtchlib \u2013 as it would necessarily introduce unrelated dependencies into the core library.\\n\\nThis functionality also doesn\u2019t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.\\n\\n## Bindings\\n\\nThe last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.\\n\\nWe can split the bindings into four core areas:\\n\\n- **Application Management** - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.\\n- **Application Experiments** - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.\\n- **Core Profile Management** - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.\\n- **Experimental Profile Features** \u2013 auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.\\n\\nThe flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.\\n\\nIn an ideal future, all of these bindings could be **generated automatically** from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)\\n\\nWe can define three types of C/Java/Kotlin interface function templates:\\n\\n- `ProfileMethodName(profilehandle String, args...)` \u2013 which directly resolves the Cwtch Profile and calls the function.\\n- `ProfileExperimentalMethodName(profilehandle String, args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.\\n- `ApplicationExperimentalMethodName(args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.\\n\\nAll we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context `ProfileInterface` for the first, exported methods of the various `Functionalities` for the second, and `ApplicationExperiment` definitions for the third.\\n\\n## Timelines and Next Actions\\n\\n- **Freeze any changes to the bindings interface** - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 \u2013 until we have implemented the proposed changes into cwtchlib.\\n- As part of Cwtch 1.11 and 1.12 Release Cycles\\n - Implement the `ProtocolEngine` Subsystem Design as outlined above.\\n - Implement the Hooks API.\\n - Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib \u2013 with the exception of behaviour related to Application Experiments (i.e. Server Hosting).\\n - Move event handling from the bindings into Application.\\n - Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) \u2013 keeping the existing interface definitions.\\n- Once Automated UI Tests have been integrated into the Cwtch UI Repository:\\n - Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings **and** a dart calling convention library from cwtchlib and any configured application experiments libraries\\n - Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).\\n - At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n## Appendix A: Special Behaviour Defined by libcwtch-go\\n\\nThe following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:\\n\\n- Application Settings\\n - Including Enabling / Disabling Experiment\\n- ACN Process Management - starting/stopping/restarting/configuring Tor.\\n- Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)\\n- Logging Levels - configuring appropriate logging levels (e.g. `INFO` or `DEBUG`)\\n- Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.\\n- UI Contact Structures - aggregating contact information for the main Cwtch UI.\\n- Group Experiment Functionality\\n - Experiment Gating\\n - GetServerInfoList\\n - GetServerInfo\\n - UI Server Struct Definition\\n- Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.\\n- \\"Unencrypted\\" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated \\"unencrypted\\".\\n- Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).\\n- Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.\\n- Cwtch Profile Engine Activation - starting/stopping a `ProtocolEngine` when requested by the UI, or in response to changes in ACN state.\\n- UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.\\n- File sharing restarts \\n- UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn\'t directly embedded within the event (e.g. converting `handle` to a `conversation id`). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.\\n- Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)"},{"id":"path-to-cwtch-stable","metadata":{"permalink":"/blog/path-to-cwtch-stable","source":"@site/blog/2023-01-06-path-to-cwtch-stable.md","title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","date":"2023-01-06T00:00:00.000Z","formattedDate":"January 6, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/blog/tags/planning"}],"readingTime":9.995,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","slug":"path-to-cwtch-stable","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable API Design","permalink":"/blog/cwtch-stable-api-design"}},"content":"As of December 2022 we have released 10 versions of Cwtch Beta since the [initial launch, 18 months ago, in June 2021](https://openprivacy.ca/discreet-log/10-cwtch-beta-and-beyond/).\\n\\nThere is a consensus among the team that the next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable.\\n\\nThis post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.\\n\\n![](/img/devlog1.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Tenets of Cwtch Stable\\n\\nIt is important to state that Cwtch Stable **does not mean an end to Cwtch development**. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:\\n\\n1. **Consistent Interface** \u2013 each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.\\n2. **Universal Availability and Cohesive Support** \u2013 people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\n3. **Reproducible Builds** \u2013 Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.\\n4. **Proven Security** \u2013 we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.\\n\\n### Known Problems\\n\\nTo begin, let\'s outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.\\n\\n1. **Lack of a Stable API for future feature development** \u2013 while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)\\n2. **Special functionality in libCwtch-go** \u2013 our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)\\n3. **libCwtch-rs partial support** - we currently do not officially consider [libCwtch-rs](https://lib.rs/crates/libcwtch) when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)\\n4. **Lack of Reproducible Pipelines** - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)\\n5. **Lack of up to date, and translated, Security Documentation** \u2013 the [Cwtch security handbook](https://docs.openprivacy.ca/cwtch-security-handbook/) is currently isolated from the rest of our documentation and doesn\u2019t benefit from cross-linking, or translations. (Tenet 4)\\n6. **No Automated UI Tests** \u2013 we put a lot of work into [building out a testing framework for the UI](https://openprivacy.ca/discreet-log/23-cucumber-testing/), but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)\\n7. **Code Signing Provider** \u2013 our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)\\n8. **Second-class Android Support** - while we have put [a lot of effort behind Android support](https://openprivacy.ca/discreet-log/27-android-improvements/) across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)\\n9. **Lack of Fuzzing** \u2013 while [Fuzzbot](https://openprivacy.ca/discreet-log/07-fuzzbot/) sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)\\n10. **Lack of Formal Release Acceptance Process** \u2013 currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to \u201cunrelated\u201d changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)\\n11. **Inconsistent Cwtch Information Discovery** \u2013 our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)\\n12. **Incomplete Documentation** \u2013 docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)\\n\\n### Plan of Action\\n\\nOutside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:\\n\\n1. **Define, Publish, and Implement a Cwtch Interface Specification Documentation** \u2013 this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)\\n2. **Define, Publish, and Implement a Cwtch Release Process** \u2013 this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)\\n3. **Define, Publish, and Implement a Cwtch Support Document** - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)\\n4. **Define, Publish, and Implement a Cwtch Packaging Document** - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)\\n5. **Define, Publish, and Implement a Reproducible Builds Document** \u2013 this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)\\n6. **Expand the Cwtch Documentation Site** \u2013 to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)\\n7. **Expand our Automated Testing to include UI and Fuzzing** - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)\\n8. **Re-evaluate all Issues across all Cwtch related repositories** \u2013 issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don\u2019t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.\\n9. **Define a Stable Feature Set** \u2013 there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)\\n\\n### Goals and Timelines\\n\\nWith all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:\\n\\n1. By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).\\n2. By **1st February 2023**, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.\\n3. By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.\\n4. By **31st March 2023**, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).\\n5. By **31st March 2023** the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.\\n6. By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.\\n7. By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.\\n8. By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.\\n\\nAs these documents are written, and these goals met we will be posting them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, Cwtch development.\\n\\n### Help us get there!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"}]}')}}]); \ No newline at end of file diff --git a/build-staging/assets/js/b2f554cd.813c313e.js b/build-staging/assets/js/b2f554cd.813c313e.js deleted file mode 100644 index 9a2551ef..00000000 --- a/build-staging/assets/js/b2f554cd.813c313e.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[1477],{10:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"cwtch-ui-reproducible-builds-linux","metadata":{"permalink":"/blog/cwtch-ui-reproducible-builds-linux","source":"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md","title":"Cwtch UI Reproducible Builds (Linux)","description":"","date":"2023-07-14T00:00:00.000Z","formattedDate":"July 14, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"repliqate","permalink":"/blog/tags/repliqate"}],"readingTime":4.06,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Reproducible Builds (Linux)","description":"","slug":"cwtch-ui-reproducible-builds-linux","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update-june"}},"content":"Earlier this year we talked about the changes we have made to make [Cwtch Bindings Reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible).\\n\\nIn this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. \\n\\nThis will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Building the Cwtch UI\\n\\nThe official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the `stable` channel.\\n\\nAll builds are conducted through the `flutter` tool e.g. `flutter build`. We inject two build flags as part of the official build `VERSION` and `COMMIT_DATE`:\\n\\n\\t\\tflutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\\n\\nThese flags are defined to be identical to Cwtch Bindings. `VERSION` is the latest git tag: `git describe --tags --abbrev=1` and `COMMIT_DATE` is the date of the latest commit on the branch ``echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE``\\n\\nAll Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in `LIBCWTCH-GO.version`, and fetched via the fetch-libcwtch scripts).\\n\\nThe binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.\\n\\n## Changes we made for reproducible builds\\n\\nFor reproducible linux builds we had to modify the generated `linux/CMakeLists.txt` file to include the following compiler and linker flags:\\n\\n* `-fno-ident` - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.\\n* `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts\\n* `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.\\n\\nWe also define a new [link script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections.\\n\\n### Tar Archives\\n\\nFinally, following the [guide at https://reproducible-builds.org/docs/archives/](https://reproducible-builds.org/docs/archives/) we defined standard metadata for the generated Tar archives to make them also reproducible.\\n\\n## Limitations and Next Steps\\n\\nThe above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script\\n\\nHowever, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others.\\n\\nIn order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.\\n\\n### Pinned Dependencies\\n\\nWhile our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. \\n\\nThe major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). \\n\\nHowever this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n\\n## Stay up to date!\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development."},{"id":"cwtch-stable-roadmap-update-june","metadata":{"permalink":"/blog/cwtch-stable-roadmap-update-june","source":"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","date":"2023-07-05T00:00:00.000Z","formattedDate":"July 5, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/blog/tags/planning"}],"readingTime":5.26,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","slug":"cwtch-stable-roadmap-update-june","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Reproducible Builds (Linux)","permalink":"/blog/cwtch-ui-reproducible-builds-linux"},"nextItem":{"title":"Cwtch Beta 1.12","permalink":"/blog/cwtch-nightly-1-12"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the Cwtch Stable Roadmap\\n\\nBack in March we extended and updated several goals from [our January roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document \u2705 - [Release Process](https://docs.cwtch.im/developing/release/#official-releases)\\n - A Cwtch Packaging Document \u2705 - [Packaging Documentation](https://docs.cwtch.im/developing/release/)\\n - Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new [documentation style guide](/docs/contribute/documentation), and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries \u2705 - [Building a Cwtch App](https://docs.cwtch.im/developing/category/building-a-cwtch-app)\\n - Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. \\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129) \ud83d\udfe1 - currently in [active development](https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information \u2705 - released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12)\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593) \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12). We now believe these changes will be complete in Cwtch Beta 1.13.\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms) \ud83d\udfe1 - we have already launched an environment for testing [Tails](/docs/platforms/tails). Other platforms are underway.\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\n\\n## Next Steps, Refinements, Additional Work\\n\\nAs you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. \\n\\nOther work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.\\n\\nHowever, [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12) featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.\\n\\nThe work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.\\n\\nWe are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-12","metadata":{"permalink":"/blog/cwtch-nightly-1-12","source":"@site/blog/2023-06-16-cwtch-1.12.md","title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","date":"2023-06-16T00:00:00.000Z","formattedDate":"June 16, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"release","permalink":"/blog/tags/release"}],"readingTime":2.455,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","slug":"cwtch-nightly-1-12","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog13_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update-june"},"nextItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/blog/cwtch-nightly-v.11-74"}},"content":"[Cwtch 1.12 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new features like [profile attributes](https://docs.cwtch.im/docs/profiles/profile-info), support for new platforms like [Tails](https://docs.cwtch.im/docs/platforms/tails), and multiple improvements to performance and stability.\\n\\n![](/img/devlog13.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic1.12.png)](/img/picnic1.12.png)\\n\\n
A screenshot of Cwtch 1.12
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Profile Attributes** - profiles can now be augmented with [additional public information](https://docs.cwtch.im/docs/profiles/profile-info)\\n - **Availability Status** - you can now notify contacts that you [are **away** or **busy**](https://docs.cwtch.im/docs/profiles/availability-status)\\n - **Five New Supported Localizations**: **Japanese**, **Korean**, **Slovak**, **Swahili** and **Swedish**\\n - **Support for Tails** - adds an [OnionGrater](https://docs.cwtch.im/docs/platforms/tails) configuration and a new `CWTCH_TAILS` environment variable that enables special Tor behaviour.\\n- **Bug Fixes / Improvements:**\\n - Based on Flutter 3.10\\n - Inter is now the main UI font\\n - New Font Scaling setting\\n - New Network Management code to better manage Tor on unstable networks\\n - File Sharing Experiment Fixes\\n \\t- Fix performance issues for file bubble\\n \\t- Allow restarting of file shares that have timed out\\n \\t- Fix NPE in FileBubble caused by deleting the underlying file\\n \\t- Move from RetVal to UpdateConversationAttributes to minimze UI thread issues\\n - Updates to Linux install scripts to support more distributions\\n - Add a Retry Peer connection to prioritize connection attempts for certain conversations\\n - Updates to `_FlDartProject` to allow custom setting of Flutter asset paths\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Slovak**, **Spanish**, **Swahili**, **Swedish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Japanese** (29%), **Korean** (23%), **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n## Reproducible Bindings\\n\\nCwtch 1.12 is based on libCwtch version `libCwtch-autobindings-2023-06-13-10-50-v0.0.5`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-v.11-74","metadata":{"permalink":"/blog/cwtch-nightly-v.11-74","source":"@site/blog/2023-06-07-new-nightly.md","title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","date":"2023-06-07T00:00:00.000Z","formattedDate":"June 7, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/blog/tags/developer-documentation"}],"readingTime":1.845,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","slug":"cwtch-nightly-v.11-74","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog10_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.12","permalink":"/blog/cwtch-nightly-1-12"},"nextItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/blog/cwtch-developer-documentation"}},"content":"We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog10.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-06-05-17-36-v1.11.0-74-g0406](https://build.openprivacy.ca/files/flwtch-2023-06-05-17-36-v1.11.0-74-g0406/).\\n\\nThis version has a large number of improvements and bug fixes including:\\n\\n* A new Font Scaling setting\\n* Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.\\n* Updated UI font styles\\n* Dependency updates, including a new base of Flutter 3.10.\\n* A fix for stuck file downloading notifications on Android\\n* A fix for missing profile images in certain edge cases on Android\\n* Japanese, Swedish, and Swahili translation options\\n* A new retry peer connection button for prompting Cwtch to prioritize specific connections\\n* [Tails support](/docs/platforms/tails)\\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-developer-documentation","metadata":{"permalink":"/blog/cwtch-developer-documentation","source":"@site/blog/2023-04-28-developer-docs.md","title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","date":"2023-04-28T00:00:00.000Z","formattedDate":"April 28, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/blog/tags/developer-documentation"}],"readingTime":2.595,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","slug":"cwtch-developer-documentation","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/blog/cwtch-nightly-v.11-74"},"nextItem":{"title":"Availability Status and Profile Attributes","permalink":"/blog/availability-status-profile-attributes"}},"content":"One of the larger remaining goals outlined in our [Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents. \\n\\nIn this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!\\n\\nWe are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog9.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Cwtch Development Handbook\\n\\nWe have created a new documentation section, [the developers handbook](/developing/intro). This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).\\n\\n### Release and Packaging Process\\n\\nThe new handbook features a breakdown of [Cwtch release processes](/developing/release) - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.\\n\\n### Cwtch Application Development and Cwtchbot v0.1.0!\\n\\nFor the first time ever we now have [comprehensive documentation on how to build a Cwtch Application](/developing/category/building-a-cwtch-app). This section of the development handbook covers everything from [choosing a Cwtch library](/developing/building-a-cwtch-app/intro#choosing-a-cwtch-library), to [building your first application](/developing/building-a-cwtch-app/building-an-echobot).\\n\\nTogether with this new documentation we have also [released version 0.1 of the Cwtchbot framework](https://git.openprivacy.ca/sarah/cwtchbot), updating calls to use the [new Cwtch Stable API](/blog/cwtch-stable-api-design).\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-04-26-20-57-v1.11.0-33-gb4371](https://build.openprivacy.ca/files/flwtch-2023-04-26-20-57-v1.11.0-33-gb4371/).\\n\\nThis version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the [in-development Tails support](/docs/platforms/tails). \\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"availability-status-profile-attributes","metadata":{"permalink":"/blog/availability-status-profile-attributes","source":"@site/blog/2023-04-06-availability-and-profile-attributes.md","title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","date":"2023-04-06T00:00:00.000Z","formattedDate":"April 6, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"nightly","permalink":"/blog/tags/nightly"}],"readingTime":1.445,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","slug":"availability-status-profile-attributes","tags":["cwtch","cwtch-stable","nightly"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/blog/cwtch-developer-documentation"},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update"}},"content":"Two new Cwtch features are now available to test in nightly: [Availability Status](/docs/profiles/availability-status) and [Profile Information](/docs/profiles/profile-info).\\n\\nAdditionally, we have also published draft guidance on [running Cwtch on Tails](/docs/platforms/tails) that we would like volunteers to test and report back on.\\n \\nThe Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like\\nours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Availability Status\\n\\nNew in this nightly is the ability to notify your conversations that you are \\"Away\\" or \\"Busy\\".\\n\\n
\\n\\n[![](/img/profiles/status-tooltip-busy-set.png)](/img/profiles/status-tooltip-busy-set.png)\\n\\n
\\n
\\n\\nRead more: [Availability Status](/docs/profiles/availability-status)\\n\\n## Profile Attributes\\n\\nAlso new is the ability to augment your profile with a few small pieces of **public** information.\\n\\n
\\n\\n[![](/img/profiles/attributes-set.png)](/img/profiles/attributes-set.png)\\n\\n
\\n
\\n\\nRead more: [Profile Information](/docs/profiles/profile-info)\\n \\n## Downloading the Nightly\\n\\n[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-18-28-v1.11.0-7-g0290** are available below.\\n\\n* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/)\\n* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n* Mac: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/)\\n* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update","metadata":{"permalink":"/blog/cwtch-stable-roadmap-update","source":"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","date":"2023-03-31T00:00:00.000Z","formattedDate":"March 31, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/blog/tags/planning"}],"readingTime":5.61,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","slug":"cwtch-stable-roadmap-update","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Availability Status and Profile Attributes","permalink":"/blog/availability-status-profile-attributes"},"nextItem":{"title":"Cwtch Beta 1.11","permalink":"/blog/cwtch-nightly-1-11"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap](/blog/path-to-cwtch-stable) we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the January Roadmap\\n\\nBack in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \u274c not started.)\\n\\n- By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). \u2705\\n- By **1st February 2023**, the Cwtch team will have [finalized a feature set that defines Cwtch Stable](/blog/cwtch-stable-api-design) and established a timeline for including these features in upcoming Cwtch Beta releases. \u2705\\n- By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:\\n - [Security and Design Documents](/security/intro) \u2705\\n - Infrastructure and [Support](/docs/getting-started/supported_platforms) \ud83d\udfe1\\n - in addition to a new development blog. \u2705\\n- By **31st March 2023**, the Cwtch team will have created:\\n - a [style guide for documentation](/docs/contribute/documentation), and \u2705\\n - have used it to ensure that all Cwtch features have consistent documentation available, \ud83d\udfe1\\n - with at least one screenshot (where applicable). \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have published: \\n - a Cwtch [Interface Specification Document](/blog/cwtch-stable-api-design) \u2705\\n - a Cwtch Release Process Document \ud83d\udfe1\\n - a Cwtch [Support Plan document](/blog/cwtch-platform-support) \u2705\\n - a Cwtch Packaging Document \ud83d\udfe1\\n - a document describing the [Reproducible Builds Process](/blog/cwtch-bindings-reproducible) \u2705\\n - These documents will be available on the newly expanded Cwtch Documentation website \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. \u2705\\n- By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \u274c\\n- By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable \u2705 (this post!)\\n\\nWhile we didn\'t hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:\\n\\n* [Cwtch Autobindings](/blog/autobindings) with [compile-time optional experiments](/blog/autobindings-ii)\\n* [Cwtch 1.11](/blog/cwtch-nightly-1-11) - with support for reproducible bindings, two new localizations (Slovak and Korean), in addition to a myriad of bug fixes and performance improvements.\\n* [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) - a tool for testing and confirming reproducible builds processes based on Qemu, and a Debian Cloud image.\\n\\n## A Timeline for Cwtch Stable\\n\\nNow for the big news, we plan on releasing a candidate Cwtch Stable release during **Summer 2023**. Here is our plan for getting there:\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document\\n - A Cwtch Packaging Document\\n - Completion of documentation of existing Cwtch features, including relevant screenshots.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries\\n - Automatically generated API documentation for libCwtch\\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593)\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms)\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-11","metadata":{"permalink":"/blog/cwtch-nightly-1-11","source":"@site/blog/2023-03-29-cwtch-1.11.md","title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","date":"2023-03-29T00:00:00.000Z","formattedDate":"March 29, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"release","permalink":"/blog/tags/release"}],"readingTime":2.365,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","slug":"cwtch-nightly-1-11","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog12_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/blog/cwtch-stable-roadmap-update"},"nextItem":{"title":"Updates to Cwtch Documentation","permalink":"/blog/cwtch-documentation"}},"content":"[Cwtch 1.11 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new [reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) and [automatically generated](https://docs.cwtch.im/blog/autobindings) bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.\\n\\n![](/img/devlog12.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic.png)](/img/picnic.png)\\n\\n
A screenshot of Cwtch 1.11
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Based on new Reproducible Cwtch Stable Autobuilds** - this is the first release of cwtch based on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) in addition to our new [automatically generated](https://docs.cwtch.im/blog/autobindings)\\n - **Two New Supported Localizations**: **Slovak** and **Korean**\\n- **Bug Fixes / Improvements:**\\n - When preserving a message draft, quoted messages are now also saved\\n - Layout issues caused by pathological unicode are now prevented\\n - Improved performance of message row rendering\\n - Clickable Links: Links in replies are now selectable\\n - Clickable Links: Fixed error when highlighting certain URIs \\n - File Downloading: Fixes for file downloading and exporting on 32bit Android devices\\n - Server Hosting: Fixes for several layout issues\\n - Build pipeline now runs automated UI tests\\n - Fix issues caused by scrollbar controller overriding\\n - Initial support for the Blodeuwedd Assistant (currently compile-time disabled)\\n - Cwtch Library:\\n - [New Stable Cwtch Peer API](/blog/cwtch-stable-api-design)\\n - Ported File Downloading and Image Previews experiments into Cwtch\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Spanish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n\\n\\n## Reproducible Bindings\\n\\nCwtch 1.11 is based on libCwtch version `2023-03-16-15-07-v0.0.3-1-g50c853a`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-documentation","metadata":{"permalink":"/blog/cwtch-documentation","source":"@site/blog/2023-03-10-cwtch-documentation.md","title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","date":"2023-03-10T00:00:00.000Z","formattedDate":"March 10, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"documentation","permalink":"/blog/tags/documentation"},{"label":"security-handbook","permalink":"/blog/tags/security-handbook"}],"readingTime":2.57,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","slug":"cwtch-documentation","tags":["cwtch","cwtch-stable","documentation","security-handbook"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.11","permalink":"/blog/cwtch-nightly-1-11"},"nextItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/blog/autobindings-ii"}},"content":"One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.\\n\\n![](/img/devlog9.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Cwtch Secure Development Handbook\\n \\nOne of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.\\n\\nWe have [now ported the the handbook to this documentation site](/security/intro), along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation. \\n\\n## Volunteer Development\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Next Steps\\n\\nWe still have more work to do on the documentation front:\\n\\n* Ensuring all pages [implement the new documentation style guide](/docs/contribute/documentation), and include appropriate screenshots and descriptions.\\n* Expanding the security handbook to provide information on [reproducible builds](/blog/cwtch-bindings-reproducible), [the new Cwtch Stable API](/blog/cwtch-stable-api-design) and upcoming improvements around fuzz testing.\\n* Creating new documentation sections on the [libCwtch autobindings API](/blog/autobindings) and building applications on top of Cwtch.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings-ii","metadata":{"permalink":"/blog/autobindings-ii","source":"@site/blog/2023-03-03-autobindings-optional-experiments.md","title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","date":"2023-03-03T00:00:00.000Z","formattedDate":"March 3, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"autobindings","permalink":"/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/blog/tags/libcwtch"}],"readingTime":4.655,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","slug":"autobindings-ii","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Updates to Cwtch Documentation","permalink":"/blog/cwtch-documentation"},"nextItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/blog/autobindings"}},"content":"[Last time we looked at autobindings](https://docs.cwtch.im/blog/autobindings) we mentioned that one of the next steps was introducing support for **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)**. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## The Structure of an Application Experiment\\n\\nAn application-level experiment consists of:\\n\\n1. A set of top-level APIs, e.g. `CreateServer`, `LoadServer`, `DeleteServer` - these are the APIs that we want to expose to calling applications.\\n2. An encapsulating structure for the set of APIs, e.g. `ServersFunctionality` - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.\\n3. A global variable that exists at the top level of libCwtch, e.g. `var serverExperiment *servers.ServersFunctionality servers` - our single pointer to the underlying functionality.\\n4. A set of management-related APIs, e.g. `Init`, `UpdateSettings`, `OnACNEvent` - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are\\nchanged (e.g. if the server hosting experiment is disabled we need to tear down all active servers).\\n5. Management code within `_startCwtch` and `_reconnectCwtch` that calls the management APIs on the global variable.\\n\\nFrom a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead\\nof on `application` or a specific `profile`.\\n\\nMost of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.\\n\\n### New Required Management APIs\\n\\nTo achieve this weaving, we now require application-level experiments to implement an `EventHandlerInterface` interface and expose itself via an\\ninitialize constructor `Init(acn, appDir) -> EventHandlerInterface`, and `Enable(app, acn)`.\\n\\nFor now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.\\n\\nWe can then generate, and optionally include blocks of code like:\\n\\n\\t\\t = .Init(&globalACN, appDir)\\n\\t\\teventHandler.AddModule()\\n\\t\\t.Enable(application, &globalACN)\\n\\nand place them at specific points in the code. `EventHandler` has also been extended to maintain a collection of `modules` so that it can\\npass on interesting events.\\n\\n### Adding Support for Application Experiments in the Spec File\\n\\nWe have introduced a new `!` operator which can be used to gate APIs behind a configured experiment. Along with a new\\ntemplating option `exp` which will call the function on the configured experiment, and `global` to allow the setting up\\nof a global functionality within the library.\\n\\n\\t\\t# Server Hosting Experiment\\n\\t\\t!serverExperiment import \\"git.openprivacy.ca/cwtch.im/cwtch-autobindings/experiments/servers\\"\\n\\t\\t!serverExperiment global serverExperiment *servers.ServersFunctionality servers\\n\\t\\t!serverExperiment exp CreateServer application password string:description bool:autostart\\n\\t\\t!serverExperiment exp SetServerAttribute application string:handle string:key string:val\\n\\t\\t!serverExperiment exp LoadServers application acn password\\n\\t\\t!serverExperiment exp LaunchServers application acn\\n\\t\\t!serverExperiment exp LaunchServer application string:handle\\n\\t\\t!serverExperiment exp StopServer application string:handle\\n\\t\\t!serverExperiment exp StopServers application\\n\\t\\t!serverExperiment exp DestroyServers\\n\\t\\t!serverExperiment exp DeleteServer application string:handle password\\n\\n### Generation-Time Inclusion\\n\\n Without any arguments provided `generate-bindings` will not generate code for any experiments.\\n\\n In order to determine what experimental code to generate, `generate-bindings` now interprets arguments as enabled compile time experiments, e.g. `generate-bindings serverExperiment` will turn on\\n generation of server hosting code, per the spec file above.\\n\\n### Cwtch UI Integration\\n\\nThe UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. `c_LoadServers` - if it doesn\'t then the UI is safe to assume the\\nfeature is not available.\\n\\n
\\n\\n![](/img/dev9-host-disabled.png)\\n\\n
A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.
\\n
\\n\\n## Nightlies & Next Steps\\n\\nWe are now publishing [nightlies](https://build.openprivacy.ca/files/libCwtch-autobindings-v0.0.2/) of autobinding derived libCwtch-go, along with [Repliqate scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.2) for reproducibility.\\n\\nWith application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced\\nin the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.\\n\\nHowever, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:\\n\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs).\\n * **Documentation generation**: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings","metadata":{"permalink":"/blog/autobindings","source":"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md","title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","date":"2023-02-24T00:00:00.000Z","formattedDate":"February 24, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"autobindings","permalink":"/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/blog/tags/libcwtch"}],"readingTime":4.545,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","slug":"autobindings","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/blog/autobindings-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/blog/cwtch-testing-ii"}},"content":"The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of\\nwhat the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to **automatically generate** these bindings: [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings).\\n\\nThis this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the [path to Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable).\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## A Brief History of Cwtch Bindings\\n\\nPrior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by [therecipe/qt](https://github.com/therecipe/qt). However, after encountering numerous\\ncrash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.\\n\\nAs part of early prototyping efforts for Flutter we built out a first version of [libCwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go), and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.\\n\\nThis approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular [experimental features](https://docs.cwtch.im/blog/cwtch-stable-api-design#the-cwtch-experiment-landscape) - handle settings, [duplication of logic between Cwtch and libCwtch-go](https://docs.cwtch.im/blog/cwtch-stable-api-design#bindings), and [special behaviour in libCwtch-go that better belongs in the core Cwtch library](https://docs.cwtch.im/blog/cwtch-stable-api-design#appendix-a-special-behaviour-defined-by-libcwtch-go).\\n\\nAs part of a broader effort to [refine the Cwtch API in preparation for Cwtch Stable](https://docs.cwtch.im/blog/cwtch-stable-api-design) we have taken the opportunity to fix many of these problems.\\n\\n## Cwtch Autobindings\\n\\nThe current `lib.go` file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the `BlockContact` API implementation is:\\n\\n\\t//export c_BlockContact\\n\\tfunc c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {\\n\\t\\tBlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))\\n\\t}\\n\\n\\tfunc BlockContact(profileOnion string, conversationID int) {\\n\\t\\tprofile := application.GetPeer(profileOnion)\\n\\t\\tif profile != nil {\\n\\t\\t\\tprofile.BlockConversation(conversationID)\\n\\t\\t}\\n\\t}\\n\\nAll that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.\\n\\nIn the new [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings) we reduce these multiple lines to [a single one](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec#L19):\\n\\n\\tprofile BlockConversation conversation\\n\\nDefining a `profile`-level function, called `BlockConversation` which takes in a single parameter of type `conversation`.\\n\\nUsing a similar boilerplate-reduction for the reset of `lib.go` yields [5-basic function prototypes](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/README.md#spec-file-format):\\n\\n* Application-level functions e.g. `CreateProfile`\\n* Profile-level functions e.g. `BlockConversation`\\n* Profile-level functions that return data e.g. `GetMessage`\\n* Experimental Profile-level feature functions e.g. `DownloadFile`\\n* Experimental Profile-level feature functions that return data e.g. `ShareFile`\\n\\nOnce aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be [described in fewer than 50 lines, including comments](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec). Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).\\n\\n## Next Steps\\n\\nCwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:\\n\\n * **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)** (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on `cwtch-server`). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don\'t support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart-side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs)\\n * **Documentation generation**: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n * **Cwtch API**: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the [Cwtch Stable API redesign](https://docs.cwtch.im/blog/cwtch-stable-api-design). In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-ii","metadata":{"permalink":"/blog/cwtch-testing-ii","source":"@site/blog/2023-02-17-cwtch-testing-ii.md","title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","date":"2023-02-17T00:00:00.000Z","formattedDate":"February 17, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"support","permalink":"/blog/tags/support"},{"label":"testing","permalink":"/blog/tags/testing"}],"readingTime":1.75,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","slug":"cwtch-testing-ii","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog7_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/blog/autobindings"},"nextItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/blog/cwtch-android-reproducibility"}},"content":"In this development log, we investigate some text-based UI bugs encountered by [Fuzzbot](https://docs.cwtch.im/docs/contribute/testing#running-fuzzbot), add more [automated UI tests](/blog/cwtch-testing-i) to the pipeline, and announce a new release of the Cwtchbot library.\\n\\n![](/img/devlog7.png)\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Constraining Cwtch UI Fields\\n\\nFuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this\\ndoesn\'t pose a safety issue, it is unsightly.\\n\\n
\\n\\n[![](/img/dl7-before.png)](/img/dl7-before.png)\\n\\n
Screenshot demonstrating how certain strings would violate the bounds of their containers.
\\n
\\n\\nThese cases were fixed by parenting impacted elements in a `Container` with `clip: hardEdge` and `decoration:BoxDecoration()` (note that both of these are required as Container widgets in Flutter cannot set clipping logic\\nwithout an associated decoration).\\n\\n
\\n\\n[![](/img/dl7-after.png)](/img/dl7-after.png)\\n\\n
Now these clipped strings are tightly constrained to their container bounds.
\\n
\\n\\nThese fixes are available in the [latest Cwtch Nightly](/docs/contribute/testing#cwtch-nightlies), and will be officially released in Cwtch 1.11.\\n\\n## More Automated UI Tests\\n\\nWe have added two new sets of automated UI tests to our pipeline:\\n\\n- *02: Global Settings* - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. ([PR: 628](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/628))\\n- *04: Profile Management* - these tests check that creating, unlocking, and deleting a profile work as expected. ([PR: 632](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/632))\\n\\n## New Release of Cwtchbot\\n\\n[Cwtchbot](https://git.openprivacy.ca/sarah/cwtchbot) has been updated to use the latest Cwtch 0.18.10 API.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-android-reproducibility","metadata":{"permalink":"/blog/cwtch-android-reproducibility","source":"@site/blog/2023-02-10-android-reproducibility.md","title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","date":"2023-02-10T00:00:00.000Z","formattedDate":"February 10, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"repliqate","permalink":"/blog/tags/repliqate"}],"readingTime":2.92,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","slug":"cwtch-android-reproducibility","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog6_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/blog/cwtch-testing-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing","permalink":"/blog/cwtch-testing-i"}},"content":"In this development log, we continue our previous work on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible), uncovering the final few sources of variation between our [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!\\n\\n![](/img/devlog6.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Changes Necessary for Reproducible Android Bindings\\n\\nAfter a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:\\n\\n- **Insufficient path stripping introduced by Android NDK tools** - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 [changed the binutils and default linker](https://github.com/android/ndk/wiki/Changelog-r22) to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our [long term support plan](https://docs.cwtch.im/blog/cwtch-platform-support), we will be moving towards adopting the latest NDK in the future.\\n- **Paths in DWARF entries** - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.\\n\\n
\\n\\n[![](/img/aar-diff.png)](/img/aar-diff.png)\\n\\n
Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
\\n
\\n\\n- **Go Compiler Acquisition** - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there *was* a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.\\n\\n## Repliqate Scripts\\n\\nWith those issues now fixed, Cwtch Android bindings are **officially reproducible!** The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under [cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script) in the [Cwtch Repliqate scripts repository](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/).\\n\\nThis is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-i","metadata":{"permalink":"/blog/cwtch-testing-i","source":"@site/blog/2023-02-03-cwtch-testing-i.md","title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","date":"2023-02-03T00:00:00.000Z","formattedDate":"February 3, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"support","permalink":"/blog/tags/support"},{"label":"testing","permalink":"/blog/tags/testing"}],"readingTime":4.74,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","slug":"cwtch-testing-i","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog5_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/blog/cwtch-android-reproducibility"},"nextItem":{"title":"Cwtch UI Platform Support","permalink":"/blog/cwtch-platform-support"}},"content":"We first [introduced UI tests last January](https://openprivacy.ca/discreet-log/23-cucumber-testing/). At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.\\n\\nOne of the main threads of work that needs to be complete early in the [Cwtch Stable roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.\\n\\n![](/img/devlog5.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Current Limitations of Flutter Gherkin\\n\\nThe original [flutter_gherkin](https://pub.dev/packages/flutter_gherkin) is under semi-active development; however, the latest published versions don\'t support using it with `flutter test`.\\n\\n- **Flutter Test** was originally intended to run single widget/unit tests for a Flutter project.\\n- **Flutter Drive** was originally intended to run integration tests *on a device or an emulator*.\\n\\nHowever, in recent releases these lines have become blurred. The new [integration_test](https://docs.flutter.dev/testing/integration-tests) package that comes built into newer Flutter releases has support for both `flutter drive` and `flutter test`. This was a great change because it decreases the required overhead to run larger integration tests (`flutter drive` sets up a host-controller model that requires a dedicated control channel to be setup, whereas `flutter test` can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).\\n\\nThere is thankfully code in the `flutter_gherkin` repository that supports running tests with `flutter test`, however this code currently has a few issues:\\n\\n- The test code generation produces code that doesn\'t compile without minor changes.\\n- Certain functionality like \\"take a screenshot\\" does not work on desktop.\\n\\nAdditionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:\\n\\n- Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.\\n- Certain Flutter widgets like `DropdownButton` are not compatible with built-in steps like `tap` because they internally contain multiple copies of the same widget.\\n\\nBecause of the above issues we have chosen to [fork flutter_gherkin](https://git.openprivacy.ca/openprivacy/flutter_gherkin) to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.\\n\\n## Integrating Tests into the Pipeline\\n\\nOne of the major limitations of `flutter test` is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.\\n\\nThankfully it is possible to use [Xfvb](https://en.wikipedia.org/wiki/Xvfb) to create a virtual framebuffer, and set `DISPLAY` to render to that buffer:\\n\\n export DISPLAY=:99\\n Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &\\n\\nThis allows us to neutralize our main issue with `flutter test`, and efficiently run tests in our pipeline.\\n\\n## Catching Bugs!\\n\\nThis small amount of integration work has already caught its first bug.\\n\\nOnce we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. [02_save_load.feature](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/integration_test/features/01_general/02_save_load.feature) simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on\\ndevelopment environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.\\n\\nThe cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory `$USER_HOME/Downloads` didn\'t exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.\\n\\nAs we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!\\n\\n## Next Steps\\n\\n- **More automated tests:** We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.\\n- **More platforms:** Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across [our target platforms](https://docs.cwtch.im/docs/getting-started/supported_platforms). We expect to start this work soon; expect more news in a future Cwtch Testing update!\\n\\n- **More steps:** One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the `expect to see the message` step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. `send a file` or `set profile picture`.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-platform-support","metadata":{"permalink":"/blog/cwtch-platform-support","source":"@site/blog/2023-01-27-platform-support.md","title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","date":"2023-01-27T00:00:00.000Z","formattedDate":"January 27, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"support","permalink":"/blog/tags/support"}],"readingTime":10.535,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","slug":"cwtch-platform-support","tags":["cwtch","cwtch-stable","support"],"image":"/img/devlog4_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing","permalink":"/blog/cwtch-testing-i"},"nextItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/blog/cwtch-bindings-reproducible"}},"content":"One of the [tenets for Cwtch Stable is **Universal Availability and Cohesive Support**](https://docs.cwtch.im/blog/path-to-cwtch-stable#tenets-of-cwtch-stable):\\n\\n> \\"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\"\\n\\nThis development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.\\n\\nThe questions we aim to answer in this post are: \\n\\n- What systems do we currently support?\\n- How do we decide what systems are supported?\\n- How do we handle new OS versions?\\n- How does application support differ from library support?\\n- What blockers exist for systems we wish to support, but currently cannot e.g ios?\\n\\n![](/img/devlog4.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Constraints on support\\n\\nFrom CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems. \\n\\nIn this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.\\n\\n### Limitations on general-purpose computing \\n\\nIn order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to *other* onion services). \\n\\nOn desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, **blocked entirely**. \\n\\nThis is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.\\n\\nWhile we expect that [Arti](https://gitlab.torproject.org/tpo/core/arti) will improve the management of onion services and connections, there is no way around the need to have an active process managing such services. \\n\\nAs Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.\\n\\nWe encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don\'t place restrictions on what you can do with your own device.\\n\\n### Constraints introduced by the Flutter SDK\\n\\nThe Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by [platforms that are supported by the Flutter SDK](https://docs.flutter.dev/development/tools/sdk/release-notes/supported-platforms).\\n\\nTo summarize, as of writing this document those platforms are:\\n\\n- Android API 16 and above (arm, arm64, and amd64)\\n- Debian-based Linux Distributions (64-bit only)\\n- macOS El Capitan (10.11) and above\\n- Windows 7 & above (64-bit only)\\n\\nTo put it plainly, without porting Cwtch UI to a different UI platform **we cannot support a 32-bit desktop version**.\\n\\n### Constraints introduced by Appstore Policy \\n\\nAs of writing, [Google is pushing applications to target API 31 or above](https://developer.android.com/google/play/requirements/target-sdk). This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.\\n\\n### CPU Architecture and Cwtch Bindings\\n\\nWe currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.\\n\\nIt is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.\\n\\n| Architecture / Platform | Windows | Linux | macOS | Android |\\n|--------------------------|---------|-----|-------| -------------|\\n| arm | \u274c | \u274c | \u274c | \u2705\ufe0f| \\n| arm64 | \u274c | \ud83d\udfe1 | \u2705 | \u2705\ufe0f | \\n| x86-64 / amd64 | \u2705 | \u2705 | \u2705\ufe0f | \u2705\ufe0f |\\n\\n\\"\ud83d\udfe1\\" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).\\n\\n### Testing and official support\\n\\nAs a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the [Cwtch Release Candidate Testers](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.\\n\\nWe officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.\\n\\n### End-of-life platforms\\n\\nOperating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. [Windows 7 fell out of support on January 14, 2020](https://www.microsoft.com/en-us/windows/end-of-support), Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.\\n\\nLikewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.\\n\\nThe same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. [Cwtch currently requires libc 2.31+](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#linux-specific-considerations).\\n\\nAndroid versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our [Cwtch Release Candidate Testers groups](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to help us understand the limitations of Android support across different API versions.\\n\\n## How we decide to officially support a platform\\n\\nTo help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:\\n\\n1. **The target platform needs to be officially supported by our development tools** - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.\\n2. **The target operating system needs to be supported by the Vendor** - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).\\n3. **The target platform must be backwards compatible with the most recent version in general use** - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch *may* run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).\\n4. **People want to use Cwtch on that platform** - We will generally only consider new platform support if people ask us about it. If Cwtch isn\'t available for a platform you want to use it on, then please get in touch and ask us about it!\\n\\n## Summary of official support\\n\\nThe table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023). \\n\\nIn many cases we are looking for testers to confirm that various functionality works. A version of this table will be [maintained as part of the Cwtch Handbook](/docs/getting-started/supported_platforms).\\n\\n**Legend:**\\n\\n- \u2705: **Officially Supported**. Cwtch should work on these platforms without issue. Regressions are treated as high priority.\\n- \ud83d\udfe1: **Best Effort Support**. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.\\n- \u274c: **Not Supported**. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.\\n\\n\\n\\n| Platform | Official Cwtch Builds | Source Support | Notes |\\n|-----------------------------|-----------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------|\\n| Windows 11 | \u2705 | \u2705 | 64-bit amd64 only. |\\n| Windows 10 |\u2705 | \u2705 | 64-bit amd64 only. Not officially supported, but official builds may work. |\\n| Windows 8 and below | \u274c | \ud83d\udfe1 | Not supported. Dedicated builds from source may work. Testing Needed. |\\n| OSX 10 and below | \u274c | \ud83d\udfe1 | 64-bit Only. Official builds have been reported to work on Catalina but not High Sierra |\\n| OSX 11 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 12 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 13 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| Debian 11 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Debian 10 | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. |\\n| Debian 9 and below | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies. |\\n| Ubuntu 22.04 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Other Ubuntu | \ud83d\udfe1 | \u2705 | 64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies. | \\n| CentOS | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Gentoo | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Arch | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Whonix | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support. ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550) |\\n| Raspian (arm64) | \ud83d\udfe1 | \u2705 | Builds from source work. |\\n| Other Linux Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Android 9 and below | \ud83d\udfe1 | \ud83d\udfe1 | Official builds may work. |\\n| Android 10 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 11 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 12 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 13 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| LineageOS | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support.](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/607) |\\n| Other Android Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-bindings-reproducible","metadata":{"permalink":"/blog/cwtch-bindings-reproducible","source":"@site/blog/2023-01-20-reproducible-builds-bindings.md","title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","date":"2023-01-20T00:00:00.000Z","formattedDate":"January 20, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/blog/tags/bindings"},{"label":"repliqate","permalink":"/blog/tags/repliqate"}],"readingTime":7.915,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","slug":"cwtch-bindings-reproducible","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog3_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Platform Support","permalink":"/blog/cwtch-platform-support"},"nextItem":{"title":"Cwtch Stable API Design","permalink":"/blog/cwtch-stable-api-design"}},"content":"From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.\\n\\nBut open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.\\n\\nThe whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can **independently verify** that the binaries we release are built from the Cwtch source code.\\n\\nIn this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n\x3c!--truncate--\x3e\\n\\n## How Cwtch Bindings are Built\\n\\nSince we launched Cwtch Beta we have used Docker containers as part of our continuous build process.\\n\\nWhen a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.\\n\\nThe Cwtch Bindings build pipeline results in four compiled libraries:\\n\\n- **libcwtch.so** \u2013 For Linux Platforms, built using the [official golang:1.19.X Docker Image](https://hub.docker.com/_/golang)\\n- **libcwtch.dll** \u2013 For Windows Platforms, built using our own [mingw-go Docker Image](https://git.openprivacy.ca/openprivacy/mingw-go)\\n- **libcwtch.ld** \u2013 For OSX Platforms, built using our dedicated OSX build server (Big Sur 11.6.1)\\n- **cwtch.aar** \u2013 For Android Platforms, built using our own [Android/GoMobile Docker Image](https://git.openprivacy.ca/openprivacy/android-go-mobile)\\n\\nThese compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.\\n\\n## Making libCwtch Reproducible\\n\\nDocker containers alone aren\'t enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:\\n\\n* **Go Build ID**: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.\\n* **Build Paths and Go Environment Variables**: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary \u2013 ostensibly to aid with debugging. These can be removed using the `trimPath` option, which we now specify for all bindings builds.\\n\\n### Linux Specific Considerations\\n\\nAfter the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.\\n\\nOur Drone/Docker build environments are based on [Debian Bullseye](https://www.debian.org/releases/bullseye/) which provides [libc6-dev version 2.31](https://packages.debian.org/bullseye/i386/libc6-dev). Other development setups will likely link libc-dev 2.34+.\\n\\nlibc6-dev 2.34 is notable [because it removed dependencies on libpthread and libdl](https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread) \u2013 neither are used in libCwtch, but they are currently referenced \u2013 which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.\\n\\nThis means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on [Next Steps](#next-steps) for more information).\\n\\n### Windows Specific Considerations\\n\\nThe headers of PE files technically contain a timestamp field. In recent years an [effort has been made to use this field for other purposes](https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705), but by default `go build` will still include the timestamp of the file when producing a DLL file (at least when using CGO).\\n\\nFortunately this field can be zeroed out through passing `-Xlinker \u2013no-insert-timestamp` into the `mingw32-gcc` process.\\n\\nWith that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.\\n\\n\\n### Android Specific Considerations\\n\\nWith the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:\\n\\n* Cwtch makes use of [GoMobile](https://github.com/golang/mobile) for compiling Android libraries. We pin to a specific version `43a0384520996c8376bfb8637390f12b44773e65` in our Docker containers. Unlike `go build`, the `trimpPath` parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized `/tmp/go-build*` references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.\\n* We still use [sdk-tools](https://developer.android.com/studio/releases/sdk-tools) instead of the new [commandline-tools](https://developer.android.com/studio/command-line). The latest version of sdk-tools is `4333796` and available from: [https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip](https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip). As part of our plans for Cwtch Stable we will be updating this dependency.\\n* Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated `openjdk:8` image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency. \\n\\nAll of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.\\n\\n### OSX Specific Considerations\\n\\nPerhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.\\n\\nAs with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.\\n\\nIn order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.\\n\\nIn an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a [proprietary SDK](https://www.apple.com/legal/sla/docs/xcode.pdf). There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.\\n\\nBecause of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.\\n\\n## Introducing Repliqate!\\n\\nWith all the above changes, **Cwtch Bindings for Linux and Windows are fully reproducible!**\\n\\nThat alone is great, but we also want to make it easier for **you** to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.\\n\\nTo make this process accessible we are releasing a new tool called [repliqate](https://git.openprivacy.ca/openprivacy/repliqate).\\n\\nRepliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.\\n\\nRepliqate runs [build-scripts](https://git.openprivacy.ca/openprivacy/repliqate#writing-a-build-script) to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from [builds.openprivacy.ca](https://build.openprivacy.ca/files/).\\n\\nWe now provide [Repliqate build-scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts) for reproducible both [Linux libCwtch.so builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-linux.script), [Windows libCwtch.dll builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-windows.script)!\\n\\nWe also have a partially repeatable [Android cwtch.aar build](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-android.script) script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.\\n\\nYou can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.\\n\\n## Next Steps\\n\\nReproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.\\n\\nAs we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-api-design","metadata":{"permalink":"/blog/cwtch-stable-api-design","source":"@site/blog/2023-01-13-cwtch-stable-api-design.md","title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","date":"2023-01-13T00:00:00.000Z","formattedDate":"January 13, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/blog/tags/planning"},{"label":"api","permalink":"/blog/tags/api"}],"readingTime":17.28,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","slug":"cwtch-stable-api-design","tags":["cwtch","cwtch-stable","planning","api"],"image":"/img/devlog2_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/blog/cwtch-bindings-reproducible"},"nextItem":{"title":"Path to Cwtch Stable","permalink":"/blog/path-to-cwtch-stable"}},"content":"Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications. \\n\\nAs we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.\\n\\nAs we move out of Beta and [towards Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable) it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.\\n\\nIn this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.\\n\\n![](/img/devlog2.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Clarifying Terminology\\n\\nOver the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:\\n\\n- **Cwtch** refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application. \\n- **Cwtchlib** refers to the [reference implementation of the Cwtch Protocol](https://git.openprivacy.ca/cwtch.im/cwtch) / Application framework, currently written in Go.\\n- **Bindings** refers to C/Java/Kotlin/Rust bindings (primarily [libcwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go)) that act as an interface between Cwtchlib and downstream applications.\\n- `CwtchPeer` is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).\\n- `ProtocolEngine` is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, `ProtocolEngine` is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.\\n\\n\\n### Tenets of the Cwtch API Design\\n\\nBased on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:\\n\\n- **Robustness** - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.\\n- **Completeness** - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.\\n- **Security** \u2013 experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.\\n\\n### The Cwtch Experiment Landscape\\n\\nA summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.\\n\\n- **Groups** \u2013 the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized `ProtocolEngine` functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup. \\n - **Hybrid Groups** - we have plans to upgrade the Groups experience to a more flexible \u201chybrid-groups\u201d protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.\\n- **Filesharing** \u2013 like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in `ProtocolEngine`.\\n- **Profile Images** \u2013 based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.\\n- **Server Hosting** \u2013 the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.\\n- **Message Formatting** \u2013 notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history\\n- **Search / Microblogging** \u2013 proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.\\n- **Status / Profile Metadata** \u2013 proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.\\n\\n### The Problem with Experiments\\n\\nWe have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the `SendMessages` interface that only allows callers to send messages.\\n\\nWe have also worked to package experimental functionality into so-called **Gated Functionalities** that are only available if a given experiment is turned on.\\n\\nTogether, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:\\n\\n- The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. `SendMessages` \u2013 there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).\\n- The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.\\n- This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.\\n\\n### Restricting Powerful Cwtch APIs\\n\\nTo carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:\\n\\n- Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through `Application` and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.\\n- Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a `RestrictedCwtchConversationInterface` which decorates a Cwtch Profile interface such that it can only interact with a single conversation \u2013 these can then be passed into hooks and interface functions to limit their impact.\\n- Registered Hooks at pre-specified points with restricted capabilities \u2013 to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow `CwtchPeer` to control which experiments get access to which events at a given time.\\n\\n#### Pre-Registered Hooks\\n\\nIn order to implement certain functionality actions need to take place in-between events handled by `CwtchPeer`. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).\\n\\nThis is currently only possible with invasive changes to the `CwtchPeer` interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.\\n\\nWe are introducing a new set of Cwtch APIs designed for this purpose:\\n\\n- `OnNewPeerMessage` - hooked prior to inserting the message into the database.\\n- `OnPeerMessageConfirmed` \u2013 hooked after a peer message has been inserted into the database.\\n- `OnEncryptedGroupMessage` \u2013 hooked after receiving an encrypted message from a group server.\\n- `OnGroupMessageReceived` \u2013 hooked after a successful decryption of a group message, but before inserting it into the database.\\n- `OnContactRequestValue` \u2013 hooked on request of a scoped (the permission level of the attribute e.g. `public` or `conversation` level attributes), zoned ( relating to a specific feature e.g. `filesharing` or `chat`), and keyed (the name of the attribute e.g. `name` or `manifest`) value from a contact.\\n- `OnContactReceiveValue` \u2013 hooked on receipt of a requested scoped,zoned, and keyed value from a contact.\\n\\nIncluding the following APIs for managing hooked functionality:\\n\\n- `RegisterEvents` - returns a set of events that the extension is interested processing.\\n- `RegisterExperiments` - returns a set of experiments that the extension is interested in being notified about\\n- `OnEvent` - to be called by `CwtchPeer` whenever an event registered with `RegisterEvents` is called (assuming all experiments registered through `RegisterExperiments` is active)\\n\\n#### `ProtocolEngine` Subsystems\\n\\nAs mentioned in our experiment summary, some functionality needs to be implemented directly in the `ProtocolEngine`. The `ProtocolEngine` is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).\\n\\nSome types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a `ProtocolEngine`.\\n\\nAt the moment is this done through the concept of informal \u201csubsystems\u201d, modular add-ons to `ProtocolEngine` that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider `ProtocolEngine` ecosystem. \\n\\nWe are formalizing this subsystem into an interface, similar to the hooked functionality in `CwtchPeer`:\\n\\n- `RegisterEvents` - returns a set of events that the subsystem needs to consume to operate.\\n- `OnEvent` \u2013 to be called by `ProtocolEngine` whenever an event registered with `RegisterEvents` is called (when all the experiments registered through `RegisterExperiments` are active)\\n- `RegisterContexts` - returns the set of contexts that the subsystem implements e.g. `im.cwtch.filesharing`\\n\\nThis also requires a formalization of two *engine specific* events (for use on the event bus):\\n\\n- `SendCwtchMessage` \u2013 encapsulating the existing `CwtchPeerMessage` that is used internally in `ProtocolEngine` for messages between subsystems.\\n- `CwtchMessageReceived` \u2013 encapsulating the existing `handlePeerMessage` function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.\\n\\nAnd the introduction of three **additional** `ProtocolEnine` specific events:\\n\\n- `StartEngineSubsystem` \u2013 replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.\\n- `StopEngineSubsystem` \u2013 replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.\\n- `SubsystemStatus` \u2013 a generic event that can be published by subsystems with a collection of fields useful for debugging\\n\\nThis will allow us to move the following functionality, currently part of `ProtocolEngine` itself, into generic subsystems:\\n\\n- **Attribute Lookup Handling** - this functionality is currently part of the overloaded `handlePeerMessage` function, filtered using the `Context` parameter of the `CwtchPeerMessage`. As such it can be entirely delegated to a subsystem. \\n- **Filesharing Chunk Request Handling** \u2013 this is also part of handlePeerMessage, also filtered using the `Context` parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by `handlePeerMessage`)\\n- **Filesharing Start File Share/Stop File Share** \u2013 this is currently part of the `handleEvent` behaviour of `ProtocolEngine` and can be moved into an `OnEvent` handler of the file sharing subsystem (where such events are already processed).\\n\\nThe introduction of pre-registered hooks in combination with the formalizations of `ProtocolEngine` subsystems will allow the follow functionality, currently implemented in `CwtchPeer` or libcwtch-go to be moved to standalone packages:\\n\\n- **Filesharing** makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension. \\n - Filesharing also depends on the file sharing subsystem to be enabled in a `ProtocolEngine`. This subsystem is responsible for processing chunk requests.\\n- **Profile Images** \u2013 we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)\\n- **Legacy Groups** \u2013 while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.\\n- **Status/Profile Metadata** \u2013 status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.\\n \\n#### Impact on Enabling (Powerful) New Functionality\\n\\nNone of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:\\n\\n- **Search** \u2013 a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.\\n- **Non Chat Conversation Contexts** - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.\\n\\n## Application Experiments\\n\\nOne kind of experiment we haven\u2019t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting \u2013 this allows a Cwtch desktop client to setup and manage Cwtch Servers.\\n\\nThis kind of functionality doesn\u2019t belong in Cwtchlib \u2013 as it would necessarily introduce unrelated dependencies into the core library.\\n\\nThis functionality also doesn\u2019t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.\\n\\n## Bindings\\n\\nThe last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.\\n\\nWe can split the bindings into four core areas:\\n\\n- **Application Management** - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.\\n- **Application Experiments** - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.\\n- **Core Profile Management** - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.\\n- **Experimental Profile Features** \u2013 auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.\\n\\nThe flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.\\n\\nIn an ideal future, all of these bindings could be **generated automatically** from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)\\n\\nWe can define three types of C/Java/Kotlin interface function templates:\\n\\n- `ProfileMethodName(profilehandle String, args...)` \u2013 which directly resolves the Cwtch Profile and calls the function.\\n- `ProfileExperimentalMethodName(profilehandle String, args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.\\n- `ApplicationExperimentalMethodName(args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.\\n\\nAll we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context `ProfileInterface` for the first, exported methods of the various `Functionalities` for the second, and `ApplicationExperiment` definitions for the third.\\n\\n## Timelines and Next Actions\\n\\n- **Freeze any changes to the bindings interface** - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 \u2013 until we have implemented the proposed changes into cwtchlib.\\n- As part of Cwtch 1.11 and 1.12 Release Cycles\\n - Implement the `ProtocolEngine` Subsystem Design as outlined above.\\n - Implement the Hooks API.\\n - Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib \u2013 with the exception of behaviour related to Application Experiments (i.e. Server Hosting).\\n - Move event handling from the bindings into Application.\\n - Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) \u2013 keeping the existing interface definitions.\\n- Once Automated UI Tests have been integrated into the Cwtch UI Repository:\\n - Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings **and** a dart calling convention library from cwtchlib and any configured application experiments libraries\\n - Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).\\n - At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n## Appendix A: Special Behaviour Defined by libcwtch-go\\n\\nThe following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:\\n\\n- Application Settings\\n - Including Enabling / Disabling Experiment\\n- ACN Process Management - starting/stopping/restarting/configuring Tor.\\n- Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)\\n- Logging Levels - configuring appropriate logging levels (e.g. `INFO` or `DEBUG`)\\n- Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.\\n- UI Contact Structures - aggregating contact information for the main Cwtch UI.\\n- Group Experiment Functionality\\n - Experiment Gating\\n - GetServerInfoList\\n - GetServerInfo\\n - UI Server Struct Definition\\n- Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.\\n- \\"Unencrypted\\" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated \\"unencrypted\\".\\n- Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).\\n- Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.\\n- Cwtch Profile Engine Activation - starting/stopping a `ProtocolEngine` when requested by the UI, or in response to changes in ACN state.\\n- UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.\\n- File sharing restarts \\n- UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn\'t directly embedded within the event (e.g. converting `handle` to a `conversation id`). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.\\n- Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)"},{"id":"path-to-cwtch-stable","metadata":{"permalink":"/blog/path-to-cwtch-stable","source":"@site/blog/2023-01-06-path-to-cwtch-stable.md","title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","date":"2023-01-06T00:00:00.000Z","formattedDate":"January 6, 2023","tags":[{"label":"cwtch","permalink":"/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/blog/tags/planning"}],"readingTime":9.995,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","slug":"path-to-cwtch-stable","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable API Design","permalink":"/blog/cwtch-stable-api-design"}},"content":"As of December 2022 we have released 10 versions of Cwtch Beta since the [initial launch, 18 months ago, in June 2021](https://openprivacy.ca/discreet-log/10-cwtch-beta-and-beyond/).\\n\\nThere is a consensus among the team that the next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable.\\n\\nThis post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.\\n\\n![](/img/devlog1.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Tenets of Cwtch Stable\\n\\nIt is important to state that Cwtch Stable **does not mean an end to Cwtch development**. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:\\n\\n1. **Consistent Interface** \u2013 each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.\\n2. **Universal Availability and Cohesive Support** \u2013 people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\n3. **Reproducible Builds** \u2013 Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.\\n4. **Proven Security** \u2013 we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.\\n\\n### Known Problems\\n\\nTo begin, let\'s outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.\\n\\n1. **Lack of a Stable API for future feature development** \u2013 while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)\\n2. **Special functionality in libCwtch-go** \u2013 our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)\\n3. **libCwtch-rs partial support** - we currently do not officially consider [libCwtch-rs](https://lib.rs/crates/libcwtch) when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)\\n4. **Lack of Reproducible Pipelines** - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)\\n5. **Lack of up to date, and translated, Security Documentation** \u2013 the [Cwtch security handbook](https://docs.openprivacy.ca/cwtch-security-handbook/) is currently isolated from the rest of our documentation and doesn\u2019t benefit from cross-linking, or translations. (Tenet 4)\\n6. **No Automated UI Tests** \u2013 we put a lot of work into [building out a testing framework for the UI](https://openprivacy.ca/discreet-log/23-cucumber-testing/), but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)\\n7. **Code Signing Provider** \u2013 our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)\\n8. **Second-class Android Support** - while we have put [a lot of effort behind Android support](https://openprivacy.ca/discreet-log/27-android-improvements/) across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)\\n9. **Lack of Fuzzing** \u2013 while [Fuzzbot](https://openprivacy.ca/discreet-log/07-fuzzbot/) sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)\\n10. **Lack of Formal Release Acceptance Process** \u2013 currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to \u201cunrelated\u201d changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)\\n11. **Inconsistent Cwtch Information Discovery** \u2013 our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)\\n12. **Incomplete Documentation** \u2013 docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)\\n\\n### Plan of Action\\n\\nOutside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:\\n\\n1. **Define, Publish, and Implement a Cwtch Interface Specification Documentation** \u2013 this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)\\n2. **Define, Publish, and Implement a Cwtch Release Process** \u2013 this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)\\n3. **Define, Publish, and Implement a Cwtch Support Document** - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)\\n4. **Define, Publish, and Implement a Cwtch Packaging Document** - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)\\n5. **Define, Publish, and Implement a Reproducible Builds Document** \u2013 this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)\\n6. **Expand the Cwtch Documentation Site** \u2013 to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)\\n7. **Expand our Automated Testing to include UI and Fuzzing** - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)\\n8. **Re-evaluate all Issues across all Cwtch related repositories** \u2013 issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don\u2019t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.\\n9. **Define a Stable Feature Set** \u2013 there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)\\n\\n### Goals and Timelines\\n\\nWith all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:\\n\\n1. By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).\\n2. By **1st February 2023**, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.\\n3. By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.\\n4. By **31st March 2023**, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).\\n5. By **31st March 2023** the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.\\n6. By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.\\n7. By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.\\n8. By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.\\n\\nAs these documents are written, and these goals met we will be posting them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, Cwtch development.\\n\\n### Help us get there!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"}]}')}}]); \ No newline at end of file diff --git a/build-staging/assets/js/d548bd8c.29648df2.js b/build-staging/assets/js/d548bd8c.29648df2.js new file mode 100644 index 00000000..de74ba9f --- /dev/null +++ b/build-staging/assets/js/d548bd8c.29648df2.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2006],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var a=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,a)}return r}function l(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var c=a.createContext({}),s=function(e){var t=a.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=s(e.components);return a.createElement(c.Provider,{value:t},e.children)},p="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},b=a.forwardRef((function(e,t){var r=e.components,i=e.mdxType,n=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),p=s(r),b=i,g=p["".concat(c,".").concat(b)]||p[b]||d[b]||n;return r?a.createElement(g,l(l({ref:t},u),{},{components:r})):a.createElement(g,l({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var n=r.length,l=new Array(n);l[0]=b;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o[p]="string"==typeof e?e:i,l[1]=o;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>d,frontMatter:()=>n,metadata:()=>o,toc:()=>s});var a=r(7462),i=(r(7294),r(3905));const n={title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},l=void 0,o={permalink:"/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Progress Towards Reproducible UI Builds",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"July 14, 2023",tags:[{label:"cwtch",permalink:"/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/blog/tags/bindings"},{label:"repliqate",permalink:"/blog/tags/repliqate"}],readingTime:4.16,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/blog/cwtch-stable-roadmap-update-june"}},c={authorsImageUrls:[void 0]},s=[],u={toc:s},p="wrapper";function d(e){let{components:t,...n}=e;return(0,i.kt)(p,(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,i.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,i.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,i.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,i.kt)("p",null,(0,i.kt)("img",{src:r(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,r)=>{r.d(t,{Z:()=>a});const a=r.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/assets/js/d548bd8c.a7ba3afd.js b/build-staging/assets/js/d548bd8c.a7ba3afd.js deleted file mode 100644 index 718f7070..00000000 --- a/build-staging/assets/js/d548bd8c.a7ba3afd.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2006],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var i=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,i)}return r}function l(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);for(i=0;i=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=i.createContext({}),s=function(e){var t=i.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=s(e.components);return i.createElement(c.Provider,{value:t},e.children)},p="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return i.createElement(i.Fragment,{},t)}},b=i.forwardRef((function(e,t){var r=e.components,a=e.mdxType,n=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),p=s(r),b=a,g=p["".concat(c,".").concat(b)]||p[b]||d[b]||n;return r?i.createElement(g,l(l({ref:t},u),{},{components:r})):i.createElement(g,l({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var n=r.length,l=new Array(n);l[0]=b;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o[p]="string"==typeof e?e:a,l[1]=o;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>d,frontMatter:()=>n,metadata:()=>o,toc:()=>s});var i=r(7462),a=(r(7294),r(3905));const n={title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},l=void 0,o={permalink:"/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Cwtch UI Reproducible Builds (Linux)",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"July 14, 2023",tags:[{label:"cwtch",permalink:"/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/blog/tags/bindings"},{label:"repliqate",permalink:"/blog/tags/repliqate"}],readingTime:4.06,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/blog/cwtch-stable-roadmap-update-june"}},c={authorsImageUrls:[void 0]},s=[],u={toc:s},p="wrapper";function d(e){let{components:t,...n}=e;return(0,a.kt)(p,(0,i.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,a.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,a.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,a.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,a.kt)("p",null,(0,a.kt)("img",{src:r(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,r)=>{r.d(t,{Z:()=>i});const i=r.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/assets/js/runtime~main.11fb6ff1.js b/build-staging/assets/js/runtime~main.cc052f09.js similarity index 95% rename from build-staging/assets/js/runtime~main.11fb6ff1.js rename to build-staging/assets/js/runtime~main.cc052f09.js index b24130c7..9d5c5f80 100644 --- a/build-staging/assets/js/runtime~main.11fb6ff1.js +++ b/build-staging/assets/js/runtime~main.cc052f09.js @@ -1 +1 @@ -(()=>{"use strict";var e,a,c,f,d,b={},t={};function r(e){var a=t[e];if(void 0!==a)return a.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return b[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=b,r.c=t,e=[],r.O=(a,c,f,d)=>{if(!c){var b=1/0;for(i=0;i=d)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,d0&&e[i-1][2]>d;i--)e[i]=e[i-1];e[i]=[c,f,d]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a:a}),a},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,f){if(1&f&&(e=this(e)),8&f)return e;if("object"==typeof e&&e){if(4&f&&e.__esModule)return e;if(16&f&&"function"==typeof e.then)return e}var d=Object.create(null);r.r(d);var b={};a=a||[null,c({}),c([]),c(c)];for(var t=2&f&&e;"object"==typeof t&&!~a.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((a=>b[a]=()=>e[a]));return b.default=()=>e,r.d(d,b),d},r.d=(e,a)=>{for(var c in a)r.o(a,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:a[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,c)=>(r.f[c](e,a),a)),[])),r.u=e=>"assets/js/"+({1:"8eb4e46b",10:"acb99df2",53:"935f2afb",129:"238b6b00",176:"709d36d8",198:"6015355d",205:"83d480e9",225:"3152febb",266:"b1e57def",276:"fb3c1916",439:"6a78f460",533:"b2b675dd",564:"dc3c323e",610:"bfc2e843",712:"697a71fd",730:"414c86b4",732:"553b7761",788:"4d27f429",815:"1252ef76",890:"a84d2af0",923:"5dc151e9",962:"1af46bd3",1088:"44fbbcc6",1174:"15d993af",1179:"ce4b3243",1199:"fd27e325",1234:"7dfbf03e",1258:"9e2a7473",1312:"9f1c7621",1315:"5a5e3510",1367:"a430b379",1415:"992a3bb7",1477:"b2f554cd",1586:"7650afbf",1596:"eb183be6",1598:"4912a2e0",1602:"a8c7fdc6",1713:"a7023ddc",1800:"a08943ae",1970:"7daa3c80",1979:"fe1dd7ae",1987:"ed85aa58",2006:"d548bd8c",2073:"2ffd7dc7",2184:"f76a3b8e",2221:"c9a691cf",2322:"67152af3",2535:"814f3328",2562:"437de1b1",2612:"c4773fe1",2688:"9dd8190d",2700:"f96ae61b",2852:"22069e6c",2909:"5cb298ca",3080:"06a743f0",3089:"a6aa9e1f",3171:"5b4e4bee",3213:"d6a44406",3218:"af23c5f9",3412:"a6f005ae",3429:"34cd4dc6",3478:"628b3074",3492:"a02b4022",3516:"4f68bcc6",3608:"9e4087bc",3625:"986bf1b5",3628:"9d21518d",3761:"c96c5262",3838:"97a045eb",3965:"7285d864",4003:"efb69e30",4013:"01a85c17",4052:"1b4ba274",4059:"f92b996b",4078:"4bb443f0",4186:"09058439",4195:"c4f5d8e4",4325:"f47fcb38",4415:"a6882456",4704:"16838ca5",4710:"ebdffa2e",4729:"b59bb8da",4788:"1ebd8798",4842:"c42e2be1",4995:"e4fed92d",4998:"48119dbc",5006:"49ced744",5035:"cc8d20ec",5226:"f041e880",5230:"d39fd6c2",5233:"8fe7a387",5273:"bf059cf9",5327:"eb09219a",5497:"917e8196",5532:"ef78badf",5586:"7df3f7bb",5696:"081d7fe1",5732:"1a25c548",5869:"d5f314f9",5876:"0991cafe",5905:"824a28c6",5940:"b273a073",5941:"a9159543",6033:"76493ef6",6103:"ccc49370",6126:"a9d2d00e",6241:"f146017a",6291:"a34f2ac7",6297:"2853a99a",6341:"bb772baa",6363:"fc0ce2b3",6368:"4e8da046",6435:"a19b8c23",6471:"8ec965fd",6494:"df814c0d",6515:"5420a7ba",6539:"cda43b61",6555:"6275ceb4",6562:"0a9e402c",6585:"e88d32a9",6682:"dc098020",6927:"693f9c9e",6946:"55d4c988",6965:"ce314f92",6971:"442b4cb8",6972:"3ce57273",7011:"e92b958d",7139:"3db42865",7143:"5a3f34f2",7222:"0be9de06",7293:"141cdfa9",7294:"3b599162",7322:"c11bf3c5",7438:"9c021584",7479:"5f6192c8",7499:"2c8522e6",7531:"13bbad87",7538:"142f86d0",7591:"a65a3c47",7594:"53cc4802",7649:"c14f15fd",7667:"ef243df7",7710:"5b041459",7782:"3a109bd3",7797:"4aa555c3",7820:"ed9713f0",7860:"b0404c31",7875:"947e3a34",7918:"17896441",7992:"663d5f0b",8017:"6b72ab5e",8073:"003ad223",8141:"98da7451",8192:"5e5faacc",8194:"c2081115",8266:"41c638ee",8292:"e62fac9c",8351:"840bb092",8389:"975564ee",8392:"15b89b76",8430:"f4bfc819",8588:"6575cef9",8589:"c063e42f",8610:"6875c492",8639:"ac6c2a1e",8655:"89c52e74",8710:"0d64c1d9",8786:"f928e8d9",8793:"39c54b43",8835:"c747432f",8849:"b5c61d38",8858:"d66d73fd",9038:"0e3e2a9e",9072:"76913e45",9140:"1944a0c9",9146:"c94c4dfb",9200:"43b107c1",9239:"a6fe627e",9249:"9b12a270",9287:"6d453d64",9376:"43521719",9398:"017f0ba6",9444:"5beee875",9514:"1be78505",9595:"3e7ae638",9667:"38f00f86",9671:"0e384e19",9726:"4e96e24f",9759:"89f86a37",9767:"9bb37799",9817:"14eb3368",9899:"1075f7cd",9936:"c33e2c0d",9976:"a79c88c2"}[e]||e)+"."+{1:"01ff49ed",10:"4a3f86af",53:"cdf3516a",129:"1d778162",176:"7ce37739",198:"4a88dcd8",205:"493a1628",225:"21d88be4",266:"39caf8a6",276:"6ddb0beb",439:"b63275b7",533:"f1b7c191",564:"a0698420",610:"2c458193",712:"731c5d0b",730:"d09cba17",732:"097b3d41",788:"42bfc139",815:"288a11c6",890:"0ba3901c",923:"3afedfb7",962:"2c226ae2",1088:"1ad2a97d",1174:"9c2602b6",1179:"db7c61a0",1199:"8533fcdc",1234:"f0688a66",1258:"1020ed04",1312:"9c0d80ed",1315:"d3615000",1367:"27ce347a",1415:"e91a6bcf",1477:"813c313e",1586:"8584622c",1596:"523c05ca",1598:"2e9a5c81",1602:"649793e5",1713:"faeeffd7",1800:"a0db67c9",1970:"f196e6d6",1979:"81e23f94",1987:"fdf5814c",2006:"a7ba3afd",2073:"c74ecef6",2184:"18e5a4dd",2221:"bfed5992",2322:"b56258c2",2535:"0e4f9c9a",2562:"df91c06b",2612:"81d125b1",2688:"f34b30a9",2700:"6149bc06",2852:"c353e095",2909:"ec2236e7",3080:"19661996",3089:"4532b4f8",3171:"56fd8448",3213:"d039bfdb",3218:"7089b1b0",3412:"c6681c92",3429:"57acc729",3478:"b8e971a6",3492:"90907439",3516:"d9b156bf",3608:"582408aa",3625:"1e9911cc",3628:"b4fade03",3761:"b335245d",3838:"5c55b238",3965:"e6f36735",4003:"634fd7c7",4013:"fbcc85f1",4052:"735f448d",4059:"b1944282",4078:"64d3db4a",4186:"25ec1464",4195:"ea3b76f3",4325:"8650616e",4415:"7303ae16",4704:"b3f6deb7",4710:"d46295b6",4729:"f0b56cc8",4788:"da59dcf0",4842:"c4a9586b",4972:"486cf118",4995:"91dd9f20",4998:"2ba7a442",5006:"7145707c",5035:"cf2d6d7c",5226:"789e430d",5230:"0adaf6be",5233:"3b916c07",5273:"125608d5",5327:"8186cc5c",5497:"077d63dd",5532:"d2787367",5586:"1bb99fc4",5696:"e8b72cc5",5732:"ad39b6db",5869:"1dc05f26",5876:"43489a9e",5905:"3dec41f3",5940:"90186f14",5941:"799d02e8",6033:"26af640a",6048:"9165c150",6103:"c18e6548",6126:"8d3943df",6241:"7693dec7",6291:"72611369",6297:"dbc78f5b",6341:"ee2022e0",6363:"be0538c9",6368:"a5a18258",6435:"380ff2ab",6471:"ad8c53ac",6494:"33d74f39",6515:"5c51bc2c",6539:"56b225ab",6555:"9ce4f8c9",6562:"5921f26c",6585:"ff20b8ba",6682:"5e625d3e",6927:"b37a5356",6946:"c864224a",6965:"81151742",6971:"b137ee85",6972:"f5cb4514",7011:"0d8dfab1",7139:"27ab3fca",7143:"64523ca8",7222:"e2a9d663",7293:"9bc9258c",7294:"4579cba4",7322:"171064ae",7438:"82717406",7479:"8175778b",7499:"59a45b23",7531:"9e7d5b62",7538:"3d7e3bf1",7591:"bfeca907",7594:"52e4a8c3",7649:"884891e7",7667:"f9f0874b",7710:"73b0c096",7782:"e6ac824e",7797:"21c48443",7820:"54ba7352",7860:"48ec076b",7875:"7609aa54",7918:"27340309",7992:"43de0547",8017:"b5057beb",8073:"d75008d1",8141:"9df2feb9",8192:"56cc8faf",8194:"5e6d9476",8266:"bf4c73bb",8292:"e9afbbbd",8351:"485f8fcf",8389:"8216ecd4",8392:"0decb8fe",8430:"56ce47de",8588:"c5f6ea1e",8589:"ebf0125c",8610:"3614e398",8639:"de6fd122",8655:"28f84d12",8710:"74de1478",8786:"6c170e10",8793:"233cd6e2",8835:"a1ef6af4",8849:"b2aae603",8858:"ef585879",9038:"3b8ab0bf",9072:"2fe9ae09",9140:"67f57568",9146:"5e3bcaf2",9200:"0fa4ee7a",9239:"b2883d9a",9249:"bb5deec9",9287:"4bb55d29",9376:"fff4da5d",9398:"ffa97e44",9444:"70ab5e61",9514:"c2da882e",9595:"2d4495ca",9667:"2fc26296",9671:"73b04fc3",9726:"ebb3805a",9759:"e6d969cf",9767:"506f4b14",9785:"e0c467d7",9817:"5ac78d9e",9899:"052af3ab",9936:"e031ee49",9976:"e76d7c3e"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),f={},d="user-handbook:",r.l=(e,a,c,b)=>{if(f[e])f[e].push(a);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var d=f[e];if(delete f[e],t.parentNode&&t.parentNode.removeChild(t),d&&d.forEach((e=>e(c))),a)return a(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={17896441:"7918",43521719:"9376","8eb4e46b":"1",acb99df2:"10","935f2afb":"53","238b6b00":"129","709d36d8":"176","6015355d":"198","83d480e9":"205","3152febb":"225",b1e57def:"266",fb3c1916:"276","6a78f460":"439",b2b675dd:"533",dc3c323e:"564",bfc2e843:"610","697a71fd":"712","414c86b4":"730","553b7761":"732","4d27f429":"788","1252ef76":"815",a84d2af0:"890","5dc151e9":"923","1af46bd3":"962","44fbbcc6":"1088","15d993af":"1174",ce4b3243:"1179",fd27e325:"1199","7dfbf03e":"1234","9e2a7473":"1258","9f1c7621":"1312","5a5e3510":"1315",a430b379:"1367","992a3bb7":"1415",b2f554cd:"1477","7650afbf":"1586",eb183be6:"1596","4912a2e0":"1598",a8c7fdc6:"1602",a7023ddc:"1713",a08943ae:"1800","7daa3c80":"1970",fe1dd7ae:"1979",ed85aa58:"1987",d548bd8c:"2006","2ffd7dc7":"2073",f76a3b8e:"2184",c9a691cf:"2221","67152af3":"2322","814f3328":"2535","437de1b1":"2562",c4773fe1:"2612","9dd8190d":"2688",f96ae61b:"2700","22069e6c":"2852","5cb298ca":"2909","06a743f0":"3080",a6aa9e1f:"3089","5b4e4bee":"3171",d6a44406:"3213",af23c5f9:"3218",a6f005ae:"3412","34cd4dc6":"3429","628b3074":"3478",a02b4022:"3492","4f68bcc6":"3516","9e4087bc":"3608","986bf1b5":"3625","9d21518d":"3628",c96c5262:"3761","97a045eb":"3838","7285d864":"3965",efb69e30:"4003","01a85c17":"4013","1b4ba274":"4052",f92b996b:"4059","4bb443f0":"4078","09058439":"4186",c4f5d8e4:"4195",f47fcb38:"4325",a6882456:"4415","16838ca5":"4704",ebdffa2e:"4710",b59bb8da:"4729","1ebd8798":"4788",c42e2be1:"4842",e4fed92d:"4995","48119dbc":"4998","49ced744":"5006",cc8d20ec:"5035",f041e880:"5226",d39fd6c2:"5230","8fe7a387":"5233",bf059cf9:"5273",eb09219a:"5327","917e8196":"5497",ef78badf:"5532","7df3f7bb":"5586","081d7fe1":"5696","1a25c548":"5732",d5f314f9:"5869","0991cafe":"5876","824a28c6":"5905",b273a073:"5940",a9159543:"5941","76493ef6":"6033",ccc49370:"6103",a9d2d00e:"6126",f146017a:"6241",a34f2ac7:"6291","2853a99a":"6297",bb772baa:"6341",fc0ce2b3:"6363","4e8da046":"6368",a19b8c23:"6435","8ec965fd":"6471",df814c0d:"6494","5420a7ba":"6515",cda43b61:"6539","6275ceb4":"6555","0a9e402c":"6562",e88d32a9:"6585",dc098020:"6682","693f9c9e":"6927","55d4c988":"6946",ce314f92:"6965","442b4cb8":"6971","3ce57273":"6972",e92b958d:"7011","3db42865":"7139","5a3f34f2":"7143","0be9de06":"7222","141cdfa9":"7293","3b599162":"7294",c11bf3c5:"7322","9c021584":"7438","5f6192c8":"7479","2c8522e6":"7499","13bbad87":"7531","142f86d0":"7538",a65a3c47:"7591","53cc4802":"7594",c14f15fd:"7649",ef243df7:"7667","5b041459":"7710","3a109bd3":"7782","4aa555c3":"7797",ed9713f0:"7820",b0404c31:"7860","947e3a34":"7875","663d5f0b":"7992","6b72ab5e":"8017","003ad223":"8073","98da7451":"8141","5e5faacc":"8192",c2081115:"8194","41c638ee":"8266",e62fac9c:"8292","840bb092":"8351","975564ee":"8389","15b89b76":"8392",f4bfc819:"8430","6575cef9":"8588",c063e42f:"8589","6875c492":"8610",ac6c2a1e:"8639","89c52e74":"8655","0d64c1d9":"8710",f928e8d9:"8786","39c54b43":"8793",c747432f:"8835",b5c61d38:"8849",d66d73fd:"8858","0e3e2a9e":"9038","76913e45":"9072","1944a0c9":"9140",c94c4dfb:"9146","43b107c1":"9200",a6fe627e:"9239","9b12a270":"9249","6d453d64":"9287","017f0ba6":"9398","5beee875":"9444","1be78505":"9514","3e7ae638":"9595","38f00f86":"9667","0e384e19":"9671","4e96e24f":"9726","89f86a37":"9759","9bb37799":"9767","14eb3368":"9817","1075f7cd":"9899",c33e2c0d:"9936",a79c88c2:"9976"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(a,c)=>{var f=r.o(e,a)?e[a]:void 0;if(0!==f)if(f)c.push(f[2]);else if(/^(1303|532)$/.test(a))e[a]=0;else{var d=new Promise(((c,d)=>f=e[a]=[c,d]));c.push(f[2]=d);var b=r.p+r.u(a),t=new Error;r.l(b,(c=>{if(r.o(e,a)&&(0!==(f=e[a])&&(e[a]=void 0),f)){var d=c&&("load"===c.type?"missing":c.type),b=c&&c.target&&c.target.src;t.message="Loading chunk "+a+" failed.\n("+d+": "+b+")",t.name="ChunkLoadError",t.type=d,t.request=b,f[1](t)}}),"chunk-"+a,a)}},r.O.j=a=>0===e[a];var a=(a,c)=>{var f,d,b=c[0],t=c[1],o=c[2],n=0;if(b.some((a=>0!==e[a]))){for(f in t)r.o(t,f)&&(r.m[f]=t[f]);if(o)var i=o(r)}for(a&&a(c);n{"use strict";var e,a,c,f,d,b={},t={};function r(e){var a=t[e];if(void 0!==a)return a.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return b[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=b,r.c=t,e=[],r.O=(a,c,f,d)=>{if(!c){var b=1/0;for(i=0;i=d)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,d0&&e[i-1][2]>d;i--)e[i]=e[i-1];e[i]=[c,f,d]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a:a}),a},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,f){if(1&f&&(e=this(e)),8&f)return e;if("object"==typeof e&&e){if(4&f&&e.__esModule)return e;if(16&f&&"function"==typeof e.then)return e}var d=Object.create(null);r.r(d);var b={};a=a||[null,c({}),c([]),c(c)];for(var t=2&f&&e;"object"==typeof t&&!~a.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((a=>b[a]=()=>e[a]));return b.default=()=>e,r.d(d,b),d},r.d=(e,a)=>{for(var c in a)r.o(a,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:a[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,c)=>(r.f[c](e,a),a)),[])),r.u=e=>"assets/js/"+({1:"8eb4e46b",10:"acb99df2",53:"935f2afb",129:"238b6b00",176:"709d36d8",198:"6015355d",205:"83d480e9",225:"3152febb",266:"b1e57def",276:"fb3c1916",439:"6a78f460",533:"b2b675dd",564:"dc3c323e",610:"bfc2e843",712:"697a71fd",730:"414c86b4",732:"553b7761",788:"4d27f429",815:"1252ef76",890:"a84d2af0",923:"5dc151e9",962:"1af46bd3",1088:"44fbbcc6",1174:"15d993af",1179:"ce4b3243",1199:"fd27e325",1234:"7dfbf03e",1258:"9e2a7473",1312:"9f1c7621",1315:"5a5e3510",1367:"a430b379",1415:"992a3bb7",1477:"b2f554cd",1586:"7650afbf",1596:"eb183be6",1598:"4912a2e0",1602:"a8c7fdc6",1713:"a7023ddc",1800:"a08943ae",1970:"7daa3c80",1979:"fe1dd7ae",1987:"ed85aa58",2006:"d548bd8c",2073:"2ffd7dc7",2184:"f76a3b8e",2221:"c9a691cf",2322:"67152af3",2535:"814f3328",2562:"437de1b1",2612:"c4773fe1",2688:"9dd8190d",2700:"f96ae61b",2852:"22069e6c",2909:"5cb298ca",3080:"06a743f0",3089:"a6aa9e1f",3171:"5b4e4bee",3213:"d6a44406",3218:"af23c5f9",3412:"a6f005ae",3429:"34cd4dc6",3478:"628b3074",3492:"a02b4022",3516:"4f68bcc6",3608:"9e4087bc",3625:"986bf1b5",3628:"9d21518d",3761:"c96c5262",3838:"97a045eb",3965:"7285d864",4003:"efb69e30",4013:"01a85c17",4052:"1b4ba274",4059:"f92b996b",4078:"4bb443f0",4186:"09058439",4195:"c4f5d8e4",4325:"f47fcb38",4415:"a6882456",4704:"16838ca5",4710:"ebdffa2e",4729:"b59bb8da",4788:"1ebd8798",4842:"c42e2be1",4995:"e4fed92d",4998:"48119dbc",5006:"49ced744",5035:"cc8d20ec",5226:"f041e880",5230:"d39fd6c2",5233:"8fe7a387",5273:"bf059cf9",5327:"eb09219a",5497:"917e8196",5532:"ef78badf",5586:"7df3f7bb",5696:"081d7fe1",5732:"1a25c548",5869:"d5f314f9",5876:"0991cafe",5905:"824a28c6",5940:"b273a073",5941:"a9159543",6033:"76493ef6",6103:"ccc49370",6126:"a9d2d00e",6241:"f146017a",6291:"a34f2ac7",6297:"2853a99a",6341:"bb772baa",6363:"fc0ce2b3",6368:"4e8da046",6435:"a19b8c23",6471:"8ec965fd",6494:"df814c0d",6515:"5420a7ba",6539:"cda43b61",6555:"6275ceb4",6562:"0a9e402c",6585:"e88d32a9",6682:"dc098020",6927:"693f9c9e",6946:"55d4c988",6965:"ce314f92",6971:"442b4cb8",6972:"3ce57273",7011:"e92b958d",7139:"3db42865",7143:"5a3f34f2",7222:"0be9de06",7293:"141cdfa9",7294:"3b599162",7322:"c11bf3c5",7438:"9c021584",7479:"5f6192c8",7499:"2c8522e6",7531:"13bbad87",7538:"142f86d0",7591:"a65a3c47",7594:"53cc4802",7649:"c14f15fd",7667:"ef243df7",7710:"5b041459",7782:"3a109bd3",7797:"4aa555c3",7820:"ed9713f0",7860:"b0404c31",7875:"947e3a34",7918:"17896441",7992:"663d5f0b",8017:"6b72ab5e",8073:"003ad223",8141:"98da7451",8192:"5e5faacc",8194:"c2081115",8266:"41c638ee",8292:"e62fac9c",8351:"840bb092",8389:"975564ee",8392:"15b89b76",8430:"f4bfc819",8588:"6575cef9",8589:"c063e42f",8610:"6875c492",8639:"ac6c2a1e",8655:"89c52e74",8710:"0d64c1d9",8786:"f928e8d9",8793:"39c54b43",8835:"c747432f",8849:"b5c61d38",8858:"d66d73fd",9038:"0e3e2a9e",9072:"76913e45",9140:"1944a0c9",9146:"c94c4dfb",9200:"43b107c1",9239:"a6fe627e",9249:"9b12a270",9287:"6d453d64",9376:"43521719",9398:"017f0ba6",9444:"5beee875",9514:"1be78505",9595:"3e7ae638",9667:"38f00f86",9671:"0e384e19",9726:"4e96e24f",9759:"89f86a37",9767:"9bb37799",9817:"14eb3368",9899:"1075f7cd",9936:"c33e2c0d",9976:"a79c88c2"}[e]||e)+"."+{1:"01ff49ed",10:"4a3f86af",53:"cdf3516a",129:"1d778162",176:"7ce37739",198:"4a88dcd8",205:"493a1628",225:"21d88be4",266:"39caf8a6",276:"6ddb0beb",439:"b63275b7",533:"f1b7c191",564:"a0698420",610:"2c458193",712:"731c5d0b",730:"d09cba17",732:"097b3d41",788:"42bfc139",815:"288a11c6",890:"e901c84c",923:"3afedfb7",962:"2c226ae2",1088:"1ad2a97d",1174:"9c2602b6",1179:"db7c61a0",1199:"8533fcdc",1234:"f0688a66",1258:"1020ed04",1312:"9c0d80ed",1315:"d3615000",1367:"27ce347a",1415:"e91a6bcf",1477:"173c6b6d",1586:"8584622c",1596:"523c05ca",1598:"2e9a5c81",1602:"649793e5",1713:"faeeffd7",1800:"a0db67c9",1970:"f196e6d6",1979:"81e23f94",1987:"fdf5814c",2006:"29648df2",2073:"c74ecef6",2184:"18e5a4dd",2221:"bfed5992",2322:"b56258c2",2535:"2c1aa583",2562:"df91c06b",2612:"81d125b1",2688:"f34b30a9",2700:"6149bc06",2852:"c353e095",2909:"ec2236e7",3080:"19661996",3089:"4532b4f8",3171:"56fd8448",3213:"d039bfdb",3218:"7089b1b0",3412:"14b0ebfe",3429:"57acc729",3478:"b8e971a6",3492:"90907439",3516:"d9b156bf",3608:"582408aa",3625:"1e9911cc",3628:"b4fade03",3761:"b335245d",3838:"5c55b238",3965:"e6f36735",4003:"634fd7c7",4013:"fbcc85f1",4052:"735f448d",4059:"b1944282",4078:"64d3db4a",4186:"25ec1464",4195:"ea3b76f3",4325:"8650616e",4415:"7303ae16",4704:"b3f6deb7",4710:"d46295b6",4729:"f0b56cc8",4788:"da59dcf0",4842:"c4a9586b",4972:"486cf118",4995:"91dd9f20",4998:"2ba7a442",5006:"7145707c",5035:"cf2d6d7c",5226:"789e430d",5230:"0adaf6be",5233:"3b916c07",5273:"125608d5",5327:"8186cc5c",5497:"077d63dd",5532:"d2787367",5586:"1bb99fc4",5696:"e8b72cc5",5732:"ad39b6db",5869:"1dc05f26",5876:"a097f6b1",5905:"3dec41f3",5940:"90186f14",5941:"799d02e8",6033:"26af640a",6048:"9165c150",6103:"c18e6548",6126:"8d3943df",6241:"7693dec7",6291:"72611369",6297:"dbc78f5b",6341:"ee2022e0",6363:"be0538c9",6368:"a5a18258",6435:"380ff2ab",6471:"ad8c53ac",6494:"33d74f39",6515:"5c51bc2c",6539:"56b225ab",6555:"9ce4f8c9",6562:"5921f26c",6585:"ff20b8ba",6682:"5e625d3e",6927:"b37a5356",6946:"c864224a",6965:"81151742",6971:"b137ee85",6972:"f5cb4514",7011:"0d8dfab1",7139:"27ab3fca",7143:"64523ca8",7222:"e2a9d663",7293:"9bc9258c",7294:"4579cba4",7322:"171064ae",7438:"82717406",7479:"8175778b",7499:"59a45b23",7531:"9e7d5b62",7538:"3d7e3bf1",7591:"bfeca907",7594:"52e4a8c3",7649:"884891e7",7667:"f9f0874b",7710:"73b0c096",7782:"e6ac824e",7797:"21c48443",7820:"54ba7352",7860:"48ec076b",7875:"7609aa54",7918:"27340309",7992:"43de0547",8017:"b5057beb",8073:"d75008d1",8141:"9df2feb9",8192:"56cc8faf",8194:"5e6d9476",8266:"bf4c73bb",8292:"e9afbbbd",8351:"485f8fcf",8389:"8216ecd4",8392:"0decb8fe",8430:"56ce47de",8588:"c5f6ea1e",8589:"ebf0125c",8610:"3614e398",8639:"de6fd122",8655:"28f84d12",8710:"74de1478",8786:"6c170e10",8793:"233cd6e2",8835:"a1ef6af4",8849:"b2aae603",8858:"ef585879",9038:"3b8ab0bf",9072:"2fe9ae09",9140:"67f57568",9146:"5e3bcaf2",9200:"0fa4ee7a",9239:"b2883d9a",9249:"bb5deec9",9287:"4bb55d29",9376:"fff4da5d",9398:"ffa97e44",9444:"70ab5e61",9514:"c2da882e",9595:"2d4495ca",9667:"2fc26296",9671:"73b04fc3",9726:"ebb3805a",9759:"e6d969cf",9767:"506f4b14",9785:"e0c467d7",9817:"5ac78d9e",9899:"052af3ab",9936:"e031ee49",9976:"e76d7c3e"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),f={},d="user-handbook:",r.l=(e,a,c,b)=>{if(f[e])f[e].push(a);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var d=f[e];if(delete f[e],t.parentNode&&t.parentNode.removeChild(t),d&&d.forEach((e=>e(c))),a)return a(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={17896441:"7918",43521719:"9376","8eb4e46b":"1",acb99df2:"10","935f2afb":"53","238b6b00":"129","709d36d8":"176","6015355d":"198","83d480e9":"205","3152febb":"225",b1e57def:"266",fb3c1916:"276","6a78f460":"439",b2b675dd:"533",dc3c323e:"564",bfc2e843:"610","697a71fd":"712","414c86b4":"730","553b7761":"732","4d27f429":"788","1252ef76":"815",a84d2af0:"890","5dc151e9":"923","1af46bd3":"962","44fbbcc6":"1088","15d993af":"1174",ce4b3243:"1179",fd27e325:"1199","7dfbf03e":"1234","9e2a7473":"1258","9f1c7621":"1312","5a5e3510":"1315",a430b379:"1367","992a3bb7":"1415",b2f554cd:"1477","7650afbf":"1586",eb183be6:"1596","4912a2e0":"1598",a8c7fdc6:"1602",a7023ddc:"1713",a08943ae:"1800","7daa3c80":"1970",fe1dd7ae:"1979",ed85aa58:"1987",d548bd8c:"2006","2ffd7dc7":"2073",f76a3b8e:"2184",c9a691cf:"2221","67152af3":"2322","814f3328":"2535","437de1b1":"2562",c4773fe1:"2612","9dd8190d":"2688",f96ae61b:"2700","22069e6c":"2852","5cb298ca":"2909","06a743f0":"3080",a6aa9e1f:"3089","5b4e4bee":"3171",d6a44406:"3213",af23c5f9:"3218",a6f005ae:"3412","34cd4dc6":"3429","628b3074":"3478",a02b4022:"3492","4f68bcc6":"3516","9e4087bc":"3608","986bf1b5":"3625","9d21518d":"3628",c96c5262:"3761","97a045eb":"3838","7285d864":"3965",efb69e30:"4003","01a85c17":"4013","1b4ba274":"4052",f92b996b:"4059","4bb443f0":"4078","09058439":"4186",c4f5d8e4:"4195",f47fcb38:"4325",a6882456:"4415","16838ca5":"4704",ebdffa2e:"4710",b59bb8da:"4729","1ebd8798":"4788",c42e2be1:"4842",e4fed92d:"4995","48119dbc":"4998","49ced744":"5006",cc8d20ec:"5035",f041e880:"5226",d39fd6c2:"5230","8fe7a387":"5233",bf059cf9:"5273",eb09219a:"5327","917e8196":"5497",ef78badf:"5532","7df3f7bb":"5586","081d7fe1":"5696","1a25c548":"5732",d5f314f9:"5869","0991cafe":"5876","824a28c6":"5905",b273a073:"5940",a9159543:"5941","76493ef6":"6033",ccc49370:"6103",a9d2d00e:"6126",f146017a:"6241",a34f2ac7:"6291","2853a99a":"6297",bb772baa:"6341",fc0ce2b3:"6363","4e8da046":"6368",a19b8c23:"6435","8ec965fd":"6471",df814c0d:"6494","5420a7ba":"6515",cda43b61:"6539","6275ceb4":"6555","0a9e402c":"6562",e88d32a9:"6585",dc098020:"6682","693f9c9e":"6927","55d4c988":"6946",ce314f92:"6965","442b4cb8":"6971","3ce57273":"6972",e92b958d:"7011","3db42865":"7139","5a3f34f2":"7143","0be9de06":"7222","141cdfa9":"7293","3b599162":"7294",c11bf3c5:"7322","9c021584":"7438","5f6192c8":"7479","2c8522e6":"7499","13bbad87":"7531","142f86d0":"7538",a65a3c47:"7591","53cc4802":"7594",c14f15fd:"7649",ef243df7:"7667","5b041459":"7710","3a109bd3":"7782","4aa555c3":"7797",ed9713f0:"7820",b0404c31:"7860","947e3a34":"7875","663d5f0b":"7992","6b72ab5e":"8017","003ad223":"8073","98da7451":"8141","5e5faacc":"8192",c2081115:"8194","41c638ee":"8266",e62fac9c:"8292","840bb092":"8351","975564ee":"8389","15b89b76":"8392",f4bfc819:"8430","6575cef9":"8588",c063e42f:"8589","6875c492":"8610",ac6c2a1e:"8639","89c52e74":"8655","0d64c1d9":"8710",f928e8d9:"8786","39c54b43":"8793",c747432f:"8835",b5c61d38:"8849",d66d73fd:"8858","0e3e2a9e":"9038","76913e45":"9072","1944a0c9":"9140",c94c4dfb:"9146","43b107c1":"9200",a6fe627e:"9239","9b12a270":"9249","6d453d64":"9287","017f0ba6":"9398","5beee875":"9444","1be78505":"9514","3e7ae638":"9595","38f00f86":"9667","0e384e19":"9671","4e96e24f":"9726","89f86a37":"9759","9bb37799":"9767","14eb3368":"9817","1075f7cd":"9899",c33e2c0d:"9936",a79c88c2:"9976"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(a,c)=>{var f=r.o(e,a)?e[a]:void 0;if(0!==f)if(f)c.push(f[2]);else if(/^(1303|532)$/.test(a))e[a]=0;else{var d=new Promise(((c,d)=>f=e[a]=[c,d]));c.push(f[2]=d);var b=r.p+r.u(a),t=new Error;r.l(b,(c=>{if(r.o(e,a)&&(0!==(f=e[a])&&(e[a]=void 0),f)){var d=c&&("load"===c.type?"missing":c.type),b=c&&c.target&&c.target.src;t.message="Loading chunk "+a+" failed.\n("+d+": "+b+")",t.name="ChunkLoadError",t.type=d,t.request=b,f[1](t)}}),"chunk-"+a,a)}},r.O.j=a=>0===e[a];var a=(a,c)=>{var f,d,b=c[0],t=c[1],o=c[2],n=0;if(b.some((a=>0!==e[a]))){for(f in t)r.o(t,f)&&(r.m[f]=t[f]);if(o)var i=o(r)}for(a&&a(c);n - +
-

Archive

Archive

2023

- +

Archive

Archive

2023

+ \ No newline at end of file diff --git a/build-staging/blog/atom.xml b/build-staging/blog/atom.xml index 40834b56..dd902b27 100644 --- a/build-staging/blog/atom.xml +++ b/build-staging/blog/atom.xml @@ -9,11 +9,11 @@ https://docs.cwtch.im/img/favicon.png Copyright © ${new Date().getFullYear()} Open Privacy Research Society - <![CDATA[Cwtch UI Reproducible Builds (Linux)]]> + <![CDATA[Progress Towards Reproducible UI Builds]]> https://docs.cwtch.im/blog/cwtch-ui-reproducible-builds-linux 2023-07-14T00:00:00.000Z - Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

]]> + Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

]]> Sarah Jamie Lewis diff --git a/build-staging/blog/autobindings-ii/index.html b/build-staging/blog/autobindings-ii/index.html index e617c64e..5f39cc62 100644 --- a/build-staging/blog/autobindings-ii/index.html +++ b/build-staging/blog/autobindings-ii/index.html @@ -12,12 +12,12 @@ - +
-

Compile-time Optional Application Experiments (Autobindings)

· 5 min read
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

The Structure of an Application Experiment

An application-level experiment consists of:

  1. A set of top-level APIs, e.g. CreateServer, LoadServer, DeleteServer - these are the APIs that we want to expose to calling applications.
  2. An encapsulating structure for the set of APIs, e.g. ServersFunctionality - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.
  3. A global variable that exists at the top level of libCwtch, e.g. var serverExperiment *servers.ServersFunctionality servers - our single pointer to the underlying functionality.
  4. A set of management-related APIs, e.g. Init, UpdateSettings, OnACNEvent - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are +

    Compile-time Optional Application Experiments (Autobindings)

    · 5 min read
    Sarah Jamie Lewis

    Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

    The Structure of an Application Experiment

    An application-level experiment consists of:

    1. A set of top-level APIs, e.g. CreateServer, LoadServer, DeleteServer - these are the APIs that we want to expose to calling applications.
    2. An encapsulating structure for the set of APIs, e.g. ServersFunctionality - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.
    3. A global variable that exists at the top level of libCwtch, e.g. var serverExperiment *servers.ServersFunctionality servers - our single pointer to the underlying functionality.
    4. A set of management-related APIs, e.g. Init, UpdateSettings, OnACNEvent - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are changed (e.g. if the server hosting experiment is disabled we need to tear down all active servers).
    5. Management code within _startCwtch and _reconnectCwtch that calls the management APIs on the global variable.

    From a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead of on application or a specific profile.

    Most of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.

    New Required Management APIs

    To achieve this weaving, we now require application-level experiments to implement an EventHandlerInterface interface and expose itself via an initialize constructor Init(acn, appDir) -> EventHandlerInterface, and Enable(app, acn).

    For now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.

    We can then generate, and optionally include blocks of code like:

        <experimentGlobal> = <experimentPackage>.Init(&globalACN, appDir)
        eventHandler.AddModule(<experimentGlobal>)
        <experimentGlobal>.Enable(application, &globalACN)

    and place them at specific points in the code. EventHandler has also been extended to maintain a collection of modules so that it can @@ -27,7 +27,7 @@ of a global functionality within the library.

    Cwtch UI Integration

    The UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. c_LoadServers - if it doesn't then the UI is safe to assume the feature is not available.

    A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.

    Nightlies & Next Steps

    We are now publishing nightlies of autobinding derived libCwtch-go, along with Repliqate scripts for reproducibility.

    With application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced in the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.

    However, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:

    • Dart Library generation: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the Dart side of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. libcwtch-rs.
    • Documentation generation: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with docs.cwtch.im.

    Help us go further!

    We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

    If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

    Donations of $5 or more can opt to receive stickers as a thank-you gift!

    For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

    A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/blog/autobindings/index.html b/build-staging/blog/autobindings/index.html index a3cedc79..e77eb053 100644 --- a/build-staging/blog/autobindings/index.html +++ b/build-staging/blog/autobindings/index.html @@ -12,15 +12,15 @@ - +
-

Autogenerating Cwtch Bindings

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

Autogenerating Cwtch Bindings

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

A Brief History of Cwtch Bindings

Prior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by therecipe/qt. However, after encountering numerous crash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.

As part of early prototyping efforts for Flutter we built out a first version of libCwtch-go, and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.

This approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular experimental features - handle settings, duplication of logic between Cwtch and libCwtch-go, and special behaviour in libCwtch-go that better belongs in the core Cwtch library.

As part of a broader effort to refine the Cwtch API in preparation for Cwtch Stable we have taken the opportunity to fix many of these problems.

Cwtch Autobindings

The current lib.go file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the BlockContact API implementation is:

//export c_BlockContact
func c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {
    BlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))
}

func BlockContact(profileOnion string, conversationID int) {
    profile := application.GetPeer(profileOnion)
    if profile != nil {
        profile.BlockConversation(conversationID)
    }
}

All that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.

In the new cwtch-autobindings we reduce these multiple lines to a single one:

profile BlockConversation conversation

Defining a profile-level function, called BlockConversation which takes in a single parameter of type conversation.

Using a similar boilerplate-reduction for the reset of lib.go yields 5-basic function prototypes:

  • Application-level functions e.g. CreateProfile
  • Profile-level functions e.g. BlockConversation
  • Profile-level functions that return data e.g. GetMessage
  • Experimental Profile-level feature functions e.g. DownloadFile
  • Experimental Profile-level feature functions that return data e.g. ShareFile

Once aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be described in fewer than 50 lines, including comments. Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).

Next Steps

Cwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:

  • Application-level experiments (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on cwtch-server). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don't support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.
  • Dart Library generation: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the Dart-side of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. libcwtch-rs
  • Documentation generation: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with docs.cwtch.im.
  • Cwtch API: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the Cwtch Stable API redesign. In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/blog/availability-status-profile-attributes/index.html b/build-staging/blog/availability-status-profile-attributes/index.html index 879acd81..40de12f5 100644 --- a/build-staging/blog/availability-status-profile-attributes/index.html +++ b/build-staging/blog/availability-status-profile-attributes/index.html @@ -12,14 +12,14 @@ - +
-

Availability Status and Profile Attributes

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

Availability Status and Profile Attributes

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Availability Status

New in this nightly is the ability to notify your conversations that you are "Away" or "Busy".

Read more: Availability Status

Profile Attributes

Also new is the ability to augment your profile with a few small pieces of public information.

Read more: Profile Information

Downloading the Nightly

Nightly builds are available from our build server. Download links for 2023-04-05-18-28-v1.11.0-7-g0290 are available below.

Please see the contribution documentation for advice on submitting feedback

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/blog/cwtch-android-reproducibility/index.html b/build-staging/blog/cwtch-android-reproducibility/index.html index 9171dbfa..92926115 100644 --- a/build-staging/blog/cwtch-android-reproducibility/index.html +++ b/build-staging/blog/cwtch-android-reproducibility/index.html @@ -12,13 +12,13 @@ - +
-

Making Cwtch Android Bindings Reproducible

· 3 min read
Sarah Jamie Lewis

In this development log, we continue our previous work on reproducible Cwtch bindings, uncovering the final few sources of variation between our Repliqate scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!

Changes Necessary for Reproducible Android Bindings

After a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:

  • Insufficient path stripping introduced by Android NDK tools - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 changed the binutils and default linker to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our long term support plan, we will be moving towards adopting the latest NDK in the future.
  • Paths in DWARF entries - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.

Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
  • Go Compiler Acquisition - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there was a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.

Repliqate Scripts

With those issues now fixed, Cwtch Android bindings are officially reproducible! The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script in the Cwtch Repliqate scripts repository.

This is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Making Cwtch Android Bindings Reproducible

· 3 min read
Sarah Jamie Lewis

In this development log, we continue our previous work on reproducible Cwtch bindings, uncovering the final few sources of variation between our Repliqate scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!

Changes Necessary for Reproducible Android Bindings

After a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:

  • Insufficient path stripping introduced by Android NDK tools - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 changed the binutils and default linker to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our long term support plan, we will be moving towards adopting the latest NDK in the future.
  • Paths in DWARF entries - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.

Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
  • Go Compiler Acquisition - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there was a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.

Repliqate Scripts

With those issues now fixed, Cwtch Android bindings are officially reproducible! The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script in the Cwtch Repliqate scripts repository.

This is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-bindings-reproducible/index.html b/build-staging/blog/cwtch-bindings-reproducible/index.html index 1179dbf3..5fdec13c 100644 --- a/build-staging/blog/cwtch-bindings-reproducible/index.html +++ b/build-staging/blog/cwtch-bindings-reproducible/index.html @@ -12,13 +12,13 @@ - +
-

Making Cwtch Bindings Reproducible

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

How Cwtch Bindings are Built

Since we launched Cwtch Beta we have used Docker containers as part of our continuous build process.

When a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.

The Cwtch Bindings build pipeline results in four compiled libraries:

These compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.

Making libCwtch Reproducible

Docker containers alone aren't enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:

  • Go Build ID: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.
  • Build Paths and Go Environment Variables: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary – ostensibly to aid with debugging. These can be removed using the trimPath option, which we now specify for all bindings builds.

Linux Specific Considerations

After the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.

Our Drone/Docker build environments are based on Debian Bullseye which provides libc6-dev version 2.31. Other development setups will likely link libc-dev 2.34+.

libc6-dev 2.34 is notable because it removed dependencies on libpthread and libdl – neither are used in libCwtch, but they are currently referenced – which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.

This means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on Next Steps for more information).

Windows Specific Considerations

The headers of PE files technically contain a timestamp field. In recent years an effort has been made to use this field for other purposes, but by default go build will still include the timestamp of the file when producing a DLL file (at least when using CGO).

Fortunately this field can be zeroed out through passing -Xlinker –no-insert-timestamp into the mingw32-gcc process.

With that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.

Android Specific Considerations

With the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:

  • Cwtch makes use of GoMobile for compiling Android libraries. We pin to a specific version 43a0384520996c8376bfb8637390f12b44773e65 in our Docker containers. Unlike go build, the trimpPath parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized /tmp/go-build* references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.
  • We still use sdk-tools instead of the new commandline-tools. The latest version of sdk-tools is 4333796 and available from: https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip. As part of our plans for Cwtch Stable we will be updating this dependency.
  • Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated openjdk:8 image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency.

All of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.

OSX Specific Considerations

Perhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.

As with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.

In order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.

In an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a proprietary SDK. There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.

Because of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.

Introducing Repliqate!

With all the above changes, Cwtch Bindings for Linux and Windows are fully reproducible!

That alone is great, but we also want to make it easier for you to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.

To make this process accessible we are releasing a new tool called repliqate.

Repliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.

Repliqate runs build-scripts to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from builds.openprivacy.ca.

We now provide Repliqate build-scripts for reproducible both Linux libCwtch.so builds, Windows libCwtch.dll builds!

We also have a partially repeatable Android cwtch.aar build script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.

You can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.

Next Steps

Reproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.

As we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Making Cwtch Bindings Reproducible

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

How Cwtch Bindings are Built

Since we launched Cwtch Beta we have used Docker containers as part of our continuous build process.

When a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.

The Cwtch Bindings build pipeline results in four compiled libraries:

These compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.

Making libCwtch Reproducible

Docker containers alone aren't enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:

  • Go Build ID: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.
  • Build Paths and Go Environment Variables: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary – ostensibly to aid with debugging. These can be removed using the trimPath option, which we now specify for all bindings builds.

Linux Specific Considerations

After the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.

Our Drone/Docker build environments are based on Debian Bullseye which provides libc6-dev version 2.31. Other development setups will likely link libc-dev 2.34+.

libc6-dev 2.34 is notable because it removed dependencies on libpthread and libdl – neither are used in libCwtch, but they are currently referenced – which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.

This means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on Next Steps for more information).

Windows Specific Considerations

The headers of PE files technically contain a timestamp field. In recent years an effort has been made to use this field for other purposes, but by default go build will still include the timestamp of the file when producing a DLL file (at least when using CGO).

Fortunately this field can be zeroed out through passing -Xlinker –no-insert-timestamp into the mingw32-gcc process.

With that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.

Android Specific Considerations

With the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:

  • Cwtch makes use of GoMobile for compiling Android libraries. We pin to a specific version 43a0384520996c8376bfb8637390f12b44773e65 in our Docker containers. Unlike go build, the trimpPath parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized /tmp/go-build* references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.
  • We still use sdk-tools instead of the new commandline-tools. The latest version of sdk-tools is 4333796 and available from: https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip. As part of our plans for Cwtch Stable we will be updating this dependency.
  • Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated openjdk:8 image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency.

All of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.

OSX Specific Considerations

Perhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.

As with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.

In order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.

In an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a proprietary SDK. There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.

Because of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.

Introducing Repliqate!

With all the above changes, Cwtch Bindings for Linux and Windows are fully reproducible!

That alone is great, but we also want to make it easier for you to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.

To make this process accessible we are releasing a new tool called repliqate.

Repliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.

Repliqate runs build-scripts to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from builds.openprivacy.ca.

We now provide Repliqate build-scripts for reproducible both Linux libCwtch.so builds, Windows libCwtch.dll builds!

We also have a partially repeatable Android cwtch.aar build script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.

You can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.

Next Steps

Reproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.

As we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-developer-documentation/index.html b/build-staging/blog/cwtch-developer-documentation/index.html index 6a448566..98301deb 100644 --- a/build-staging/blog/cwtch-developer-documentation/index.html +++ b/build-staging/blog/cwtch-developer-documentation/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Cwtch Development Handbook

We have created a new documentation section, the developers handbook. This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).

Release and Packaging Process

The new handbook features a breakdown of Cwtch release processes - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.

Cwtch Application Development and Cwtchbot v0.1.0!

For the first time ever we now have comprehensive documentation on how to build a Cwtch Application. This section of the development handbook covers everything from choosing a Cwtch library, to building your first application.

Together with this new documentation we have also released version 0.1 of the Cwtchbot framework, updating calls to use the new Cwtch Stable API.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-04-26-20-57-v1.11.0-33-gb4371.

This version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the in-development Tails support.

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Cwtch Development Handbook

We have created a new documentation section, the developers handbook. This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).

Release and Packaging Process

The new handbook features a breakdown of Cwtch release processes - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.

Cwtch Application Development and Cwtchbot v0.1.0!

For the first time ever we now have comprehensive documentation on how to build a Cwtch Application. This section of the development handbook covers everything from choosing a Cwtch library, to building your first application.

Together with this new documentation we have also released version 0.1 of the Cwtchbot framework, updating calls to use the new Cwtch Stable API.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-04-26-20-57-v1.11.0-33-gb4371.

This version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the in-development Tails support.

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-documentation/index.html b/build-staging/blog/cwtch-documentation/index.html index 22de4874..ba3b9a30 100644 --- a/build-staging/blog/cwtch-documentation/index.html +++ b/build-staging/blog/cwtch-documentation/index.html @@ -12,13 +12,13 @@ - +
-

Updates to Cwtch Documentation

· 3 min read
Sarah Jamie Lewis

One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.

Cwtch Secure Development Handbook

One of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.

We have now ported the the handbook to this documentation site, along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation.

Volunteer Development

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Next Steps

We still have more work to do on the documentation front:

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Updates to Cwtch Documentation

· 3 min read
Sarah Jamie Lewis

One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.

Cwtch Secure Development Handbook

One of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.

We have now ported the the handbook to this documentation site, along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation.

Volunteer Development

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Next Steps

We still have more work to do on the documentation front:

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-nightly-1-11/index.html b/build-staging/blog/cwtch-nightly-1-11/index.html index 96245a09..84383eda 100644 --- a/build-staging/blog/cwtch-nightly-1-11/index.html +++ b/build-staging/blog/cwtch-nightly-1-11/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Beta 1.11

· 3 min read
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

In This Release

A screenshot of Cwtch 1.11

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
  • Bug Fixes / Improvements:
    • When preserving a message draft, quoted messages are now also saved
    • Layout issues caused by pathological unicode are now prevented
    • Improved performance of message row rendering
    • Clickable Links: Links in replies are now selectable
    • Clickable Links: Fixed error when highlighting certain URIs
    • File Downloading: Fixes for file downloading and exporting on 32bit Android devices
    • Server Hosting: Fixes for several layout issues
    • Build pipeline now runs automated UI tests
    • Fix issues caused by scrollbar controller overriding
    • Initial support for the Blodeuwedd Assistant (currently compile-time disabled)
    • Cwtch Library:
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Spanish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.11 is based on libCwtch version 2023-03-16-15-07-v0.0.3-1-g50c853a. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Beta 1.11

· 3 min read
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

In This Release

A screenshot of Cwtch 1.11

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
  • Bug Fixes / Improvements:
    • When preserving a message draft, quoted messages are now also saved
    • Layout issues caused by pathological unicode are now prevented
    • Improved performance of message row rendering
    • Clickable Links: Links in replies are now selectable
    • Clickable Links: Fixed error when highlighting certain URIs
    • File Downloading: Fixes for file downloading and exporting on 32bit Android devices
    • Server Hosting: Fixes for several layout issues
    • Build pipeline now runs automated UI tests
    • Fix issues caused by scrollbar controller overriding
    • Initial support for the Blodeuwedd Assistant (currently compile-time disabled)
    • Cwtch Library:
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Spanish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.11 is based on libCwtch version 2023-03-16-15-07-v0.0.3-1-g50c853a. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-nightly-1-12/index.html b/build-staging/blog/cwtch-nightly-1-12/index.html index 06507fb0..a5564a4e 100644 --- a/build-staging/blog/cwtch-nightly-1-12/index.html +++ b/build-staging/blog/cwtch-nightly-1-12/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Beta 1.12

· 3 min read
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

In This Release

A screenshot of Cwtch 1.12

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
    • Profile Attributes - profiles can now be augmented with additional public information
    • Availability Status - you can now notify contacts that you are away or busy
    • Five New Supported Localizations: Japanese, Korean, Slovak, Swahili and Swedish
    • Support for Tails - adds an OnionGrater configuration and a new CWTCH_TAILS environment variable that enables special Tor behaviour.
  • Bug Fixes / Improvements:
    • Based on Flutter 3.10
    • Inter is now the main UI font
    • New Font Scaling setting
    • New Network Management code to better manage Tor on unstable networks
    • File Sharing Experiment Fixes
      • Fix performance issues for file bubble
      • Allow restarting of file shares that have timed out
      • Fix NPE in FileBubble caused by deleting the underlying file
      • Move from RetVal to UpdateConversationAttributes to minimze UI thread issues
    • Updates to Linux install scripts to support more distributions
    • Add a Retry Peer connection to prioritize connection attempts for certain conversations
    • Updates to _FlDartProject to allow custom setting of Flutter asset paths
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Slovak, Spanish, Swahili, Swedish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Japanese (29%), Korean (23%), Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.12 is based on libCwtch version libCwtch-autobindings-2023-06-13-10-50-v0.0.5. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Beta 1.12

· 3 min read
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

In This Release

A screenshot of Cwtch 1.12

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
    • Profile Attributes - profiles can now be augmented with additional public information
    • Availability Status - you can now notify contacts that you are away or busy
    • Five New Supported Localizations: Japanese, Korean, Slovak, Swahili and Swedish
    • Support for Tails - adds an OnionGrater configuration and a new CWTCH_TAILS environment variable that enables special Tor behaviour.
  • Bug Fixes / Improvements:
    • Based on Flutter 3.10
    • Inter is now the main UI font
    • New Font Scaling setting
    • New Network Management code to better manage Tor on unstable networks
    • File Sharing Experiment Fixes
      • Fix performance issues for file bubble
      • Allow restarting of file shares that have timed out
      • Fix NPE in FileBubble caused by deleting the underlying file
      • Move from RetVal to UpdateConversationAttributes to minimze UI thread issues
    • Updates to Linux install scripts to support more distributions
    • Add a Retry Peer connection to prioritize connection attempts for certain conversations
    • Updates to _FlDartProject to allow custom setting of Flutter asset paths
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Slovak, Spanish, Swahili, Swedish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Japanese (29%), Korean (23%), Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.12 is based on libCwtch version libCwtch-autobindings-2023-06-13-10-50-v0.0.5. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-nightly-v.11-74/index.html b/build-staging/blog/cwtch-nightly-v.11-74/index.html index 133f9ee5..b5ec29e0 100644 --- a/build-staging/blog/cwtch-nightly-v.11-74/index.html +++ b/build-staging/blog/cwtch-nightly-v.11-74/index.html @@ -12,13 +12,13 @@ - +
-

New Cwtch Nightly (v1.11.0-74-g0406)

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-06-05-17-36-v1.11.0-74-g0406.

This version has a large number of improvements and bug fixes including:

  • A new Font Scaling setting
  • Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.
  • Updated UI font styles
  • Dependency updates, including a new base of Flutter 3.10.
  • A fix for stuck file downloading notifications on Android
  • A fix for missing profile images in certain edge cases on Android
  • Japanese, Swedish, and Swahili translation options
  • A new retry peer connection button for prompting Cwtch to prioritize specific connections
  • Tails support

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

New Cwtch Nightly (v1.11.0-74-g0406)

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-06-05-17-36-v1.11.0-74-g0406.

This version has a large number of improvements and bug fixes including:

  • A new Font Scaling setting
  • Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.
  • Updated UI font styles
  • Dependency updates, including a new base of Flutter 3.10.
  • A fix for stuck file downloading notifications on Android
  • A fix for missing profile images in certain edge cases on Android
  • Japanese, Swedish, and Swahili translation options
  • A new retry peer connection button for prompting Cwtch to prioritize specific connections
  • Tails support

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-platform-support/index.html b/build-staging/blog/cwtch-platform-support/index.html index f1a0a7a4..470eeb4c 100644 --- a/build-staging/blog/cwtch-platform-support/index.html +++ b/build-staging/blog/cwtch-platform-support/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch UI Platform Support

· 11 min read
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

Constraints on support

From CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems.

In this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.

Limitations on general-purpose computing

In order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to other onion services).

On desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, blocked entirely.

This is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.

While we expect that Arti will improve the management of onion services and connections, there is no way around the need to have an active process managing such services.

As Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.

We encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don't place restrictions on what you can do with your own device.

Constraints introduced by the Flutter SDK

The Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by platforms that are supported by the Flutter SDK.

To summarize, as of writing this document those platforms are:

  • Android API 16 and above (arm, arm64, and amd64)
  • Debian-based Linux Distributions (64-bit only)
  • macOS El Capitan (10.11) and above
  • Windows 7 & above (64-bit only)

To put it plainly, without porting Cwtch UI to a different UI platform we cannot support a 32-bit desktop version.

Constraints introduced by Appstore Policy

As of writing, Google is pushing applications to target API 31 or above. This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.

CPU Architecture and Cwtch Bindings

We currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.

It is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.

Architecture / PlatformWindowsLinuxmacOSAndroid
arm✅️
arm64🟡✅️
x86-64 / amd64✅️✅️

"🟡" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).

Testing and official support

As a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the Cwtch Release Candidate Testers to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.

We officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.

End-of-life platforms

Operating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. Windows 7 fell out of support on January 14, 2020, Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.

Likewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.

The same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. Cwtch currently requires libc 2.31+.

Android versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our Cwtch Release Candidate Testers groups to help us understand the limitations of Android support across different API versions.

How we decide to officially support a platform

To help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:

  1. The target platform needs to be officially supported by our development tools - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.
  2. The target operating system needs to be supported by the Vendor - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).
  3. The target platform must be backwards compatible with the most recent version in general use - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch may run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).
  4. People want to use Cwtch on that platform - We will generally only consider new platform support if people ask us about it. If Cwtch isn't available for a platform you want to use it on, then please get in touch and ask us about it!

Summary of official support

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. A version of this table will be maintained as part of the Cwtch Handbook.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOS🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Other Android Distributions🟡🟡Testing Needed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch UI Platform Support

· 11 min read
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

Constraints on support

From CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems.

In this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.

Limitations on general-purpose computing

In order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to other onion services).

On desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, blocked entirely.

This is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.

While we expect that Arti will improve the management of onion services and connections, there is no way around the need to have an active process managing such services.

As Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.

We encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don't place restrictions on what you can do with your own device.

Constraints introduced by the Flutter SDK

The Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by platforms that are supported by the Flutter SDK.

To summarize, as of writing this document those platforms are:

  • Android API 16 and above (arm, arm64, and amd64)
  • Debian-based Linux Distributions (64-bit only)
  • macOS El Capitan (10.11) and above
  • Windows 7 & above (64-bit only)

To put it plainly, without porting Cwtch UI to a different UI platform we cannot support a 32-bit desktop version.

Constraints introduced by Appstore Policy

As of writing, Google is pushing applications to target API 31 or above. This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.

CPU Architecture and Cwtch Bindings

We currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.

It is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.

Architecture / PlatformWindowsLinuxmacOSAndroid
arm✅️
arm64🟡✅️
x86-64 / amd64✅️✅️

"🟡" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).

Testing and official support

As a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the Cwtch Release Candidate Testers to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.

We officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.

End-of-life platforms

Operating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. Windows 7 fell out of support on January 14, 2020, Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.

Likewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.

The same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. Cwtch currently requires libc 2.31+.

Android versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our Cwtch Release Candidate Testers groups to help us understand the limitations of Android support across different API versions.

How we decide to officially support a platform

To help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:

  1. The target platform needs to be officially supported by our development tools - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.
  2. The target operating system needs to be supported by the Vendor - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).
  3. The target platform must be backwards compatible with the most recent version in general use - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch may run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).
  4. People want to use Cwtch on that platform - We will generally only consider new platform support if people ask us about it. If Cwtch isn't available for a platform you want to use it on, then please get in touch and ask us about it!

Summary of official support

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. A version of this table will be maintained as part of the Cwtch Handbook.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOS🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Other Android Distributions🟡🟡Testing Needed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-stable-api-design/index.html b/build-staging/blog/cwtch-stable-api-design/index.html index 39ef3b04..e6a452d8 100644 --- a/build-staging/blog/cwtch-stable-api-design/index.html +++ b/build-staging/blog/cwtch-stable-api-design/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Stable API Design

· 18 min read
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

Clarifying Terminology

Over the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:

  • Cwtch refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application.
  • Cwtchlib refers to the reference implementation of the Cwtch Protocol / Application framework, currently written in Go.
  • Bindings refers to C/Java/Kotlin/Rust bindings (primarily libcwtch-go) that act as an interface between Cwtchlib and downstream applications.
  • CwtchPeer is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).
  • ProtocolEngine is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, ProtocolEngine is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.

Tenets of the Cwtch API Design

Based on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:

  • Robustness - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.
  • Completeness - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.
  • Security – experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.

The Cwtch Experiment Landscape

A summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.

  • Groups – the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized ProtocolEngine functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup.
    • Hybrid Groups - we have plans to upgrade the Groups experience to a more flexible “hybrid-groups” protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.
  • Filesharing – like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in ProtocolEngine.
  • Profile Images – based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.
  • Server Hosting – the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.
  • Message Formatting – notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history
  • Search / Microblogging – proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.
  • Status / Profile Metadata – proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.

The Problem with Experiments

We have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the SendMessages interface that only allows callers to send messages.

We have also worked to package experimental functionality into so-called Gated Functionalities that are only available if a given experiment is turned on.

Together, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:

  • The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. SendMessages – there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).
  • The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.
  • This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.

Restricting Powerful Cwtch APIs

To carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:

  • Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through Application and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.
  • Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a RestrictedCwtchConversationInterface which decorates a Cwtch Profile interface such that it can only interact with a single conversation – these can then be passed into hooks and interface functions to limit their impact.
  • Registered Hooks at pre-specified points with restricted capabilities – to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow CwtchPeer to control which experiments get access to which events at a given time.

Pre-Registered Hooks

In order to implement certain functionality actions need to take place in-between events handled by CwtchPeer. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).

This is currently only possible with invasive changes to the CwtchPeer interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.

We are introducing a new set of Cwtch APIs designed for this purpose:

  • OnNewPeerMessage - hooked prior to inserting the message into the database.
  • OnPeerMessageConfirmed – hooked after a peer message has been inserted into the database.
  • OnEncryptedGroupMessage – hooked after receiving an encrypted message from a group server.
  • OnGroupMessageReceived – hooked after a successful decryption of a group message, but before inserting it into the database.
  • OnContactRequestValue – hooked on request of a scoped (the permission level of the attribute e.g. public or conversation level attributes), zoned ( relating to a specific feature e.g. filesharing or chat), and keyed (the name of the attribute e.g. name or manifest) value from a contact.
  • OnContactReceiveValue – hooked on receipt of a requested scoped,zoned, and keyed value from a contact.

Including the following APIs for managing hooked functionality:

  • RegisterEvents - returns a set of events that the extension is interested processing.
  • RegisterExperiments - returns a set of experiments that the extension is interested in being notified about
  • OnEvent - to be called by CwtchPeer whenever an event registered with RegisterEvents is called (assuming all experiments registered through RegisterExperiments is active)

ProtocolEngine Subsystems

As mentioned in our experiment summary, some functionality needs to be implemented directly in the ProtocolEngine. The ProtocolEngine is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).

Some types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a ProtocolEngine.

At the moment is this done through the concept of informal “subsystems”, modular add-ons to ProtocolEngine that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider ProtocolEngine ecosystem.

We are formalizing this subsystem into an interface, similar to the hooked functionality in CwtchPeer:

  • RegisterEvents - returns a set of events that the subsystem needs to consume to operate.
  • OnEvent – to be called by ProtocolEngine whenever an event registered with RegisterEvents is called (when all the experiments registered through RegisterExperiments are active)
  • RegisterContexts - returns the set of contexts that the subsystem implements e.g. im.cwtch.filesharing

This also requires a formalization of two engine specific events (for use on the event bus):

  • SendCwtchMessage – encapsulating the existing CwtchPeerMessage that is used internally in ProtocolEngine for messages between subsystems.
  • CwtchMessageReceived – encapsulating the existing handlePeerMessage function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.

And the introduction of three additional ProtocolEnine specific events:

  • StartEngineSubsystem – replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.
  • StopEngineSubsystem – replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.
  • SubsystemStatus – a generic event that can be published by subsystems with a collection of fields useful for debugging

This will allow us to move the following functionality, currently part of ProtocolEngine itself, into generic subsystems:

  • Attribute Lookup Handling - this functionality is currently part of the overloaded handlePeerMessage function, filtered using the Context parameter of the CwtchPeerMessage. As such it can be entirely delegated to a subsystem.
  • Filesharing Chunk Request Handling – this is also part of handlePeerMessage, also filtered using the Context parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by handlePeerMessage)
  • Filesharing Start File Share/Stop File Share – this is currently part of the handleEvent behaviour of ProtocolEngine and can be moved into an OnEvent handler of the file sharing subsystem (where such events are already processed).

The introduction of pre-registered hooks in combination with the formalizations of ProtocolEngine subsystems will allow the follow functionality, currently implemented in CwtchPeer or libcwtch-go to be moved to standalone packages:

  • Filesharing makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension.
    • Filesharing also depends on the file sharing subsystem to be enabled in a ProtocolEngine. This subsystem is responsible for processing chunk requests.
  • Profile Images – we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)
  • Legacy Groups – while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.
  • Status/Profile Metadata – status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.

Impact on Enabling (Powerful) New Functionality

None of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:

  • Search – a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.
  • Non Chat Conversation Contexts - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.

Application Experiments

One kind of experiment we haven’t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting – this allows a Cwtch desktop client to setup and manage Cwtch Servers.

This kind of functionality doesn’t belong in Cwtchlib – as it would necessarily introduce unrelated dependencies into the core library.

This functionality also doesn’t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.

Bindings

The last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.

We can split the bindings into four core areas:

  • Application Management - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.
  • Application Experiments - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.
  • Core Profile Management - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.
  • Experimental Profile Features – auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.

The flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.

In an ideal future, all of these bindings could be generated automatically from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)

We can define three types of C/Java/Kotlin interface function templates:

  • ProfileMethodName(profilehandle String, args...) – which directly resolves the Cwtch Profile and calls the function.
  • ProfileExperimentalMethodName(profilehandle String, args...) – which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.
  • ApplicationExperimentalMethodName(args...) – which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.

All we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context ProfileInterface for the first, exported methods of the various Functionalities for the second, and ApplicationExperiment definitions for the third.

Timelines and Next Actions

  • Freeze any changes to the bindings interface - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 – until we have implemented the proposed changes into cwtchlib.
  • As part of Cwtch 1.11 and 1.12 Release Cycles
    • Implement the ProtocolEngine Subsystem Design as outlined above.
    • Implement the Hooks API.
    • Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib – with the exception of behaviour related to Application Experiments (i.e. Server Hosting).
    • Move event handling from the bindings into Application.
    • Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) – keeping the existing interface definitions.
  • Once Automated UI Tests have been integrated into the Cwtch UI Repository:
    • Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings and a dart calling convention library from cwtchlib and any configured application experiments libraries
    • Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).
    • At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Appendix A: Special Behaviour Defined by libcwtch-go

The following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:

  • Application Settings
    • Including Enabling / Disabling Experiment
  • ACN Process Management - starting/stopping/restarting/configuring Tor.
  • Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)
  • Logging Levels - configuring appropriate logging levels (e.g. INFO or DEBUG)
  • Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.
  • UI Contact Structures - aggregating contact information for the main Cwtch UI.
  • Group Experiment Functionality
    • Experiment Gating
    • GetServerInfoList
    • GetServerInfo
    • UI Server Struct Definition
  • Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.
  • "Unencrypted" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated "unencrypted".
  • Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).
  • Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.
  • Cwtch Profile Engine Activation - starting/stopping a ProtocolEngine when requested by the UI, or in response to changes in ACN state.
  • UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.
  • File sharing restarts
  • UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn't directly embedded within the event (e.g. converting handle to a conversation id). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.
  • Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)
- +

Cwtch Stable API Design

· 18 min read
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

Clarifying Terminology

Over the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:

  • Cwtch refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application.
  • Cwtchlib refers to the reference implementation of the Cwtch Protocol / Application framework, currently written in Go.
  • Bindings refers to C/Java/Kotlin/Rust bindings (primarily libcwtch-go) that act as an interface between Cwtchlib and downstream applications.
  • CwtchPeer is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).
  • ProtocolEngine is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, ProtocolEngine is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.

Tenets of the Cwtch API Design

Based on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:

  • Robustness - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.
  • Completeness - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.
  • Security – experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.

The Cwtch Experiment Landscape

A summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.

  • Groups – the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized ProtocolEngine functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup.
    • Hybrid Groups - we have plans to upgrade the Groups experience to a more flexible “hybrid-groups” protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.
  • Filesharing – like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in ProtocolEngine.
  • Profile Images – based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.
  • Server Hosting – the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.
  • Message Formatting – notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history
  • Search / Microblogging – proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.
  • Status / Profile Metadata – proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.

The Problem with Experiments

We have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the SendMessages interface that only allows callers to send messages.

We have also worked to package experimental functionality into so-called Gated Functionalities that are only available if a given experiment is turned on.

Together, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:

  • The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. SendMessages – there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).
  • The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.
  • This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.

Restricting Powerful Cwtch APIs

To carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:

  • Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through Application and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.
  • Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a RestrictedCwtchConversationInterface which decorates a Cwtch Profile interface such that it can only interact with a single conversation – these can then be passed into hooks and interface functions to limit their impact.
  • Registered Hooks at pre-specified points with restricted capabilities – to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow CwtchPeer to control which experiments get access to which events at a given time.

Pre-Registered Hooks

In order to implement certain functionality actions need to take place in-between events handled by CwtchPeer. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).

This is currently only possible with invasive changes to the CwtchPeer interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.

We are introducing a new set of Cwtch APIs designed for this purpose:

  • OnNewPeerMessage - hooked prior to inserting the message into the database.
  • OnPeerMessageConfirmed – hooked after a peer message has been inserted into the database.
  • OnEncryptedGroupMessage – hooked after receiving an encrypted message from a group server.
  • OnGroupMessageReceived – hooked after a successful decryption of a group message, but before inserting it into the database.
  • OnContactRequestValue – hooked on request of a scoped (the permission level of the attribute e.g. public or conversation level attributes), zoned ( relating to a specific feature e.g. filesharing or chat), and keyed (the name of the attribute e.g. name or manifest) value from a contact.
  • OnContactReceiveValue – hooked on receipt of a requested scoped,zoned, and keyed value from a contact.

Including the following APIs for managing hooked functionality:

  • RegisterEvents - returns a set of events that the extension is interested processing.
  • RegisterExperiments - returns a set of experiments that the extension is interested in being notified about
  • OnEvent - to be called by CwtchPeer whenever an event registered with RegisterEvents is called (assuming all experiments registered through RegisterExperiments is active)

ProtocolEngine Subsystems

As mentioned in our experiment summary, some functionality needs to be implemented directly in the ProtocolEngine. The ProtocolEngine is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).

Some types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a ProtocolEngine.

At the moment is this done through the concept of informal “subsystems”, modular add-ons to ProtocolEngine that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider ProtocolEngine ecosystem.

We are formalizing this subsystem into an interface, similar to the hooked functionality in CwtchPeer:

  • RegisterEvents - returns a set of events that the subsystem needs to consume to operate.
  • OnEvent – to be called by ProtocolEngine whenever an event registered with RegisterEvents is called (when all the experiments registered through RegisterExperiments are active)
  • RegisterContexts - returns the set of contexts that the subsystem implements e.g. im.cwtch.filesharing

This also requires a formalization of two engine specific events (for use on the event bus):

  • SendCwtchMessage – encapsulating the existing CwtchPeerMessage that is used internally in ProtocolEngine for messages between subsystems.
  • CwtchMessageReceived – encapsulating the existing handlePeerMessage function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.

And the introduction of three additional ProtocolEnine specific events:

  • StartEngineSubsystem – replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.
  • StopEngineSubsystem – replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.
  • SubsystemStatus – a generic event that can be published by subsystems with a collection of fields useful for debugging

This will allow us to move the following functionality, currently part of ProtocolEngine itself, into generic subsystems:

  • Attribute Lookup Handling - this functionality is currently part of the overloaded handlePeerMessage function, filtered using the Context parameter of the CwtchPeerMessage. As such it can be entirely delegated to a subsystem.
  • Filesharing Chunk Request Handling – this is also part of handlePeerMessage, also filtered using the Context parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by handlePeerMessage)
  • Filesharing Start File Share/Stop File Share – this is currently part of the handleEvent behaviour of ProtocolEngine and can be moved into an OnEvent handler of the file sharing subsystem (where such events are already processed).

The introduction of pre-registered hooks in combination with the formalizations of ProtocolEngine subsystems will allow the follow functionality, currently implemented in CwtchPeer or libcwtch-go to be moved to standalone packages:

  • Filesharing makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension.
    • Filesharing also depends on the file sharing subsystem to be enabled in a ProtocolEngine. This subsystem is responsible for processing chunk requests.
  • Profile Images – we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)
  • Legacy Groups – while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.
  • Status/Profile Metadata – status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.

Impact on Enabling (Powerful) New Functionality

None of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:

  • Search – a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.
  • Non Chat Conversation Contexts - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.

Application Experiments

One kind of experiment we haven’t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting – this allows a Cwtch desktop client to setup and manage Cwtch Servers.

This kind of functionality doesn’t belong in Cwtchlib – as it would necessarily introduce unrelated dependencies into the core library.

This functionality also doesn’t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.

Bindings

The last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.

We can split the bindings into four core areas:

  • Application Management - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.
  • Application Experiments - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.
  • Core Profile Management - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.
  • Experimental Profile Features – auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.

The flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.

In an ideal future, all of these bindings could be generated automatically from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)

We can define three types of C/Java/Kotlin interface function templates:

  • ProfileMethodName(profilehandle String, args...) – which directly resolves the Cwtch Profile and calls the function.
  • ProfileExperimentalMethodName(profilehandle String, args...) – which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.
  • ApplicationExperimentalMethodName(args...) – which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.

All we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context ProfileInterface for the first, exported methods of the various Functionalities for the second, and ApplicationExperiment definitions for the third.

Timelines and Next Actions

  • Freeze any changes to the bindings interface - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 – until we have implemented the proposed changes into cwtchlib.
  • As part of Cwtch 1.11 and 1.12 Release Cycles
    • Implement the ProtocolEngine Subsystem Design as outlined above.
    • Implement the Hooks API.
    • Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib – with the exception of behaviour related to Application Experiments (i.e. Server Hosting).
    • Move event handling from the bindings into Application.
    • Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) – keeping the existing interface definitions.
  • Once Automated UI Tests have been integrated into the Cwtch UI Repository:
    • Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings and a dart calling convention library from cwtchlib and any configured application experiments libraries
    • Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).
    • At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Appendix A: Special Behaviour Defined by libcwtch-go

The following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:

  • Application Settings
    • Including Enabling / Disabling Experiment
  • ACN Process Management - starting/stopping/restarting/configuring Tor.
  • Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)
  • Logging Levels - configuring appropriate logging levels (e.g. INFO or DEBUG)
  • Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.
  • UI Contact Structures - aggregating contact information for the main Cwtch UI.
  • Group Experiment Functionality
    • Experiment Gating
    • GetServerInfoList
    • GetServerInfo
    • UI Server Struct Definition
  • Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.
  • "Unencrypted" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated "unencrypted".
  • Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).
  • Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.
  • Cwtch Profile Engine Activation - starting/stopping a ProtocolEngine when requested by the UI, or in response to changes in ACN state.
  • UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.
  • File sharing restarts
  • UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn't directly embedded within the event (e.g. converting handle to a conversation id). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.
  • Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)
+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-stable-roadmap-update-june/index.html b/build-staging/blog/cwtch-stable-roadmap-update-june/index.html index 74a706c5..b4204023 100644 --- a/build-staging/blog/cwtch-stable-roadmap-update-june/index.html +++ b/build-staging/blog/cwtch-stable-roadmap-update-june/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Stable Roadmap Update

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the Cwtch Stable Roadmap

Back in March we extended and updated several goals from our January roadmap that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.

(✅ means complete, 🟡 means in-progress, 🕒 reprioritized)

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document ✅ - Release Process
    • A Cwtch Packaging Document ✅ - Packaging Documentation
    • Completion of documentation of existing Cwtch features, including relevant screenshots. 🟡 - new features are documented to the standards outlined in new documentation style guide, and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries ✅ - Building a Cwtch App
    • Automatically generated API documentation for libCwtch 🕒 - this effort has been delayed pending other higher priority work.
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. 🟡 - we have recently made a few updates to Repliqate to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team 🕒 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems 🟡 - we have already launched an environment for testing Tails. Other platforms are underway.
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

Next Steps, Refinements, Additional Work

As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments.

Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.

However, Cwtch Beta 1.12 featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.

The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.

We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Stable Roadmap Update

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the Cwtch Stable Roadmap

Back in March we extended and updated several goals from our January roadmap that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.

(✅ means complete, 🟡 means in-progress, 🕒 reprioritized)

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document ✅ - Release Process
    • A Cwtch Packaging Document ✅ - Packaging Documentation
    • Completion of documentation of existing Cwtch features, including relevant screenshots. 🟡 - new features are documented to the standards outlined in new documentation style guide, and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries ✅ - Building a Cwtch App
    • Automatically generated API documentation for libCwtch 🕒 - this effort has been delayed pending other higher priority work.
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. 🟡 - we have recently made a few updates to Repliqate to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team 🕒 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems 🟡 - we have already launched an environment for testing Tails. Other platforms are underway.
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

Next Steps, Refinements, Additional Work

As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments.

Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.

However, Cwtch Beta 1.12 featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.

The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.

We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-stable-roadmap-update/index.html b/build-staging/blog/cwtch-stable-roadmap-update/index.html index 48b27cbf..b3e373a1 100644 --- a/build-staging/blog/cwtch-stable-roadmap-update/index.html +++ b/build-staging/blog/cwtch-stable-roadmap-update/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Stable Roadmap Update

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the January Roadmap

Back in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:

(✅ means complete, 🟡 means in-progress, ❌ not started.)

  • By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). ✅
  • By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases. ✅
  • By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:
  • By 31st March 2023, the Cwtch team will have created:
    • a style guide for documentation, and ✅
    • have used it to ensure that all Cwtch features have consistent documentation available, 🟡
    • with at least one screenshot (where applicable). 🟡
  • By 31st March 2023 the Cwtch team will have published:
  • By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. ✅
  • By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team ❌
  • By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable ✅ (this post!)

While we didn't hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:

A Timeline for Cwtch Stable

Now for the big news, we plan on releasing a candidate Cwtch Stable release during Summer 2023. Here is our plan for getting there:

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document
    • A Cwtch Packaging Document
    • Completion of documentation of existing Cwtch features, including relevant screenshots.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries
    • Automatically generated API documentation for libCwtch
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Stable Roadmap Update

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the January Roadmap

Back in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:

(✅ means complete, 🟡 means in-progress, ❌ not started.)

  • By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). ✅
  • By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases. ✅
  • By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:
  • By 31st March 2023, the Cwtch team will have created:
    • a style guide for documentation, and ✅
    • have used it to ensure that all Cwtch features have consistent documentation available, 🟡
    • with at least one screenshot (where applicable). 🟡
  • By 31st March 2023 the Cwtch team will have published:
  • By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. ✅
  • By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team ❌
  • By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable ✅ (this post!)

While we didn't hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:

A Timeline for Cwtch Stable

Now for the big news, we plan on releasing a candidate Cwtch Stable release during Summer 2023. Here is our plan for getting there:

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document
    • A Cwtch Packaging Document
    • Completion of documentation of existing Cwtch features, including relevant screenshots.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries
    • Automatically generated API documentation for libCwtch
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/cwtch-testing-i/index.html b/build-staging/blog/cwtch-testing-i/index.html index 062c5cf5..ed4fd93e 100644 --- a/build-staging/blog/cwtch-testing-i/index.html +++ b/build-staging/blog/cwtch-testing-i/index.html @@ -12,14 +12,14 @@ - +
-

Notes on Cwtch UI Testing

· 5 min read
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

Current Limitations of Flutter Gherkin

The original flutter_gherkin is under semi-active development; however, the latest published versions don't support using it with flutter test.

  • Flutter Test was originally intended to run single widget/unit tests for a Flutter project.
  • Flutter Drive was originally intended to run integration tests on a device or an emulator.

However, in recent releases these lines have become blurred. The new integration_test package that comes built into newer Flutter releases has support for both flutter drive and flutter test. This was a great change because it decreases the required overhead to run larger integration tests (flutter drive sets up a host-controller model that requires a dedicated control channel to be setup, whereas flutter test can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).

There is thankfully code in the flutter_gherkin repository that supports running tests with flutter test, however this code currently has a few issues:

  • The test code generation produces code that doesn't compile without minor changes.
  • Certain functionality like "take a screenshot" does not work on desktop.

Additionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:

  • Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.
  • Certain Flutter widgets like DropdownButton are not compatible with built-in steps like tap because they internally contain multiple copies of the same widget.

Because of the above issues we have chosen to fork flutter_gherkin to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.

Integrating Tests into the Pipeline

One of the major limitations of flutter test is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.

Thankfully it is possible to use Xfvb to create a virtual framebuffer, and set DISPLAY to render to that buffer:

export DISPLAY=:99
Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &

This allows us to neutralize our main issue with flutter test, and efficiently run tests in our pipeline.

Catching Bugs!

This small amount of integration work has already caught its first bug.

Once we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. 02_save_load.feature simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on +

Notes on Cwtch UI Testing

· 5 min read
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

Current Limitations of Flutter Gherkin

The original flutter_gherkin is under semi-active development; however, the latest published versions don't support using it with flutter test.

  • Flutter Test was originally intended to run single widget/unit tests for a Flutter project.
  • Flutter Drive was originally intended to run integration tests on a device or an emulator.

However, in recent releases these lines have become blurred. The new integration_test package that comes built into newer Flutter releases has support for both flutter drive and flutter test. This was a great change because it decreases the required overhead to run larger integration tests (flutter drive sets up a host-controller model that requires a dedicated control channel to be setup, whereas flutter test can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).

There is thankfully code in the flutter_gherkin repository that supports running tests with flutter test, however this code currently has a few issues:

  • The test code generation produces code that doesn't compile without minor changes.
  • Certain functionality like "take a screenshot" does not work on desktop.

Additionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:

  • Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.
  • Certain Flutter widgets like DropdownButton are not compatible with built-in steps like tap because they internally contain multiple copies of the same widget.

Because of the above issues we have chosen to fork flutter_gherkin to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.

Integrating Tests into the Pipeline

One of the major limitations of flutter test is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.

Thankfully it is possible to use Xfvb to create a virtual framebuffer, and set DISPLAY to render to that buffer:

export DISPLAY=:99
Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &

This allows us to neutralize our main issue with flutter test, and efficiently run tests in our pipeline.

Catching Bugs!

This small amount of integration work has already caught its first bug.

Once we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. 02_save_load.feature simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on development environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.

The cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory $USER_HOME/Downloads didn't exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.

As we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!

Next Steps

  • More automated tests: We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.

  • More platforms: Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across our target platforms. We expect to start this work soon; expect more news in a future Cwtch Testing update!

  • More steps: One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the expect to see the message step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. send a file or set profile picture.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/blog/cwtch-testing-ii/index.html b/build-staging/blog/cwtch-testing-ii/index.html index 6070248d..dfede009 100644 --- a/build-staging/blog/cwtch-testing-ii/index.html +++ b/build-staging/blog/cwtch-testing-ii/index.html @@ -12,15 +12,15 @@ - +
-

Notes on Cwtch UI Testing (II)

· 2 min read
Sarah Jamie Lewis

In this development log, we investigate some text-based UI bugs encountered by Fuzzbot, add more automated UI tests to the pipeline, and announce a new release of the Cwtchbot library.

Constraining Cwtch UI Fields

Fuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this +

Notes on Cwtch UI Testing (II)

· 2 min read
Sarah Jamie Lewis

In this development log, we investigate some text-based UI bugs encountered by Fuzzbot, add more automated UI tests to the pipeline, and announce a new release of the Cwtchbot library.

Constraining Cwtch UI Fields

Fuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this doesn't pose a safety issue, it is unsightly.

Screenshot demonstrating how certain strings would violate the bounds of their containers.

These cases were fixed by parenting impacted elements in a Container with clip: hardEdge and decoration:BoxDecoration() (note that both of these are required as Container widgets in Flutter cannot set clipping logic without an associated decoration).

Now these clipped strings are tightly constrained to their container bounds.

These fixes are available in the latest Cwtch Nightly, and will be officially released in Cwtch 1.11.

More Automated UI Tests

We have added two new sets of automated UI tests to our pipeline:

  • 02: Global Settings - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. (PR: 628)
  • 04: Profile Management - these tests check that creating, unlocking, and deleting a profile work as expected. (PR: 632)

New Release of Cwtchbot

Cwtchbot has been updated to use the latest Cwtch 0.18.10 API.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/blog/cwtch-ui-reproducible-builds-linux/index.html b/build-staging/blog/cwtch-ui-reproducible-builds-linux/index.html index 14ab19c7..4af32ae5 100644 --- a/build-staging/blog/cwtch-ui-reproducible-builds-linux/index.html +++ b/build-staging/blog/cwtch-ui-reproducible-builds-linux/index.html @@ -3,7 +3,7 @@ -Cwtch UI Reproducible Builds (Linux) | The Cwtch Handbook +Progress Towards Reproducible UI Builds | The Cwtch Handbook @@ -12,13 +12,13 @@ - +
-

Cwtch UI Reproducible Builds (Linux)

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

- +

Progress Towards Reproducible UI Builds

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/feed.json b/build-staging/blog/feed.json index d9eea6e4..7ee5bd6a 100644 --- a/build-staging/blog/feed.json +++ b/build-staging/blog/feed.json @@ -6,9 +6,9 @@ "items": [ { "id": "https://docs.cwtch.im/blog/cwtch-ui-reproducible-builds-linux", - "content_html": "

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

\"A

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

", + "content_html": "

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

\"A

", "url": "https://docs.cwtch.im/blog/cwtch-ui-reproducible-builds-linux", - "title": "Cwtch UI Reproducible Builds (Linux)", + "title": "Progress Towards Reproducible UI Builds", "date_modified": "2023-07-14T00:00:00.000Z", "author": { "name": "Sarah Jamie Lewis" diff --git a/build-staging/blog/index.html b/build-staging/blog/index.html index 596d693e..4d055788 100644 --- a/build-staging/blog/index.html +++ b/build-staging/blog/index.html @@ -12,14 +12,14 @@ - +
-

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 min read
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

- + \ No newline at end of file diff --git a/build-staging/blog/page/2/index.html b/build-staging/blog/page/2/index.html index f666573b..a2675f4b 100644 --- a/build-staging/blog/page/2/index.html +++ b/build-staging/blog/page/2/index.html @@ -12,14 +12,14 @@ - +
-

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 5 min read
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 min read
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 18 min read
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 min read
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- + \ No newline at end of file diff --git a/build-staging/blog/path-to-cwtch-stable/index.html b/build-staging/blog/path-to-cwtch-stable/index.html index 2d126755..ce20d0b2 100644 --- a/build-staging/blog/path-to-cwtch-stable/index.html +++ b/build-staging/blog/path-to-cwtch-stable/index.html @@ -12,13 +12,13 @@ - +
-

Path to Cwtch Stable

· 10 min read
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

Tenets of Cwtch Stable

It is important to state that Cwtch Stable does not mean an end to Cwtch development. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:

  1. Consistent Interface – each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.
  2. Universal Availability and Cohesive Support – people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.
  3. Reproducible Builds – Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.
  4. Proven Security – we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.

Known Problems

To begin, let's outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.

  1. Lack of a Stable API for future feature development – while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)
  2. Special functionality in libCwtch-go – our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)
  3. libCwtch-rs partial support - we currently do not officially consider libCwtch-rs when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)
  4. Lack of Reproducible Pipelines - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)
  5. Lack of up to date, and translated, Security Documentation – the Cwtch security handbook is currently isolated from the rest of our documentation and doesn’t benefit from cross-linking, or translations. (Tenet 4)
  6. No Automated UI Tests – we put a lot of work into building out a testing framework for the UI, but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)
  7. Code Signing Provider – our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)
  8. Second-class Android Support - while we have put a lot of effort behind Android support across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)
  9. Lack of Fuzzing – while Fuzzbot sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)
  10. Lack of Formal Release Acceptance Process – currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to “unrelated” changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)
  11. Inconsistent Cwtch Information Discovery – our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)
  12. Incomplete Documentation – docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)

Plan of Action

Outside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:

  1. Define, Publish, and Implement a Cwtch Interface Specification Documentation – this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)
  2. Define, Publish, and Implement a Cwtch Release Process – this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)
  3. Define, Publish, and Implement a Cwtch Support Document - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)
  4. Define, Publish, and Implement a Cwtch Packaging Document - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)
  5. Define, Publish, and Implement a Reproducible Builds Document – this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)
  6. Expand the Cwtch Documentation Site – to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)
  7. Expand our Automated Testing to include UI and Fuzzing - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)
  8. Re-evaluate all Issues across all Cwtch related repositories – issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don’t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.
  9. Define a Stable Feature Set – there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)

Goals and Timelines

With all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:

  1. By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).
  2. By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.
  3. By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.
  4. By 31st March 2023, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).
  5. By 31st March 2023 the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.
  6. By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.
  7. By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.
  8. By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.

As these documents are written, and these goals met we will be posting them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, Cwtch development.

Help us get there!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Path to Cwtch Stable

· 10 min read
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

Tenets of Cwtch Stable

It is important to state that Cwtch Stable does not mean an end to Cwtch development. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:

  1. Consistent Interface – each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.
  2. Universal Availability and Cohesive Support – people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.
  3. Reproducible Builds – Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.
  4. Proven Security – we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.

Known Problems

To begin, let's outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.

  1. Lack of a Stable API for future feature development – while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)
  2. Special functionality in libCwtch-go – our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)
  3. libCwtch-rs partial support - we currently do not officially consider libCwtch-rs when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)
  4. Lack of Reproducible Pipelines - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)
  5. Lack of up to date, and translated, Security Documentation – the Cwtch security handbook is currently isolated from the rest of our documentation and doesn’t benefit from cross-linking, or translations. (Tenet 4)
  6. No Automated UI Tests – we put a lot of work into building out a testing framework for the UI, but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)
  7. Code Signing Provider – our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)
  8. Second-class Android Support - while we have put a lot of effort behind Android support across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)
  9. Lack of Fuzzing – while Fuzzbot sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)
  10. Lack of Formal Release Acceptance Process – currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to “unrelated” changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)
  11. Inconsistent Cwtch Information Discovery – our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)
  12. Incomplete Documentation – docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)

Plan of Action

Outside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:

  1. Define, Publish, and Implement a Cwtch Interface Specification Documentation – this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)
  2. Define, Publish, and Implement a Cwtch Release Process – this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)
  3. Define, Publish, and Implement a Cwtch Support Document - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)
  4. Define, Publish, and Implement a Cwtch Packaging Document - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)
  5. Define, Publish, and Implement a Reproducible Builds Document – this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)
  6. Expand the Cwtch Documentation Site – to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)
  7. Expand our Automated Testing to include UI and Fuzzing - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)
  8. Re-evaluate all Issues across all Cwtch related repositories – issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don’t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.
  9. Define a Stable Feature Set – there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)

Goals and Timelines

With all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:

  1. By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).
  2. By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.
  3. By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.
  4. By 31st March 2023, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).
  5. By 31st March 2023 the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.
  6. By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.
  7. By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.
  8. By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.

As these documents are written, and these goals met we will be posting them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, Cwtch development.

Help us get there!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/blog/rss.xml b/build-staging/blog/rss.xml index 1cb95412..be3f9732 100644 --- a/build-staging/blog/rss.xml +++ b/build-staging/blog/rss.xml @@ -10,11 +10,11 @@ en Copyright © ${new Date().getFullYear()} Open Privacy Research Society - <![CDATA[Cwtch UI Reproducible Builds (Linux)]]> + <![CDATA[Progress Towards Reproducible UI Builds]]> https://docs.cwtch.im/blog/cwtch-ui-reproducible-builds-linux https://docs.cwtch.im/blog/cwtch-ui-reproducible-builds-linux Fri, 14 Jul 2023 00:00:00 GMT - Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

]]> + Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

]]> cwtch cwtch-stable reproducible-builds diff --git a/build-staging/blog/tags/api/index.html b/build-staging/blog/tags/api/index.html index d2c3ae1f..b657876c 100644 --- a/build-staging/blog/tags/api/index.html +++ b/build-staging/blog/tags/api/index.html @@ -12,13 +12,13 @@ - +
-

One post tagged with "api"

View All Tags

· 18 min read
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

- +

One post tagged with "api"

View All Tags

· 18 min read
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

+ \ No newline at end of file diff --git a/build-staging/blog/tags/autobindings/index.html b/build-staging/blog/tags/autobindings/index.html index db08b7a6..adc532de 100644 --- a/build-staging/blog/tags/autobindings/index.html +++ b/build-staging/blog/tags/autobindings/index.html @@ -12,14 +12,14 @@ - +
-

2 posts tagged with "autobindings"

View All Tags

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

2 posts tagged with "autobindings"

View All Tags

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

- + \ No newline at end of file diff --git a/build-staging/blog/tags/bindings/index.html b/build-staging/blog/tags/bindings/index.html index 4033030d..0203d782 100644 --- a/build-staging/blog/tags/bindings/index.html +++ b/build-staging/blog/tags/bindings/index.html @@ -12,14 +12,14 @@ - +
-

5 posts tagged with "bindings"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

5 posts tagged with "bindings"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- + \ No newline at end of file diff --git a/build-staging/blog/tags/cwtch-stable/index.html b/build-staging/blog/tags/cwtch-stable/index.html index bd83d703..23a1b55b 100644 --- a/build-staging/blog/tags/cwtch-stable/index.html +++ b/build-staging/blog/tags/cwtch-stable/index.html @@ -12,14 +12,14 @@ - +
-

18 posts tagged with "cwtch-stable"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

18 posts tagged with "cwtch-stable"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 min read
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

- + \ No newline at end of file diff --git a/build-staging/blog/tags/cwtch-stable/page/2/index.html b/build-staging/blog/tags/cwtch-stable/page/2/index.html index 713c11d2..58544243 100644 --- a/build-staging/blog/tags/cwtch-stable/page/2/index.html +++ b/build-staging/blog/tags/cwtch-stable/page/2/index.html @@ -12,14 +12,14 @@ - +
-

18 posts tagged with "cwtch-stable"

View All Tags

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

18 posts tagged with "cwtch-stable"

View All Tags

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 5 min read
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 min read
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 18 min read
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 min read
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- + \ No newline at end of file diff --git a/build-staging/blog/tags/cwtch/index.html b/build-staging/blog/tags/cwtch/index.html index 5b3fbfd9..47764a00 100644 --- a/build-staging/blog/tags/cwtch/index.html +++ b/build-staging/blog/tags/cwtch/index.html @@ -12,14 +12,14 @@ - +
-

18 posts tagged with "cwtch"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

18 posts tagged with "cwtch"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 min read
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

- + \ No newline at end of file diff --git a/build-staging/blog/tags/cwtch/page/2/index.html b/build-staging/blog/tags/cwtch/page/2/index.html index 0f300060..f1fd3c48 100644 --- a/build-staging/blog/tags/cwtch/page/2/index.html +++ b/build-staging/blog/tags/cwtch/page/2/index.html @@ -12,14 +12,14 @@ - +
-

18 posts tagged with "cwtch"

View All Tags

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

18 posts tagged with "cwtch"

View All Tags

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 5 min read
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 min read
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 18 min read
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 min read
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- + \ No newline at end of file diff --git a/build-staging/blog/tags/developer-documentation/index.html b/build-staging/blog/tags/developer-documentation/index.html index b6894cdd..5e8323de 100644 --- a/build-staging/blog/tags/developer-documentation/index.html +++ b/build-staging/blog/tags/developer-documentation/index.html @@ -12,13 +12,13 @@ - +
-

2 posts tagged with "developer-documentation"

View All Tags

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

- +

2 posts tagged with "developer-documentation"

View All Tags

· 2 min read
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 min read
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

+ \ No newline at end of file diff --git a/build-staging/blog/tags/documentation/index.html b/build-staging/blog/tags/documentation/index.html index 09800eb8..480e80a1 100644 --- a/build-staging/blog/tags/documentation/index.html +++ b/build-staging/blog/tags/documentation/index.html @@ -12,13 +12,13 @@ - +
-

One post tagged with "documentation"

View All Tags
- +

One post tagged with "documentation"

View All Tags
+ \ No newline at end of file diff --git a/build-staging/blog/tags/index.html b/build-staging/blog/tags/index.html index 19a110c7..9e5635c3 100644 --- a/build-staging/blog/tags/index.html +++ b/build-staging/blog/tags/index.html @@ -12,13 +12,13 @@ - +
-

Tags

- +

Tags

+ \ No newline at end of file diff --git a/build-staging/blog/tags/libcwtch/index.html b/build-staging/blog/tags/libcwtch/index.html index 02820689..c72e7bf2 100644 --- a/build-staging/blog/tags/libcwtch/index.html +++ b/build-staging/blog/tags/libcwtch/index.html @@ -12,14 +12,14 @@ - +
-

2 posts tagged with "libcwtch"

View All Tags

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

2 posts tagged with "libcwtch"

View All Tags

· 5 min read
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

- + \ No newline at end of file diff --git a/build-staging/blog/tags/nightly/index.html b/build-staging/blog/tags/nightly/index.html index bb17ce04..cc43bfbe 100644 --- a/build-staging/blog/tags/nightly/index.html +++ b/build-staging/blog/tags/nightly/index.html @@ -12,14 +12,14 @@ - +
-

One post tagged with "nightly"

View All Tags

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

One post tagged with "nightly"

View All Tags

· 2 min read
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

- + \ No newline at end of file diff --git a/build-staging/blog/tags/planning/index.html b/build-staging/blog/tags/planning/index.html index 4bb0d3cb..c2e0cce3 100644 --- a/build-staging/blog/tags/planning/index.html +++ b/build-staging/blog/tags/planning/index.html @@ -12,13 +12,13 @@ - +
-

4 posts tagged with "planning"

View All Tags

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 18 min read
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 min read
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- +

4 posts tagged with "planning"

View All Tags

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 6 min read
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 18 min read
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 min read
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

+ \ No newline at end of file diff --git a/build-staging/blog/tags/release/index.html b/build-staging/blog/tags/release/index.html index 21e9362d..0129b77e 100644 --- a/build-staging/blog/tags/release/index.html +++ b/build-staging/blog/tags/release/index.html @@ -12,13 +12,13 @@ - +
-

2 posts tagged with "release"

View All Tags

· 3 min read
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

- +

2 posts tagged with "release"

View All Tags

· 3 min read
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

+ \ No newline at end of file diff --git a/build-staging/blog/tags/repliqate/index.html b/build-staging/blog/tags/repliqate/index.html index 98011bcd..560a3fdb 100644 --- a/build-staging/blog/tags/repliqate/index.html +++ b/build-staging/blog/tags/repliqate/index.html @@ -12,13 +12,13 @@ - +
-

3 posts tagged with "repliqate"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- +

3 posts tagged with "repliqate"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

+ \ No newline at end of file diff --git a/build-staging/blog/tags/reproducible-builds/index.html b/build-staging/blog/tags/reproducible-builds/index.html index 0f1a8fdb..854f44d4 100644 --- a/build-staging/blog/tags/reproducible-builds/index.html +++ b/build-staging/blog/tags/reproducible-builds/index.html @@ -12,13 +12,13 @@ - +
-

3 posts tagged with "reproducible-builds"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- +

3 posts tagged with "reproducible-builds"

View All Tags

· 5 min read
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 min read
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

+ \ No newline at end of file diff --git a/build-staging/blog/tags/security-handbook/index.html b/build-staging/blog/tags/security-handbook/index.html index 007dbe99..804804e9 100644 --- a/build-staging/blog/tags/security-handbook/index.html +++ b/build-staging/blog/tags/security-handbook/index.html @@ -12,13 +12,13 @@ - +
-

One post tagged with "security-handbook"

View All Tags
- +

One post tagged with "security-handbook"

View All Tags
+ \ No newline at end of file diff --git a/build-staging/blog/tags/support/index.html b/build-staging/blog/tags/support/index.html index 6544302d..55a84cf4 100644 --- a/build-staging/blog/tags/support/index.html +++ b/build-staging/blog/tags/support/index.html @@ -12,13 +12,13 @@ - +
-

3 posts tagged with "support"

View All Tags

· 5 min read
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 min read
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

- +

3 posts tagged with "support"

View All Tags

· 5 min read
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 min read
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

+ \ No newline at end of file diff --git a/build-staging/blog/tags/testing/index.html b/build-staging/blog/tags/testing/index.html index a4a5bd41..fd115a10 100644 --- a/build-staging/blog/tags/testing/index.html +++ b/build-staging/blog/tags/testing/index.html @@ -12,13 +12,13 @@ - +
-

2 posts tagged with "testing"

View All Tags

· 5 min read
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

- +

2 posts tagged with "testing"

View All Tags

· 5 min read
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

+ \ No newline at end of file diff --git a/build-staging/de/404.html b/build-staging/de/404.html index 22aec90b..b98bb91d 100644 --- a/build-staging/de/404.html +++ b/build-staging/de/404.html @@ -12,13 +12,13 @@ - +

Seite nicht gefunden

Wir konnten leider nicht finden, wonach du gesucht hast.

Bitte kontaktiere den/die Besitzer*in der Seite, die dich mit der ursprünglichen URL verlinkt hat, und teile mit, dass der Link nicht mehr funktioniert.

- + \ No newline at end of file diff --git a/build-staging/de/assets/js/0991cafe.15b4ddd6.js b/build-staging/de/assets/js/0991cafe.15b4ddd6.js deleted file mode 100644 index c958aa6b..00000000 --- a/build-staging/de/assets/js/0991cafe.15b4ddd6.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[5876],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var n=a(7294);function o(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function r(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function i(e){for(var t=1;t=0||(o[a]=e[a]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(o[a]=e[a])}return o}var s=n.createContext({}),c=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var a=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=c(a),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||r;return a?n.createElement(m,i(i({ref:t},p),{},{components:a})):n.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=a.length,i=new Array(r);i[0]=u;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[h]="string"==typeof e?e:o,i[1]=l;for(var c=2;c{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var n=a(7462),o=(a(7294),a(3905));const r={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/de/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5. Juli 2023",tags:[{label:"cwtch",permalink:"/de/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/de/blog/tags/cwtch-stable"},{label:"planning",permalink:"/de/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Cwtch UI Reproducible Builds (Linux)",permalink:"/de/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/de/blog/cwtch-nightly-1-12"}},s={authorsImageUrls:[void 0]},c=[{value:"Update on the Cwtch Stable Roadmap",id:"update-on-the-cwtch-stable-roadmap",level:2},{value:"Next Steps, Refinements, Additional Work",id:"next-steps-refinements-additional-work",level:2},{value:"Get Involved",id:"get-involved",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],p={toc:c},h="wrapper";function d(e){let{components:t,...r}=e;return(0,o.kt)(h,(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,o.kt)("strong",{parentName:"p"},"Beta")," to ",(0,o.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,o.kt)("p",null,"This post ",(0,o.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,o.kt)("p",null,(0,o.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})),(0,o.kt)("h2",{id:"update-on-the-cwtch-stable-roadmap"},"Update on the Cwtch Stable Roadmap"),(0,o.kt)("p",null,"Back in March we extended and updated several goals from ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/path-to-cwtch-stable"},"our January roadmap")," that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing."),(0,o.kt)("p",null,"(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A Cwtch Release Process Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/#official-releases"},"Release Process")),(0,o.kt)("li",{parentName:"ul"},"A Cwtch Packaging Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/"},"Packaging Documentation")),(0,o.kt)("li",{parentName:"ul"},"Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new ",(0,o.kt)("a",{parentName:"li",href:"/docs/contribute/documentation"},"documentation style guide"),", and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have also released developer-centric documentation including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A guide to building Cwtch-apps using official libraries \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/category/building-a-cwtch-app"},"Building a Cwtch App")),(0,o.kt)("li",{parentName:"ul"},"Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. "))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th June 2023")," the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"An implementation of ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129"},"Conversation Search")," \ud83d\udfe1 - currently in ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518"},"active development")),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27"},"Profile statuses")," and other associated information \u2705 - released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")),(0,o.kt)("li",{parentName:"ul"},"An update to the network handling code to allow for ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593"},"better Protocol Engine management")," \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12"),". We now believe these changes will be complete in Cwtch Beta 1.13."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st July 2023")," the Cwtch team will have completed several infrastructure upgrades including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/openprivacy/repliqate"},"Repliqate")," to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks."),(0,o.kt)("li",{parentName:"ul"},"Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below)."),(0,o.kt)("li",{parentName:"ul"},"New testing environments for F-droid, Whonix, Raspberry Pi and other ",(0,o.kt)("a",{parentName:"li",href:"/docs/getting-started/supported_platforms"},"partially supported systems")," \ud83d\udfe1 - we have already launched an environment for testing ",(0,o.kt)("a",{parentName:"li",href:"/docs/platforms/tails"},"Tails"),". Other platforms are underway."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st August 2023")," the Cwtch team will have a released Cwtch Stable Release Candidate:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable."),(0,o.kt)("li",{parentName:"ul"},"Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security."),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("strong",{parentName:"li"},"This does not mark an end to Cwtch development"),", or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.")))),(0,o.kt)("h2",{id:"next-steps-refinements-additional-work"},"Next Steps, Refinements, Additional Work"),(0,o.kt)("p",null,"As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. "),(0,o.kt)("p",null,"Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like."),(0,o.kt)("p",null,"However, ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")," featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing."),(0,o.kt)("p",null,"The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup."),(0,o.kt)("p",null,"We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards."),(0,o.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,o.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,o.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,o.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,o.kt)("h2",{id:"get-involved"},"Get Involved"),(0,o.kt)("p",null,"We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/developing"},"Developing Cwtch")," - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on."),(0,o.kt)("p",null,"We also also updated our guides on ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/translate"},"Translating Cwtch")," and ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/testing"},"Testing Cwtch"),"."),(0,o.kt)("p",null,"If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to ",(0,o.kt)("inlineCode",{parentName:"p"},"team@cwtch.im")," (or open an issue) with any questions. All types of contributions ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/stickers"},"are eligible for stickers"),"."),(0,o.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,o.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,o.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,o.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,o.kt)("p",null,"Donations of ",(0,o.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,o.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"A Photo of Cwtch Stickers",src:a(4515).Z,width:"1024",height:"768"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/0991cafe.3758bbb7.js b/build-staging/de/assets/js/0991cafe.3758bbb7.js new file mode 100644 index 00000000..734bc891 --- /dev/null +++ b/build-staging/de/assets/js/0991cafe.3758bbb7.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[5876],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var n=a(7294);function o(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function r(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function i(e){for(var t=1;t=0||(o[a]=e[a]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(o[a]=e[a])}return o}var s=n.createContext({}),c=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var a=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=c(a),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||r;return a?n.createElement(m,i(i({ref:t},p),{},{components:a})):n.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=a.length,i=new Array(r);i[0]=u;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[h]="string"==typeof e?e:o,i[1]=l;for(var c=2;c{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var n=a(7462),o=(a(7294),a(3905));const r={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/de/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5. Juli 2023",tags:[{label:"cwtch",permalink:"/de/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/de/blog/tags/cwtch-stable"},{label:"planning",permalink:"/de/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Progress Towards Reproducible UI Builds",permalink:"/de/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/de/blog/cwtch-nightly-1-12"}},s={authorsImageUrls:[void 0]},c=[{value:"Update on the Cwtch Stable Roadmap",id:"update-on-the-cwtch-stable-roadmap",level:2},{value:"Next Steps, Refinements, Additional Work",id:"next-steps-refinements-additional-work",level:2},{value:"Get Involved",id:"get-involved",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],p={toc:c},h="wrapper";function d(e){let{components:t,...r}=e;return(0,o.kt)(h,(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,o.kt)("strong",{parentName:"p"},"Beta")," to ",(0,o.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,o.kt)("p",null,"This post ",(0,o.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,o.kt)("p",null,(0,o.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})),(0,o.kt)("h2",{id:"update-on-the-cwtch-stable-roadmap"},"Update on the Cwtch Stable Roadmap"),(0,o.kt)("p",null,"Back in March we extended and updated several goals from ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/path-to-cwtch-stable"},"our January roadmap")," that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing."),(0,o.kt)("p",null,"(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A Cwtch Release Process Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/#official-releases"},"Release Process")),(0,o.kt)("li",{parentName:"ul"},"A Cwtch Packaging Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/"},"Packaging Documentation")),(0,o.kt)("li",{parentName:"ul"},"Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new ",(0,o.kt)("a",{parentName:"li",href:"/docs/contribute/documentation"},"documentation style guide"),", and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have also released developer-centric documentation including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A guide to building Cwtch-apps using official libraries \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/category/building-a-cwtch-app"},"Building a Cwtch App")),(0,o.kt)("li",{parentName:"ul"},"Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. "))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th June 2023")," the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"An implementation of ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129"},"Conversation Search")," \ud83d\udfe1 - currently in ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518"},"active development")),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27"},"Profile statuses")," and other associated information \u2705 - released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")),(0,o.kt)("li",{parentName:"ul"},"An update to the network handling code to allow for ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593"},"better Protocol Engine management")," \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12"),". We now believe these changes will be complete in Cwtch Beta 1.13."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st July 2023")," the Cwtch team will have completed several infrastructure upgrades including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/openprivacy/repliqate"},"Repliqate")," to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks."),(0,o.kt)("li",{parentName:"ul"},"Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below)."),(0,o.kt)("li",{parentName:"ul"},"New testing environments for F-droid, Whonix, Raspberry Pi and other ",(0,o.kt)("a",{parentName:"li",href:"/docs/getting-started/supported_platforms"},"partially supported systems")," \ud83d\udfe1 - we have already launched an environment for testing ",(0,o.kt)("a",{parentName:"li",href:"/docs/platforms/tails"},"Tails"),". Other platforms are underway."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st August 2023")," the Cwtch team will have a released Cwtch Stable Release Candidate:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable."),(0,o.kt)("li",{parentName:"ul"},"Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security."),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("strong",{parentName:"li"},"This does not mark an end to Cwtch development"),", or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.")))),(0,o.kt)("h2",{id:"next-steps-refinements-additional-work"},"Next Steps, Refinements, Additional Work"),(0,o.kt)("p",null,"As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. "),(0,o.kt)("p",null,"Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like."),(0,o.kt)("p",null,"However, ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")," featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing."),(0,o.kt)("p",null,"The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup."),(0,o.kt)("p",null,"We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards."),(0,o.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,o.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,o.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,o.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,o.kt)("h2",{id:"get-involved"},"Get Involved"),(0,o.kt)("p",null,"We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/developing"},"Developing Cwtch")," - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on."),(0,o.kt)("p",null,"We also also updated our guides on ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/translate"},"Translating Cwtch")," and ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/testing"},"Testing Cwtch"),"."),(0,o.kt)("p",null,"If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to ",(0,o.kt)("inlineCode",{parentName:"p"},"team@cwtch.im")," (or open an issue) with any questions. All types of contributions ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/stickers"},"are eligible for stickers"),"."),(0,o.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,o.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,o.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,o.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,o.kt)("p",null,"Donations of ",(0,o.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,o.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"A Photo of Cwtch Stickers",src:a(4515).Z,width:"1024",height:"768"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/291c70d7.1e94d9a9.js b/build-staging/de/assets/js/291c70d7.1e94d9a9.js deleted file mode 100644 index bf4e3f13..00000000 --- a/build-staging/de/assets/js/291c70d7.1e94d9a9.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[725],{9574:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"cwtch-ui-reproducible-builds-linux","metadata":{"permalink":"/de/blog/cwtch-ui-reproducible-builds-linux","source":"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md","title":"Cwtch UI Reproducible Builds (Linux)","description":"","date":"2023-07-14T00:00:00.000Z","formattedDate":"14. Juli 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/de/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"repliqate","permalink":"/de/blog/tags/repliqate"}],"readingTime":4.06,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Reproducible Builds (Linux)","description":"","slug":"cwtch-ui-reproducible-builds-linux","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update-june"}},"content":"Earlier this year we talked about the changes we have made to make [Cwtch Bindings Reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible).\\n\\nIn this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. \\n\\nThis will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Building the Cwtch UI\\n\\nThe official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the `stable` channel.\\n\\nAll builds are conducted through the `flutter` tool e.g. `flutter build`. We inject two build flags as part of the official build `VERSION` and `COMMIT_DATE`:\\n\\n\\t\\tflutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\\n\\nThese flags are defined to be identical to Cwtch Bindings. `VERSION` is the latest git tag: `git describe --tags --abbrev=1` and `COMMIT_DATE` is the date of the latest commit on the branch ``echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE``\\n\\nAll Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in `LIBCWTCH-GO.version`, and fetched via the fetch-libcwtch scripts).\\n\\nThe binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.\\n\\n## Changes we made for reproducible builds\\n\\nFor reproducible linux builds we had to modify the generated `linux/CMakeLists.txt` file to include the following compiler and linker flags:\\n\\n* `-fno-ident` - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.\\n* `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts\\n* `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.\\n\\nWe also define a new [link script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections.\\n\\n### Tar Archives\\n\\nFinally, following the [guide at https://reproducible-builds.org/docs/archives/](https://reproducible-builds.org/docs/archives/) we defined standard metadata for the generated Tar archives to make them also reproducible.\\n\\n## Limitations and Next Steps\\n\\nThe above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script\\n\\nHowever, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others.\\n\\nIn order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.\\n\\n### Pinned Dependencies\\n\\nWhile our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. \\n\\nThe major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). \\n\\nHowever this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n\\n## Stay up to date!\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development."},{"id":"cwtch-stable-roadmap-update-june","metadata":{"permalink":"/de/blog/cwtch-stable-roadmap-update-june","source":"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","date":"2023-07-05T00:00:00.000Z","formattedDate":"5. Juli 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/de/blog/tags/planning"}],"readingTime":5.26,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","slug":"cwtch-stable-roadmap-update-june","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Reproducible Builds (Linux)","permalink":"/de/blog/cwtch-ui-reproducible-builds-linux"},"nextItem":{"title":"Cwtch Beta 1.12","permalink":"/de/blog/cwtch-nightly-1-12"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the Cwtch Stable Roadmap\\n\\nBack in March we extended and updated several goals from [our January roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document \u2705 - [Release Process](https://docs.cwtch.im/developing/release/#official-releases)\\n - A Cwtch Packaging Document \u2705 - [Packaging Documentation](https://docs.cwtch.im/developing/release/)\\n - Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new [documentation style guide](/docs/contribute/documentation), and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries \u2705 - [Building a Cwtch App](https://docs.cwtch.im/developing/category/building-a-cwtch-app)\\n - Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. \\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129) \ud83d\udfe1 - currently in [active development](https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information \u2705 - released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12)\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593) \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12). We now believe these changes will be complete in Cwtch Beta 1.13.\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms) \ud83d\udfe1 - we have already launched an environment for testing [Tails](/docs/platforms/tails). Other platforms are underway.\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\n\\n## Next Steps, Refinements, Additional Work\\n\\nAs you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. \\n\\nOther work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.\\n\\nHowever, [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12) featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.\\n\\nThe work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.\\n\\nWe are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-12","metadata":{"permalink":"/de/blog/cwtch-nightly-1-12","source":"@site/blog/2023-06-16-cwtch-1.12.md","title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","date":"2023-06-16T00:00:00.000Z","formattedDate":"16. Juni 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"release","permalink":"/de/blog/tags/release"}],"readingTime":2.455,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","slug":"cwtch-nightly-1-12","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog13_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update-june"},"nextItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/de/blog/cwtch-nightly-v.11-74"}},"content":"[Cwtch 1.12 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new features like [profile attributes](https://docs.cwtch.im/docs/profiles/profile-info), support for new platforms like [Tails](https://docs.cwtch.im/docs/platforms/tails), and multiple improvements to performance and stability.\\n\\n![](/img/devlog13.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic1.12.png)](/img/picnic1.12.png)\\n\\n
A screenshot of Cwtch 1.12
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Profile Attributes** - profiles can now be augmented with [additional public information](https://docs.cwtch.im/docs/profiles/profile-info)\\n - **Availability Status** - you can now notify contacts that you [are **away** or **busy**](https://docs.cwtch.im/docs/profiles/availability-status)\\n - **Five New Supported Localizations**: **Japanese**, **Korean**, **Slovak**, **Swahili** and **Swedish**\\n - **Support for Tails** - adds an [OnionGrater](https://docs.cwtch.im/docs/platforms/tails) configuration and a new `CWTCH_TAILS` environment variable that enables special Tor behaviour.\\n- **Bug Fixes / Improvements:**\\n - Based on Flutter 3.10\\n - Inter is now the main UI font\\n - New Font Scaling setting\\n - New Network Management code to better manage Tor on unstable networks\\n - File Sharing Experiment Fixes\\n \\t- Fix performance issues for file bubble\\n \\t- Allow restarting of file shares that have timed out\\n \\t- Fix NPE in FileBubble caused by deleting the underlying file\\n \\t- Move from RetVal to UpdateConversationAttributes to minimze UI thread issues\\n - Updates to Linux install scripts to support more distributions\\n - Add a Retry Peer connection to prioritize connection attempts for certain conversations\\n - Updates to `_FlDartProject` to allow custom setting of Flutter asset paths\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Slovak**, **Spanish**, **Swahili**, **Swedish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Japanese** (29%), **Korean** (23%), **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n## Reproducible Bindings\\n\\nCwtch 1.12 is based on libCwtch version `libCwtch-autobindings-2023-06-13-10-50-v0.0.5`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-v.11-74","metadata":{"permalink":"/de/blog/cwtch-nightly-v.11-74","source":"@site/blog/2023-06-07-new-nightly.md","title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","date":"2023-06-07T00:00:00.000Z","formattedDate":"7. Juni 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/de/blog/tags/developer-documentation"}],"readingTime":1.845,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","slug":"cwtch-nightly-v.11-74","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog10_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.12","permalink":"/de/blog/cwtch-nightly-1-12"},"nextItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/de/blog/cwtch-developer-documentation"}},"content":"We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog10.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-06-05-17-36-v1.11.0-74-g0406](https://build.openprivacy.ca/files/flwtch-2023-06-05-17-36-v1.11.0-74-g0406/).\\n\\nThis version has a large number of improvements and bug fixes including:\\n\\n* A new Font Scaling setting\\n* Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.\\n* Updated UI font styles\\n* Dependency updates, including a new base of Flutter 3.10.\\n* A fix for stuck file downloading notifications on Android\\n* A fix for missing profile images in certain edge cases on Android\\n* Japanese, Swedish, and Swahili translation options\\n* A new retry peer connection button for prompting Cwtch to prioritize specific connections\\n* [Tails support](/docs/platforms/tails)\\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-developer-documentation","metadata":{"permalink":"/de/blog/cwtch-developer-documentation","source":"@site/blog/2023-04-28-developer-docs.md","title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","date":"2023-04-28T00:00:00.000Z","formattedDate":"28. April 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/de/blog/tags/developer-documentation"}],"readingTime":2.595,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","slug":"cwtch-developer-documentation","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/de/blog/cwtch-nightly-v.11-74"},"nextItem":{"title":"Availability Status and Profile Attributes","permalink":"/de/blog/availability-status-profile-attributes"}},"content":"One of the larger remaining goals outlined in our [Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents. \\n\\nIn this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!\\n\\nWe are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog9.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Cwtch Development Handbook\\n\\nWe have created a new documentation section, [the developers handbook](/developing/intro). This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).\\n\\n### Release and Packaging Process\\n\\nThe new handbook features a breakdown of [Cwtch release processes](/developing/release) - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.\\n\\n### Cwtch Application Development and Cwtchbot v0.1.0!\\n\\nFor the first time ever we now have [comprehensive documentation on how to build a Cwtch Application](/developing/category/building-a-cwtch-app). This section of the development handbook covers everything from [choosing a Cwtch library](/developing/building-a-cwtch-app/intro#choosing-a-cwtch-library), to [building your first application](/developing/building-a-cwtch-app/building-an-echobot).\\n\\nTogether with this new documentation we have also [released version 0.1 of the Cwtchbot framework](https://git.openprivacy.ca/sarah/cwtchbot), updating calls to use the [new Cwtch Stable API](/blog/cwtch-stable-api-design).\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-04-26-20-57-v1.11.0-33-gb4371](https://build.openprivacy.ca/files/flwtch-2023-04-26-20-57-v1.11.0-33-gb4371/).\\n\\nThis version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the [in-development Tails support](/docs/platforms/tails). \\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"availability-status-profile-attributes","metadata":{"permalink":"/de/blog/availability-status-profile-attributes","source":"@site/blog/2023-04-06-availability-and-profile-attributes.md","title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","date":"2023-04-06T00:00:00.000Z","formattedDate":"6. April 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"nightly","permalink":"/de/blog/tags/nightly"}],"readingTime":1.445,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","slug":"availability-status-profile-attributes","tags":["cwtch","cwtch-stable","nightly"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/de/blog/cwtch-developer-documentation"},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update"}},"content":"Two new Cwtch features are now available to test in nightly: [Availability Status](/docs/profiles/availability-status) and [Profile Information](/docs/profiles/profile-info).\\n\\nAdditionally, we have also published draft guidance on [running Cwtch on Tails](/docs/platforms/tails) that we would like volunteers to test and report back on.\\n \\nThe Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like\\nours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Availability Status\\n\\nNew in this nightly is the ability to notify your conversations that you are \\"Away\\" or \\"Busy\\".\\n\\n
\\n\\n[![](/img/profiles/status-tooltip-busy-set.png)](/img/profiles/status-tooltip-busy-set.png)\\n\\n
\\n
\\n\\nRead more: [Availability Status](/docs/profiles/availability-status)\\n\\n## Profile Attributes\\n\\nAlso new is the ability to augment your profile with a few small pieces of **public** information.\\n\\n
\\n\\n[![](/img/profiles/attributes-set.png)](/img/profiles/attributes-set.png)\\n\\n
\\n
\\n\\nRead more: [Profile Information](/docs/profiles/profile-info)\\n \\n## Downloading the Nightly\\n\\n[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-18-28-v1.11.0-7-g0290** are available below.\\n\\n* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/)\\n* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n* Mac: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/)\\n* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update","metadata":{"permalink":"/de/blog/cwtch-stable-roadmap-update","source":"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","date":"2023-03-31T00:00:00.000Z","formattedDate":"31. M\xe4rz 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/de/blog/tags/planning"}],"readingTime":5.61,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","slug":"cwtch-stable-roadmap-update","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Availability Status and Profile Attributes","permalink":"/de/blog/availability-status-profile-attributes"},"nextItem":{"title":"Cwtch Beta 1.11","permalink":"/de/blog/cwtch-nightly-1-11"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap](/blog/path-to-cwtch-stable) we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the January Roadmap\\n\\nBack in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \u274c not started.)\\n\\n- By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). \u2705\\n- By **1st February 2023**, the Cwtch team will have [finalized a feature set that defines Cwtch Stable](/blog/cwtch-stable-api-design) and established a timeline for including these features in upcoming Cwtch Beta releases. \u2705\\n- By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:\\n - [Security and Design Documents](/security/intro) \u2705\\n - Infrastructure and [Support](/docs/getting-started/supported_platforms) \ud83d\udfe1\\n - in addition to a new development blog. \u2705\\n- By **31st March 2023**, the Cwtch team will have created:\\n - a [style guide for documentation](/docs/contribute/documentation), and \u2705\\n - have used it to ensure that all Cwtch features have consistent documentation available, \ud83d\udfe1\\n - with at least one screenshot (where applicable). \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have published: \\n - a Cwtch [Interface Specification Document](/blog/cwtch-stable-api-design) \u2705\\n - a Cwtch Release Process Document \ud83d\udfe1\\n - a Cwtch [Support Plan document](/blog/cwtch-platform-support) \u2705\\n - a Cwtch Packaging Document \ud83d\udfe1\\n - a document describing the [Reproducible Builds Process](/blog/cwtch-bindings-reproducible) \u2705\\n - These documents will be available on the newly expanded Cwtch Documentation website \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. \u2705\\n- By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \u274c\\n- By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable \u2705 (this post!)\\n\\nWhile we didn\'t hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:\\n\\n* [Cwtch Autobindings](/blog/autobindings) with [compile-time optional experiments](/blog/autobindings-ii)\\n* [Cwtch 1.11](/blog/cwtch-nightly-1-11) - with support for reproducible bindings, two new localizations (Slovak and Korean), in addition to a myriad of bug fixes and performance improvements.\\n* [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) - a tool for testing and confirming reproducible builds processes based on Qemu, and a Debian Cloud image.\\n\\n## A Timeline for Cwtch Stable\\n\\nNow for the big news, we plan on releasing a candidate Cwtch Stable release during **Summer 2023**. Here is our plan for getting there:\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document\\n - A Cwtch Packaging Document\\n - Completion of documentation of existing Cwtch features, including relevant screenshots.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries\\n - Automatically generated API documentation for libCwtch\\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593)\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms)\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-11","metadata":{"permalink":"/de/blog/cwtch-nightly-1-11","source":"@site/blog/2023-03-29-cwtch-1.11.md","title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","date":"2023-03-29T00:00:00.000Z","formattedDate":"29. M\xe4rz 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"release","permalink":"/de/blog/tags/release"}],"readingTime":2.365,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","slug":"cwtch-nightly-1-11","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog12_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update"},"nextItem":{"title":"Updates to Cwtch Documentation","permalink":"/de/blog/cwtch-documentation"}},"content":"[Cwtch 1.11 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new [reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) and [automatically generated](https://docs.cwtch.im/blog/autobindings) bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.\\n\\n![](/img/devlog12.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic.png)](/img/picnic.png)\\n\\n
A screenshot of Cwtch 1.11
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Based on new Reproducible Cwtch Stable Autobuilds** - this is the first release of cwtch based on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) in addition to our new [automatically generated](https://docs.cwtch.im/blog/autobindings)\\n - **Two New Supported Localizations**: **Slovak** and **Korean**\\n- **Bug Fixes / Improvements:**\\n - When preserving a message draft, quoted messages are now also saved\\n - Layout issues caused by pathological unicode are now prevented\\n - Improved performance of message row rendering\\n - Clickable Links: Links in replies are now selectable\\n - Clickable Links: Fixed error when highlighting certain URIs \\n - File Downloading: Fixes for file downloading and exporting on 32bit Android devices\\n - Server Hosting: Fixes for several layout issues\\n - Build pipeline now runs automated UI tests\\n - Fix issues caused by scrollbar controller overriding\\n - Initial support for the Blodeuwedd Assistant (currently compile-time disabled)\\n - Cwtch Library:\\n - [New Stable Cwtch Peer API](/blog/cwtch-stable-api-design)\\n - Ported File Downloading and Image Previews experiments into Cwtch\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Spanish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n\\n\\n## Reproducible Bindings\\n\\nCwtch 1.11 is based on libCwtch version `2023-03-16-15-07-v0.0.3-1-g50c853a`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-documentation","metadata":{"permalink":"/de/blog/cwtch-documentation","source":"@site/blog/2023-03-10-cwtch-documentation.md","title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","date":"2023-03-10T00:00:00.000Z","formattedDate":"10. M\xe4rz 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"documentation","permalink":"/de/blog/tags/documentation"},{"label":"security-handbook","permalink":"/de/blog/tags/security-handbook"}],"readingTime":2.57,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","slug":"cwtch-documentation","tags":["cwtch","cwtch-stable","documentation","security-handbook"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.11","permalink":"/de/blog/cwtch-nightly-1-11"},"nextItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/de/blog/autobindings-ii"}},"content":"One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.\\n\\n![](/img/devlog9.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Cwtch Secure Development Handbook\\n \\nOne of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.\\n\\nWe have [now ported the the handbook to this documentation site](/security/intro), along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation. \\n\\n## Volunteer Development\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Next Steps\\n\\nWe still have more work to do on the documentation front:\\n\\n* Ensuring all pages [implement the new documentation style guide](/docs/contribute/documentation), and include appropriate screenshots and descriptions.\\n* Expanding the security handbook to provide information on [reproducible builds](/blog/cwtch-bindings-reproducible), [the new Cwtch Stable API](/blog/cwtch-stable-api-design) and upcoming improvements around fuzz testing.\\n* Creating new documentation sections on the [libCwtch autobindings API](/blog/autobindings) and building applications on top of Cwtch.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings-ii","metadata":{"permalink":"/de/blog/autobindings-ii","source":"@site/blog/2023-03-03-autobindings-optional-experiments.md","title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","date":"2023-03-03T00:00:00.000Z","formattedDate":"3. M\xe4rz 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"autobindings","permalink":"/de/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/de/blog/tags/libcwtch"}],"readingTime":4.655,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","slug":"autobindings-ii","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Updates to Cwtch Documentation","permalink":"/de/blog/cwtch-documentation"},"nextItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/de/blog/autobindings"}},"content":"[Last time we looked at autobindings](https://docs.cwtch.im/blog/autobindings) we mentioned that one of the next steps was introducing support for **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)**. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## The Structure of an Application Experiment\\n\\nAn application-level experiment consists of:\\n\\n1. A set of top-level APIs, e.g. `CreateServer`, `LoadServer`, `DeleteServer` - these are the APIs that we want to expose to calling applications.\\n2. An encapsulating structure for the set of APIs, e.g. `ServersFunctionality` - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.\\n3. A global variable that exists at the top level of libCwtch, e.g. `var serverExperiment *servers.ServersFunctionality servers` - our single pointer to the underlying functionality.\\n4. A set of management-related APIs, e.g. `Init`, `UpdateSettings`, `OnACNEvent` - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are\\nchanged (e.g. if the server hosting experiment is disabled we need to tear down all active servers).\\n5. Management code within `_startCwtch` and `_reconnectCwtch` that calls the management APIs on the global variable.\\n\\nFrom a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead\\nof on `application` or a specific `profile`.\\n\\nMost of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.\\n\\n### New Required Management APIs\\n\\nTo achieve this weaving, we now require application-level experiments to implement an `EventHandlerInterface` interface and expose itself via an\\ninitialize constructor `Init(acn, appDir) -> EventHandlerInterface`, and `Enable(app, acn)`.\\n\\nFor now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.\\n\\nWe can then generate, and optionally include blocks of code like:\\n\\n\\t\\t = .Init(&globalACN, appDir)\\n\\t\\teventHandler.AddModule()\\n\\t\\t.Enable(application, &globalACN)\\n\\nand place them at specific points in the code. `EventHandler` has also been extended to maintain a collection of `modules` so that it can\\npass on interesting events.\\n\\n### Adding Support for Application Experiments in the Spec File\\n\\nWe have introduced a new `!` operator which can be used to gate APIs behind a configured experiment. Along with a new\\ntemplating option `exp` which will call the function on the configured experiment, and `global` to allow the setting up\\nof a global functionality within the library.\\n\\n\\t\\t# Server Hosting Experiment\\n\\t\\t!serverExperiment import \\"git.openprivacy.ca/cwtch.im/cwtch-autobindings/experiments/servers\\"\\n\\t\\t!serverExperiment global serverExperiment *servers.ServersFunctionality servers\\n\\t\\t!serverExperiment exp CreateServer application password string:description bool:autostart\\n\\t\\t!serverExperiment exp SetServerAttribute application string:handle string:key string:val\\n\\t\\t!serverExperiment exp LoadServers application acn password\\n\\t\\t!serverExperiment exp LaunchServers application acn\\n\\t\\t!serverExperiment exp LaunchServer application string:handle\\n\\t\\t!serverExperiment exp StopServer application string:handle\\n\\t\\t!serverExperiment exp StopServers application\\n\\t\\t!serverExperiment exp DestroyServers\\n\\t\\t!serverExperiment exp DeleteServer application string:handle password\\n\\n### Generation-Time Inclusion\\n\\n Without any arguments provided `generate-bindings` will not generate code for any experiments.\\n\\n In order to determine what experimental code to generate, `generate-bindings` now interprets arguments as enabled compile time experiments, e.g. `generate-bindings serverExperiment` will turn on\\n generation of server hosting code, per the spec file above.\\n\\n### Cwtch UI Integration\\n\\nThe UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. `c_LoadServers` - if it doesn\'t then the UI is safe to assume the\\nfeature is not available.\\n\\n
\\n\\n![](/img/dev9-host-disabled.png)\\n\\n
A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.
\\n
\\n\\n## Nightlies & Next Steps\\n\\nWe are now publishing [nightlies](https://build.openprivacy.ca/files/libCwtch-autobindings-v0.0.2/) of autobinding derived libCwtch-go, along with [Repliqate scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.2) for reproducibility.\\n\\nWith application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced\\nin the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.\\n\\nHowever, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:\\n\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs).\\n * **Documentation generation**: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings","metadata":{"permalink":"/de/blog/autobindings","source":"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md","title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","date":"2023-02-24T00:00:00.000Z","formattedDate":"24. Februar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"autobindings","permalink":"/de/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/de/blog/tags/libcwtch"}],"readingTime":4.545,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","slug":"autobindings","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/de/blog/autobindings-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/de/blog/cwtch-testing-ii"}},"content":"The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of\\nwhat the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to **automatically generate** these bindings: [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings).\\n\\nThis this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the [path to Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable).\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## A Brief History of Cwtch Bindings\\n\\nPrior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by [therecipe/qt](https://github.com/therecipe/qt). However, after encountering numerous\\ncrash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.\\n\\nAs part of early prototyping efforts for Flutter we built out a first version of [libCwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go), and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.\\n\\nThis approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular [experimental features](https://docs.cwtch.im/blog/cwtch-stable-api-design#the-cwtch-experiment-landscape) - handle settings, [duplication of logic between Cwtch and libCwtch-go](https://docs.cwtch.im/blog/cwtch-stable-api-design#bindings), and [special behaviour in libCwtch-go that better belongs in the core Cwtch library](https://docs.cwtch.im/blog/cwtch-stable-api-design#appendix-a-special-behaviour-defined-by-libcwtch-go).\\n\\nAs part of a broader effort to [refine the Cwtch API in preparation for Cwtch Stable](https://docs.cwtch.im/blog/cwtch-stable-api-design) we have taken the opportunity to fix many of these problems.\\n\\n## Cwtch Autobindings\\n\\nThe current `lib.go` file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the `BlockContact` API implementation is:\\n\\n\\t//export c_BlockContact\\n\\tfunc c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {\\n\\t\\tBlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))\\n\\t}\\n\\n\\tfunc BlockContact(profileOnion string, conversationID int) {\\n\\t\\tprofile := application.GetPeer(profileOnion)\\n\\t\\tif profile != nil {\\n\\t\\t\\tprofile.BlockConversation(conversationID)\\n\\t\\t}\\n\\t}\\n\\nAll that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.\\n\\nIn the new [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings) we reduce these multiple lines to [a single one](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec#L19):\\n\\n\\tprofile BlockConversation conversation\\n\\nDefining a `profile`-level function, called `BlockConversation` which takes in a single parameter of type `conversation`.\\n\\nUsing a similar boilerplate-reduction for the reset of `lib.go` yields [5-basic function prototypes](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/README.md#spec-file-format):\\n\\n* Application-level functions e.g. `CreateProfile`\\n* Profile-level functions e.g. `BlockConversation`\\n* Profile-level functions that return data e.g. `GetMessage`\\n* Experimental Profile-level feature functions e.g. `DownloadFile`\\n* Experimental Profile-level feature functions that return data e.g. `ShareFile`\\n\\nOnce aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be [described in fewer than 50 lines, including comments](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec). Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).\\n\\n## Next Steps\\n\\nCwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:\\n\\n * **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)** (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on `cwtch-server`). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don\'t support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart-side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs)\\n * **Documentation generation**: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n * **Cwtch API**: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the [Cwtch Stable API redesign](https://docs.cwtch.im/blog/cwtch-stable-api-design). In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-ii","metadata":{"permalink":"/de/blog/cwtch-testing-ii","source":"@site/blog/2023-02-17-cwtch-testing-ii.md","title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","date":"2023-02-17T00:00:00.000Z","formattedDate":"17. Februar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"support","permalink":"/de/blog/tags/support"},{"label":"testing","permalink":"/de/blog/tags/testing"}],"readingTime":1.75,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","slug":"cwtch-testing-ii","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog7_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/de/blog/autobindings"},"nextItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/de/blog/cwtch-android-reproducibility"}},"content":"In this development log, we investigate some text-based UI bugs encountered by [Fuzzbot](https://docs.cwtch.im/docs/contribute/testing#running-fuzzbot), add more [automated UI tests](/blog/cwtch-testing-i) to the pipeline, and announce a new release of the Cwtchbot library.\\n\\n![](/img/devlog7.png)\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Constraining Cwtch UI Fields\\n\\nFuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this\\ndoesn\'t pose a safety issue, it is unsightly.\\n\\n
\\n\\n[![](/img/dl7-before.png)](/img/dl7-before.png)\\n\\n
Screenshot demonstrating how certain strings would violate the bounds of their containers.
\\n
\\n\\nThese cases were fixed by parenting impacted elements in a `Container` with `clip: hardEdge` and `decoration:BoxDecoration()` (note that both of these are required as Container widgets in Flutter cannot set clipping logic\\nwithout an associated decoration).\\n\\n
\\n\\n[![](/img/dl7-after.png)](/img/dl7-after.png)\\n\\n
Now these clipped strings are tightly constrained to their container bounds.
\\n
\\n\\nThese fixes are available in the [latest Cwtch Nightly](/docs/contribute/testing#cwtch-nightlies), and will be officially released in Cwtch 1.11.\\n\\n## More Automated UI Tests\\n\\nWe have added two new sets of automated UI tests to our pipeline:\\n\\n- *02: Global Settings* - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. ([PR: 628](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/628))\\n- *04: Profile Management* - these tests check that creating, unlocking, and deleting a profile work as expected. ([PR: 632](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/632))\\n\\n## New Release of Cwtchbot\\n\\n[Cwtchbot](https://git.openprivacy.ca/sarah/cwtchbot) has been updated to use the latest Cwtch 0.18.10 API.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-android-reproducibility","metadata":{"permalink":"/de/blog/cwtch-android-reproducibility","source":"@site/blog/2023-02-10-android-reproducibility.md","title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","date":"2023-02-10T00:00:00.000Z","formattedDate":"10. Februar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/de/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"repliqate","permalink":"/de/blog/tags/repliqate"}],"readingTime":2.92,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","slug":"cwtch-android-reproducibility","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog6_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/de/blog/cwtch-testing-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing","permalink":"/de/blog/cwtch-testing-i"}},"content":"In this development log, we continue our previous work on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible), uncovering the final few sources of variation between our [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!\\n\\n![](/img/devlog6.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Changes Necessary for Reproducible Android Bindings\\n\\nAfter a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:\\n\\n- **Insufficient path stripping introduced by Android NDK tools** - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 [changed the binutils and default linker](https://github.com/android/ndk/wiki/Changelog-r22) to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our [long term support plan](https://docs.cwtch.im/blog/cwtch-platform-support), we will be moving towards adopting the latest NDK in the future.\\n- **Paths in DWARF entries** - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.\\n\\n
\\n\\n[![](/img/aar-diff.png)](/img/aar-diff.png)\\n\\n
Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
\\n
\\n\\n- **Go Compiler Acquisition** - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there *was* a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.\\n\\n## Repliqate Scripts\\n\\nWith those issues now fixed, Cwtch Android bindings are **officially reproducible!** The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under [cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script) in the [Cwtch Repliqate scripts repository](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/).\\n\\nThis is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-i","metadata":{"permalink":"/de/blog/cwtch-testing-i","source":"@site/blog/2023-02-03-cwtch-testing-i.md","title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","date":"2023-02-03T00:00:00.000Z","formattedDate":"3. Februar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"support","permalink":"/de/blog/tags/support"},{"label":"testing","permalink":"/de/blog/tags/testing"}],"readingTime":4.74,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","slug":"cwtch-testing-i","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog5_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/de/blog/cwtch-android-reproducibility"},"nextItem":{"title":"Cwtch UI Platform Support","permalink":"/de/blog/cwtch-platform-support"}},"content":"We first [introduced UI tests last January](https://openprivacy.ca/discreet-log/23-cucumber-testing/). At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.\\n\\nOne of the main threads of work that needs to be complete early in the [Cwtch Stable roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.\\n\\n![](/img/devlog5.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Current Limitations of Flutter Gherkin\\n\\nThe original [flutter_gherkin](https://pub.dev/packages/flutter_gherkin) is under semi-active development; however, the latest published versions don\'t support using it with `flutter test`.\\n\\n- **Flutter Test** was originally intended to run single widget/unit tests for a Flutter project.\\n- **Flutter Drive** was originally intended to run integration tests *on a device or an emulator*.\\n\\nHowever, in recent releases these lines have become blurred. The new [integration_test](https://docs.flutter.dev/testing/integration-tests) package that comes built into newer Flutter releases has support for both `flutter drive` and `flutter test`. This was a great change because it decreases the required overhead to run larger integration tests (`flutter drive` sets up a host-controller model that requires a dedicated control channel to be setup, whereas `flutter test` can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).\\n\\nThere is thankfully code in the `flutter_gherkin` repository that supports running tests with `flutter test`, however this code currently has a few issues:\\n\\n- The test code generation produces code that doesn\'t compile without minor changes.\\n- Certain functionality like \\"take a screenshot\\" does not work on desktop.\\n\\nAdditionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:\\n\\n- Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.\\n- Certain Flutter widgets like `DropdownButton` are not compatible with built-in steps like `tap` because they internally contain multiple copies of the same widget.\\n\\nBecause of the above issues we have chosen to [fork flutter_gherkin](https://git.openprivacy.ca/openprivacy/flutter_gherkin) to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.\\n\\n## Integrating Tests into the Pipeline\\n\\nOne of the major limitations of `flutter test` is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.\\n\\nThankfully it is possible to use [Xfvb](https://en.wikipedia.org/wiki/Xvfb) to create a virtual framebuffer, and set `DISPLAY` to render to that buffer:\\n\\n export DISPLAY=:99\\n Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &\\n\\nThis allows us to neutralize our main issue with `flutter test`, and efficiently run tests in our pipeline.\\n\\n## Catching Bugs!\\n\\nThis small amount of integration work has already caught its first bug.\\n\\nOnce we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. [02_save_load.feature](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/integration_test/features/01_general/02_save_load.feature) simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on\\ndevelopment environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.\\n\\nThe cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory `$USER_HOME/Downloads` didn\'t exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.\\n\\nAs we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!\\n\\n## Next Steps\\n\\n- **More automated tests:** We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.\\n- **More platforms:** Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across [our target platforms](https://docs.cwtch.im/docs/getting-started/supported_platforms). We expect to start this work soon; expect more news in a future Cwtch Testing update!\\n\\n- **More steps:** One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the `expect to see the message` step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. `send a file` or `set profile picture`.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-platform-support","metadata":{"permalink":"/de/blog/cwtch-platform-support","source":"@site/blog/2023-01-27-platform-support.md","title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","date":"2023-01-27T00:00:00.000Z","formattedDate":"27. Januar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"support","permalink":"/de/blog/tags/support"}],"readingTime":10.535,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","slug":"cwtch-platform-support","tags":["cwtch","cwtch-stable","support"],"image":"/img/devlog4_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing","permalink":"/de/blog/cwtch-testing-i"},"nextItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/de/blog/cwtch-bindings-reproducible"}},"content":"One of the [tenets for Cwtch Stable is **Universal Availability and Cohesive Support**](https://docs.cwtch.im/blog/path-to-cwtch-stable#tenets-of-cwtch-stable):\\n\\n> \\"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\"\\n\\nThis development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.\\n\\nThe questions we aim to answer in this post are: \\n\\n- What systems do we currently support?\\n- How do we decide what systems are supported?\\n- How do we handle new OS versions?\\n- How does application support differ from library support?\\n- What blockers exist for systems we wish to support, but currently cannot e.g ios?\\n\\n![](/img/devlog4.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Constraints on support\\n\\nFrom CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems. \\n\\nIn this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.\\n\\n### Limitations on general-purpose computing \\n\\nIn order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to *other* onion services). \\n\\nOn desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, **blocked entirely**. \\n\\nThis is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.\\n\\nWhile we expect that [Arti](https://gitlab.torproject.org/tpo/core/arti) will improve the management of onion services and connections, there is no way around the need to have an active process managing such services. \\n\\nAs Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.\\n\\nWe encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don\'t place restrictions on what you can do with your own device.\\n\\n### Constraints introduced by the Flutter SDK\\n\\nThe Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by [platforms that are supported by the Flutter SDK](https://docs.flutter.dev/development/tools/sdk/release-notes/supported-platforms).\\n\\nTo summarize, as of writing this document those platforms are:\\n\\n- Android API 16 and above (arm, arm64, and amd64)\\n- Debian-based Linux Distributions (64-bit only)\\n- macOS El Capitan (10.11) and above\\n- Windows 7 & above (64-bit only)\\n\\nTo put it plainly, without porting Cwtch UI to a different UI platform **we cannot support a 32-bit desktop version**.\\n\\n### Constraints introduced by Appstore Policy \\n\\nAs of writing, [Google is pushing applications to target API 31 or above](https://developer.android.com/google/play/requirements/target-sdk). This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.\\n\\n### CPU Architecture and Cwtch Bindings\\n\\nWe currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.\\n\\nIt is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.\\n\\n| Architecture / Platform | Windows | Linux | macOS | Android |\\n|--------------------------|---------|-----|-------| -------------|\\n| arm | \u274c | \u274c | \u274c | \u2705\ufe0f| \\n| arm64 | \u274c | \ud83d\udfe1 | \u2705 | \u2705\ufe0f | \\n| x86-64 / amd64 | \u2705 | \u2705 | \u2705\ufe0f | \u2705\ufe0f |\\n\\n\\"\ud83d\udfe1\\" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).\\n\\n### Testing and official support\\n\\nAs a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the [Cwtch Release Candidate Testers](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.\\n\\nWe officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.\\n\\n### End-of-life platforms\\n\\nOperating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. [Windows 7 fell out of support on January 14, 2020](https://www.microsoft.com/en-us/windows/end-of-support), Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.\\n\\nLikewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.\\n\\nThe same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. [Cwtch currently requires libc 2.31+](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#linux-specific-considerations).\\n\\nAndroid versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our [Cwtch Release Candidate Testers groups](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to help us understand the limitations of Android support across different API versions.\\n\\n## How we decide to officially support a platform\\n\\nTo help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:\\n\\n1. **The target platform needs to be officially supported by our development tools** - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.\\n2. **The target operating system needs to be supported by the Vendor** - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).\\n3. **The target platform must be backwards compatible with the most recent version in general use** - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch *may* run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).\\n4. **People want to use Cwtch on that platform** - We will generally only consider new platform support if people ask us about it. If Cwtch isn\'t available for a platform you want to use it on, then please get in touch and ask us about it!\\n\\n## Summary of official support\\n\\nThe table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023). \\n\\nIn many cases we are looking for testers to confirm that various functionality works. A version of this table will be [maintained as part of the Cwtch Handbook](/docs/getting-started/supported_platforms).\\n\\n**Legend:**\\n\\n- \u2705: **Officially Supported**. Cwtch should work on these platforms without issue. Regressions are treated as high priority.\\n- \ud83d\udfe1: **Best Effort Support**. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.\\n- \u274c: **Not Supported**. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.\\n\\n\\n\\n| Platform | Official Cwtch Builds | Source Support | Notes |\\n|-----------------------------|-----------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------|\\n| Windows 11 | \u2705 | \u2705 | 64-bit amd64 only. |\\n| Windows 10 |\u2705 | \u2705 | 64-bit amd64 only. Not officially supported, but official builds may work. |\\n| Windows 8 and below | \u274c | \ud83d\udfe1 | Not supported. Dedicated builds from source may work. Testing Needed. |\\n| OSX 10 and below | \u274c | \ud83d\udfe1 | 64-bit Only. Official builds have been reported to work on Catalina but not High Sierra |\\n| OSX 11 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 12 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 13 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| Debian 11 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Debian 10 | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. |\\n| Debian 9 and below | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies. |\\n| Ubuntu 22.04 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Other Ubuntu | \ud83d\udfe1 | \u2705 | 64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies. | \\n| CentOS | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Gentoo | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Arch | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Whonix | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support. ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550) |\\n| Raspian (arm64) | \ud83d\udfe1 | \u2705 | Builds from source work. |\\n| Other Linux Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Android 9 and below | \ud83d\udfe1 | \ud83d\udfe1 | Official builds may work. |\\n| Android 10 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 11 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 12 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 13 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| LineageOS | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support.](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/607) |\\n| Other Android Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-bindings-reproducible","metadata":{"permalink":"/de/blog/cwtch-bindings-reproducible","source":"@site/blog/2023-01-20-reproducible-builds-bindings.md","title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","date":"2023-01-20T00:00:00.000Z","formattedDate":"20. Januar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/de/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"repliqate","permalink":"/de/blog/tags/repliqate"}],"readingTime":7.915,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","slug":"cwtch-bindings-reproducible","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog3_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Platform Support","permalink":"/de/blog/cwtch-platform-support"},"nextItem":{"title":"Cwtch Stable API Design","permalink":"/de/blog/cwtch-stable-api-design"}},"content":"From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.\\n\\nBut open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.\\n\\nThe whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can **independently verify** that the binaries we release are built from the Cwtch source code.\\n\\nIn this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n\x3c!--truncate--\x3e\\n\\n## How Cwtch Bindings are Built\\n\\nSince we launched Cwtch Beta we have used Docker containers as part of our continuous build process.\\n\\nWhen a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.\\n\\nThe Cwtch Bindings build pipeline results in four compiled libraries:\\n\\n- **libcwtch.so** \u2013 For Linux Platforms, built using the [official golang:1.19.X Docker Image](https://hub.docker.com/_/golang)\\n- **libcwtch.dll** \u2013 For Windows Platforms, built using our own [mingw-go Docker Image](https://git.openprivacy.ca/openprivacy/mingw-go)\\n- **libcwtch.ld** \u2013 For OSX Platforms, built using our dedicated OSX build server (Big Sur 11.6.1)\\n- **cwtch.aar** \u2013 For Android Platforms, built using our own [Android/GoMobile Docker Image](https://git.openprivacy.ca/openprivacy/android-go-mobile)\\n\\nThese compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.\\n\\n## Making libCwtch Reproducible\\n\\nDocker containers alone aren\'t enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:\\n\\n* **Go Build ID**: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.\\n* **Build Paths and Go Environment Variables**: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary \u2013 ostensibly to aid with debugging. These can be removed using the `trimPath` option, which we now specify for all bindings builds.\\n\\n### Linux Specific Considerations\\n\\nAfter the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.\\n\\nOur Drone/Docker build environments are based on [Debian Bullseye](https://www.debian.org/releases/bullseye/) which provides [libc6-dev version 2.31](https://packages.debian.org/bullseye/i386/libc6-dev). Other development setups will likely link libc-dev 2.34+.\\n\\nlibc6-dev 2.34 is notable [because it removed dependencies on libpthread and libdl](https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread) \u2013 neither are used in libCwtch, but they are currently referenced \u2013 which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.\\n\\nThis means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on [Next Steps](#next-steps) for more information).\\n\\n### Windows Specific Considerations\\n\\nThe headers of PE files technically contain a timestamp field. In recent years an [effort has been made to use this field for other purposes](https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705), but by default `go build` will still include the timestamp of the file when producing a DLL file (at least when using CGO).\\n\\nFortunately this field can be zeroed out through passing `-Xlinker \u2013no-insert-timestamp` into the `mingw32-gcc` process.\\n\\nWith that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.\\n\\n\\n### Android Specific Considerations\\n\\nWith the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:\\n\\n* Cwtch makes use of [GoMobile](https://github.com/golang/mobile) for compiling Android libraries. We pin to a specific version `43a0384520996c8376bfb8637390f12b44773e65` in our Docker containers. Unlike `go build`, the `trimpPath` parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized `/tmp/go-build*` references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.\\n* We still use [sdk-tools](https://developer.android.com/studio/releases/sdk-tools) instead of the new [commandline-tools](https://developer.android.com/studio/command-line). The latest version of sdk-tools is `4333796` and available from: [https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip](https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip). As part of our plans for Cwtch Stable we will be updating this dependency.\\n* Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated `openjdk:8` image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency. \\n\\nAll of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.\\n\\n### OSX Specific Considerations\\n\\nPerhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.\\n\\nAs with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.\\n\\nIn order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.\\n\\nIn an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a [proprietary SDK](https://www.apple.com/legal/sla/docs/xcode.pdf). There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.\\n\\nBecause of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.\\n\\n## Introducing Repliqate!\\n\\nWith all the above changes, **Cwtch Bindings for Linux and Windows are fully reproducible!**\\n\\nThat alone is great, but we also want to make it easier for **you** to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.\\n\\nTo make this process accessible we are releasing a new tool called [repliqate](https://git.openprivacy.ca/openprivacy/repliqate).\\n\\nRepliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.\\n\\nRepliqate runs [build-scripts](https://git.openprivacy.ca/openprivacy/repliqate#writing-a-build-script) to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from [builds.openprivacy.ca](https://build.openprivacy.ca/files/).\\n\\nWe now provide [Repliqate build-scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts) for reproducible both [Linux libCwtch.so builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-linux.script), [Windows libCwtch.dll builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-windows.script)!\\n\\nWe also have a partially repeatable [Android cwtch.aar build](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-android.script) script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.\\n\\nYou can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.\\n\\n## Next Steps\\n\\nReproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.\\n\\nAs we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-api-design","metadata":{"permalink":"/de/blog/cwtch-stable-api-design","source":"@site/blog/2023-01-13-cwtch-stable-api-design.md","title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","date":"2023-01-13T00:00:00.000Z","formattedDate":"13. Januar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/de/blog/tags/planning"},{"label":"api","permalink":"/de/blog/tags/api"}],"readingTime":17.28,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","slug":"cwtch-stable-api-design","tags":["cwtch","cwtch-stable","planning","api"],"image":"/img/devlog2_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/de/blog/cwtch-bindings-reproducible"},"nextItem":{"title":"Path to Cwtch Stable","permalink":"/de/blog/path-to-cwtch-stable"}},"content":"Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications. \\n\\nAs we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.\\n\\nAs we move out of Beta and [towards Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable) it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.\\n\\nIn this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.\\n\\n![](/img/devlog2.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Clarifying Terminology\\n\\nOver the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:\\n\\n- **Cwtch** refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application. \\n- **Cwtchlib** refers to the [reference implementation of the Cwtch Protocol](https://git.openprivacy.ca/cwtch.im/cwtch) / Application framework, currently written in Go.\\n- **Bindings** refers to C/Java/Kotlin/Rust bindings (primarily [libcwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go)) that act as an interface between Cwtchlib and downstream applications.\\n- `CwtchPeer` is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).\\n- `ProtocolEngine` is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, `ProtocolEngine` is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.\\n\\n\\n### Tenets of the Cwtch API Design\\n\\nBased on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:\\n\\n- **Robustness** - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.\\n- **Completeness** - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.\\n- **Security** \u2013 experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.\\n\\n### The Cwtch Experiment Landscape\\n\\nA summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.\\n\\n- **Groups** \u2013 the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized `ProtocolEngine` functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup. \\n - **Hybrid Groups** - we have plans to upgrade the Groups experience to a more flexible \u201chybrid-groups\u201d protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.\\n- **Filesharing** \u2013 like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in `ProtocolEngine`.\\n- **Profile Images** \u2013 based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.\\n- **Server Hosting** \u2013 the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.\\n- **Message Formatting** \u2013 notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history\\n- **Search / Microblogging** \u2013 proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.\\n- **Status / Profile Metadata** \u2013 proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.\\n\\n### The Problem with Experiments\\n\\nWe have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the `SendMessages` interface that only allows callers to send messages.\\n\\nWe have also worked to package experimental functionality into so-called **Gated Functionalities** that are only available if a given experiment is turned on.\\n\\nTogether, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:\\n\\n- The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. `SendMessages` \u2013 there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).\\n- The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.\\n- This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.\\n\\n### Restricting Powerful Cwtch APIs\\n\\nTo carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:\\n\\n- Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through `Application` and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.\\n- Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a `RestrictedCwtchConversationInterface` which decorates a Cwtch Profile interface such that it can only interact with a single conversation \u2013 these can then be passed into hooks and interface functions to limit their impact.\\n- Registered Hooks at pre-specified points with restricted capabilities \u2013 to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow `CwtchPeer` to control which experiments get access to which events at a given time.\\n\\n#### Pre-Registered Hooks\\n\\nIn order to implement certain functionality actions need to take place in-between events handled by `CwtchPeer`. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).\\n\\nThis is currently only possible with invasive changes to the `CwtchPeer` interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.\\n\\nWe are introducing a new set of Cwtch APIs designed for this purpose:\\n\\n- `OnNewPeerMessage` - hooked prior to inserting the message into the database.\\n- `OnPeerMessageConfirmed` \u2013 hooked after a peer message has been inserted into the database.\\n- `OnEncryptedGroupMessage` \u2013 hooked after receiving an encrypted message from a group server.\\n- `OnGroupMessageReceived` \u2013 hooked after a successful decryption of a group message, but before inserting it into the database.\\n- `OnContactRequestValue` \u2013 hooked on request of a scoped (the permission level of the attribute e.g. `public` or `conversation` level attributes), zoned ( relating to a specific feature e.g. `filesharing` or `chat`), and keyed (the name of the attribute e.g. `name` or `manifest`) value from a contact.\\n- `OnContactReceiveValue` \u2013 hooked on receipt of a requested scoped,zoned, and keyed value from a contact.\\n\\nIncluding the following APIs for managing hooked functionality:\\n\\n- `RegisterEvents` - returns a set of events that the extension is interested processing.\\n- `RegisterExperiments` - returns a set of experiments that the extension is interested in being notified about\\n- `OnEvent` - to be called by `CwtchPeer` whenever an event registered with `RegisterEvents` is called (assuming all experiments registered through `RegisterExperiments` is active)\\n\\n#### `ProtocolEngine` Subsystems\\n\\nAs mentioned in our experiment summary, some functionality needs to be implemented directly in the `ProtocolEngine`. The `ProtocolEngine` is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).\\n\\nSome types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a `ProtocolEngine`.\\n\\nAt the moment is this done through the concept of informal \u201csubsystems\u201d, modular add-ons to `ProtocolEngine` that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider `ProtocolEngine` ecosystem. \\n\\nWe are formalizing this subsystem into an interface, similar to the hooked functionality in `CwtchPeer`:\\n\\n- `RegisterEvents` - returns a set of events that the subsystem needs to consume to operate.\\n- `OnEvent` \u2013 to be called by `ProtocolEngine` whenever an event registered with `RegisterEvents` is called (when all the experiments registered through `RegisterExperiments` are active)\\n- `RegisterContexts` - returns the set of contexts that the subsystem implements e.g. `im.cwtch.filesharing`\\n\\nThis also requires a formalization of two *engine specific* events (for use on the event bus):\\n\\n- `SendCwtchMessage` \u2013 encapsulating the existing `CwtchPeerMessage` that is used internally in `ProtocolEngine` for messages between subsystems.\\n- `CwtchMessageReceived` \u2013 encapsulating the existing `handlePeerMessage` function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.\\n\\nAnd the introduction of three **additional** `ProtocolEnine` specific events:\\n\\n- `StartEngineSubsystem` \u2013 replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.\\n- `StopEngineSubsystem` \u2013 replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.\\n- `SubsystemStatus` \u2013 a generic event that can be published by subsystems with a collection of fields useful for debugging\\n\\nThis will allow us to move the following functionality, currently part of `ProtocolEngine` itself, into generic subsystems:\\n\\n- **Attribute Lookup Handling** - this functionality is currently part of the overloaded `handlePeerMessage` function, filtered using the `Context` parameter of the `CwtchPeerMessage`. As such it can be entirely delegated to a subsystem. \\n- **Filesharing Chunk Request Handling** \u2013 this is also part of handlePeerMessage, also filtered using the `Context` parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by `handlePeerMessage`)\\n- **Filesharing Start File Share/Stop File Share** \u2013 this is currently part of the `handleEvent` behaviour of `ProtocolEngine` and can be moved into an `OnEvent` handler of the file sharing subsystem (where such events are already processed).\\n\\nThe introduction of pre-registered hooks in combination with the formalizations of `ProtocolEngine` subsystems will allow the follow functionality, currently implemented in `CwtchPeer` or libcwtch-go to be moved to standalone packages:\\n\\n- **Filesharing** makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension. \\n - Filesharing also depends on the file sharing subsystem to be enabled in a `ProtocolEngine`. This subsystem is responsible for processing chunk requests.\\n- **Profile Images** \u2013 we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)\\n- **Legacy Groups** \u2013 while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.\\n- **Status/Profile Metadata** \u2013 status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.\\n \\n#### Impact on Enabling (Powerful) New Functionality\\n\\nNone of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:\\n\\n- **Search** \u2013 a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.\\n- **Non Chat Conversation Contexts** - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.\\n\\n## Application Experiments\\n\\nOne kind of experiment we haven\u2019t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting \u2013 this allows a Cwtch desktop client to setup and manage Cwtch Servers.\\n\\nThis kind of functionality doesn\u2019t belong in Cwtchlib \u2013 as it would necessarily introduce unrelated dependencies into the core library.\\n\\nThis functionality also doesn\u2019t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.\\n\\n## Bindings\\n\\nThe last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.\\n\\nWe can split the bindings into four core areas:\\n\\n- **Application Management** - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.\\n- **Application Experiments** - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.\\n- **Core Profile Management** - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.\\n- **Experimental Profile Features** \u2013 auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.\\n\\nThe flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.\\n\\nIn an ideal future, all of these bindings could be **generated automatically** from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)\\n\\nWe can define three types of C/Java/Kotlin interface function templates:\\n\\n- `ProfileMethodName(profilehandle String, args...)` \u2013 which directly resolves the Cwtch Profile and calls the function.\\n- `ProfileExperimentalMethodName(profilehandle String, args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.\\n- `ApplicationExperimentalMethodName(args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.\\n\\nAll we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context `ProfileInterface` for the first, exported methods of the various `Functionalities` for the second, and `ApplicationExperiment` definitions for the third.\\n\\n## Timelines and Next Actions\\n\\n- **Freeze any changes to the bindings interface** - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 \u2013 until we have implemented the proposed changes into cwtchlib.\\n- As part of Cwtch 1.11 and 1.12 Release Cycles\\n - Implement the `ProtocolEngine` Subsystem Design as outlined above.\\n - Implement the Hooks API.\\n - Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib \u2013 with the exception of behaviour related to Application Experiments (i.e. Server Hosting).\\n - Move event handling from the bindings into Application.\\n - Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) \u2013 keeping the existing interface definitions.\\n- Once Automated UI Tests have been integrated into the Cwtch UI Repository:\\n - Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings **and** a dart calling convention library from cwtchlib and any configured application experiments libraries\\n - Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).\\n - At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n## Appendix A: Special Behaviour Defined by libcwtch-go\\n\\nThe following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:\\n\\n- Application Settings\\n - Including Enabling / Disabling Experiment\\n- ACN Process Management - starting/stopping/restarting/configuring Tor.\\n- Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)\\n- Logging Levels - configuring appropriate logging levels (e.g. `INFO` or `DEBUG`)\\n- Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.\\n- UI Contact Structures - aggregating contact information for the main Cwtch UI.\\n- Group Experiment Functionality\\n - Experiment Gating\\n - GetServerInfoList\\n - GetServerInfo\\n - UI Server Struct Definition\\n- Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.\\n- \\"Unencrypted\\" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated \\"unencrypted\\".\\n- Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).\\n- Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.\\n- Cwtch Profile Engine Activation - starting/stopping a `ProtocolEngine` when requested by the UI, or in response to changes in ACN state.\\n- UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.\\n- File sharing restarts \\n- UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn\'t directly embedded within the event (e.g. converting `handle` to a `conversation id`). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.\\n- Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)"},{"id":"path-to-cwtch-stable","metadata":{"permalink":"/de/blog/path-to-cwtch-stable","source":"@site/blog/2023-01-06-path-to-cwtch-stable.md","title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","date":"2023-01-06T00:00:00.000Z","formattedDate":"6. Januar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/de/blog/tags/planning"}],"readingTime":9.995,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","slug":"path-to-cwtch-stable","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable API Design","permalink":"/de/blog/cwtch-stable-api-design"}},"content":"As of December 2022 we have released 10 versions of Cwtch Beta since the [initial launch, 18 months ago, in June 2021](https://openprivacy.ca/discreet-log/10-cwtch-beta-and-beyond/).\\n\\nThere is a consensus among the team that the next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable.\\n\\nThis post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.\\n\\n![](/img/devlog1.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Tenets of Cwtch Stable\\n\\nIt is important to state that Cwtch Stable **does not mean an end to Cwtch development**. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:\\n\\n1. **Consistent Interface** \u2013 each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.\\n2. **Universal Availability and Cohesive Support** \u2013 people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\n3. **Reproducible Builds** \u2013 Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.\\n4. **Proven Security** \u2013 we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.\\n\\n### Known Problems\\n\\nTo begin, let\'s outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.\\n\\n1. **Lack of a Stable API for future feature development** \u2013 while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)\\n2. **Special functionality in libCwtch-go** \u2013 our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)\\n3. **libCwtch-rs partial support** - we currently do not officially consider [libCwtch-rs](https://lib.rs/crates/libcwtch) when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)\\n4. **Lack of Reproducible Pipelines** - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)\\n5. **Lack of up to date, and translated, Security Documentation** \u2013 the [Cwtch security handbook](https://docs.openprivacy.ca/cwtch-security-handbook/) is currently isolated from the rest of our documentation and doesn\u2019t benefit from cross-linking, or translations. (Tenet 4)\\n6. **No Automated UI Tests** \u2013 we put a lot of work into [building out a testing framework for the UI](https://openprivacy.ca/discreet-log/23-cucumber-testing/), but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)\\n7. **Code Signing Provider** \u2013 our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)\\n8. **Second-class Android Support** - while we have put [a lot of effort behind Android support](https://openprivacy.ca/discreet-log/27-android-improvements/) across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)\\n9. **Lack of Fuzzing** \u2013 while [Fuzzbot](https://openprivacy.ca/discreet-log/07-fuzzbot/) sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)\\n10. **Lack of Formal Release Acceptance Process** \u2013 currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to \u201cunrelated\u201d changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)\\n11. **Inconsistent Cwtch Information Discovery** \u2013 our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)\\n12. **Incomplete Documentation** \u2013 docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)\\n\\n### Plan of Action\\n\\nOutside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:\\n\\n1. **Define, Publish, and Implement a Cwtch Interface Specification Documentation** \u2013 this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)\\n2. **Define, Publish, and Implement a Cwtch Release Process** \u2013 this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)\\n3. **Define, Publish, and Implement a Cwtch Support Document** - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)\\n4. **Define, Publish, and Implement a Cwtch Packaging Document** - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)\\n5. **Define, Publish, and Implement a Reproducible Builds Document** \u2013 this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)\\n6. **Expand the Cwtch Documentation Site** \u2013 to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)\\n7. **Expand our Automated Testing to include UI and Fuzzing** - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)\\n8. **Re-evaluate all Issues across all Cwtch related repositories** \u2013 issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don\u2019t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.\\n9. **Define a Stable Feature Set** \u2013 there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)\\n\\n### Goals and Timelines\\n\\nWith all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:\\n\\n1. By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).\\n2. By **1st February 2023**, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.\\n3. By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.\\n4. By **31st March 2023**, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).\\n5. By **31st March 2023** the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.\\n6. By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.\\n7. By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.\\n8. By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.\\n\\nAs these documents are written, and these goals met we will be posting them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, Cwtch development.\\n\\n### Help us get there!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"}]}')}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/291c70d7.feb635ca.js b/build-staging/de/assets/js/291c70d7.feb635ca.js new file mode 100644 index 00000000..b341768d --- /dev/null +++ b/build-staging/de/assets/js/291c70d7.feb635ca.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[725],{9574:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"cwtch-ui-reproducible-builds-linux","metadata":{"permalink":"/de/blog/cwtch-ui-reproducible-builds-linux","source":"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md","title":"Progress Towards Reproducible UI Builds","description":"","date":"2023-07-14T00:00:00.000Z","formattedDate":"14. Juli 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/de/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"repliqate","permalink":"/de/blog/tags/repliqate"}],"readingTime":4.16,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Progress Towards Reproducible UI Builds","description":"","slug":"cwtch-ui-reproducible-builds-linux","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update-june"}},"content":"Earlier this year we talked about the changes we have made to make [Cwtch Bindings Reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible).\\n\\nIn this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. \\n\\nThis will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Building the Cwtch UI\\n\\nThe official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the `stable` channel.\\n\\nAll builds are conducted through the `flutter` tool e.g. `flutter build`. We inject two build flags as part of the official build `VERSION` and `COMMIT_DATE`:\\n\\n\\t\\tflutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\\n\\nThese flags are defined to be identical to Cwtch Bindings. `VERSION` is the latest git tag: `git describe --tags --abbrev=1` and `COMMIT_DATE` is the date of the latest commit on the branch ``echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE``\\n\\nAll Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in `LIBCWTCH-GO.version`, and fetched via the fetch-libcwtch scripts).\\n\\nThe binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.\\n\\n## Changes we made for reproducible builds\\n\\nFor reproducible linux builds we had to modify the generated `linux/CMakeLists.txt` file to include the following compiler and linker flags:\\n\\n* `-fno-ident` - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.\\n* `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts\\n* `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.\\n\\nWe have also defined a new [linker script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections.\\n\\n### Tar Archives\\n\\nFinally, following the [guide at reproducible-builds.org](https://reproducible-builds.org/docs/archives/) we have defined standard metadata for the generated Tar archives to make them also reproducible.\\n\\n## Limitations and Next Steps\\n\\nThe above changes mean that official linux builds of the same commit will now result in identical artifacts.\\n\\nThe next step is to roll these changes into [repliqate](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) as we have done with our bindings builds.\\n\\nHowever, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others.\\n\\nIn order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.\\n\\n### Pinned Dependencies\\n\\nAdditionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. \\n\\nThe major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). \\n\\nHowever this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.\\n\\n## Stay up to date!\\n\\nWe expect to make additional progress on this in the coming weeks and months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update-june","metadata":{"permalink":"/de/blog/cwtch-stable-roadmap-update-june","source":"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","date":"2023-07-05T00:00:00.000Z","formattedDate":"5. Juli 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/de/blog/tags/planning"}],"readingTime":5.26,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","slug":"cwtch-stable-roadmap-update-june","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Progress Towards Reproducible UI Builds","permalink":"/de/blog/cwtch-ui-reproducible-builds-linux"},"nextItem":{"title":"Cwtch Beta 1.12","permalink":"/de/blog/cwtch-nightly-1-12"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the Cwtch Stable Roadmap\\n\\nBack in March we extended and updated several goals from [our January roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document \u2705 - [Release Process](https://docs.cwtch.im/developing/release/#official-releases)\\n - A Cwtch Packaging Document \u2705 - [Packaging Documentation](https://docs.cwtch.im/developing/release/)\\n - Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new [documentation style guide](/docs/contribute/documentation), and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries \u2705 - [Building a Cwtch App](https://docs.cwtch.im/developing/category/building-a-cwtch-app)\\n - Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. \\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129) \ud83d\udfe1 - currently in [active development](https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information \u2705 - released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12)\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593) \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12). We now believe these changes will be complete in Cwtch Beta 1.13.\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms) \ud83d\udfe1 - we have already launched an environment for testing [Tails](/docs/platforms/tails). Other platforms are underway.\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\n\\n## Next Steps, Refinements, Additional Work\\n\\nAs you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. \\n\\nOther work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.\\n\\nHowever, [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12) featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.\\n\\nThe work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.\\n\\nWe are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-12","metadata":{"permalink":"/de/blog/cwtch-nightly-1-12","source":"@site/blog/2023-06-16-cwtch-1.12.md","title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","date":"2023-06-16T00:00:00.000Z","formattedDate":"16. Juni 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"release","permalink":"/de/blog/tags/release"}],"readingTime":2.455,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","slug":"cwtch-nightly-1-12","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog13_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update-june"},"nextItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/de/blog/cwtch-nightly-v.11-74"}},"content":"[Cwtch 1.12 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new features like [profile attributes](https://docs.cwtch.im/docs/profiles/profile-info), support for new platforms like [Tails](https://docs.cwtch.im/docs/platforms/tails), and multiple improvements to performance and stability.\\n\\n![](/img/devlog13.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic1.12.png)](/img/picnic1.12.png)\\n\\n
A screenshot of Cwtch 1.12
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Profile Attributes** - profiles can now be augmented with [additional public information](https://docs.cwtch.im/docs/profiles/profile-info)\\n - **Availability Status** - you can now notify contacts that you [are **away** or **busy**](https://docs.cwtch.im/docs/profiles/availability-status)\\n - **Five New Supported Localizations**: **Japanese**, **Korean**, **Slovak**, **Swahili** and **Swedish**\\n - **Support for Tails** - adds an [OnionGrater](https://docs.cwtch.im/docs/platforms/tails) configuration and a new `CWTCH_TAILS` environment variable that enables special Tor behaviour.\\n- **Bug Fixes / Improvements:**\\n - Based on Flutter 3.10\\n - Inter is now the main UI font\\n - New Font Scaling setting\\n - New Network Management code to better manage Tor on unstable networks\\n - File Sharing Experiment Fixes\\n \\t- Fix performance issues for file bubble\\n \\t- Allow restarting of file shares that have timed out\\n \\t- Fix NPE in FileBubble caused by deleting the underlying file\\n \\t- Move from RetVal to UpdateConversationAttributes to minimze UI thread issues\\n - Updates to Linux install scripts to support more distributions\\n - Add a Retry Peer connection to prioritize connection attempts for certain conversations\\n - Updates to `_FlDartProject` to allow custom setting of Flutter asset paths\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Slovak**, **Spanish**, **Swahili**, **Swedish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Japanese** (29%), **Korean** (23%), **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n## Reproducible Bindings\\n\\nCwtch 1.12 is based on libCwtch version `libCwtch-autobindings-2023-06-13-10-50-v0.0.5`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-v.11-74","metadata":{"permalink":"/de/blog/cwtch-nightly-v.11-74","source":"@site/blog/2023-06-07-new-nightly.md","title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","date":"2023-06-07T00:00:00.000Z","formattedDate":"7. Juni 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/de/blog/tags/developer-documentation"}],"readingTime":1.845,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","slug":"cwtch-nightly-v.11-74","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog10_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.12","permalink":"/de/blog/cwtch-nightly-1-12"},"nextItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/de/blog/cwtch-developer-documentation"}},"content":"We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog10.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-06-05-17-36-v1.11.0-74-g0406](https://build.openprivacy.ca/files/flwtch-2023-06-05-17-36-v1.11.0-74-g0406/).\\n\\nThis version has a large number of improvements and bug fixes including:\\n\\n* A new Font Scaling setting\\n* Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.\\n* Updated UI font styles\\n* Dependency updates, including a new base of Flutter 3.10.\\n* A fix for stuck file downloading notifications on Android\\n* A fix for missing profile images in certain edge cases on Android\\n* Japanese, Swedish, and Swahili translation options\\n* A new retry peer connection button for prompting Cwtch to prioritize specific connections\\n* [Tails support](/docs/platforms/tails)\\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-developer-documentation","metadata":{"permalink":"/de/blog/cwtch-developer-documentation","source":"@site/blog/2023-04-28-developer-docs.md","title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","date":"2023-04-28T00:00:00.000Z","formattedDate":"28. April 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/de/blog/tags/developer-documentation"}],"readingTime":2.595,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","slug":"cwtch-developer-documentation","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/de/blog/cwtch-nightly-v.11-74"},"nextItem":{"title":"Availability Status and Profile Attributes","permalink":"/de/blog/availability-status-profile-attributes"}},"content":"One of the larger remaining goals outlined in our [Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents. \\n\\nIn this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!\\n\\nWe are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog9.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Cwtch Development Handbook\\n\\nWe have created a new documentation section, [the developers handbook](/developing/intro). This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).\\n\\n### Release and Packaging Process\\n\\nThe new handbook features a breakdown of [Cwtch release processes](/developing/release) - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.\\n\\n### Cwtch Application Development and Cwtchbot v0.1.0!\\n\\nFor the first time ever we now have [comprehensive documentation on how to build a Cwtch Application](/developing/category/building-a-cwtch-app). This section of the development handbook covers everything from [choosing a Cwtch library](/developing/building-a-cwtch-app/intro#choosing-a-cwtch-library), to [building your first application](/developing/building-a-cwtch-app/building-an-echobot).\\n\\nTogether with this new documentation we have also [released version 0.1 of the Cwtchbot framework](https://git.openprivacy.ca/sarah/cwtchbot), updating calls to use the [new Cwtch Stable API](/blog/cwtch-stable-api-design).\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-04-26-20-57-v1.11.0-33-gb4371](https://build.openprivacy.ca/files/flwtch-2023-04-26-20-57-v1.11.0-33-gb4371/).\\n\\nThis version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the [in-development Tails support](/docs/platforms/tails). \\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"availability-status-profile-attributes","metadata":{"permalink":"/de/blog/availability-status-profile-attributes","source":"@site/blog/2023-04-06-availability-and-profile-attributes.md","title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","date":"2023-04-06T00:00:00.000Z","formattedDate":"6. April 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"nightly","permalink":"/de/blog/tags/nightly"}],"readingTime":1.445,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","slug":"availability-status-profile-attributes","tags":["cwtch","cwtch-stable","nightly"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/de/blog/cwtch-developer-documentation"},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update"}},"content":"Two new Cwtch features are now available to test in nightly: [Availability Status](/docs/profiles/availability-status) and [Profile Information](/docs/profiles/profile-info).\\n\\nAdditionally, we have also published draft guidance on [running Cwtch on Tails](/docs/platforms/tails) that we would like volunteers to test and report back on.\\n \\nThe Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like\\nours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Availability Status\\n\\nNew in this nightly is the ability to notify your conversations that you are \\"Away\\" or \\"Busy\\".\\n\\n
\\n\\n[![](/img/profiles/status-tooltip-busy-set.png)](/img/profiles/status-tooltip-busy-set.png)\\n\\n
\\n
\\n\\nRead more: [Availability Status](/docs/profiles/availability-status)\\n\\n## Profile Attributes\\n\\nAlso new is the ability to augment your profile with a few small pieces of **public** information.\\n\\n
\\n\\n[![](/img/profiles/attributes-set.png)](/img/profiles/attributes-set.png)\\n\\n
\\n
\\n\\nRead more: [Profile Information](/docs/profiles/profile-info)\\n \\n## Downloading the Nightly\\n\\n[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-18-28-v1.11.0-7-g0290** are available below.\\n\\n* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/)\\n* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n* Mac: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/)\\n* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update","metadata":{"permalink":"/de/blog/cwtch-stable-roadmap-update","source":"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","date":"2023-03-31T00:00:00.000Z","formattedDate":"31. M\xe4rz 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/de/blog/tags/planning"}],"readingTime":5.61,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","slug":"cwtch-stable-roadmap-update","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Availability Status and Profile Attributes","permalink":"/de/blog/availability-status-profile-attributes"},"nextItem":{"title":"Cwtch Beta 1.11","permalink":"/de/blog/cwtch-nightly-1-11"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap](/blog/path-to-cwtch-stable) we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the January Roadmap\\n\\nBack in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \u274c not started.)\\n\\n- By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). \u2705\\n- By **1st February 2023**, the Cwtch team will have [finalized a feature set that defines Cwtch Stable](/blog/cwtch-stable-api-design) and established a timeline for including these features in upcoming Cwtch Beta releases. \u2705\\n- By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:\\n - [Security and Design Documents](/security/intro) \u2705\\n - Infrastructure and [Support](/docs/getting-started/supported_platforms) \ud83d\udfe1\\n - in addition to a new development blog. \u2705\\n- By **31st March 2023**, the Cwtch team will have created:\\n - a [style guide for documentation](/docs/contribute/documentation), and \u2705\\n - have used it to ensure that all Cwtch features have consistent documentation available, \ud83d\udfe1\\n - with at least one screenshot (where applicable). \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have published: \\n - a Cwtch [Interface Specification Document](/blog/cwtch-stable-api-design) \u2705\\n - a Cwtch Release Process Document \ud83d\udfe1\\n - a Cwtch [Support Plan document](/blog/cwtch-platform-support) \u2705\\n - a Cwtch Packaging Document \ud83d\udfe1\\n - a document describing the [Reproducible Builds Process](/blog/cwtch-bindings-reproducible) \u2705\\n - These documents will be available on the newly expanded Cwtch Documentation website \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. \u2705\\n- By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \u274c\\n- By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable \u2705 (this post!)\\n\\nWhile we didn\'t hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:\\n\\n* [Cwtch Autobindings](/blog/autobindings) with [compile-time optional experiments](/blog/autobindings-ii)\\n* [Cwtch 1.11](/blog/cwtch-nightly-1-11) - with support for reproducible bindings, two new localizations (Slovak and Korean), in addition to a myriad of bug fixes and performance improvements.\\n* [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) - a tool for testing and confirming reproducible builds processes based on Qemu, and a Debian Cloud image.\\n\\n## A Timeline for Cwtch Stable\\n\\nNow for the big news, we plan on releasing a candidate Cwtch Stable release during **Summer 2023**. Here is our plan for getting there:\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document\\n - A Cwtch Packaging Document\\n - Completion of documentation of existing Cwtch features, including relevant screenshots.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries\\n - Automatically generated API documentation for libCwtch\\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593)\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms)\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-11","metadata":{"permalink":"/de/blog/cwtch-nightly-1-11","source":"@site/blog/2023-03-29-cwtch-1.11.md","title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","date":"2023-03-29T00:00:00.000Z","formattedDate":"29. M\xe4rz 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"release","permalink":"/de/blog/tags/release"}],"readingTime":2.365,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","slug":"cwtch-nightly-1-11","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog12_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update"},"nextItem":{"title":"Updates to Cwtch Documentation","permalink":"/de/blog/cwtch-documentation"}},"content":"[Cwtch 1.11 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new [reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) and [automatically generated](https://docs.cwtch.im/blog/autobindings) bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.\\n\\n![](/img/devlog12.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic.png)](/img/picnic.png)\\n\\n
A screenshot of Cwtch 1.11
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Based on new Reproducible Cwtch Stable Autobuilds** - this is the first release of cwtch based on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) in addition to our new [automatically generated](https://docs.cwtch.im/blog/autobindings)\\n - **Two New Supported Localizations**: **Slovak** and **Korean**\\n- **Bug Fixes / Improvements:**\\n - When preserving a message draft, quoted messages are now also saved\\n - Layout issues caused by pathological unicode are now prevented\\n - Improved performance of message row rendering\\n - Clickable Links: Links in replies are now selectable\\n - Clickable Links: Fixed error when highlighting certain URIs \\n - File Downloading: Fixes for file downloading and exporting on 32bit Android devices\\n - Server Hosting: Fixes for several layout issues\\n - Build pipeline now runs automated UI tests\\n - Fix issues caused by scrollbar controller overriding\\n - Initial support for the Blodeuwedd Assistant (currently compile-time disabled)\\n - Cwtch Library:\\n - [New Stable Cwtch Peer API](/blog/cwtch-stable-api-design)\\n - Ported File Downloading and Image Previews experiments into Cwtch\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Spanish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n\\n\\n## Reproducible Bindings\\n\\nCwtch 1.11 is based on libCwtch version `2023-03-16-15-07-v0.0.3-1-g50c853a`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-documentation","metadata":{"permalink":"/de/blog/cwtch-documentation","source":"@site/blog/2023-03-10-cwtch-documentation.md","title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","date":"2023-03-10T00:00:00.000Z","formattedDate":"10. M\xe4rz 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"documentation","permalink":"/de/blog/tags/documentation"},{"label":"security-handbook","permalink":"/de/blog/tags/security-handbook"}],"readingTime":2.57,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","slug":"cwtch-documentation","tags":["cwtch","cwtch-stable","documentation","security-handbook"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.11","permalink":"/de/blog/cwtch-nightly-1-11"},"nextItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/de/blog/autobindings-ii"}},"content":"One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.\\n\\n![](/img/devlog9.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Cwtch Secure Development Handbook\\n \\nOne of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.\\n\\nWe have [now ported the the handbook to this documentation site](/security/intro), along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation. \\n\\n## Volunteer Development\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Next Steps\\n\\nWe still have more work to do on the documentation front:\\n\\n* Ensuring all pages [implement the new documentation style guide](/docs/contribute/documentation), and include appropriate screenshots and descriptions.\\n* Expanding the security handbook to provide information on [reproducible builds](/blog/cwtch-bindings-reproducible), [the new Cwtch Stable API](/blog/cwtch-stable-api-design) and upcoming improvements around fuzz testing.\\n* Creating new documentation sections on the [libCwtch autobindings API](/blog/autobindings) and building applications on top of Cwtch.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings-ii","metadata":{"permalink":"/de/blog/autobindings-ii","source":"@site/blog/2023-03-03-autobindings-optional-experiments.md","title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","date":"2023-03-03T00:00:00.000Z","formattedDate":"3. M\xe4rz 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"autobindings","permalink":"/de/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/de/blog/tags/libcwtch"}],"readingTime":4.655,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","slug":"autobindings-ii","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Updates to Cwtch Documentation","permalink":"/de/blog/cwtch-documentation"},"nextItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/de/blog/autobindings"}},"content":"[Last time we looked at autobindings](https://docs.cwtch.im/blog/autobindings) we mentioned that one of the next steps was introducing support for **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)**. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## The Structure of an Application Experiment\\n\\nAn application-level experiment consists of:\\n\\n1. A set of top-level APIs, e.g. `CreateServer`, `LoadServer`, `DeleteServer` - these are the APIs that we want to expose to calling applications.\\n2. An encapsulating structure for the set of APIs, e.g. `ServersFunctionality` - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.\\n3. A global variable that exists at the top level of libCwtch, e.g. `var serverExperiment *servers.ServersFunctionality servers` - our single pointer to the underlying functionality.\\n4. A set of management-related APIs, e.g. `Init`, `UpdateSettings`, `OnACNEvent` - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are\\nchanged (e.g. if the server hosting experiment is disabled we need to tear down all active servers).\\n5. Management code within `_startCwtch` and `_reconnectCwtch` that calls the management APIs on the global variable.\\n\\nFrom a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead\\nof on `application` or a specific `profile`.\\n\\nMost of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.\\n\\n### New Required Management APIs\\n\\nTo achieve this weaving, we now require application-level experiments to implement an `EventHandlerInterface` interface and expose itself via an\\ninitialize constructor `Init(acn, appDir) -> EventHandlerInterface`, and `Enable(app, acn)`.\\n\\nFor now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.\\n\\nWe can then generate, and optionally include blocks of code like:\\n\\n\\t\\t = .Init(&globalACN, appDir)\\n\\t\\teventHandler.AddModule()\\n\\t\\t.Enable(application, &globalACN)\\n\\nand place them at specific points in the code. `EventHandler` has also been extended to maintain a collection of `modules` so that it can\\npass on interesting events.\\n\\n### Adding Support for Application Experiments in the Spec File\\n\\nWe have introduced a new `!` operator which can be used to gate APIs behind a configured experiment. Along with a new\\ntemplating option `exp` which will call the function on the configured experiment, and `global` to allow the setting up\\nof a global functionality within the library.\\n\\n\\t\\t# Server Hosting Experiment\\n\\t\\t!serverExperiment import \\"git.openprivacy.ca/cwtch.im/cwtch-autobindings/experiments/servers\\"\\n\\t\\t!serverExperiment global serverExperiment *servers.ServersFunctionality servers\\n\\t\\t!serverExperiment exp CreateServer application password string:description bool:autostart\\n\\t\\t!serverExperiment exp SetServerAttribute application string:handle string:key string:val\\n\\t\\t!serverExperiment exp LoadServers application acn password\\n\\t\\t!serverExperiment exp LaunchServers application acn\\n\\t\\t!serverExperiment exp LaunchServer application string:handle\\n\\t\\t!serverExperiment exp StopServer application string:handle\\n\\t\\t!serverExperiment exp StopServers application\\n\\t\\t!serverExperiment exp DestroyServers\\n\\t\\t!serverExperiment exp DeleteServer application string:handle password\\n\\n### Generation-Time Inclusion\\n\\n Without any arguments provided `generate-bindings` will not generate code for any experiments.\\n\\n In order to determine what experimental code to generate, `generate-bindings` now interprets arguments as enabled compile time experiments, e.g. `generate-bindings serverExperiment` will turn on\\n generation of server hosting code, per the spec file above.\\n\\n### Cwtch UI Integration\\n\\nThe UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. `c_LoadServers` - if it doesn\'t then the UI is safe to assume the\\nfeature is not available.\\n\\n
\\n\\n![](/img/dev9-host-disabled.png)\\n\\n
A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.
\\n
\\n\\n## Nightlies & Next Steps\\n\\nWe are now publishing [nightlies](https://build.openprivacy.ca/files/libCwtch-autobindings-v0.0.2/) of autobinding derived libCwtch-go, along with [Repliqate scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.2) for reproducibility.\\n\\nWith application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced\\nin the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.\\n\\nHowever, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:\\n\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs).\\n * **Documentation generation**: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings","metadata":{"permalink":"/de/blog/autobindings","source":"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md","title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","date":"2023-02-24T00:00:00.000Z","formattedDate":"24. Februar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"autobindings","permalink":"/de/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/de/blog/tags/libcwtch"}],"readingTime":4.545,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","slug":"autobindings","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/de/blog/autobindings-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/de/blog/cwtch-testing-ii"}},"content":"The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of\\nwhat the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to **automatically generate** these bindings: [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings).\\n\\nThis this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the [path to Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable).\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## A Brief History of Cwtch Bindings\\n\\nPrior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by [therecipe/qt](https://github.com/therecipe/qt). However, after encountering numerous\\ncrash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.\\n\\nAs part of early prototyping efforts for Flutter we built out a first version of [libCwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go), and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.\\n\\nThis approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular [experimental features](https://docs.cwtch.im/blog/cwtch-stable-api-design#the-cwtch-experiment-landscape) - handle settings, [duplication of logic between Cwtch and libCwtch-go](https://docs.cwtch.im/blog/cwtch-stable-api-design#bindings), and [special behaviour in libCwtch-go that better belongs in the core Cwtch library](https://docs.cwtch.im/blog/cwtch-stable-api-design#appendix-a-special-behaviour-defined-by-libcwtch-go).\\n\\nAs part of a broader effort to [refine the Cwtch API in preparation for Cwtch Stable](https://docs.cwtch.im/blog/cwtch-stable-api-design) we have taken the opportunity to fix many of these problems.\\n\\n## Cwtch Autobindings\\n\\nThe current `lib.go` file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the `BlockContact` API implementation is:\\n\\n\\t//export c_BlockContact\\n\\tfunc c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {\\n\\t\\tBlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))\\n\\t}\\n\\n\\tfunc BlockContact(profileOnion string, conversationID int) {\\n\\t\\tprofile := application.GetPeer(profileOnion)\\n\\t\\tif profile != nil {\\n\\t\\t\\tprofile.BlockConversation(conversationID)\\n\\t\\t}\\n\\t}\\n\\nAll that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.\\n\\nIn the new [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings) we reduce these multiple lines to [a single one](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec#L19):\\n\\n\\tprofile BlockConversation conversation\\n\\nDefining a `profile`-level function, called `BlockConversation` which takes in a single parameter of type `conversation`.\\n\\nUsing a similar boilerplate-reduction for the reset of `lib.go` yields [5-basic function prototypes](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/README.md#spec-file-format):\\n\\n* Application-level functions e.g. `CreateProfile`\\n* Profile-level functions e.g. `BlockConversation`\\n* Profile-level functions that return data e.g. `GetMessage`\\n* Experimental Profile-level feature functions e.g. `DownloadFile`\\n* Experimental Profile-level feature functions that return data e.g. `ShareFile`\\n\\nOnce aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be [described in fewer than 50 lines, including comments](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec). Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).\\n\\n## Next Steps\\n\\nCwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:\\n\\n * **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)** (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on `cwtch-server`). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don\'t support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart-side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs)\\n * **Documentation generation**: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n * **Cwtch API**: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the [Cwtch Stable API redesign](https://docs.cwtch.im/blog/cwtch-stable-api-design). In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-ii","metadata":{"permalink":"/de/blog/cwtch-testing-ii","source":"@site/blog/2023-02-17-cwtch-testing-ii.md","title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","date":"2023-02-17T00:00:00.000Z","formattedDate":"17. Februar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"support","permalink":"/de/blog/tags/support"},{"label":"testing","permalink":"/de/blog/tags/testing"}],"readingTime":1.75,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","slug":"cwtch-testing-ii","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog7_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/de/blog/autobindings"},"nextItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/de/blog/cwtch-android-reproducibility"}},"content":"In this development log, we investigate some text-based UI bugs encountered by [Fuzzbot](https://docs.cwtch.im/docs/contribute/testing#running-fuzzbot), add more [automated UI tests](/blog/cwtch-testing-i) to the pipeline, and announce a new release of the Cwtchbot library.\\n\\n![](/img/devlog7.png)\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Constraining Cwtch UI Fields\\n\\nFuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this\\ndoesn\'t pose a safety issue, it is unsightly.\\n\\n
\\n\\n[![](/img/dl7-before.png)](/img/dl7-before.png)\\n\\n
Screenshot demonstrating how certain strings would violate the bounds of their containers.
\\n
\\n\\nThese cases were fixed by parenting impacted elements in a `Container` with `clip: hardEdge` and `decoration:BoxDecoration()` (note that both of these are required as Container widgets in Flutter cannot set clipping logic\\nwithout an associated decoration).\\n\\n
\\n\\n[![](/img/dl7-after.png)](/img/dl7-after.png)\\n\\n
Now these clipped strings are tightly constrained to their container bounds.
\\n
\\n\\nThese fixes are available in the [latest Cwtch Nightly](/docs/contribute/testing#cwtch-nightlies), and will be officially released in Cwtch 1.11.\\n\\n## More Automated UI Tests\\n\\nWe have added two new sets of automated UI tests to our pipeline:\\n\\n- *02: Global Settings* - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. ([PR: 628](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/628))\\n- *04: Profile Management* - these tests check that creating, unlocking, and deleting a profile work as expected. ([PR: 632](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/632))\\n\\n## New Release of Cwtchbot\\n\\n[Cwtchbot](https://git.openprivacy.ca/sarah/cwtchbot) has been updated to use the latest Cwtch 0.18.10 API.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-android-reproducibility","metadata":{"permalink":"/de/blog/cwtch-android-reproducibility","source":"@site/blog/2023-02-10-android-reproducibility.md","title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","date":"2023-02-10T00:00:00.000Z","formattedDate":"10. Februar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/de/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"repliqate","permalink":"/de/blog/tags/repliqate"}],"readingTime":2.92,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","slug":"cwtch-android-reproducibility","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog6_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/de/blog/cwtch-testing-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing","permalink":"/de/blog/cwtch-testing-i"}},"content":"In this development log, we continue our previous work on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible), uncovering the final few sources of variation between our [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!\\n\\n![](/img/devlog6.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Changes Necessary for Reproducible Android Bindings\\n\\nAfter a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:\\n\\n- **Insufficient path stripping introduced by Android NDK tools** - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 [changed the binutils and default linker](https://github.com/android/ndk/wiki/Changelog-r22) to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our [long term support plan](https://docs.cwtch.im/blog/cwtch-platform-support), we will be moving towards adopting the latest NDK in the future.\\n- **Paths in DWARF entries** - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.\\n\\n
\\n\\n[![](/img/aar-diff.png)](/img/aar-diff.png)\\n\\n
Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
\\n
\\n\\n- **Go Compiler Acquisition** - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there *was* a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.\\n\\n## Repliqate Scripts\\n\\nWith those issues now fixed, Cwtch Android bindings are **officially reproducible!** The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under [cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script) in the [Cwtch Repliqate scripts repository](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/).\\n\\nThis is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-i","metadata":{"permalink":"/de/blog/cwtch-testing-i","source":"@site/blog/2023-02-03-cwtch-testing-i.md","title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","date":"2023-02-03T00:00:00.000Z","formattedDate":"3. Februar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"support","permalink":"/de/blog/tags/support"},{"label":"testing","permalink":"/de/blog/tags/testing"}],"readingTime":4.74,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","slug":"cwtch-testing-i","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog5_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/de/blog/cwtch-android-reproducibility"},"nextItem":{"title":"Cwtch UI Platform Support","permalink":"/de/blog/cwtch-platform-support"}},"content":"We first [introduced UI tests last January](https://openprivacy.ca/discreet-log/23-cucumber-testing/). At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.\\n\\nOne of the main threads of work that needs to be complete early in the [Cwtch Stable roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.\\n\\n![](/img/devlog5.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Current Limitations of Flutter Gherkin\\n\\nThe original [flutter_gherkin](https://pub.dev/packages/flutter_gherkin) is under semi-active development; however, the latest published versions don\'t support using it with `flutter test`.\\n\\n- **Flutter Test** was originally intended to run single widget/unit tests for a Flutter project.\\n- **Flutter Drive** was originally intended to run integration tests *on a device or an emulator*.\\n\\nHowever, in recent releases these lines have become blurred. The new [integration_test](https://docs.flutter.dev/testing/integration-tests) package that comes built into newer Flutter releases has support for both `flutter drive` and `flutter test`. This was a great change because it decreases the required overhead to run larger integration tests (`flutter drive` sets up a host-controller model that requires a dedicated control channel to be setup, whereas `flutter test` can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).\\n\\nThere is thankfully code in the `flutter_gherkin` repository that supports running tests with `flutter test`, however this code currently has a few issues:\\n\\n- The test code generation produces code that doesn\'t compile without minor changes.\\n- Certain functionality like \\"take a screenshot\\" does not work on desktop.\\n\\nAdditionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:\\n\\n- Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.\\n- Certain Flutter widgets like `DropdownButton` are not compatible with built-in steps like `tap` because they internally contain multiple copies of the same widget.\\n\\nBecause of the above issues we have chosen to [fork flutter_gherkin](https://git.openprivacy.ca/openprivacy/flutter_gherkin) to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.\\n\\n## Integrating Tests into the Pipeline\\n\\nOne of the major limitations of `flutter test` is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.\\n\\nThankfully it is possible to use [Xfvb](https://en.wikipedia.org/wiki/Xvfb) to create a virtual framebuffer, and set `DISPLAY` to render to that buffer:\\n\\n export DISPLAY=:99\\n Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &\\n\\nThis allows us to neutralize our main issue with `flutter test`, and efficiently run tests in our pipeline.\\n\\n## Catching Bugs!\\n\\nThis small amount of integration work has already caught its first bug.\\n\\nOnce we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. [02_save_load.feature](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/integration_test/features/01_general/02_save_load.feature) simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on\\ndevelopment environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.\\n\\nThe cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory `$USER_HOME/Downloads` didn\'t exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.\\n\\nAs we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!\\n\\n## Next Steps\\n\\n- **More automated tests:** We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.\\n- **More platforms:** Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across [our target platforms](https://docs.cwtch.im/docs/getting-started/supported_platforms). We expect to start this work soon; expect more news in a future Cwtch Testing update!\\n\\n- **More steps:** One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the `expect to see the message` step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. `send a file` or `set profile picture`.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-platform-support","metadata":{"permalink":"/de/blog/cwtch-platform-support","source":"@site/blog/2023-01-27-platform-support.md","title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","date":"2023-01-27T00:00:00.000Z","formattedDate":"27. Januar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"support","permalink":"/de/blog/tags/support"}],"readingTime":10.535,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","slug":"cwtch-platform-support","tags":["cwtch","cwtch-stable","support"],"image":"/img/devlog4_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing","permalink":"/de/blog/cwtch-testing-i"},"nextItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/de/blog/cwtch-bindings-reproducible"}},"content":"One of the [tenets for Cwtch Stable is **Universal Availability and Cohesive Support**](https://docs.cwtch.im/blog/path-to-cwtch-stable#tenets-of-cwtch-stable):\\n\\n> \\"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\"\\n\\nThis development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.\\n\\nThe questions we aim to answer in this post are: \\n\\n- What systems do we currently support?\\n- How do we decide what systems are supported?\\n- How do we handle new OS versions?\\n- How does application support differ from library support?\\n- What blockers exist for systems we wish to support, but currently cannot e.g ios?\\n\\n![](/img/devlog4.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Constraints on support\\n\\nFrom CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems. \\n\\nIn this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.\\n\\n### Limitations on general-purpose computing \\n\\nIn order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to *other* onion services). \\n\\nOn desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, **blocked entirely**. \\n\\nThis is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.\\n\\nWhile we expect that [Arti](https://gitlab.torproject.org/tpo/core/arti) will improve the management of onion services and connections, there is no way around the need to have an active process managing such services. \\n\\nAs Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.\\n\\nWe encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don\'t place restrictions on what you can do with your own device.\\n\\n### Constraints introduced by the Flutter SDK\\n\\nThe Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by [platforms that are supported by the Flutter SDK](https://docs.flutter.dev/development/tools/sdk/release-notes/supported-platforms).\\n\\nTo summarize, as of writing this document those platforms are:\\n\\n- Android API 16 and above (arm, arm64, and amd64)\\n- Debian-based Linux Distributions (64-bit only)\\n- macOS El Capitan (10.11) and above\\n- Windows 7 & above (64-bit only)\\n\\nTo put it plainly, without porting Cwtch UI to a different UI platform **we cannot support a 32-bit desktop version**.\\n\\n### Constraints introduced by Appstore Policy \\n\\nAs of writing, [Google is pushing applications to target API 31 or above](https://developer.android.com/google/play/requirements/target-sdk). This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.\\n\\n### CPU Architecture and Cwtch Bindings\\n\\nWe currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.\\n\\nIt is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.\\n\\n| Architecture / Platform | Windows | Linux | macOS | Android |\\n|--------------------------|---------|-----|-------| -------------|\\n| arm | \u274c | \u274c | \u274c | \u2705\ufe0f| \\n| arm64 | \u274c | \ud83d\udfe1 | \u2705 | \u2705\ufe0f | \\n| x86-64 / amd64 | \u2705 | \u2705 | \u2705\ufe0f | \u2705\ufe0f |\\n\\n\\"\ud83d\udfe1\\" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).\\n\\n### Testing and official support\\n\\nAs a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the [Cwtch Release Candidate Testers](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.\\n\\nWe officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.\\n\\n### End-of-life platforms\\n\\nOperating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. [Windows 7 fell out of support on January 14, 2020](https://www.microsoft.com/en-us/windows/end-of-support), Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.\\n\\nLikewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.\\n\\nThe same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. [Cwtch currently requires libc 2.31+](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#linux-specific-considerations).\\n\\nAndroid versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our [Cwtch Release Candidate Testers groups](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to help us understand the limitations of Android support across different API versions.\\n\\n## How we decide to officially support a platform\\n\\nTo help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:\\n\\n1. **The target platform needs to be officially supported by our development tools** - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.\\n2. **The target operating system needs to be supported by the Vendor** - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).\\n3. **The target platform must be backwards compatible with the most recent version in general use** - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch *may* run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).\\n4. **People want to use Cwtch on that platform** - We will generally only consider new platform support if people ask us about it. If Cwtch isn\'t available for a platform you want to use it on, then please get in touch and ask us about it!\\n\\n## Summary of official support\\n\\nThe table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023). \\n\\nIn many cases we are looking for testers to confirm that various functionality works. A version of this table will be [maintained as part of the Cwtch Handbook](/docs/getting-started/supported_platforms).\\n\\n**Legend:**\\n\\n- \u2705: **Officially Supported**. Cwtch should work on these platforms without issue. Regressions are treated as high priority.\\n- \ud83d\udfe1: **Best Effort Support**. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.\\n- \u274c: **Not Supported**. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.\\n\\n\\n\\n| Platform | Official Cwtch Builds | Source Support | Notes |\\n|-----------------------------|-----------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------|\\n| Windows 11 | \u2705 | \u2705 | 64-bit amd64 only. |\\n| Windows 10 |\u2705 | \u2705 | 64-bit amd64 only. Not officially supported, but official builds may work. |\\n| Windows 8 and below | \u274c | \ud83d\udfe1 | Not supported. Dedicated builds from source may work. Testing Needed. |\\n| OSX 10 and below | \u274c | \ud83d\udfe1 | 64-bit Only. Official builds have been reported to work on Catalina but not High Sierra |\\n| OSX 11 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 12 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 13 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| Debian 11 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Debian 10 | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. |\\n| Debian 9 and below | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies. |\\n| Ubuntu 22.04 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Other Ubuntu | \ud83d\udfe1 | \u2705 | 64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies. | \\n| CentOS | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Gentoo | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Arch | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Whonix | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support. ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550) |\\n| Raspian (arm64) | \ud83d\udfe1 | \u2705 | Builds from source work. |\\n| Other Linux Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Android 9 and below | \ud83d\udfe1 | \ud83d\udfe1 | Official builds may work. |\\n| Android 10 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 11 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 12 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 13 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| LineageOS | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support.](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/607) |\\n| Other Android Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-bindings-reproducible","metadata":{"permalink":"/de/blog/cwtch-bindings-reproducible","source":"@site/blog/2023-01-20-reproducible-builds-bindings.md","title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","date":"2023-01-20T00:00:00.000Z","formattedDate":"20. Januar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/de/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/de/blog/tags/bindings"},{"label":"repliqate","permalink":"/de/blog/tags/repliqate"}],"readingTime":7.915,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","slug":"cwtch-bindings-reproducible","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog3_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Platform Support","permalink":"/de/blog/cwtch-platform-support"},"nextItem":{"title":"Cwtch Stable API Design","permalink":"/de/blog/cwtch-stable-api-design"}},"content":"From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.\\n\\nBut open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.\\n\\nThe whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can **independently verify** that the binaries we release are built from the Cwtch source code.\\n\\nIn this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n\x3c!--truncate--\x3e\\n\\n## How Cwtch Bindings are Built\\n\\nSince we launched Cwtch Beta we have used Docker containers as part of our continuous build process.\\n\\nWhen a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.\\n\\nThe Cwtch Bindings build pipeline results in four compiled libraries:\\n\\n- **libcwtch.so** \u2013 For Linux Platforms, built using the [official golang:1.19.X Docker Image](https://hub.docker.com/_/golang)\\n- **libcwtch.dll** \u2013 For Windows Platforms, built using our own [mingw-go Docker Image](https://git.openprivacy.ca/openprivacy/mingw-go)\\n- **libcwtch.ld** \u2013 For OSX Platforms, built using our dedicated OSX build server (Big Sur 11.6.1)\\n- **cwtch.aar** \u2013 For Android Platforms, built using our own [Android/GoMobile Docker Image](https://git.openprivacy.ca/openprivacy/android-go-mobile)\\n\\nThese compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.\\n\\n## Making libCwtch Reproducible\\n\\nDocker containers alone aren\'t enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:\\n\\n* **Go Build ID**: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.\\n* **Build Paths and Go Environment Variables**: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary \u2013 ostensibly to aid with debugging. These can be removed using the `trimPath` option, which we now specify for all bindings builds.\\n\\n### Linux Specific Considerations\\n\\nAfter the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.\\n\\nOur Drone/Docker build environments are based on [Debian Bullseye](https://www.debian.org/releases/bullseye/) which provides [libc6-dev version 2.31](https://packages.debian.org/bullseye/i386/libc6-dev). Other development setups will likely link libc-dev 2.34+.\\n\\nlibc6-dev 2.34 is notable [because it removed dependencies on libpthread and libdl](https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread) \u2013 neither are used in libCwtch, but they are currently referenced \u2013 which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.\\n\\nThis means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on [Next Steps](#next-steps) for more information).\\n\\n### Windows Specific Considerations\\n\\nThe headers of PE files technically contain a timestamp field. In recent years an [effort has been made to use this field for other purposes](https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705), but by default `go build` will still include the timestamp of the file when producing a DLL file (at least when using CGO).\\n\\nFortunately this field can be zeroed out through passing `-Xlinker \u2013no-insert-timestamp` into the `mingw32-gcc` process.\\n\\nWith that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.\\n\\n\\n### Android Specific Considerations\\n\\nWith the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:\\n\\n* Cwtch makes use of [GoMobile](https://github.com/golang/mobile) for compiling Android libraries. We pin to a specific version `43a0384520996c8376bfb8637390f12b44773e65` in our Docker containers. Unlike `go build`, the `trimpPath` parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized `/tmp/go-build*` references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.\\n* We still use [sdk-tools](https://developer.android.com/studio/releases/sdk-tools) instead of the new [commandline-tools](https://developer.android.com/studio/command-line). The latest version of sdk-tools is `4333796` and available from: [https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip](https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip). As part of our plans for Cwtch Stable we will be updating this dependency.\\n* Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated `openjdk:8` image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency. \\n\\nAll of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.\\n\\n### OSX Specific Considerations\\n\\nPerhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.\\n\\nAs with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.\\n\\nIn order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.\\n\\nIn an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a [proprietary SDK](https://www.apple.com/legal/sla/docs/xcode.pdf). There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.\\n\\nBecause of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.\\n\\n## Introducing Repliqate!\\n\\nWith all the above changes, **Cwtch Bindings for Linux and Windows are fully reproducible!**\\n\\nThat alone is great, but we also want to make it easier for **you** to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.\\n\\nTo make this process accessible we are releasing a new tool called [repliqate](https://git.openprivacy.ca/openprivacy/repliqate).\\n\\nRepliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.\\n\\nRepliqate runs [build-scripts](https://git.openprivacy.ca/openprivacy/repliqate#writing-a-build-script) to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from [builds.openprivacy.ca](https://build.openprivacy.ca/files/).\\n\\nWe now provide [Repliqate build-scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts) for reproducible both [Linux libCwtch.so builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-linux.script), [Windows libCwtch.dll builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-windows.script)!\\n\\nWe also have a partially repeatable [Android cwtch.aar build](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-android.script) script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.\\n\\nYou can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.\\n\\n## Next Steps\\n\\nReproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.\\n\\nAs we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-api-design","metadata":{"permalink":"/de/blog/cwtch-stable-api-design","source":"@site/blog/2023-01-13-cwtch-stable-api-design.md","title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","date":"2023-01-13T00:00:00.000Z","formattedDate":"13. Januar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/de/blog/tags/planning"},{"label":"api","permalink":"/de/blog/tags/api"}],"readingTime":17.28,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","slug":"cwtch-stable-api-design","tags":["cwtch","cwtch-stable","planning","api"],"image":"/img/devlog2_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/de/blog/cwtch-bindings-reproducible"},"nextItem":{"title":"Path to Cwtch Stable","permalink":"/de/blog/path-to-cwtch-stable"}},"content":"Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications. \\n\\nAs we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.\\n\\nAs we move out of Beta and [towards Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable) it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.\\n\\nIn this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.\\n\\n![](/img/devlog2.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Clarifying Terminology\\n\\nOver the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:\\n\\n- **Cwtch** refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application. \\n- **Cwtchlib** refers to the [reference implementation of the Cwtch Protocol](https://git.openprivacy.ca/cwtch.im/cwtch) / Application framework, currently written in Go.\\n- **Bindings** refers to C/Java/Kotlin/Rust bindings (primarily [libcwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go)) that act as an interface between Cwtchlib and downstream applications.\\n- `CwtchPeer` is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).\\n- `ProtocolEngine` is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, `ProtocolEngine` is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.\\n\\n\\n### Tenets of the Cwtch API Design\\n\\nBased on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:\\n\\n- **Robustness** - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.\\n- **Completeness** - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.\\n- **Security** \u2013 experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.\\n\\n### The Cwtch Experiment Landscape\\n\\nA summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.\\n\\n- **Groups** \u2013 the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized `ProtocolEngine` functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup. \\n - **Hybrid Groups** - we have plans to upgrade the Groups experience to a more flexible \u201chybrid-groups\u201d protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.\\n- **Filesharing** \u2013 like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in `ProtocolEngine`.\\n- **Profile Images** \u2013 based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.\\n- **Server Hosting** \u2013 the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.\\n- **Message Formatting** \u2013 notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history\\n- **Search / Microblogging** \u2013 proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.\\n- **Status / Profile Metadata** \u2013 proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.\\n\\n### The Problem with Experiments\\n\\nWe have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the `SendMessages` interface that only allows callers to send messages.\\n\\nWe have also worked to package experimental functionality into so-called **Gated Functionalities** that are only available if a given experiment is turned on.\\n\\nTogether, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:\\n\\n- The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. `SendMessages` \u2013 there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).\\n- The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.\\n- This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.\\n\\n### Restricting Powerful Cwtch APIs\\n\\nTo carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:\\n\\n- Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through `Application` and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.\\n- Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a `RestrictedCwtchConversationInterface` which decorates a Cwtch Profile interface such that it can only interact with a single conversation \u2013 these can then be passed into hooks and interface functions to limit their impact.\\n- Registered Hooks at pre-specified points with restricted capabilities \u2013 to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow `CwtchPeer` to control which experiments get access to which events at a given time.\\n\\n#### Pre-Registered Hooks\\n\\nIn order to implement certain functionality actions need to take place in-between events handled by `CwtchPeer`. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).\\n\\nThis is currently only possible with invasive changes to the `CwtchPeer` interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.\\n\\nWe are introducing a new set of Cwtch APIs designed for this purpose:\\n\\n- `OnNewPeerMessage` - hooked prior to inserting the message into the database.\\n- `OnPeerMessageConfirmed` \u2013 hooked after a peer message has been inserted into the database.\\n- `OnEncryptedGroupMessage` \u2013 hooked after receiving an encrypted message from a group server.\\n- `OnGroupMessageReceived` \u2013 hooked after a successful decryption of a group message, but before inserting it into the database.\\n- `OnContactRequestValue` \u2013 hooked on request of a scoped (the permission level of the attribute e.g. `public` or `conversation` level attributes), zoned ( relating to a specific feature e.g. `filesharing` or `chat`), and keyed (the name of the attribute e.g. `name` or `manifest`) value from a contact.\\n- `OnContactReceiveValue` \u2013 hooked on receipt of a requested scoped,zoned, and keyed value from a contact.\\n\\nIncluding the following APIs for managing hooked functionality:\\n\\n- `RegisterEvents` - returns a set of events that the extension is interested processing.\\n- `RegisterExperiments` - returns a set of experiments that the extension is interested in being notified about\\n- `OnEvent` - to be called by `CwtchPeer` whenever an event registered with `RegisterEvents` is called (assuming all experiments registered through `RegisterExperiments` is active)\\n\\n#### `ProtocolEngine` Subsystems\\n\\nAs mentioned in our experiment summary, some functionality needs to be implemented directly in the `ProtocolEngine`. The `ProtocolEngine` is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).\\n\\nSome types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a `ProtocolEngine`.\\n\\nAt the moment is this done through the concept of informal \u201csubsystems\u201d, modular add-ons to `ProtocolEngine` that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider `ProtocolEngine` ecosystem. \\n\\nWe are formalizing this subsystem into an interface, similar to the hooked functionality in `CwtchPeer`:\\n\\n- `RegisterEvents` - returns a set of events that the subsystem needs to consume to operate.\\n- `OnEvent` \u2013 to be called by `ProtocolEngine` whenever an event registered with `RegisterEvents` is called (when all the experiments registered through `RegisterExperiments` are active)\\n- `RegisterContexts` - returns the set of contexts that the subsystem implements e.g. `im.cwtch.filesharing`\\n\\nThis also requires a formalization of two *engine specific* events (for use on the event bus):\\n\\n- `SendCwtchMessage` \u2013 encapsulating the existing `CwtchPeerMessage` that is used internally in `ProtocolEngine` for messages between subsystems.\\n- `CwtchMessageReceived` \u2013 encapsulating the existing `handlePeerMessage` function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.\\n\\nAnd the introduction of three **additional** `ProtocolEnine` specific events:\\n\\n- `StartEngineSubsystem` \u2013 replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.\\n- `StopEngineSubsystem` \u2013 replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.\\n- `SubsystemStatus` \u2013 a generic event that can be published by subsystems with a collection of fields useful for debugging\\n\\nThis will allow us to move the following functionality, currently part of `ProtocolEngine` itself, into generic subsystems:\\n\\n- **Attribute Lookup Handling** - this functionality is currently part of the overloaded `handlePeerMessage` function, filtered using the `Context` parameter of the `CwtchPeerMessage`. As such it can be entirely delegated to a subsystem. \\n- **Filesharing Chunk Request Handling** \u2013 this is also part of handlePeerMessage, also filtered using the `Context` parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by `handlePeerMessage`)\\n- **Filesharing Start File Share/Stop File Share** \u2013 this is currently part of the `handleEvent` behaviour of `ProtocolEngine` and can be moved into an `OnEvent` handler of the file sharing subsystem (where such events are already processed).\\n\\nThe introduction of pre-registered hooks in combination with the formalizations of `ProtocolEngine` subsystems will allow the follow functionality, currently implemented in `CwtchPeer` or libcwtch-go to be moved to standalone packages:\\n\\n- **Filesharing** makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension. \\n - Filesharing also depends on the file sharing subsystem to be enabled in a `ProtocolEngine`. This subsystem is responsible for processing chunk requests.\\n- **Profile Images** \u2013 we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)\\n- **Legacy Groups** \u2013 while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.\\n- **Status/Profile Metadata** \u2013 status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.\\n \\n#### Impact on Enabling (Powerful) New Functionality\\n\\nNone of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:\\n\\n- **Search** \u2013 a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.\\n- **Non Chat Conversation Contexts** - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.\\n\\n## Application Experiments\\n\\nOne kind of experiment we haven\u2019t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting \u2013 this allows a Cwtch desktop client to setup and manage Cwtch Servers.\\n\\nThis kind of functionality doesn\u2019t belong in Cwtchlib \u2013 as it would necessarily introduce unrelated dependencies into the core library.\\n\\nThis functionality also doesn\u2019t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.\\n\\n## Bindings\\n\\nThe last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.\\n\\nWe can split the bindings into four core areas:\\n\\n- **Application Management** - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.\\n- **Application Experiments** - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.\\n- **Core Profile Management** - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.\\n- **Experimental Profile Features** \u2013 auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.\\n\\nThe flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.\\n\\nIn an ideal future, all of these bindings could be **generated automatically** from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)\\n\\nWe can define three types of C/Java/Kotlin interface function templates:\\n\\n- `ProfileMethodName(profilehandle String, args...)` \u2013 which directly resolves the Cwtch Profile and calls the function.\\n- `ProfileExperimentalMethodName(profilehandle String, args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.\\n- `ApplicationExperimentalMethodName(args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.\\n\\nAll we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context `ProfileInterface` for the first, exported methods of the various `Functionalities` for the second, and `ApplicationExperiment` definitions for the third.\\n\\n## Timelines and Next Actions\\n\\n- **Freeze any changes to the bindings interface** - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 \u2013 until we have implemented the proposed changes into cwtchlib.\\n- As part of Cwtch 1.11 and 1.12 Release Cycles\\n - Implement the `ProtocolEngine` Subsystem Design as outlined above.\\n - Implement the Hooks API.\\n - Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib \u2013 with the exception of behaviour related to Application Experiments (i.e. Server Hosting).\\n - Move event handling from the bindings into Application.\\n - Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) \u2013 keeping the existing interface definitions.\\n- Once Automated UI Tests have been integrated into the Cwtch UI Repository:\\n - Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings **and** a dart calling convention library from cwtchlib and any configured application experiments libraries\\n - Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).\\n - At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n## Appendix A: Special Behaviour Defined by libcwtch-go\\n\\nThe following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:\\n\\n- Application Settings\\n - Including Enabling / Disabling Experiment\\n- ACN Process Management - starting/stopping/restarting/configuring Tor.\\n- Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)\\n- Logging Levels - configuring appropriate logging levels (e.g. `INFO` or `DEBUG`)\\n- Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.\\n- UI Contact Structures - aggregating contact information for the main Cwtch UI.\\n- Group Experiment Functionality\\n - Experiment Gating\\n - GetServerInfoList\\n - GetServerInfo\\n - UI Server Struct Definition\\n- Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.\\n- \\"Unencrypted\\" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated \\"unencrypted\\".\\n- Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).\\n- Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.\\n- Cwtch Profile Engine Activation - starting/stopping a `ProtocolEngine` when requested by the UI, or in response to changes in ACN state.\\n- UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.\\n- File sharing restarts \\n- UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn\'t directly embedded within the event (e.g. converting `handle` to a `conversation id`). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.\\n- Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)"},{"id":"path-to-cwtch-stable","metadata":{"permalink":"/de/blog/path-to-cwtch-stable","source":"@site/blog/2023-01-06-path-to-cwtch-stable.md","title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","date":"2023-01-06T00:00:00.000Z","formattedDate":"6. Januar 2023","tags":[{"label":"cwtch","permalink":"/de/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/de/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/de/blog/tags/planning"}],"readingTime":9.995,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","slug":"path-to-cwtch-stable","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable API Design","permalink":"/de/blog/cwtch-stable-api-design"}},"content":"As of December 2022 we have released 10 versions of Cwtch Beta since the [initial launch, 18 months ago, in June 2021](https://openprivacy.ca/discreet-log/10-cwtch-beta-and-beyond/).\\n\\nThere is a consensus among the team that the next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable.\\n\\nThis post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.\\n\\n![](/img/devlog1.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Tenets of Cwtch Stable\\n\\nIt is important to state that Cwtch Stable **does not mean an end to Cwtch development**. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:\\n\\n1. **Consistent Interface** \u2013 each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.\\n2. **Universal Availability and Cohesive Support** \u2013 people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\n3. **Reproducible Builds** \u2013 Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.\\n4. **Proven Security** \u2013 we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.\\n\\n### Known Problems\\n\\nTo begin, let\'s outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.\\n\\n1. **Lack of a Stable API for future feature development** \u2013 while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)\\n2. **Special functionality in libCwtch-go** \u2013 our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)\\n3. **libCwtch-rs partial support** - we currently do not officially consider [libCwtch-rs](https://lib.rs/crates/libcwtch) when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)\\n4. **Lack of Reproducible Pipelines** - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)\\n5. **Lack of up to date, and translated, Security Documentation** \u2013 the [Cwtch security handbook](https://docs.openprivacy.ca/cwtch-security-handbook/) is currently isolated from the rest of our documentation and doesn\u2019t benefit from cross-linking, or translations. (Tenet 4)\\n6. **No Automated UI Tests** \u2013 we put a lot of work into [building out a testing framework for the UI](https://openprivacy.ca/discreet-log/23-cucumber-testing/), but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)\\n7. **Code Signing Provider** \u2013 our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)\\n8. **Second-class Android Support** - while we have put [a lot of effort behind Android support](https://openprivacy.ca/discreet-log/27-android-improvements/) across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)\\n9. **Lack of Fuzzing** \u2013 while [Fuzzbot](https://openprivacy.ca/discreet-log/07-fuzzbot/) sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)\\n10. **Lack of Formal Release Acceptance Process** \u2013 currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to \u201cunrelated\u201d changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)\\n11. **Inconsistent Cwtch Information Discovery** \u2013 our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)\\n12. **Incomplete Documentation** \u2013 docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)\\n\\n### Plan of Action\\n\\nOutside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:\\n\\n1. **Define, Publish, and Implement a Cwtch Interface Specification Documentation** \u2013 this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)\\n2. **Define, Publish, and Implement a Cwtch Release Process** \u2013 this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)\\n3. **Define, Publish, and Implement a Cwtch Support Document** - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)\\n4. **Define, Publish, and Implement a Cwtch Packaging Document** - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)\\n5. **Define, Publish, and Implement a Reproducible Builds Document** \u2013 this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)\\n6. **Expand the Cwtch Documentation Site** \u2013 to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)\\n7. **Expand our Automated Testing to include UI and Fuzzing** - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)\\n8. **Re-evaluate all Issues across all Cwtch related repositories** \u2013 issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don\u2019t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.\\n9. **Define a Stable Feature Set** \u2013 there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)\\n\\n### Goals and Timelines\\n\\nWith all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:\\n\\n1. By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).\\n2. By **1st February 2023**, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.\\n3. By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.\\n4. By **31st March 2023**, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).\\n5. By **31st March 2023** the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.\\n6. By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.\\n7. By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.\\n8. By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.\\n\\nAs these documents are written, and these goals met we will be posting them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, Cwtch development.\\n\\n### Help us get there!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"}]}')}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/814f3328.3bf27fe6.js b/build-staging/de/assets/js/814f3328.3bf27fe6.js deleted file mode 100644 index 91c5b3c2..00000000 --- a/build-staging/de/assets/js/814f3328.3bf27fe6.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2535],{5641:t=>{t.exports=JSON.parse('{"title":"Neueste Logs","items":[{"title":"Cwtch UI Reproducible Builds (Linux)","permalink":"/de/blog/cwtch-ui-reproducible-builds-linux"},{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update-june"},{"title":"Cwtch Beta 1.12","permalink":"/de/blog/cwtch-nightly-1-12"},{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/de/blog/cwtch-nightly-v.11-74"},{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/de/blog/cwtch-developer-documentation"},{"title":"Availability Status and Profile Attributes","permalink":"/de/blog/availability-status-profile-attributes"},{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update"},{"title":"Cwtch Beta 1.11","permalink":"/de/blog/cwtch-nightly-1-11"},{"title":"Updates to Cwtch Documentation","permalink":"/de/blog/cwtch-documentation"},{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/de/blog/autobindings-ii"},{"title":"Autogenerating Cwtch Bindings","permalink":"/de/blog/autobindings"},{"title":"Notes on Cwtch UI Testing (II)","permalink":"/de/blog/cwtch-testing-ii"},{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/de/blog/cwtch-android-reproducibility"},{"title":"Notes on Cwtch UI Testing","permalink":"/de/blog/cwtch-testing-i"},{"title":"Cwtch UI Platform Support","permalink":"/de/blog/cwtch-platform-support"},{"title":"Making Cwtch Bindings Reproducible","permalink":"/de/blog/cwtch-bindings-reproducible"},{"title":"Cwtch Stable API Design","permalink":"/de/blog/cwtch-stable-api-design"},{"title":"Path to Cwtch Stable","permalink":"/de/blog/path-to-cwtch-stable"}]}')}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/814f3328.602b4477.js b/build-staging/de/assets/js/814f3328.602b4477.js new file mode 100644 index 00000000..e990cde9 --- /dev/null +++ b/build-staging/de/assets/js/814f3328.602b4477.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2535],{5641:t=>{t.exports=JSON.parse('{"title":"Neueste Logs","items":[{"title":"Progress Towards Reproducible UI Builds","permalink":"/de/blog/cwtch-ui-reproducible-builds-linux"},{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update-june"},{"title":"Cwtch Beta 1.12","permalink":"/de/blog/cwtch-nightly-1-12"},{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/de/blog/cwtch-nightly-v.11-74"},{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/de/blog/cwtch-developer-documentation"},{"title":"Availability Status and Profile Attributes","permalink":"/de/blog/availability-status-profile-attributes"},{"title":"Cwtch Stable Roadmap Update","permalink":"/de/blog/cwtch-stable-roadmap-update"},{"title":"Cwtch Beta 1.11","permalink":"/de/blog/cwtch-nightly-1-11"},{"title":"Updates to Cwtch Documentation","permalink":"/de/blog/cwtch-documentation"},{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/de/blog/autobindings-ii"},{"title":"Autogenerating Cwtch Bindings","permalink":"/de/blog/autobindings"},{"title":"Notes on Cwtch UI Testing (II)","permalink":"/de/blog/cwtch-testing-ii"},{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/de/blog/cwtch-android-reproducibility"},{"title":"Notes on Cwtch UI Testing","permalink":"/de/blog/cwtch-testing-i"},{"title":"Cwtch UI Platform Support","permalink":"/de/blog/cwtch-platform-support"},{"title":"Making Cwtch Bindings Reproducible","permalink":"/de/blog/cwtch-bindings-reproducible"},{"title":"Cwtch Stable API Design","permalink":"/de/blog/cwtch-stable-api-design"},{"title":"Path to Cwtch Stable","permalink":"/de/blog/path-to-cwtch-stable"}]}')}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/a6f005ae.a53b1d1a.js b/build-staging/de/assets/js/a6f005ae.d29420e9.js similarity index 77% rename from build-staging/de/assets/js/a6f005ae.a53b1d1a.js rename to build-staging/de/assets/js/a6f005ae.d29420e9.js index 3c9ae1fd..df421041 100644 --- a/build-staging/de/assets/js/a6f005ae.a53b1d1a.js +++ b/build-staging/de/assets/js/a6f005ae.d29420e9.js @@ -1 +1 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3412],{3905:(e,t,a)=>{a.d(t,{Zo:()=>s,kt:()=>m});var r=a(7294);function n(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function o(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,r)}return a}function i(e){for(var t=1;t=0||(n[a]=e[a]);return n}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(n[a]=e[a])}return n}var c=r.createContext({}),p=function(e){var t=r.useContext(c),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},s=function(e){var t=p(e.components);return r.createElement(c.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var a=e.components,n=e.mdxType,o=e.originalType,c=e.parentName,s=l(e,["components","mdxType","originalType","parentName"]),h=p(a),u=n,m=h["".concat(c,".").concat(u)]||h[u]||d[u]||o;return a?r.createElement(m,i(i({ref:t},s),{},{components:a})):r.createElement(m,i({ref:t},s))}));function m(e,t){var a=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var o=a.length,i=new Array(o);i[0]=u;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l[h]="string"==typeof e?e:n,i[1]=l;for(var p=2;p{a.r(t),a.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>d,frontMatter:()=>o,metadata:()=>l,toc:()=>p});var r=a(7462),n=(a(7294),a(3905));const o={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/de/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5. Juli 2023",tags:[{label:"cwtch",permalink:"/de/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/de/blog/tags/cwtch-stable"},{label:"planning",permalink:"/de/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Cwtch UI Reproducible Builds (Linux)",permalink:"/de/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/de/blog/cwtch-nightly-1-12"}},c={authorsImageUrls:[void 0]},p=[],s={toc:p},h="wrapper";function d(e){let{components:t,...o}=e;return(0,n.kt)(h,(0,r.Z)({},s,o,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,n.kt)("strong",{parentName:"p"},"Beta")," to ",(0,n.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,n.kt)("p",null,"This post ",(0,n.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>r});const r=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3412],{3905:(e,t,a)=>{a.d(t,{Zo:()=>s,kt:()=>m});var r=a(7294);function n(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function o(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,r)}return a}function i(e){for(var t=1;t=0||(n[a]=e[a]);return n}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(n[a]=e[a])}return n}var c=r.createContext({}),p=function(e){var t=r.useContext(c),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},s=function(e){var t=p(e.components);return r.createElement(c.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var a=e.components,n=e.mdxType,o=e.originalType,c=e.parentName,s=l(e,["components","mdxType","originalType","parentName"]),h=p(a),u=n,m=h["".concat(c,".").concat(u)]||h[u]||d[u]||o;return a?r.createElement(m,i(i({ref:t},s),{},{components:a})):r.createElement(m,i({ref:t},s))}));function m(e,t){var a=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var o=a.length,i=new Array(o);i[0]=u;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l[h]="string"==typeof e?e:n,i[1]=l;for(var p=2;p{a.r(t),a.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>d,frontMatter:()=>o,metadata:()=>l,toc:()=>p});var r=a(7462),n=(a(7294),a(3905));const o={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/de/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5. Juli 2023",tags:[{label:"cwtch",permalink:"/de/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/de/blog/tags/cwtch-stable"},{label:"planning",permalink:"/de/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Progress Towards Reproducible UI Builds",permalink:"/de/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/de/blog/cwtch-nightly-1-12"}},c={authorsImageUrls:[void 0]},p=[],s={toc:p},h="wrapper";function d(e){let{components:t,...o}=e;return(0,n.kt)(h,(0,r.Z)({},s,o,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,n.kt)("strong",{parentName:"p"},"Beta")," to ",(0,n.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,n.kt)("p",null,"This post ",(0,n.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>r});const r=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/a84d2af0.30e386c4.js b/build-staging/de/assets/js/a84d2af0.30e386c4.js deleted file mode 100644 index 7b2cb306..00000000 --- a/build-staging/de/assets/js/a84d2af0.30e386c4.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[890],{3905:(e,t,i)=>{i.d(t,{Zo:()=>d,kt:()=>m});var a=i(7294);function n(e,t,i){return t in e?Object.defineProperty(e,t,{value:i,enumerable:!0,configurable:!0,writable:!0}):e[t]=i,e}function r(e,t){var i=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),i.push.apply(i,a)}return i}function o(e){for(var t=1;t=0||(n[i]=e[i]);return n}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,i)&&(n[i]=e[i])}return n}var s=a.createContext({}),c=function(e){var t=a.useContext(s),i=t;return e&&(i="function"==typeof e?e(t):o(o({},t),e)),i},d=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var i=e.components,n=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),p=c(i),h=n,m=p["".concat(s,".").concat(h)]||p[h]||u[h]||r;return i?a.createElement(m,o(o({ref:t},d),{},{components:i})):a.createElement(m,o({ref:t},d))}));function m(e,t){var i=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var r=i.length,o=new Array(r);o[0]=h;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[p]="string"==typeof e?e:n,o[1]=l;for(var c=2;c{i.r(t),i.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var a=i(7462),n=(i(7294),i(3905));const r={title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},o=void 0,l={permalink:"/de/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Cwtch UI Reproducible Builds (Linux)",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14. Juli 2023",tags:[{label:"cwtch",permalink:"/de/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/de/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/de/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/de/blog/tags/bindings"},{label:"repliqate",permalink:"/de/blog/tags/repliqate"}],readingTime:4.06,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/de/blog/cwtch-stable-roadmap-update-june"}},s={authorsImageUrls:[void 0]},c=[{value:"Building the Cwtch UI",id:"building-the-cwtch-ui",level:2},{value:"Changes we made for reproducible builds",id:"changes-we-made-for-reproducible-builds",level:2},{value:"Tar Archives",id:"tar-archives",level:3},{value:"Limitations and Next Steps",id:"limitations-and-next-steps",level:2},{value:"Pinned Dependencies",id:"pinned-dependencies",level:3},{value:"Help us go further!",id:"help-us-go-further",level:2},{value:"Stay up to date!",id:"stay-up-to-date",level:2}],d={toc:c},p="wrapper";function u(e){let{components:t,...r}=e;return(0,n.kt)(p,(0,a.Z)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,n.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,n.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,n.kt)("p",null,(0,n.kt)("img",{src:i(9469).Z,width:"1005",height:"480"})),(0,n.kt)("h2",{id:"building-the-cwtch-ui"},"Building the Cwtch UI"),(0,n.kt)("p",null,"The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the ",(0,n.kt)("inlineCode",{parentName:"p"},"stable")," channel."),(0,n.kt)("p",null,"All builds are conducted through the ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter")," tool e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter build"),". We inject two build flags as part of the official build ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE"),":"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"}," flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\n")),(0,n.kt)("p",null,"These flags are defined to be identical to Cwtch Bindings. ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," is the latest git tag: ",(0,n.kt)("inlineCode",{parentName:"p"},"git describe --tags --abbrev=1")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE")," is the date of the latest commit on the branch ",(0,n.kt)("inlineCode",{parentName:"p"},"echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE")),(0,n.kt)("p",null,"All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in ",(0,n.kt)("inlineCode",{parentName:"p"},"LIBCWTCH-GO.version"),", and fetched via the fetch-libcwtch scripts)."),(0,n.kt)("p",null,"The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process."),(0,n.kt)("h2",{id:"changes-we-made-for-reproducible-builds"},"Changes we made for reproducible builds"),(0,n.kt)("p",null,"For reproducible linux builds we had to modify the generated ",(0,n.kt)("inlineCode",{parentName:"p"},"linux/CMakeLists.txt")," file to include the following compiler and linker flags:"),(0,n.kt)("ul",null,(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"-fno-ident")," - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries."),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--hash-style=gnu")," - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts"),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--build-id=none")," - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.")),(0,n.kt)("p",null,"We also define a new ",(0,n.kt)("a",{parentName:"p",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x"},"link script")," that differs from the default by removing all ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," sections from object files. We do this because the linking process links in non-project artifacts like ",(0,n.kt)("inlineCode",{parentName:"p"},"crtbeginS.o")," which, in most systems, us compiled with a ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," section (the default linking script already removes the ",(0,n.kt)("inlineCode",{parentName:"p"},".note.gnu*")," sections."),(0,n.kt)("h3",{id:"tar-archives"},"Tar Archives"),(0,n.kt)("p",null,"Finally, following the ",(0,n.kt)("a",{parentName:"p",href:"https://reproducible-builds.org/docs/archives/"},"guide at https://reproducible-builds.org/docs/archives/")," we defined standard metadata for the generated Tar archives to make them also reproducible."),(0,n.kt)("h2",{id:"limitations-and-next-steps"},"Limitations and Next Steps"),(0,n.kt)("p",null,"The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script"),(0,n.kt)("p",null,"However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"crti.o")," with full branch protection enabled. On 64-bit systems this results in an ",(0,n.kt)("inlineCode",{parentName:"p"},"endcr64")," instruction being inserted at the start of the ",(0,n.kt)("inlineCode",{parentName:"p"},".init")," and ",(0,n.kt)("inlineCode",{parentName:"p"},".fini")," sections, among others."),(0,n.kt)("p",null,"In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate."),(0,n.kt)("h3",{id:"pinned-dependencies"},"Pinned Dependencies"),(0,n.kt)("p",null,"While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. "),(0,n.kt)("p",null,"The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). "),(0,n.kt)("p",null,"However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from."),(0,n.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,n.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,n.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,n.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,n.kt)("p",null,"Donations of ",(0,n.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,n.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"A Photo of Cwtch Stickers",src:i(4515).Z,width:"1024",height:"768"})),(0,n.kt)("h2",{id:"stay-up-to-date"},"Stay up to date!"),(0,n.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,n.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,n.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,n.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."))}u.isMDXComponent=!0},9469:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/a84d2af0.8e09d4bb.js b/build-staging/de/assets/js/a84d2af0.8e09d4bb.js new file mode 100644 index 00000000..7a741426 --- /dev/null +++ b/build-staging/de/assets/js/a84d2af0.8e09d4bb.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[890],{3905:(e,t,i)=>{i.d(t,{Zo:()=>c,kt:()=>m});var a=i(7294);function n(e,t,i){return t in e?Object.defineProperty(e,t,{value:i,enumerable:!0,configurable:!0,writable:!0}):e[t]=i,e}function r(e,t){var i=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),i.push.apply(i,a)}return i}function o(e){for(var t=1;t=0||(n[i]=e[i]);return n}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,i)&&(n[i]=e[i])}return n}var s=a.createContext({}),d=function(e){var t=a.useContext(s),i=t;return e&&(i="function"==typeof e?e(t):o(o({},t),e)),i},c=function(e){var t=d(e.components);return a.createElement(s.Provider,{value:t},e.children)},p="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var i=e.components,n=e.mdxType,r=e.originalType,s=e.parentName,c=l(e,["components","mdxType","originalType","parentName"]),p=d(i),h=n,m=p["".concat(s,".").concat(h)]||p[h]||u[h]||r;return i?a.createElement(m,o(o({ref:t},c),{},{components:i})):a.createElement(m,o({ref:t},c))}));function m(e,t){var i=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var r=i.length,o=new Array(r);o[0]=h;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[p]="string"==typeof e?e:n,o[1]=l;for(var d=2;d{i.r(t),i.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>r,metadata:()=>l,toc:()=>d});var a=i(7462),n=(i(7294),i(3905));const r={title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},o=void 0,l={permalink:"/de/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Progress Towards Reproducible UI Builds",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14. Juli 2023",tags:[{label:"cwtch",permalink:"/de/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/de/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/de/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/de/blog/tags/bindings"},{label:"repliqate",permalink:"/de/blog/tags/repliqate"}],readingTime:4.16,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/de/blog/cwtch-stable-roadmap-update-june"}},s={authorsImageUrls:[void 0]},d=[{value:"Building the Cwtch UI",id:"building-the-cwtch-ui",level:2},{value:"Changes we made for reproducible builds",id:"changes-we-made-for-reproducible-builds",level:2},{value:"Tar Archives",id:"tar-archives",level:3},{value:"Limitations and Next Steps",id:"limitations-and-next-steps",level:2},{value:"Pinned Dependencies",id:"pinned-dependencies",level:3},{value:"Stay up to date!",id:"stay-up-to-date",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],c={toc:d},p="wrapper";function u(e){let{components:t,...r}=e;return(0,n.kt)(p,(0,a.Z)({},c,r,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,n.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,n.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,n.kt)("p",null,(0,n.kt)("img",{src:i(9469).Z,width:"1005",height:"480"})),(0,n.kt)("h2",{id:"building-the-cwtch-ui"},"Building the Cwtch UI"),(0,n.kt)("p",null,"The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the ",(0,n.kt)("inlineCode",{parentName:"p"},"stable")," channel."),(0,n.kt)("p",null,"All builds are conducted through the ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter")," tool e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter build"),". We inject two build flags as part of the official build ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE"),":"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"}," flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\n")),(0,n.kt)("p",null,"These flags are defined to be identical to Cwtch Bindings. ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," is the latest git tag: ",(0,n.kt)("inlineCode",{parentName:"p"},"git describe --tags --abbrev=1")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE")," is the date of the latest commit on the branch ",(0,n.kt)("inlineCode",{parentName:"p"},"echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE")),(0,n.kt)("p",null,"All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in ",(0,n.kt)("inlineCode",{parentName:"p"},"LIBCWTCH-GO.version"),", and fetched via the fetch-libcwtch scripts)."),(0,n.kt)("p",null,"The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process."),(0,n.kt)("h2",{id:"changes-we-made-for-reproducible-builds"},"Changes we made for reproducible builds"),(0,n.kt)("p",null,"For reproducible linux builds we had to modify the generated ",(0,n.kt)("inlineCode",{parentName:"p"},"linux/CMakeLists.txt")," file to include the following compiler and linker flags:"),(0,n.kt)("ul",null,(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"-fno-ident")," - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries."),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--hash-style=gnu")," - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts"),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--build-id=none")," - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.")),(0,n.kt)("p",null,"We have also defined a new ",(0,n.kt)("a",{parentName:"p",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x"},"linker script")," that differs from the default by removing all ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," sections from object files. We do this because the linking process links in non-project artifacts like ",(0,n.kt)("inlineCode",{parentName:"p"},"crtbeginS.o")," which, in most systems, us compiled with a ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," section (the default linking script already removes the ",(0,n.kt)("inlineCode",{parentName:"p"},".note.gnu*")," sections."),(0,n.kt)("h3",{id:"tar-archives"},"Tar Archives"),(0,n.kt)("p",null,"Finally, following the ",(0,n.kt)("a",{parentName:"p",href:"https://reproducible-builds.org/docs/archives/"},"guide at reproducible-builds.org")," we have defined standard metadata for the generated Tar archives to make them also reproducible."),(0,n.kt)("h2",{id:"limitations-and-next-steps"},"Limitations and Next Steps"),(0,n.kt)("p",null,"The above changes mean that official linux builds of the same commit will now result in identical artifacts."),(0,n.kt)("p",null,"The next step is to roll these changes into ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate"},"repliqate")," as we have done with our bindings builds."),(0,n.kt)("p",null,"However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"crti.o")," with full branch protection enabled. On 64-bit systems this results in an ",(0,n.kt)("inlineCode",{parentName:"p"},"endcr64")," instruction being inserted at the start of the ",(0,n.kt)("inlineCode",{parentName:"p"},".init")," and ",(0,n.kt)("inlineCode",{parentName:"p"},".fini")," sections, among others."),(0,n.kt)("p",null,"In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate."),(0,n.kt)("h3",{id:"pinned-dependencies"},"Pinned Dependencies"),(0,n.kt)("p",null,"Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. "),(0,n.kt)("p",null,"The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). "),(0,n.kt)("p",null,"However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward."),(0,n.kt)("h2",{id:"stay-up-to-date"},"Stay up to date!"),(0,n.kt)("p",null,"We expect to make additional progress on this in the coming weeks and months. Subscribe to our ",(0,n.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,n.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,n.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,n.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,n.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,n.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,n.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,n.kt)("p",null,"Donations of ",(0,n.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,n.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"A Photo of Cwtch Stickers",src:i(4515).Z,width:"1024",height:"768"})))}u.isMDXComponent=!0},9469:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/d548bd8c.266c7b79.js b/build-staging/de/assets/js/d548bd8c.266c7b79.js new file mode 100644 index 00000000..1b4c72b6 --- /dev/null +++ b/build-staging/de/assets/js/d548bd8c.266c7b79.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2006],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var a=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,a)}return r}function l(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var c=a.createContext({}),s=function(e){var t=a.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=s(e.components);return a.createElement(c.Provider,{value:t},e.children)},p="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},b=a.forwardRef((function(e,t){var r=e.components,i=e.mdxType,n=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),p=s(r),b=i,g=p["".concat(c,".").concat(b)]||p[b]||d[b]||n;return r?a.createElement(g,l(l({ref:t},u),{},{components:r})):a.createElement(g,l({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var n=r.length,l=new Array(n);l[0]=b;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o[p]="string"==typeof e?e:i,l[1]=o;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>d,frontMatter:()=>n,metadata:()=>o,toc:()=>s});var a=r(7462),i=(r(7294),r(3905));const n={title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},l=void 0,o={permalink:"/de/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Progress Towards Reproducible UI Builds",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14. Juli 2023",tags:[{label:"cwtch",permalink:"/de/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/de/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/de/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/de/blog/tags/bindings"},{label:"repliqate",permalink:"/de/blog/tags/repliqate"}],readingTime:4.16,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/de/blog/cwtch-stable-roadmap-update-june"}},c={authorsImageUrls:[void 0]},s=[],u={toc:s},p="wrapper";function d(e){let{components:t,...n}=e;return(0,i.kt)(p,(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,i.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,i.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,i.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,i.kt)("p",null,(0,i.kt)("img",{src:r(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,r)=>{r.d(t,{Z:()=>a});const a=r.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/d548bd8c.51f8d258.js b/build-staging/de/assets/js/d548bd8c.51f8d258.js deleted file mode 100644 index df865cd7..00000000 --- a/build-staging/de/assets/js/d548bd8c.51f8d258.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2006],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var i=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,i)}return r}function l(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);for(i=0;i=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=i.createContext({}),s=function(e){var t=i.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=s(e.components);return i.createElement(c.Provider,{value:t},e.children)},p="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return i.createElement(i.Fragment,{},t)}},b=i.forwardRef((function(e,t){var r=e.components,a=e.mdxType,n=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),p=s(r),b=a,g=p["".concat(c,".").concat(b)]||p[b]||d[b]||n;return r?i.createElement(g,l(l({ref:t},u),{},{components:r})):i.createElement(g,l({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var n=r.length,l=new Array(n);l[0]=b;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o[p]="string"==typeof e?e:a,l[1]=o;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>d,frontMatter:()=>n,metadata:()=>o,toc:()=>s});var i=r(7462),a=(r(7294),r(3905));const n={title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},l=void 0,o={permalink:"/de/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Cwtch UI Reproducible Builds (Linux)",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14. Juli 2023",tags:[{label:"cwtch",permalink:"/de/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/de/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/de/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/de/blog/tags/bindings"},{label:"repliqate",permalink:"/de/blog/tags/repliqate"}],readingTime:4.06,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/de/blog/cwtch-stable-roadmap-update-june"}},c={authorsImageUrls:[void 0]},s=[],u={toc:s},p="wrapper";function d(e){let{components:t,...n}=e;return(0,a.kt)(p,(0,i.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,a.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,a.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,a.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,a.kt)("p",null,(0,a.kt)("img",{src:r(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,r)=>{r.d(t,{Z:()=>i});const i=r.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/de/assets/js/runtime~main.aa548e73.js b/build-staging/de/assets/js/runtime~main.a8c29139.js similarity index 96% rename from build-staging/de/assets/js/runtime~main.aa548e73.js rename to build-staging/de/assets/js/runtime~main.a8c29139.js index 57255a4c..3bf18c9a 100644 --- a/build-staging/de/assets/js/runtime~main.aa548e73.js +++ b/build-staging/de/assets/js/runtime~main.a8c29139.js @@ -1 +1 @@ -(()=>{"use strict";var e,a,f,c,d,b={},t={};function r(e){var a=t[e];if(void 0!==a)return a.exports;var f=t[e]={id:e,loaded:!1,exports:{}};return b[e].call(f.exports,f,f.exports,r),f.loaded=!0,f.exports}r.m=b,r.c=t,e=[],r.O=(a,f,c,d)=>{if(!f){var b=1/0;for(i=0;i=d)&&Object.keys(r.O).every((e=>r.O[e](f[o])))?f.splice(o--,1):(t=!1,d0&&e[i-1][2]>d;i--)e[i]=e[i-1];e[i]=[f,c,d]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a:a}),a},f=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,c){if(1&c&&(e=this(e)),8&c)return e;if("object"==typeof e&&e){if(4&c&&e.__esModule)return e;if(16&c&&"function"==typeof e.then)return e}var d=Object.create(null);r.r(d);var b={};a=a||[null,f({}),f([]),f(f)];for(var t=2&c&&e;"object"==typeof t&&!~a.indexOf(t);t=f(t))Object.getOwnPropertyNames(t).forEach((a=>b[a]=()=>e[a]));return b.default=()=>e,r.d(d,b),d},r.d=(e,a)=>{for(var f in a)r.o(a,f)&&!r.o(e,f)&&Object.defineProperty(e,f,{enumerable:!0,get:a[f]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,f)=>(r.f[f](e,a),a)),[])),r.u=e=>"assets/js/"+({53:"935f2afb",97:"9c488c02",171:"d72b1382",214:"e49fb087",263:"a1dbc401",276:"fb3c1916",337:"773ceef9",362:"7bea1ff1",380:"b877509f",420:"85f98c10",439:"6a78f460",497:"55bf5a51",563:"3c1e1d04",590:"dc2bcacd",716:"b802a7ab",725:"291c70d7",764:"6e606510",769:"bba9d075",788:"4d27f429",828:"9ad9d6dc",890:"a84d2af0",923:"5dc151e9",1020:"708a1ab9",1032:"56c80d06",1091:"57fc9be0",1118:"0f04f840",1132:"75bff082",1194:"e3d8cb96",1197:"43bdde93",1199:"fd27e325",1258:"9e2a7473",1280:"5bfc32c8",1312:"9f1c7621",1370:"ab726e24",1602:"a8c7fdc6",1725:"0eb0d69b",1740:"5d8d36f7",1745:"6036bdcc",1756:"6e61466c",1778:"efb6a870",1814:"f7e5475a",1865:"da082baa",1979:"fe1dd7ae",2006:"d548bd8c",2044:"8e4780ba",2051:"9bd730d3",2096:"b17c3fe9",2112:"803df0d9",2184:"f76a3b8e",2233:"cc484fa2",2287:"0861b93e",2528:"f9d690e3",2535:"814f3328",2543:"979b71b8",2591:"e6b5bfb1",2612:"37c407d1",2619:"5fdc7b06",2628:"aa1db8cb",2688:"9dd8190d",2708:"39333829",2738:"6f232d8e",2833:"0c915b16",2849:"a85d9f35",2909:"5cb298ca",2911:"fe6d997b",2979:"7c7a84a1",3089:"a6aa9e1f",3218:"af23c5f9",3233:"de5e68d7",3249:"12959a59",3250:"b0f5629f",3271:"16771999",3278:"5f9a9669",3407:"8b57ba24",3412:"a6f005ae",3413:"924c44fc",3492:"a02b4022",3508:"d2095d9b",3516:"4f68bcc6",3577:"decd0f12",3608:"9e4087bc",3629:"0487f903",3642:"72a13759",3717:"e7b1bf29",3727:"1a97c86e",3761:"c96c5262",3767:"ed1907a0",3887:"e0940a37",3906:"c862d987",3951:"001a236d",3952:"78625d6f",4013:"01a85c17",4195:"c4f5d8e4",4228:"0692a985",4240:"c089f5db",4481:"78e4de8f",4582:"995c4a51",4788:"1ebd8798",4814:"6937af2a",4817:"f3be3c38",4908:"53f3dc0a",5045:"5a84578f",5107:"c2f21224",5117:"7747f3f6",5226:"f041e880",5233:"8fe7a387",5246:"f83bd450",5273:"bf059cf9",5508:"7a34d4a9",5532:"ef78badf",5578:"1908c298",5674:"b95aefa5",5732:"1a25c548",5733:"326317af",5745:"89504eb8",5843:"c97dce39",5869:"d5f314f9",5876:"0991cafe",5883:"b96d814b",5905:"824a28c6",6011:"afe8c04b",6103:"ccc49370",6105:"e445c1ea",6153:"4dde1d77",6204:"69baf694",6275:"63475243",6295:"bfe3d434",6354:"18aaeea6",6395:"9323a439",6419:"0bd16fd2",6431:"5ab392cd",6452:"5549e0e2",6536:"a8d50805",6555:"6275ceb4",6585:"e88d32a9",6769:"58b7fc4c",6773:"92123ee2",6862:"4fad3920",6900:"980b70df",7015:"2250486b",7044:"b44f0b89",7139:"3db42865",7216:"113ce370",7252:"2114bf44",7293:"141cdfa9",7432:"5a2a7ed5",7460:"07a1a58f",7495:"41944db3",7591:"a65a3c47",7594:"53cc4802",7649:"c14f15fd",7782:"3a109bd3",7797:"4aa555c3",7860:"b0404c31",7918:"17896441",7970:"15c93cf0",7992:"f4799792",8192:"5e5faacc",8225:"c1102df1",8268:"e2df4ad2",8344:"9bec89a3",8351:"021fdb12",8357:"787066a3",8493:"8638bedc",8510:"3e3471db",8581:"03e998ac",8610:"6875c492",8710:"0d64c1d9",8786:"f928e8d9",8835:"c747432f",8851:"948dc444",8932:"0831902b",8943:"c5f4eaa1",8959:"549d43e9",8980:"a92fc3a1",9085:"373c7d5f",9146:"c94c4dfb",9149:"e949296e",9162:"2bb9f32f",9178:"940964f5",9200:"43b107c1",9249:"9b12a270",9338:"dda846b3",9369:"4350c8c2",9444:"5beee875",9475:"523378a0",9508:"746f1580",9514:"1be78505",9550:"9428180e",9759:"89f86a37",9794:"98609693",9817:"14eb3368",9976:"a79c88c2",9978:"5bdf583d"}[e]||e)+"."+{53:"9d8f1346",97:"6046e2f8",171:"95676827",214:"590b19a4",263:"3390b4c3",276:"22eef329",337:"a5e9fd7a",362:"0cd85505",380:"c2fadaf5",420:"5193f85b",439:"b626ebee",497:"fe193480",563:"a4fd9050",590:"d9d70268",716:"531ba26b",725:"1e94d9a9",764:"764571cd",769:"462177c6",788:"127d02e8",828:"db6df9ae",890:"30e386c4",923:"84a9b26a",1020:"3254a360",1032:"c3a1d1c2",1091:"a0292f31",1118:"ec6d6cb1",1132:"f91bcae3",1194:"9c9869df",1197:"aca904f8",1199:"0befa4a1",1258:"b8282671",1280:"786598ab",1312:"9a518122",1370:"9db808a3",1602:"6b08bc27",1725:"26f61e30",1740:"6b89d887",1745:"00b31633",1756:"7c750783",1778:"5c973c8c",1814:"ad1f9dbe",1865:"9e99cb9e",1979:"bb7908e8",2006:"51f8d258",2044:"c33e9ba5",2051:"9aafd7fc",2096:"ade4c602",2112:"1e172b64",2184:"21fab117",2233:"2ca9fa40",2287:"20851427",2528:"0acf5a91",2535:"3bf27fe6",2543:"a0be1006",2591:"22e467e7",2612:"d2079a43",2619:"83b3ba22",2628:"63926186",2688:"76d06a78",2708:"bf42404d",2738:"57c8d8fd",2833:"6fdde3f6",2849:"20f1485b",2909:"2fcf1742",2911:"bf7f26e0",2979:"647782ac",3089:"8ac198c5",3218:"6408958f",3233:"f9e5a10c",3249:"7fe15889",3250:"8b4a2916",3271:"1ff393da",3278:"b039c6fb",3407:"61fcf910",3412:"a53b1d1a",3413:"e836e1ce",3492:"50e2e98d",3508:"ce009bc9",3516:"d9b156bf",3577:"35f6ebc7",3608:"582408aa",3629:"207c6625",3642:"4d747520",3717:"72210083",3727:"1d15f806",3761:"e2f3c8a0",3767:"765640b3",3887:"88839e56",3906:"cd734824",3951:"36952d55",3952:"bf004fbb",4013:"fbcc85f1",4195:"ea3b76f3",4228:"ebb8ca74",4240:"d346cd81",4481:"24d34fb4",4582:"55d04cd2",4788:"30d73187",4814:"5fc9f4a4",4817:"561a095f",4908:"98083968",4972:"486cf118",5045:"fbe8716f",5107:"75b22dc5",5117:"0738ad71",5226:"de1fab10",5233:"4209f6b8",5246:"363d02f2",5273:"2c6d0b26",5508:"85c0f55c",5532:"10c4eea9",5578:"fa350f38",5674:"eb30a5e8",5732:"952c300d",5733:"7d99625d",5745:"bbcb116a",5843:"f8e42b29",5869:"1dc05f26",5876:"15b4ddd6",5883:"8e446437",5905:"a3dd5280",6011:"80a41c12",6048:"e7c7c18a",6103:"a9ca1f91",6105:"b181e62a",6153:"13b5e2ec",6204:"b646c8ee",6275:"07180f7a",6295:"1ebf7514",6354:"de5edb8b",6395:"d4fdc476",6419:"cc975847",6431:"8ece586f",6452:"d72ced7a",6536:"c8607d5f",6555:"81dd6f1a",6585:"ff20b8ba",6769:"f2d94692",6773:"0766ae56",6862:"906acdb2",6900:"53157a7f",7015:"30003be1",7044:"11a8e0bb",7139:"27ab3fca",7216:"ee3364d0",7252:"9b098c3d",7293:"087acaed",7432:"66520fa0",7460:"312624e8",7495:"21165374",7591:"a5f7f3c6",7594:"0826d515",7649:"0a8c6726",7782:"5c0e28ac",7797:"1751a2c9",7860:"c233cba7",7918:"27340309",7970:"e34ef5f6",7992:"570b3460",8192:"463a908d",8225:"a3659bd9",8268:"92fe8c62",8344:"bd2b9eed",8351:"feb7c5a3",8357:"5dbcebe2",8493:"9fde2922",8510:"9ff1a319",8581:"ffb9ac95",8610:"a3d95c11",8710:"74653bc5",8786:"a40cdb9a",8835:"92e780a0",8851:"62bf25d1",8932:"07b29433",8943:"abb16b7e",8959:"45a0f7a1",8980:"514e42d2",9085:"5c158d00",9146:"5e3bcaf2",9149:"b3b118aa",9162:"067a6a9d",9178:"02c604f2",9200:"11623f77",9249:"8c3428a2",9338:"81a1bc96",9369:"23a8a705",9444:"c7b0929b",9475:"36eab610",9508:"72b2827d",9514:"c2da882e",9550:"1bc4dedb",9759:"977505fc",9785:"e0c467d7",9794:"d9ca1bf2",9817:"5ac78d9e",9976:"011183de",9978:"f74a444e"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),c={},d="user-handbook:",r.l=(e,a,f,b)=>{if(c[e])c[e].push(a);else{var t,o;if(void 0!==f)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var d=c[e];if(delete c[e],t.parentNode&&t.parentNode.removeChild(t),d&&d.forEach((e=>e(f))),a)return a(f)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/de/",r.gca=function(e){return e={16771999:"3271",17896441:"7918",39333829:"2708",63475243:"6275",98609693:"9794","935f2afb":"53","9c488c02":"97",d72b1382:"171",e49fb087:"214",a1dbc401:"263",fb3c1916:"276","773ceef9":"337","7bea1ff1":"362",b877509f:"380","85f98c10":"420","6a78f460":"439","55bf5a51":"497","3c1e1d04":"563",dc2bcacd:"590",b802a7ab:"716","291c70d7":"725","6e606510":"764",bba9d075:"769","4d27f429":"788","9ad9d6dc":"828",a84d2af0:"890","5dc151e9":"923","708a1ab9":"1020","56c80d06":"1032","57fc9be0":"1091","0f04f840":"1118","75bff082":"1132",e3d8cb96:"1194","43bdde93":"1197",fd27e325:"1199","9e2a7473":"1258","5bfc32c8":"1280","9f1c7621":"1312",ab726e24:"1370",a8c7fdc6:"1602","0eb0d69b":"1725","5d8d36f7":"1740","6036bdcc":"1745","6e61466c":"1756",efb6a870:"1778",f7e5475a:"1814",da082baa:"1865",fe1dd7ae:"1979",d548bd8c:"2006","8e4780ba":"2044","9bd730d3":"2051",b17c3fe9:"2096","803df0d9":"2112",f76a3b8e:"2184",cc484fa2:"2233","0861b93e":"2287",f9d690e3:"2528","814f3328":"2535","979b71b8":"2543",e6b5bfb1:"2591","37c407d1":"2612","5fdc7b06":"2619",aa1db8cb:"2628","9dd8190d":"2688","6f232d8e":"2738","0c915b16":"2833",a85d9f35:"2849","5cb298ca":"2909",fe6d997b:"2911","7c7a84a1":"2979",a6aa9e1f:"3089",af23c5f9:"3218",de5e68d7:"3233","12959a59":"3249",b0f5629f:"3250","5f9a9669":"3278","8b57ba24":"3407",a6f005ae:"3412","924c44fc":"3413",a02b4022:"3492",d2095d9b:"3508","4f68bcc6":"3516",decd0f12:"3577","9e4087bc":"3608","0487f903":"3629","72a13759":"3642",e7b1bf29:"3717","1a97c86e":"3727",c96c5262:"3761",ed1907a0:"3767",e0940a37:"3887",c862d987:"3906","001a236d":"3951","78625d6f":"3952","01a85c17":"4013",c4f5d8e4:"4195","0692a985":"4228",c089f5db:"4240","78e4de8f":"4481","995c4a51":"4582","1ebd8798":"4788","6937af2a":"4814",f3be3c38:"4817","53f3dc0a":"4908","5a84578f":"5045",c2f21224:"5107","7747f3f6":"5117",f041e880:"5226","8fe7a387":"5233",f83bd450:"5246",bf059cf9:"5273","7a34d4a9":"5508",ef78badf:"5532","1908c298":"5578",b95aefa5:"5674","1a25c548":"5732","326317af":"5733","89504eb8":"5745",c97dce39:"5843",d5f314f9:"5869","0991cafe":"5876",b96d814b:"5883","824a28c6":"5905",afe8c04b:"6011",ccc49370:"6103",e445c1ea:"6105","4dde1d77":"6153","69baf694":"6204",bfe3d434:"6295","18aaeea6":"6354","9323a439":"6395","0bd16fd2":"6419","5ab392cd":"6431","5549e0e2":"6452",a8d50805:"6536","6275ceb4":"6555",e88d32a9:"6585","58b7fc4c":"6769","92123ee2":"6773","4fad3920":"6862","980b70df":"6900","2250486b":"7015",b44f0b89:"7044","3db42865":"7139","113ce370":"7216","2114bf44":"7252","141cdfa9":"7293","5a2a7ed5":"7432","07a1a58f":"7460","41944db3":"7495",a65a3c47:"7591","53cc4802":"7594",c14f15fd:"7649","3a109bd3":"7782","4aa555c3":"7797",b0404c31:"7860","15c93cf0":"7970",f4799792:"7992","5e5faacc":"8192",c1102df1:"8225",e2df4ad2:"8268","9bec89a3":"8344","021fdb12":"8351","787066a3":"8357","8638bedc":"8493","3e3471db":"8510","03e998ac":"8581","6875c492":"8610","0d64c1d9":"8710",f928e8d9:"8786",c747432f:"8835","948dc444":"8851","0831902b":"8932",c5f4eaa1:"8943","549d43e9":"8959",a92fc3a1:"8980","373c7d5f":"9085",c94c4dfb:"9146",e949296e:"9149","2bb9f32f":"9162","940964f5":"9178","43b107c1":"9200","9b12a270":"9249",dda846b3:"9338","4350c8c2":"9369","5beee875":"9444","523378a0":"9475","746f1580":"9508","1be78505":"9514","9428180e":"9550","89f86a37":"9759","14eb3368":"9817",a79c88c2:"9976","5bdf583d":"9978"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(a,f)=>{var c=r.o(e,a)?e[a]:void 0;if(0!==c)if(c)f.push(c[2]);else if(/^(1303|532)$/.test(a))e[a]=0;else{var d=new Promise(((f,d)=>c=e[a]=[f,d]));f.push(c[2]=d);var b=r.p+r.u(a),t=new Error;r.l(b,(f=>{if(r.o(e,a)&&(0!==(c=e[a])&&(e[a]=void 0),c)){var d=f&&("load"===f.type?"missing":f.type),b=f&&f.target&&f.target.src;t.message="Loading chunk "+a+" failed.\n("+d+": "+b+")",t.name="ChunkLoadError",t.type=d,t.request=b,c[1](t)}}),"chunk-"+a,a)}},r.O.j=a=>0===e[a];var a=(a,f)=>{var c,d,b=f[0],t=f[1],o=f[2],n=0;if(b.some((a=>0!==e[a]))){for(c in t)r.o(t,c)&&(r.m[c]=t[c]);if(o)var i=o(r)}for(a&&a(f);n{"use strict";var e,a,f,c,d,b={},t={};function r(e){var a=t[e];if(void 0!==a)return a.exports;var f=t[e]={id:e,loaded:!1,exports:{}};return b[e].call(f.exports,f,f.exports,r),f.loaded=!0,f.exports}r.m=b,r.c=t,e=[],r.O=(a,f,c,d)=>{if(!f){var b=1/0;for(i=0;i=d)&&Object.keys(r.O).every((e=>r.O[e](f[o])))?f.splice(o--,1):(t=!1,d0&&e[i-1][2]>d;i--)e[i]=e[i-1];e[i]=[f,c,d]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a:a}),a},f=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,c){if(1&c&&(e=this(e)),8&c)return e;if("object"==typeof e&&e){if(4&c&&e.__esModule)return e;if(16&c&&"function"==typeof e.then)return e}var d=Object.create(null);r.r(d);var b={};a=a||[null,f({}),f([]),f(f)];for(var t=2&c&&e;"object"==typeof t&&!~a.indexOf(t);t=f(t))Object.getOwnPropertyNames(t).forEach((a=>b[a]=()=>e[a]));return b.default=()=>e,r.d(d,b),d},r.d=(e,a)=>{for(var f in a)r.o(a,f)&&!r.o(e,f)&&Object.defineProperty(e,f,{enumerable:!0,get:a[f]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,f)=>(r.f[f](e,a),a)),[])),r.u=e=>"assets/js/"+({53:"935f2afb",97:"9c488c02",171:"d72b1382",214:"e49fb087",263:"a1dbc401",276:"fb3c1916",337:"773ceef9",362:"7bea1ff1",380:"b877509f",420:"85f98c10",439:"6a78f460",497:"55bf5a51",563:"3c1e1d04",590:"dc2bcacd",716:"b802a7ab",725:"291c70d7",764:"6e606510",769:"bba9d075",788:"4d27f429",828:"9ad9d6dc",890:"a84d2af0",923:"5dc151e9",1020:"708a1ab9",1032:"56c80d06",1091:"57fc9be0",1118:"0f04f840",1132:"75bff082",1194:"e3d8cb96",1197:"43bdde93",1199:"fd27e325",1258:"9e2a7473",1280:"5bfc32c8",1312:"9f1c7621",1370:"ab726e24",1602:"a8c7fdc6",1725:"0eb0d69b",1740:"5d8d36f7",1745:"6036bdcc",1756:"6e61466c",1778:"efb6a870",1814:"f7e5475a",1865:"da082baa",1979:"fe1dd7ae",2006:"d548bd8c",2044:"8e4780ba",2051:"9bd730d3",2096:"b17c3fe9",2112:"803df0d9",2184:"f76a3b8e",2233:"cc484fa2",2287:"0861b93e",2528:"f9d690e3",2535:"814f3328",2543:"979b71b8",2591:"e6b5bfb1",2612:"37c407d1",2619:"5fdc7b06",2628:"aa1db8cb",2688:"9dd8190d",2708:"39333829",2738:"6f232d8e",2833:"0c915b16",2849:"a85d9f35",2909:"5cb298ca",2911:"fe6d997b",2979:"7c7a84a1",3089:"a6aa9e1f",3218:"af23c5f9",3233:"de5e68d7",3249:"12959a59",3250:"b0f5629f",3271:"16771999",3278:"5f9a9669",3407:"8b57ba24",3412:"a6f005ae",3413:"924c44fc",3492:"a02b4022",3508:"d2095d9b",3516:"4f68bcc6",3577:"decd0f12",3608:"9e4087bc",3629:"0487f903",3642:"72a13759",3717:"e7b1bf29",3727:"1a97c86e",3761:"c96c5262",3767:"ed1907a0",3887:"e0940a37",3906:"c862d987",3951:"001a236d",3952:"78625d6f",4013:"01a85c17",4195:"c4f5d8e4",4228:"0692a985",4240:"c089f5db",4481:"78e4de8f",4582:"995c4a51",4788:"1ebd8798",4814:"6937af2a",4817:"f3be3c38",4908:"53f3dc0a",5045:"5a84578f",5107:"c2f21224",5117:"7747f3f6",5226:"f041e880",5233:"8fe7a387",5246:"f83bd450",5273:"bf059cf9",5508:"7a34d4a9",5532:"ef78badf",5578:"1908c298",5674:"b95aefa5",5732:"1a25c548",5733:"326317af",5745:"89504eb8",5843:"c97dce39",5869:"d5f314f9",5876:"0991cafe",5883:"b96d814b",5905:"824a28c6",6011:"afe8c04b",6103:"ccc49370",6105:"e445c1ea",6153:"4dde1d77",6204:"69baf694",6275:"63475243",6295:"bfe3d434",6354:"18aaeea6",6395:"9323a439",6419:"0bd16fd2",6431:"5ab392cd",6452:"5549e0e2",6536:"a8d50805",6555:"6275ceb4",6585:"e88d32a9",6769:"58b7fc4c",6773:"92123ee2",6862:"4fad3920",6900:"980b70df",7015:"2250486b",7044:"b44f0b89",7139:"3db42865",7216:"113ce370",7252:"2114bf44",7293:"141cdfa9",7432:"5a2a7ed5",7460:"07a1a58f",7495:"41944db3",7591:"a65a3c47",7594:"53cc4802",7649:"c14f15fd",7782:"3a109bd3",7797:"4aa555c3",7860:"b0404c31",7918:"17896441",7970:"15c93cf0",7992:"f4799792",8192:"5e5faacc",8225:"c1102df1",8268:"e2df4ad2",8344:"9bec89a3",8351:"021fdb12",8357:"787066a3",8493:"8638bedc",8510:"3e3471db",8581:"03e998ac",8610:"6875c492",8710:"0d64c1d9",8786:"f928e8d9",8835:"c747432f",8851:"948dc444",8932:"0831902b",8943:"c5f4eaa1",8959:"549d43e9",8980:"a92fc3a1",9085:"373c7d5f",9146:"c94c4dfb",9149:"e949296e",9162:"2bb9f32f",9178:"940964f5",9200:"43b107c1",9249:"9b12a270",9338:"dda846b3",9369:"4350c8c2",9444:"5beee875",9475:"523378a0",9508:"746f1580",9514:"1be78505",9550:"9428180e",9759:"89f86a37",9794:"98609693",9817:"14eb3368",9976:"a79c88c2",9978:"5bdf583d"}[e]||e)+"."+{53:"9d8f1346",97:"6046e2f8",171:"95676827",214:"590b19a4",263:"3390b4c3",276:"22eef329",337:"a5e9fd7a",362:"0cd85505",380:"c2fadaf5",420:"5193f85b",439:"b626ebee",497:"fe193480",563:"a4fd9050",590:"d9d70268",716:"531ba26b",725:"feb635ca",764:"764571cd",769:"462177c6",788:"127d02e8",828:"db6df9ae",890:"8e09d4bb",923:"84a9b26a",1020:"3254a360",1032:"c3a1d1c2",1091:"a0292f31",1118:"ec6d6cb1",1132:"f91bcae3",1194:"9c9869df",1197:"aca904f8",1199:"0befa4a1",1258:"b8282671",1280:"786598ab",1312:"9a518122",1370:"9db808a3",1602:"6b08bc27",1725:"26f61e30",1740:"6b89d887",1745:"00b31633",1756:"7c750783",1778:"5c973c8c",1814:"ad1f9dbe",1865:"9e99cb9e",1979:"bb7908e8",2006:"266c7b79",2044:"c33e9ba5",2051:"9aafd7fc",2096:"ade4c602",2112:"1e172b64",2184:"21fab117",2233:"2ca9fa40",2287:"20851427",2528:"0acf5a91",2535:"602b4477",2543:"a0be1006",2591:"22e467e7",2612:"d2079a43",2619:"83b3ba22",2628:"63926186",2688:"76d06a78",2708:"bf42404d",2738:"57c8d8fd",2833:"6fdde3f6",2849:"20f1485b",2909:"2fcf1742",2911:"bf7f26e0",2979:"647782ac",3089:"8ac198c5",3218:"6408958f",3233:"f9e5a10c",3249:"7fe15889",3250:"8b4a2916",3271:"1ff393da",3278:"b039c6fb",3407:"61fcf910",3412:"d29420e9",3413:"e836e1ce",3492:"50e2e98d",3508:"ce009bc9",3516:"d9b156bf",3577:"35f6ebc7",3608:"582408aa",3629:"207c6625",3642:"4d747520",3717:"72210083",3727:"1d15f806",3761:"e2f3c8a0",3767:"765640b3",3887:"88839e56",3906:"cd734824",3951:"36952d55",3952:"bf004fbb",4013:"fbcc85f1",4195:"ea3b76f3",4228:"ebb8ca74",4240:"d346cd81",4481:"24d34fb4",4582:"55d04cd2",4788:"30d73187",4814:"5fc9f4a4",4817:"561a095f",4908:"98083968",4972:"486cf118",5045:"fbe8716f",5107:"75b22dc5",5117:"0738ad71",5226:"de1fab10",5233:"4209f6b8",5246:"363d02f2",5273:"2c6d0b26",5508:"85c0f55c",5532:"10c4eea9",5578:"fa350f38",5674:"eb30a5e8",5732:"952c300d",5733:"7d99625d",5745:"bbcb116a",5843:"f8e42b29",5869:"1dc05f26",5876:"3758bbb7",5883:"8e446437",5905:"a3dd5280",6011:"80a41c12",6048:"e7c7c18a",6103:"a9ca1f91",6105:"b181e62a",6153:"13b5e2ec",6204:"b646c8ee",6275:"07180f7a",6295:"1ebf7514",6354:"de5edb8b",6395:"d4fdc476",6419:"cc975847",6431:"8ece586f",6452:"d72ced7a",6536:"c8607d5f",6555:"81dd6f1a",6585:"ff20b8ba",6769:"f2d94692",6773:"0766ae56",6862:"906acdb2",6900:"53157a7f",7015:"30003be1",7044:"11a8e0bb",7139:"27ab3fca",7216:"ee3364d0",7252:"9b098c3d",7293:"087acaed",7432:"66520fa0",7460:"312624e8",7495:"21165374",7591:"a5f7f3c6",7594:"0826d515",7649:"0a8c6726",7782:"5c0e28ac",7797:"1751a2c9",7860:"c233cba7",7918:"27340309",7970:"e34ef5f6",7992:"570b3460",8192:"463a908d",8225:"a3659bd9",8268:"92fe8c62",8344:"bd2b9eed",8351:"feb7c5a3",8357:"5dbcebe2",8493:"9fde2922",8510:"9ff1a319",8581:"ffb9ac95",8610:"a3d95c11",8710:"74653bc5",8786:"a40cdb9a",8835:"92e780a0",8851:"62bf25d1",8932:"07b29433",8943:"abb16b7e",8959:"45a0f7a1",8980:"514e42d2",9085:"5c158d00",9146:"5e3bcaf2",9149:"b3b118aa",9162:"067a6a9d",9178:"02c604f2",9200:"11623f77",9249:"8c3428a2",9338:"81a1bc96",9369:"23a8a705",9444:"c7b0929b",9475:"36eab610",9508:"72b2827d",9514:"c2da882e",9550:"1bc4dedb",9759:"977505fc",9785:"e0c467d7",9794:"d9ca1bf2",9817:"5ac78d9e",9976:"011183de",9978:"f74a444e"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),c={},d="user-handbook:",r.l=(e,a,f,b)=>{if(c[e])c[e].push(a);else{var t,o;if(void 0!==f)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var d=c[e];if(delete c[e],t.parentNode&&t.parentNode.removeChild(t),d&&d.forEach((e=>e(f))),a)return a(f)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/de/",r.gca=function(e){return e={16771999:"3271",17896441:"7918",39333829:"2708",63475243:"6275",98609693:"9794","935f2afb":"53","9c488c02":"97",d72b1382:"171",e49fb087:"214",a1dbc401:"263",fb3c1916:"276","773ceef9":"337","7bea1ff1":"362",b877509f:"380","85f98c10":"420","6a78f460":"439","55bf5a51":"497","3c1e1d04":"563",dc2bcacd:"590",b802a7ab:"716","291c70d7":"725","6e606510":"764",bba9d075:"769","4d27f429":"788","9ad9d6dc":"828",a84d2af0:"890","5dc151e9":"923","708a1ab9":"1020","56c80d06":"1032","57fc9be0":"1091","0f04f840":"1118","75bff082":"1132",e3d8cb96:"1194","43bdde93":"1197",fd27e325:"1199","9e2a7473":"1258","5bfc32c8":"1280","9f1c7621":"1312",ab726e24:"1370",a8c7fdc6:"1602","0eb0d69b":"1725","5d8d36f7":"1740","6036bdcc":"1745","6e61466c":"1756",efb6a870:"1778",f7e5475a:"1814",da082baa:"1865",fe1dd7ae:"1979",d548bd8c:"2006","8e4780ba":"2044","9bd730d3":"2051",b17c3fe9:"2096","803df0d9":"2112",f76a3b8e:"2184",cc484fa2:"2233","0861b93e":"2287",f9d690e3:"2528","814f3328":"2535","979b71b8":"2543",e6b5bfb1:"2591","37c407d1":"2612","5fdc7b06":"2619",aa1db8cb:"2628","9dd8190d":"2688","6f232d8e":"2738","0c915b16":"2833",a85d9f35:"2849","5cb298ca":"2909",fe6d997b:"2911","7c7a84a1":"2979",a6aa9e1f:"3089",af23c5f9:"3218",de5e68d7:"3233","12959a59":"3249",b0f5629f:"3250","5f9a9669":"3278","8b57ba24":"3407",a6f005ae:"3412","924c44fc":"3413",a02b4022:"3492",d2095d9b:"3508","4f68bcc6":"3516",decd0f12:"3577","9e4087bc":"3608","0487f903":"3629","72a13759":"3642",e7b1bf29:"3717","1a97c86e":"3727",c96c5262:"3761",ed1907a0:"3767",e0940a37:"3887",c862d987:"3906","001a236d":"3951","78625d6f":"3952","01a85c17":"4013",c4f5d8e4:"4195","0692a985":"4228",c089f5db:"4240","78e4de8f":"4481","995c4a51":"4582","1ebd8798":"4788","6937af2a":"4814",f3be3c38:"4817","53f3dc0a":"4908","5a84578f":"5045",c2f21224:"5107","7747f3f6":"5117",f041e880:"5226","8fe7a387":"5233",f83bd450:"5246",bf059cf9:"5273","7a34d4a9":"5508",ef78badf:"5532","1908c298":"5578",b95aefa5:"5674","1a25c548":"5732","326317af":"5733","89504eb8":"5745",c97dce39:"5843",d5f314f9:"5869","0991cafe":"5876",b96d814b:"5883","824a28c6":"5905",afe8c04b:"6011",ccc49370:"6103",e445c1ea:"6105","4dde1d77":"6153","69baf694":"6204",bfe3d434:"6295","18aaeea6":"6354","9323a439":"6395","0bd16fd2":"6419","5ab392cd":"6431","5549e0e2":"6452",a8d50805:"6536","6275ceb4":"6555",e88d32a9:"6585","58b7fc4c":"6769","92123ee2":"6773","4fad3920":"6862","980b70df":"6900","2250486b":"7015",b44f0b89:"7044","3db42865":"7139","113ce370":"7216","2114bf44":"7252","141cdfa9":"7293","5a2a7ed5":"7432","07a1a58f":"7460","41944db3":"7495",a65a3c47:"7591","53cc4802":"7594",c14f15fd:"7649","3a109bd3":"7782","4aa555c3":"7797",b0404c31:"7860","15c93cf0":"7970",f4799792:"7992","5e5faacc":"8192",c1102df1:"8225",e2df4ad2:"8268","9bec89a3":"8344","021fdb12":"8351","787066a3":"8357","8638bedc":"8493","3e3471db":"8510","03e998ac":"8581","6875c492":"8610","0d64c1d9":"8710",f928e8d9:"8786",c747432f:"8835","948dc444":"8851","0831902b":"8932",c5f4eaa1:"8943","549d43e9":"8959",a92fc3a1:"8980","373c7d5f":"9085",c94c4dfb:"9146",e949296e:"9149","2bb9f32f":"9162","940964f5":"9178","43b107c1":"9200","9b12a270":"9249",dda846b3:"9338","4350c8c2":"9369","5beee875":"9444","523378a0":"9475","746f1580":"9508","1be78505":"9514","9428180e":"9550","89f86a37":"9759","14eb3368":"9817",a79c88c2:"9976","5bdf583d":"9978"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(a,f)=>{var c=r.o(e,a)?e[a]:void 0;if(0!==c)if(c)f.push(c[2]);else if(/^(1303|532)$/.test(a))e[a]=0;else{var d=new Promise(((f,d)=>c=e[a]=[f,d]));f.push(c[2]=d);var b=r.p+r.u(a),t=new Error;r.l(b,(f=>{if(r.o(e,a)&&(0!==(c=e[a])&&(e[a]=void 0),c)){var d=f&&("load"===f.type?"missing":f.type),b=f&&f.target&&f.target.src;t.message="Loading chunk "+a+" failed.\n("+d+": "+b+")",t.name="ChunkLoadError",t.type=d,t.request=b,c[1](t)}}),"chunk-"+a,a)}},r.O.j=a=>0===e[a];var a=(a,f)=>{var c,d,b=f[0],t=f[1],o=f[2],n=0;if(b.some((a=>0!==e[a]))){for(c in t)r.o(t,c)&&(r.m[c]=t[c]);if(o)var i=o(r)}for(a&&a(f);n - +
-

Archiv

Archiv

2023

- +

Archiv

Archiv

2023

+ \ No newline at end of file diff --git a/build-staging/de/blog/atom.xml b/build-staging/de/blog/atom.xml index 1a275160..58517f66 100644 --- a/build-staging/de/blog/atom.xml +++ b/build-staging/de/blog/atom.xml @@ -9,11 +9,11 @@ https://docs.cwtch.im/de/img/favicon.png Copyright © ${new Date().getFullYear()} Open Privacy Research Society - <![CDATA[Cwtch UI Reproducible Builds (Linux)]]> + <![CDATA[Progress Towards Reproducible UI Builds]]> https://docs.cwtch.im/de/blog/cwtch-ui-reproducible-builds-linux 2023-07-14T00:00:00.000Z - Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

]]> + Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

]]> Sarah Jamie Lewis diff --git a/build-staging/de/blog/autobindings-ii/index.html b/build-staging/de/blog/autobindings-ii/index.html index 83202032..377a51c7 100644 --- a/build-staging/de/blog/autobindings-ii/index.html +++ b/build-staging/de/blog/autobindings-ii/index.html @@ -12,12 +12,12 @@ - +
-

Compile-time Optional Application Experiments (Autobindings)

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

The Structure of an Application Experiment

An application-level experiment consists of:

  1. A set of top-level APIs, e.g. CreateServer, LoadServer, DeleteServer - these are the APIs that we want to expose to calling applications.
  2. An encapsulating structure for the set of APIs, e.g. ServersFunctionality - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.
  3. A global variable that exists at the top level of libCwtch, e.g. var serverExperiment *servers.ServersFunctionality servers - our single pointer to the underlying functionality.
  4. A set of management-related APIs, e.g. Init, UpdateSettings, OnACNEvent - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are +

    Compile-time Optional Application Experiments (Autobindings)

    · 5 Minuten Lesezeit
    Sarah Jamie Lewis

    Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

    The Structure of an Application Experiment

    An application-level experiment consists of:

    1. A set of top-level APIs, e.g. CreateServer, LoadServer, DeleteServer - these are the APIs that we want to expose to calling applications.
    2. An encapsulating structure for the set of APIs, e.g. ServersFunctionality - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.
    3. A global variable that exists at the top level of libCwtch, e.g. var serverExperiment *servers.ServersFunctionality servers - our single pointer to the underlying functionality.
    4. A set of management-related APIs, e.g. Init, UpdateSettings, OnACNEvent - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are changed (e.g. if the server hosting experiment is disabled we need to tear down all active servers).
    5. Management code within _startCwtch and _reconnectCwtch that calls the management APIs on the global variable.

    From a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead of on application or a specific profile.

    Most of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.

    New Required Management APIs

    To achieve this weaving, we now require application-level experiments to implement an EventHandlerInterface interface and expose itself via an initialize constructor Init(acn, appDir) -> EventHandlerInterface, and Enable(app, acn).

    For now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.

    We can then generate, and optionally include blocks of code like:

        <experimentGlobal> = <experimentPackage>.Init(&globalACN, appDir)
        eventHandler.AddModule(<experimentGlobal>)
        <experimentGlobal>.Enable(application, &globalACN)

    and place them at specific points in the code. EventHandler has also been extended to maintain a collection of modules so that it can @@ -27,7 +27,7 @@ of a global functionality within the library.

    Cwtch UI Integration

    The UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. c_LoadServers - if it doesn't then the UI is safe to assume the feature is not available.

    A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.

    Nightlies & Next Steps

    We are now publishing nightlies of autobinding derived libCwtch-go, along with Repliqate scripts for reproducibility.

    With application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced in the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.

    However, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:

    • Dart Library generation: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the Dart side of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. libcwtch-rs.
    • Documentation generation: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with docs.cwtch.im.

    Help us go further!

    We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

    If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

    Donations of $5 or more can opt to receive stickers as a thank-you gift!

    For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

    A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/de/blog/autobindings/index.html b/build-staging/de/blog/autobindings/index.html index 0a91a219..c429299d 100644 --- a/build-staging/de/blog/autobindings/index.html +++ b/build-staging/de/blog/autobindings/index.html @@ -12,15 +12,15 @@ - +
-

Autogenerating Cwtch Bindings

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

Autogenerating Cwtch Bindings

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

A Brief History of Cwtch Bindings

Prior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by therecipe/qt. However, after encountering numerous crash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.

As part of early prototyping efforts for Flutter we built out a first version of libCwtch-go, and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.

This approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular experimental features - handle settings, duplication of logic between Cwtch and libCwtch-go, and special behaviour in libCwtch-go that better belongs in the core Cwtch library.

As part of a broader effort to refine the Cwtch API in preparation for Cwtch Stable we have taken the opportunity to fix many of these problems.

Cwtch Autobindings

The current lib.go file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the BlockContact API implementation is:

//export c_BlockContact
func c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {
    BlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))
}

func BlockContact(profileOnion string, conversationID int) {
    profile := application.GetPeer(profileOnion)
    if profile != nil {
        profile.BlockConversation(conversationID)
    }
}

All that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.

In the new cwtch-autobindings we reduce these multiple lines to a single one:

profile BlockConversation conversation

Defining a profile-level function, called BlockConversation which takes in a single parameter of type conversation.

Using a similar boilerplate-reduction for the reset of lib.go yields 5-basic function prototypes:

  • Application-level functions e.g. CreateProfile
  • Profile-level functions e.g. BlockConversation
  • Profile-level functions that return data e.g. GetMessage
  • Experimental Profile-level feature functions e.g. DownloadFile
  • Experimental Profile-level feature functions that return data e.g. ShareFile

Once aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be described in fewer than 50 lines, including comments. Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).

Next Steps

Cwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:

  • Application-level experiments (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on cwtch-server). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don't support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.
  • Dart Library generation: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the Dart-side of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. libcwtch-rs
  • Documentation generation: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with docs.cwtch.im.
  • Cwtch API: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the Cwtch Stable API redesign. In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/de/blog/availability-status-profile-attributes/index.html b/build-staging/de/blog/availability-status-profile-attributes/index.html index 13081a51..a55ecf3e 100644 --- a/build-staging/de/blog/availability-status-profile-attributes/index.html +++ b/build-staging/de/blog/availability-status-profile-attributes/index.html @@ -12,14 +12,14 @@ - +
-

Availability Status and Profile Attributes

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

Availability Status and Profile Attributes

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Availability Status

New in this nightly is the ability to notify your conversations that you are "Away" or "Busy".

Read more: Availability Status

Profile Attributes

Also new is the ability to augment your profile with a few small pieces of public information.

Read more: Profile Information

Downloading the Nightly

Nightly builds are available from our build server. Download links for 2023-04-05-18-28-v1.11.0-7-g0290 are available below.

Please see the contribution documentation for advice on submitting feedback

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-android-reproducibility/index.html b/build-staging/de/blog/cwtch-android-reproducibility/index.html index 247e61b8..227c36e9 100644 --- a/build-staging/de/blog/cwtch-android-reproducibility/index.html +++ b/build-staging/de/blog/cwtch-android-reproducibility/index.html @@ -12,13 +12,13 @@ - +
-

Making Cwtch Android Bindings Reproducible

· 3 Minuten Lesezeit
Sarah Jamie Lewis

In this development log, we continue our previous work on reproducible Cwtch bindings, uncovering the final few sources of variation between our Repliqate scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!

Changes Necessary for Reproducible Android Bindings

After a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:

  • Insufficient path stripping introduced by Android NDK tools - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 changed the binutils and default linker to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our long term support plan, we will be moving towards adopting the latest NDK in the future.
  • Paths in DWARF entries - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.

Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
  • Go Compiler Acquisition - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there was a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.

Repliqate Scripts

With those issues now fixed, Cwtch Android bindings are officially reproducible! The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script in the Cwtch Repliqate scripts repository.

This is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Making Cwtch Android Bindings Reproducible

· 3 Minuten Lesezeit
Sarah Jamie Lewis

In this development log, we continue our previous work on reproducible Cwtch bindings, uncovering the final few sources of variation between our Repliqate scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!

Changes Necessary for Reproducible Android Bindings

After a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:

  • Insufficient path stripping introduced by Android NDK tools - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 changed the binutils and default linker to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our long term support plan, we will be moving towards adopting the latest NDK in the future.
  • Paths in DWARF entries - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.

Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
  • Go Compiler Acquisition - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there was a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.

Repliqate Scripts

With those issues now fixed, Cwtch Android bindings are officially reproducible! The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script in the Cwtch Repliqate scripts repository.

This is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-bindings-reproducible/index.html b/build-staging/de/blog/cwtch-bindings-reproducible/index.html index be3232e3..8b1ce19e 100644 --- a/build-staging/de/blog/cwtch-bindings-reproducible/index.html +++ b/build-staging/de/blog/cwtch-bindings-reproducible/index.html @@ -12,13 +12,13 @@ - +
-

Making Cwtch Bindings Reproducible

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

How Cwtch Bindings are Built

Since we launched Cwtch Beta we have used Docker containers as part of our continuous build process.

When a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.

The Cwtch Bindings build pipeline results in four compiled libraries:

These compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.

Making libCwtch Reproducible

Docker containers alone aren't enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:

  • Go Build ID: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.
  • Build Paths and Go Environment Variables: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary – ostensibly to aid with debugging. These can be removed using the trimPath option, which we now specify for all bindings builds.

Linux Specific Considerations

After the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.

Our Drone/Docker build environments are based on Debian Bullseye which provides libc6-dev version 2.31. Other development setups will likely link libc-dev 2.34+.

libc6-dev 2.34 is notable because it removed dependencies on libpthread and libdl – neither are used in libCwtch, but they are currently referenced – which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.

This means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on Next Steps for more information).

Windows Specific Considerations

The headers of PE files technically contain a timestamp field. In recent years an effort has been made to use this field for other purposes, but by default go build will still include the timestamp of the file when producing a DLL file (at least when using CGO).

Fortunately this field can be zeroed out through passing -Xlinker –no-insert-timestamp into the mingw32-gcc process.

With that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.

Android Specific Considerations

With the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:

  • Cwtch makes use of GoMobile for compiling Android libraries. We pin to a specific version 43a0384520996c8376bfb8637390f12b44773e65 in our Docker containers. Unlike go build, the trimpPath parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized /tmp/go-build* references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.
  • We still use sdk-tools instead of the new commandline-tools. The latest version of sdk-tools is 4333796 and available from: https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip. As part of our plans for Cwtch Stable we will be updating this dependency.
  • Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated openjdk:8 image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency.

All of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.

OSX Specific Considerations

Perhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.

As with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.

In order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.

In an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a proprietary SDK. There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.

Because of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.

Introducing Repliqate!

With all the above changes, Cwtch Bindings for Linux and Windows are fully reproducible!

That alone is great, but we also want to make it easier for you to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.

To make this process accessible we are releasing a new tool called repliqate.

Repliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.

Repliqate runs build-scripts to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from builds.openprivacy.ca.

We now provide Repliqate build-scripts for reproducible both Linux libCwtch.so builds, Windows libCwtch.dll builds!

We also have a partially repeatable Android cwtch.aar build script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.

You can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.

Next Steps

Reproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.

As we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Making Cwtch Bindings Reproducible

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

How Cwtch Bindings are Built

Since we launched Cwtch Beta we have used Docker containers as part of our continuous build process.

When a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.

The Cwtch Bindings build pipeline results in four compiled libraries:

These compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.

Making libCwtch Reproducible

Docker containers alone aren't enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:

  • Go Build ID: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.
  • Build Paths and Go Environment Variables: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary – ostensibly to aid with debugging. These can be removed using the trimPath option, which we now specify for all bindings builds.

Linux Specific Considerations

After the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.

Our Drone/Docker build environments are based on Debian Bullseye which provides libc6-dev version 2.31. Other development setups will likely link libc-dev 2.34+.

libc6-dev 2.34 is notable because it removed dependencies on libpthread and libdl – neither are used in libCwtch, but they are currently referenced – which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.

This means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on Next Steps for more information).

Windows Specific Considerations

The headers of PE files technically contain a timestamp field. In recent years an effort has been made to use this field for other purposes, but by default go build will still include the timestamp of the file when producing a DLL file (at least when using CGO).

Fortunately this field can be zeroed out through passing -Xlinker –no-insert-timestamp into the mingw32-gcc process.

With that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.

Android Specific Considerations

With the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:

  • Cwtch makes use of GoMobile for compiling Android libraries. We pin to a specific version 43a0384520996c8376bfb8637390f12b44773e65 in our Docker containers. Unlike go build, the trimpPath parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized /tmp/go-build* references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.
  • We still use sdk-tools instead of the new commandline-tools. The latest version of sdk-tools is 4333796 and available from: https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip. As part of our plans for Cwtch Stable we will be updating this dependency.
  • Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated openjdk:8 image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency.

All of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.

OSX Specific Considerations

Perhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.

As with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.

In order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.

In an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a proprietary SDK. There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.

Because of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.

Introducing Repliqate!

With all the above changes, Cwtch Bindings for Linux and Windows are fully reproducible!

That alone is great, but we also want to make it easier for you to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.

To make this process accessible we are releasing a new tool called repliqate.

Repliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.

Repliqate runs build-scripts to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from builds.openprivacy.ca.

We now provide Repliqate build-scripts for reproducible both Linux libCwtch.so builds, Windows libCwtch.dll builds!

We also have a partially repeatable Android cwtch.aar build script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.

You can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.

Next Steps

Reproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.

As we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-developer-documentation/index.html b/build-staging/de/blog/cwtch-developer-documentation/index.html index d7bee50b..2e12ea15 100644 --- a/build-staging/de/blog/cwtch-developer-documentation/index.html +++ b/build-staging/de/blog/cwtch-developer-documentation/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Cwtch Development Handbook

We have created a new documentation section, the developers handbook. This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).

Release and Packaging Process

The new handbook features a breakdown of Cwtch release processes - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.

Cwtch Application Development and Cwtchbot v0.1.0!

For the first time ever we now have comprehensive documentation on how to build a Cwtch Application. This section of the development handbook covers everything from choosing a Cwtch library, to building your first application.

Together with this new documentation we have also released version 0.1 of the Cwtchbot framework, updating calls to use the new Cwtch Stable API.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-04-26-20-57-v1.11.0-33-gb4371.

This version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the in-development Tails support.

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Cwtch Development Handbook

We have created a new documentation section, the developers handbook. This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).

Release and Packaging Process

The new handbook features a breakdown of Cwtch release processes - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.

Cwtch Application Development and Cwtchbot v0.1.0!

For the first time ever we now have comprehensive documentation on how to build a Cwtch Application. This section of the development handbook covers everything from choosing a Cwtch library, to building your first application.

Together with this new documentation we have also released version 0.1 of the Cwtchbot framework, updating calls to use the new Cwtch Stable API.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-04-26-20-57-v1.11.0-33-gb4371.

This version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the in-development Tails support.

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-documentation/index.html b/build-staging/de/blog/cwtch-documentation/index.html index 603c1c26..3cd55029 100644 --- a/build-staging/de/blog/cwtch-documentation/index.html +++ b/build-staging/de/blog/cwtch-documentation/index.html @@ -12,13 +12,13 @@ - +
-

Updates to Cwtch Documentation

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.

Cwtch Secure Development Handbook

One of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.

We have now ported the the handbook to this documentation site, along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation.

Volunteer Development

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Next Steps

We still have more work to do on the documentation front:

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Updates to Cwtch Documentation

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.

Cwtch Secure Development Handbook

One of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.

We have now ported the the handbook to this documentation site, along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation.

Volunteer Development

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Next Steps

We still have more work to do on the documentation front:

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-nightly-1-11/index.html b/build-staging/de/blog/cwtch-nightly-1-11/index.html index 9944c2e7..2551d63e 100644 --- a/build-staging/de/blog/cwtch-nightly-1-11/index.html +++ b/build-staging/de/blog/cwtch-nightly-1-11/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Beta 1.11

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

In This Release

A screenshot of Cwtch 1.11

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
  • Bug Fixes / Improvements:
    • When preserving a message draft, quoted messages are now also saved
    • Layout issues caused by pathological unicode are now prevented
    • Improved performance of message row rendering
    • Clickable Links: Links in replies are now selectable
    • Clickable Links: Fixed error when highlighting certain URIs
    • File Downloading: Fixes for file downloading and exporting on 32bit Android devices
    • Server Hosting: Fixes for several layout issues
    • Build pipeline now runs automated UI tests
    • Fix issues caused by scrollbar controller overriding
    • Initial support for the Blodeuwedd Assistant (currently compile-time disabled)
    • Cwtch Library:
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Spanish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.11 is based on libCwtch version 2023-03-16-15-07-v0.0.3-1-g50c853a. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Beta 1.11

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

In This Release

A screenshot of Cwtch 1.11

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
  • Bug Fixes / Improvements:
    • When preserving a message draft, quoted messages are now also saved
    • Layout issues caused by pathological unicode are now prevented
    • Improved performance of message row rendering
    • Clickable Links: Links in replies are now selectable
    • Clickable Links: Fixed error when highlighting certain URIs
    • File Downloading: Fixes for file downloading and exporting on 32bit Android devices
    • Server Hosting: Fixes for several layout issues
    • Build pipeline now runs automated UI tests
    • Fix issues caused by scrollbar controller overriding
    • Initial support for the Blodeuwedd Assistant (currently compile-time disabled)
    • Cwtch Library:
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Spanish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.11 is based on libCwtch version 2023-03-16-15-07-v0.0.3-1-g50c853a. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-nightly-1-12/index.html b/build-staging/de/blog/cwtch-nightly-1-12/index.html index 34977cfc..46e36891 100644 --- a/build-staging/de/blog/cwtch-nightly-1-12/index.html +++ b/build-staging/de/blog/cwtch-nightly-1-12/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Beta 1.12

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

In This Release

A screenshot of Cwtch 1.12

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
    • Profile Attributes - profiles can now be augmented with additional public information
    • Availability Status - you can now notify contacts that you are away or busy
    • Five New Supported Localizations: Japanese, Korean, Slovak, Swahili and Swedish
    • Support for Tails - adds an OnionGrater configuration and a new CWTCH_TAILS environment variable that enables special Tor behaviour.
  • Bug Fixes / Improvements:
    • Based on Flutter 3.10
    • Inter is now the main UI font
    • New Font Scaling setting
    • New Network Management code to better manage Tor on unstable networks
    • File Sharing Experiment Fixes
      • Fix performance issues for file bubble
      • Allow restarting of file shares that have timed out
      • Fix NPE in FileBubble caused by deleting the underlying file
      • Move from RetVal to UpdateConversationAttributes to minimze UI thread issues
    • Updates to Linux install scripts to support more distributions
    • Add a Retry Peer connection to prioritize connection attempts for certain conversations
    • Updates to _FlDartProject to allow custom setting of Flutter asset paths
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Slovak, Spanish, Swahili, Swedish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Japanese (29%), Korean (23%), Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.12 is based on libCwtch version libCwtch-autobindings-2023-06-13-10-50-v0.0.5. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Beta 1.12

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

In This Release

A screenshot of Cwtch 1.12

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
    • Profile Attributes - profiles can now be augmented with additional public information
    • Availability Status - you can now notify contacts that you are away or busy
    • Five New Supported Localizations: Japanese, Korean, Slovak, Swahili and Swedish
    • Support for Tails - adds an OnionGrater configuration and a new CWTCH_TAILS environment variable that enables special Tor behaviour.
  • Bug Fixes / Improvements:
    • Based on Flutter 3.10
    • Inter is now the main UI font
    • New Font Scaling setting
    • New Network Management code to better manage Tor on unstable networks
    • File Sharing Experiment Fixes
      • Fix performance issues for file bubble
      • Allow restarting of file shares that have timed out
      • Fix NPE in FileBubble caused by deleting the underlying file
      • Move from RetVal to UpdateConversationAttributes to minimze UI thread issues
    • Updates to Linux install scripts to support more distributions
    • Add a Retry Peer connection to prioritize connection attempts for certain conversations
    • Updates to _FlDartProject to allow custom setting of Flutter asset paths
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Slovak, Spanish, Swahili, Swedish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Japanese (29%), Korean (23%), Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.12 is based on libCwtch version libCwtch-autobindings-2023-06-13-10-50-v0.0.5. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-nightly-v.11-74/index.html b/build-staging/de/blog/cwtch-nightly-v.11-74/index.html index c3c36f8b..48a3fedb 100644 --- a/build-staging/de/blog/cwtch-nightly-v.11-74/index.html +++ b/build-staging/de/blog/cwtch-nightly-v.11-74/index.html @@ -12,13 +12,13 @@ - +
-

New Cwtch Nightly (v1.11.0-74-g0406)

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-06-05-17-36-v1.11.0-74-g0406.

This version has a large number of improvements and bug fixes including:

  • A new Font Scaling setting
  • Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.
  • Updated UI font styles
  • Dependency updates, including a new base of Flutter 3.10.
  • A fix for stuck file downloading notifications on Android
  • A fix for missing profile images in certain edge cases on Android
  • Japanese, Swedish, and Swahili translation options
  • A new retry peer connection button for prompting Cwtch to prioritize specific connections
  • Tails support

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

New Cwtch Nightly (v1.11.0-74-g0406)

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-06-05-17-36-v1.11.0-74-g0406.

This version has a large number of improvements and bug fixes including:

  • A new Font Scaling setting
  • Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.
  • Updated UI font styles
  • Dependency updates, including a new base of Flutter 3.10.
  • A fix for stuck file downloading notifications on Android
  • A fix for missing profile images in certain edge cases on Android
  • Japanese, Swedish, and Swahili translation options
  • A new retry peer connection button for prompting Cwtch to prioritize specific connections
  • Tails support

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-platform-support/index.html b/build-staging/de/blog/cwtch-platform-support/index.html index 314ba276..e591a923 100644 --- a/build-staging/de/blog/cwtch-platform-support/index.html +++ b/build-staging/de/blog/cwtch-platform-support/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch UI Platform Support

· 11 Minuten Lesezeit
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

Constraints on support

From CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems.

In this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.

Limitations on general-purpose computing

In order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to other onion services).

On desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, blocked entirely.

This is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.

While we expect that Arti will improve the management of onion services and connections, there is no way around the need to have an active process managing such services.

As Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.

We encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don't place restrictions on what you can do with your own device.

Constraints introduced by the Flutter SDK

The Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by platforms that are supported by the Flutter SDK.

To summarize, as of writing this document those platforms are:

  • Android API 16 and above (arm, arm64, and amd64)
  • Debian-based Linux Distributions (64-bit only)
  • macOS El Capitan (10.11) and above
  • Windows 7 & above (64-bit only)

To put it plainly, without porting Cwtch UI to a different UI platform we cannot support a 32-bit desktop version.

Constraints introduced by Appstore Policy

As of writing, Google is pushing applications to target API 31 or above. This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.

CPU Architecture and Cwtch Bindings

We currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.

It is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.

Architecture / PlatformWindowsLinuxmacOSAndroid
arm✅️
arm64🟡✅️
x86-64 / amd64✅️✅️

"🟡" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).

Testing and official support

As a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the Cwtch Release Candidate Testers to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.

We officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.

End-of-life platforms

Operating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. Windows 7 fell out of support on January 14, 2020, Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.

Likewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.

The same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. Cwtch currently requires libc 2.31+.

Android versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our Cwtch Release Candidate Testers groups to help us understand the limitations of Android support across different API versions.

How we decide to officially support a platform

To help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:

  1. The target platform needs to be officially supported by our development tools - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.
  2. The target operating system needs to be supported by the Vendor - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).
  3. The target platform must be backwards compatible with the most recent version in general use - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch may run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).
  4. People want to use Cwtch on that platform - We will generally only consider new platform support if people ask us about it. If Cwtch isn't available for a platform you want to use it on, then please get in touch and ask us about it!

Summary of official support

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. A version of this table will be maintained as part of the Cwtch Handbook.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOS🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Other Android Distributions🟡🟡Testing Needed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch UI Platform Support

· 11 Minuten Lesezeit
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

Constraints on support

From CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems.

In this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.

Limitations on general-purpose computing

In order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to other onion services).

On desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, blocked entirely.

This is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.

While we expect that Arti will improve the management of onion services and connections, there is no way around the need to have an active process managing such services.

As Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.

We encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don't place restrictions on what you can do with your own device.

Constraints introduced by the Flutter SDK

The Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by platforms that are supported by the Flutter SDK.

To summarize, as of writing this document those platforms are:

  • Android API 16 and above (arm, arm64, and amd64)
  • Debian-based Linux Distributions (64-bit only)
  • macOS El Capitan (10.11) and above
  • Windows 7 & above (64-bit only)

To put it plainly, without porting Cwtch UI to a different UI platform we cannot support a 32-bit desktop version.

Constraints introduced by Appstore Policy

As of writing, Google is pushing applications to target API 31 or above. This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.

CPU Architecture and Cwtch Bindings

We currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.

It is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.

Architecture / PlatformWindowsLinuxmacOSAndroid
arm✅️
arm64🟡✅️
x86-64 / amd64✅️✅️

"🟡" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).

Testing and official support

As a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the Cwtch Release Candidate Testers to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.

We officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.

End-of-life platforms

Operating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. Windows 7 fell out of support on January 14, 2020, Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.

Likewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.

The same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. Cwtch currently requires libc 2.31+.

Android versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our Cwtch Release Candidate Testers groups to help us understand the limitations of Android support across different API versions.

How we decide to officially support a platform

To help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:

  1. The target platform needs to be officially supported by our development tools - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.
  2. The target operating system needs to be supported by the Vendor - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).
  3. The target platform must be backwards compatible with the most recent version in general use - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch may run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).
  4. People want to use Cwtch on that platform - We will generally only consider new platform support if people ask us about it. If Cwtch isn't available for a platform you want to use it on, then please get in touch and ask us about it!

Summary of official support

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. A version of this table will be maintained as part of the Cwtch Handbook.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOS🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Other Android Distributions🟡🟡Testing Needed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-stable-api-design/index.html b/build-staging/de/blog/cwtch-stable-api-design/index.html index d35a614f..791e74a6 100644 --- a/build-staging/de/blog/cwtch-stable-api-design/index.html +++ b/build-staging/de/blog/cwtch-stable-api-design/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Stable API Design

· 18 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

Clarifying Terminology

Over the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:

  • Cwtch refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application.
  • Cwtchlib refers to the reference implementation of the Cwtch Protocol / Application framework, currently written in Go.
  • Bindings refers to C/Java/Kotlin/Rust bindings (primarily libcwtch-go) that act as an interface between Cwtchlib and downstream applications.
  • CwtchPeer is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).
  • ProtocolEngine is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, ProtocolEngine is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.

Tenets of the Cwtch API Design

Based on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:

  • Robustness - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.
  • Completeness - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.
  • Security – experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.

The Cwtch Experiment Landscape

A summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.

  • Groups – the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized ProtocolEngine functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup.
    • Hybrid Groups - we have plans to upgrade the Groups experience to a more flexible “hybrid-groups” protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.
  • Filesharing – like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in ProtocolEngine.
  • Profile Images – based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.
  • Server Hosting – the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.
  • Message Formatting – notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history
  • Search / Microblogging – proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.
  • Status / Profile Metadata – proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.

The Problem with Experiments

We have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the SendMessages interface that only allows callers to send messages.

We have also worked to package experimental functionality into so-called Gated Functionalities that are only available if a given experiment is turned on.

Together, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:

  • The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. SendMessages – there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).
  • The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.
  • This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.

Restricting Powerful Cwtch APIs

To carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:

  • Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through Application and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.
  • Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a RestrictedCwtchConversationInterface which decorates a Cwtch Profile interface such that it can only interact with a single conversation – these can then be passed into hooks and interface functions to limit their impact.
  • Registered Hooks at pre-specified points with restricted capabilities – to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow CwtchPeer to control which experiments get access to which events at a given time.

Pre-Registered Hooks

In order to implement certain functionality actions need to take place in-between events handled by CwtchPeer. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).

This is currently only possible with invasive changes to the CwtchPeer interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.

We are introducing a new set of Cwtch APIs designed for this purpose:

  • OnNewPeerMessage - hooked prior to inserting the message into the database.
  • OnPeerMessageConfirmed – hooked after a peer message has been inserted into the database.
  • OnEncryptedGroupMessage – hooked after receiving an encrypted message from a group server.
  • OnGroupMessageReceived – hooked after a successful decryption of a group message, but before inserting it into the database.
  • OnContactRequestValue – hooked on request of a scoped (the permission level of the attribute e.g. public or conversation level attributes), zoned ( relating to a specific feature e.g. filesharing or chat), and keyed (the name of the attribute e.g. name or manifest) value from a contact.
  • OnContactReceiveValue – hooked on receipt of a requested scoped,zoned, and keyed value from a contact.

Including the following APIs for managing hooked functionality:

  • RegisterEvents - returns a set of events that the extension is interested processing.
  • RegisterExperiments - returns a set of experiments that the extension is interested in being notified about
  • OnEvent - to be called by CwtchPeer whenever an event registered with RegisterEvents is called (assuming all experiments registered through RegisterExperiments is active)

ProtocolEngine Subsystems

As mentioned in our experiment summary, some functionality needs to be implemented directly in the ProtocolEngine. The ProtocolEngine is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).

Some types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a ProtocolEngine.

At the moment is this done through the concept of informal “subsystems”, modular add-ons to ProtocolEngine that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider ProtocolEngine ecosystem.

We are formalizing this subsystem into an interface, similar to the hooked functionality in CwtchPeer:

  • RegisterEvents - returns a set of events that the subsystem needs to consume to operate.
  • OnEvent – to be called by ProtocolEngine whenever an event registered with RegisterEvents is called (when all the experiments registered through RegisterExperiments are active)
  • RegisterContexts - returns the set of contexts that the subsystem implements e.g. im.cwtch.filesharing

This also requires a formalization of two engine specific events (for use on the event bus):

  • SendCwtchMessage – encapsulating the existing CwtchPeerMessage that is used internally in ProtocolEngine for messages between subsystems.
  • CwtchMessageReceived – encapsulating the existing handlePeerMessage function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.

And the introduction of three additional ProtocolEnine specific events:

  • StartEngineSubsystem – replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.
  • StopEngineSubsystem – replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.
  • SubsystemStatus – a generic event that can be published by subsystems with a collection of fields useful for debugging

This will allow us to move the following functionality, currently part of ProtocolEngine itself, into generic subsystems:

  • Attribute Lookup Handling - this functionality is currently part of the overloaded handlePeerMessage function, filtered using the Context parameter of the CwtchPeerMessage. As such it can be entirely delegated to a subsystem.
  • Filesharing Chunk Request Handling – this is also part of handlePeerMessage, also filtered using the Context parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by handlePeerMessage)
  • Filesharing Start File Share/Stop File Share – this is currently part of the handleEvent behaviour of ProtocolEngine and can be moved into an OnEvent handler of the file sharing subsystem (where such events are already processed).

The introduction of pre-registered hooks in combination with the formalizations of ProtocolEngine subsystems will allow the follow functionality, currently implemented in CwtchPeer or libcwtch-go to be moved to standalone packages:

  • Filesharing makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension.
    • Filesharing also depends on the file sharing subsystem to be enabled in a ProtocolEngine. This subsystem is responsible for processing chunk requests.
  • Profile Images – we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)
  • Legacy Groups – while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.
  • Status/Profile Metadata – status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.

Impact on Enabling (Powerful) New Functionality

None of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:

  • Search – a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.
  • Non Chat Conversation Contexts - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.

Application Experiments

One kind of experiment we haven’t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting – this allows a Cwtch desktop client to setup and manage Cwtch Servers.

This kind of functionality doesn’t belong in Cwtchlib – as it would necessarily introduce unrelated dependencies into the core library.

This functionality also doesn’t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.

Bindings

The last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.

We can split the bindings into four core areas:

  • Application Management - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.
  • Application Experiments - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.
  • Core Profile Management - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.
  • Experimental Profile Features – auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.

The flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.

In an ideal future, all of these bindings could be generated automatically from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)

We can define three types of C/Java/Kotlin interface function templates:

  • ProfileMethodName(profilehandle String, args...) – which directly resolves the Cwtch Profile and calls the function.
  • ProfileExperimentalMethodName(profilehandle String, args...) – which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.
  • ApplicationExperimentalMethodName(args...) – which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.

All we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context ProfileInterface for the first, exported methods of the various Functionalities for the second, and ApplicationExperiment definitions for the third.

Timelines and Next Actions

  • Freeze any changes to the bindings interface - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 – until we have implemented the proposed changes into cwtchlib.
  • As part of Cwtch 1.11 and 1.12 Release Cycles
    • Implement the ProtocolEngine Subsystem Design as outlined above.
    • Implement the Hooks API.
    • Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib – with the exception of behaviour related to Application Experiments (i.e. Server Hosting).
    • Move event handling from the bindings into Application.
    • Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) – keeping the existing interface definitions.
  • Once Automated UI Tests have been integrated into the Cwtch UI Repository:
    • Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings and a dart calling convention library from cwtchlib and any configured application experiments libraries
    • Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).
    • At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Appendix A: Special Behaviour Defined by libcwtch-go

The following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:

  • Application Settings
    • Including Enabling / Disabling Experiment
  • ACN Process Management - starting/stopping/restarting/configuring Tor.
  • Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)
  • Logging Levels - configuring appropriate logging levels (e.g. INFO or DEBUG)
  • Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.
  • UI Contact Structures - aggregating contact information for the main Cwtch UI.
  • Group Experiment Functionality
    • Experiment Gating
    • GetServerInfoList
    • GetServerInfo
    • UI Server Struct Definition
  • Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.
  • "Unencrypted" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated "unencrypted".
  • Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).
  • Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.
  • Cwtch Profile Engine Activation - starting/stopping a ProtocolEngine when requested by the UI, or in response to changes in ACN state.
  • UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.
  • File sharing restarts
  • UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn't directly embedded within the event (e.g. converting handle to a conversation id). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.
  • Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)
- +

Cwtch Stable API Design

· 18 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

Clarifying Terminology

Over the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:

  • Cwtch refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application.
  • Cwtchlib refers to the reference implementation of the Cwtch Protocol / Application framework, currently written in Go.
  • Bindings refers to C/Java/Kotlin/Rust bindings (primarily libcwtch-go) that act as an interface between Cwtchlib and downstream applications.
  • CwtchPeer is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).
  • ProtocolEngine is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, ProtocolEngine is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.

Tenets of the Cwtch API Design

Based on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:

  • Robustness - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.
  • Completeness - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.
  • Security – experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.

The Cwtch Experiment Landscape

A summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.

  • Groups – the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized ProtocolEngine functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup.
    • Hybrid Groups - we have plans to upgrade the Groups experience to a more flexible “hybrid-groups” protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.
  • Filesharing – like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in ProtocolEngine.
  • Profile Images – based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.
  • Server Hosting – the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.
  • Message Formatting – notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history
  • Search / Microblogging – proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.
  • Status / Profile Metadata – proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.

The Problem with Experiments

We have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the SendMessages interface that only allows callers to send messages.

We have also worked to package experimental functionality into so-called Gated Functionalities that are only available if a given experiment is turned on.

Together, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:

  • The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. SendMessages – there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).
  • The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.
  • This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.

Restricting Powerful Cwtch APIs

To carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:

  • Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through Application and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.
  • Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a RestrictedCwtchConversationInterface which decorates a Cwtch Profile interface such that it can only interact with a single conversation – these can then be passed into hooks and interface functions to limit their impact.
  • Registered Hooks at pre-specified points with restricted capabilities – to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow CwtchPeer to control which experiments get access to which events at a given time.

Pre-Registered Hooks

In order to implement certain functionality actions need to take place in-between events handled by CwtchPeer. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).

This is currently only possible with invasive changes to the CwtchPeer interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.

We are introducing a new set of Cwtch APIs designed for this purpose:

  • OnNewPeerMessage - hooked prior to inserting the message into the database.
  • OnPeerMessageConfirmed – hooked after a peer message has been inserted into the database.
  • OnEncryptedGroupMessage – hooked after receiving an encrypted message from a group server.
  • OnGroupMessageReceived – hooked after a successful decryption of a group message, but before inserting it into the database.
  • OnContactRequestValue – hooked on request of a scoped (the permission level of the attribute e.g. public or conversation level attributes), zoned ( relating to a specific feature e.g. filesharing or chat), and keyed (the name of the attribute e.g. name or manifest) value from a contact.
  • OnContactReceiveValue – hooked on receipt of a requested scoped,zoned, and keyed value from a contact.

Including the following APIs for managing hooked functionality:

  • RegisterEvents - returns a set of events that the extension is interested processing.
  • RegisterExperiments - returns a set of experiments that the extension is interested in being notified about
  • OnEvent - to be called by CwtchPeer whenever an event registered with RegisterEvents is called (assuming all experiments registered through RegisterExperiments is active)

ProtocolEngine Subsystems

As mentioned in our experiment summary, some functionality needs to be implemented directly in the ProtocolEngine. The ProtocolEngine is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).

Some types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a ProtocolEngine.

At the moment is this done through the concept of informal “subsystems”, modular add-ons to ProtocolEngine that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider ProtocolEngine ecosystem.

We are formalizing this subsystem into an interface, similar to the hooked functionality in CwtchPeer:

  • RegisterEvents - returns a set of events that the subsystem needs to consume to operate.
  • OnEvent – to be called by ProtocolEngine whenever an event registered with RegisterEvents is called (when all the experiments registered through RegisterExperiments are active)
  • RegisterContexts - returns the set of contexts that the subsystem implements e.g. im.cwtch.filesharing

This also requires a formalization of two engine specific events (for use on the event bus):

  • SendCwtchMessage – encapsulating the existing CwtchPeerMessage that is used internally in ProtocolEngine for messages between subsystems.
  • CwtchMessageReceived – encapsulating the existing handlePeerMessage function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.

And the introduction of three additional ProtocolEnine specific events:

  • StartEngineSubsystem – replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.
  • StopEngineSubsystem – replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.
  • SubsystemStatus – a generic event that can be published by subsystems with a collection of fields useful for debugging

This will allow us to move the following functionality, currently part of ProtocolEngine itself, into generic subsystems:

  • Attribute Lookup Handling - this functionality is currently part of the overloaded handlePeerMessage function, filtered using the Context parameter of the CwtchPeerMessage. As such it can be entirely delegated to a subsystem.
  • Filesharing Chunk Request Handling – this is also part of handlePeerMessage, also filtered using the Context parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by handlePeerMessage)
  • Filesharing Start File Share/Stop File Share – this is currently part of the handleEvent behaviour of ProtocolEngine and can be moved into an OnEvent handler of the file sharing subsystem (where such events are already processed).

The introduction of pre-registered hooks in combination with the formalizations of ProtocolEngine subsystems will allow the follow functionality, currently implemented in CwtchPeer or libcwtch-go to be moved to standalone packages:

  • Filesharing makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension.
    • Filesharing also depends on the file sharing subsystem to be enabled in a ProtocolEngine. This subsystem is responsible for processing chunk requests.
  • Profile Images – we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)
  • Legacy Groups – while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.
  • Status/Profile Metadata – status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.

Impact on Enabling (Powerful) New Functionality

None of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:

  • Search – a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.
  • Non Chat Conversation Contexts - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.

Application Experiments

One kind of experiment we haven’t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting – this allows a Cwtch desktop client to setup and manage Cwtch Servers.

This kind of functionality doesn’t belong in Cwtchlib – as it would necessarily introduce unrelated dependencies into the core library.

This functionality also doesn’t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.

Bindings

The last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.

We can split the bindings into four core areas:

  • Application Management - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.
  • Application Experiments - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.
  • Core Profile Management - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.
  • Experimental Profile Features – auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.

The flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.

In an ideal future, all of these bindings could be generated automatically from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)

We can define three types of C/Java/Kotlin interface function templates:

  • ProfileMethodName(profilehandle String, args...) – which directly resolves the Cwtch Profile and calls the function.
  • ProfileExperimentalMethodName(profilehandle String, args...) – which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.
  • ApplicationExperimentalMethodName(args...) – which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.

All we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context ProfileInterface for the first, exported methods of the various Functionalities for the second, and ApplicationExperiment definitions for the third.

Timelines and Next Actions

  • Freeze any changes to the bindings interface - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 – until we have implemented the proposed changes into cwtchlib.
  • As part of Cwtch 1.11 and 1.12 Release Cycles
    • Implement the ProtocolEngine Subsystem Design as outlined above.
    • Implement the Hooks API.
    • Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib – with the exception of behaviour related to Application Experiments (i.e. Server Hosting).
    • Move event handling from the bindings into Application.
    • Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) – keeping the existing interface definitions.
  • Once Automated UI Tests have been integrated into the Cwtch UI Repository:
    • Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings and a dart calling convention library from cwtchlib and any configured application experiments libraries
    • Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).
    • At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Appendix A: Special Behaviour Defined by libcwtch-go

The following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:

  • Application Settings
    • Including Enabling / Disabling Experiment
  • ACN Process Management - starting/stopping/restarting/configuring Tor.
  • Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)
  • Logging Levels - configuring appropriate logging levels (e.g. INFO or DEBUG)
  • Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.
  • UI Contact Structures - aggregating contact information for the main Cwtch UI.
  • Group Experiment Functionality
    • Experiment Gating
    • GetServerInfoList
    • GetServerInfo
    • UI Server Struct Definition
  • Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.
  • "Unencrypted" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated "unencrypted".
  • Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).
  • Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.
  • Cwtch Profile Engine Activation - starting/stopping a ProtocolEngine when requested by the UI, or in response to changes in ACN state.
  • UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.
  • File sharing restarts
  • UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn't directly embedded within the event (e.g. converting handle to a conversation id). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.
  • Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)
+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-stable-roadmap-update-june/index.html b/build-staging/de/blog/cwtch-stable-roadmap-update-june/index.html index 35dbfd6f..61c7adc9 100644 --- a/build-staging/de/blog/cwtch-stable-roadmap-update-june/index.html +++ b/build-staging/de/blog/cwtch-stable-roadmap-update-june/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Stable Roadmap Update

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the Cwtch Stable Roadmap

Back in March we extended and updated several goals from our January roadmap that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.

(✅ means complete, 🟡 means in-progress, 🕒 reprioritized)

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document ✅ - Release Process
    • A Cwtch Packaging Document ✅ - Packaging Documentation
    • Completion of documentation of existing Cwtch features, including relevant screenshots. 🟡 - new features are documented to the standards outlined in new documentation style guide, and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries ✅ - Building a Cwtch App
    • Automatically generated API documentation for libCwtch 🕒 - this effort has been delayed pending other higher priority work.
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. 🟡 - we have recently made a few updates to Repliqate to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team 🕒 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems 🟡 - we have already launched an environment for testing Tails. Other platforms are underway.
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

Next Steps, Refinements, Additional Work

As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments.

Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.

However, Cwtch Beta 1.12 featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.

The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.

We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Stable Roadmap Update

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the Cwtch Stable Roadmap

Back in March we extended and updated several goals from our January roadmap that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.

(✅ means complete, 🟡 means in-progress, 🕒 reprioritized)

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document ✅ - Release Process
    • A Cwtch Packaging Document ✅ - Packaging Documentation
    • Completion of documentation of existing Cwtch features, including relevant screenshots. 🟡 - new features are documented to the standards outlined in new documentation style guide, and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries ✅ - Building a Cwtch App
    • Automatically generated API documentation for libCwtch 🕒 - this effort has been delayed pending other higher priority work.
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. 🟡 - we have recently made a few updates to Repliqate to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team 🕒 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems 🟡 - we have already launched an environment for testing Tails. Other platforms are underway.
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

Next Steps, Refinements, Additional Work

As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments.

Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.

However, Cwtch Beta 1.12 featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.

The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.

We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-stable-roadmap-update/index.html b/build-staging/de/blog/cwtch-stable-roadmap-update/index.html index c27026de..edff4947 100644 --- a/build-staging/de/blog/cwtch-stable-roadmap-update/index.html +++ b/build-staging/de/blog/cwtch-stable-roadmap-update/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Stable Roadmap Update

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the January Roadmap

Back in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:

(✅ means complete, 🟡 means in-progress, ❌ not started.)

  • By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). ✅
  • By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases. ✅
  • By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:
  • By 31st March 2023, the Cwtch team will have created:
    • a style guide for documentation, and ✅
    • have used it to ensure that all Cwtch features have consistent documentation available, 🟡
    • with at least one screenshot (where applicable). 🟡
  • By 31st March 2023 the Cwtch team will have published:
  • By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. ✅
  • By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team ❌
  • By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable ✅ (this post!)

While we didn't hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:

A Timeline for Cwtch Stable

Now for the big news, we plan on releasing a candidate Cwtch Stable release during Summer 2023. Here is our plan for getting there:

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document
    • A Cwtch Packaging Document
    • Completion of documentation of existing Cwtch features, including relevant screenshots.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries
    • Automatically generated API documentation for libCwtch
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Stable Roadmap Update

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the January Roadmap

Back in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:

(✅ means complete, 🟡 means in-progress, ❌ not started.)

  • By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). ✅
  • By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases. ✅
  • By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:
  • By 31st March 2023, the Cwtch team will have created:
    • a style guide for documentation, and ✅
    • have used it to ensure that all Cwtch features have consistent documentation available, 🟡
    • with at least one screenshot (where applicable). 🟡
  • By 31st March 2023 the Cwtch team will have published:
  • By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. ✅
  • By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team ❌
  • By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable ✅ (this post!)

While we didn't hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:

A Timeline for Cwtch Stable

Now for the big news, we plan on releasing a candidate Cwtch Stable release during Summer 2023. Here is our plan for getting there:

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document
    • A Cwtch Packaging Document
    • Completion of documentation of existing Cwtch features, including relevant screenshots.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries
    • Automatically generated API documentation for libCwtch
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-testing-i/index.html b/build-staging/de/blog/cwtch-testing-i/index.html index 888917ea..06d577c8 100644 --- a/build-staging/de/blog/cwtch-testing-i/index.html +++ b/build-staging/de/blog/cwtch-testing-i/index.html @@ -12,14 +12,14 @@ - +
-

Notes on Cwtch UI Testing

· 5 Minuten Lesezeit
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

Current Limitations of Flutter Gherkin

The original flutter_gherkin is under semi-active development; however, the latest published versions don't support using it with flutter test.

  • Flutter Test was originally intended to run single widget/unit tests for a Flutter project.
  • Flutter Drive was originally intended to run integration tests on a device or an emulator.

However, in recent releases these lines have become blurred. The new integration_test package that comes built into newer Flutter releases has support for both flutter drive and flutter test. This was a great change because it decreases the required overhead to run larger integration tests (flutter drive sets up a host-controller model that requires a dedicated control channel to be setup, whereas flutter test can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).

There is thankfully code in the flutter_gherkin repository that supports running tests with flutter test, however this code currently has a few issues:

  • The test code generation produces code that doesn't compile without minor changes.
  • Certain functionality like "take a screenshot" does not work on desktop.

Additionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:

  • Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.
  • Certain Flutter widgets like DropdownButton are not compatible with built-in steps like tap because they internally contain multiple copies of the same widget.

Because of the above issues we have chosen to fork flutter_gherkin to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.

Integrating Tests into the Pipeline

One of the major limitations of flutter test is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.

Thankfully it is possible to use Xfvb to create a virtual framebuffer, and set DISPLAY to render to that buffer:

export DISPLAY=:99
Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &

This allows us to neutralize our main issue with flutter test, and efficiently run tests in our pipeline.

Catching Bugs!

This small amount of integration work has already caught its first bug.

Once we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. 02_save_load.feature simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on +

Notes on Cwtch UI Testing

· 5 Minuten Lesezeit
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

Current Limitations of Flutter Gherkin

The original flutter_gherkin is under semi-active development; however, the latest published versions don't support using it with flutter test.

  • Flutter Test was originally intended to run single widget/unit tests for a Flutter project.
  • Flutter Drive was originally intended to run integration tests on a device or an emulator.

However, in recent releases these lines have become blurred. The new integration_test package that comes built into newer Flutter releases has support for both flutter drive and flutter test. This was a great change because it decreases the required overhead to run larger integration tests (flutter drive sets up a host-controller model that requires a dedicated control channel to be setup, whereas flutter test can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).

There is thankfully code in the flutter_gherkin repository that supports running tests with flutter test, however this code currently has a few issues:

  • The test code generation produces code that doesn't compile without minor changes.
  • Certain functionality like "take a screenshot" does not work on desktop.

Additionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:

  • Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.
  • Certain Flutter widgets like DropdownButton are not compatible with built-in steps like tap because they internally contain multiple copies of the same widget.

Because of the above issues we have chosen to fork flutter_gherkin to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.

Integrating Tests into the Pipeline

One of the major limitations of flutter test is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.

Thankfully it is possible to use Xfvb to create a virtual framebuffer, and set DISPLAY to render to that buffer:

export DISPLAY=:99
Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &

This allows us to neutralize our main issue with flutter test, and efficiently run tests in our pipeline.

Catching Bugs!

This small amount of integration work has already caught its first bug.

Once we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. 02_save_load.feature simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on development environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.

The cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory $USER_HOME/Downloads didn't exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.

As we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!

Next Steps

  • More automated tests: We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.

  • More platforms: Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across our target platforms. We expect to start this work soon; expect more news in a future Cwtch Testing update!

  • More steps: One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the expect to see the message step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. send a file or set profile picture.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-testing-ii/index.html b/build-staging/de/blog/cwtch-testing-ii/index.html index df1fb9ad..42cd7474 100644 --- a/build-staging/de/blog/cwtch-testing-ii/index.html +++ b/build-staging/de/blog/cwtch-testing-ii/index.html @@ -12,15 +12,15 @@ - +
-

Notes on Cwtch UI Testing (II)

· 2 Minuten Lesezeit
Sarah Jamie Lewis

In this development log, we investigate some text-based UI bugs encountered by Fuzzbot, add more automated UI tests to the pipeline, and announce a new release of the Cwtchbot library.

Constraining Cwtch UI Fields

Fuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this +

Notes on Cwtch UI Testing (II)

· 2 Minuten Lesezeit
Sarah Jamie Lewis

In this development log, we investigate some text-based UI bugs encountered by Fuzzbot, add more automated UI tests to the pipeline, and announce a new release of the Cwtchbot library.

Constraining Cwtch UI Fields

Fuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this doesn't pose a safety issue, it is unsightly.

Screenshot demonstrating how certain strings would violate the bounds of their containers.

These cases were fixed by parenting impacted elements in a Container with clip: hardEdge and decoration:BoxDecoration() (note that both of these are required as Container widgets in Flutter cannot set clipping logic without an associated decoration).

Now these clipped strings are tightly constrained to their container bounds.

These fixes are available in the latest Cwtch Nightly, and will be officially released in Cwtch 1.11.

More Automated UI Tests

We have added two new sets of automated UI tests to our pipeline:

  • 02: Global Settings - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. (PR: 628)
  • 04: Profile Management - these tests check that creating, unlocking, and deleting a profile work as expected. (PR: 632)

New Release of Cwtchbot

Cwtchbot has been updated to use the latest Cwtch 0.18.10 API.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/de/blog/cwtch-ui-reproducible-builds-linux/index.html b/build-staging/de/blog/cwtch-ui-reproducible-builds-linux/index.html index 743b5d87..29e12cd3 100644 --- a/build-staging/de/blog/cwtch-ui-reproducible-builds-linux/index.html +++ b/build-staging/de/blog/cwtch-ui-reproducible-builds-linux/index.html @@ -3,7 +3,7 @@ -Cwtch UI Reproducible Builds (Linux) | The Cwtch Handbook +Progress Towards Reproducible UI Builds | The Cwtch Handbook @@ -12,13 +12,13 @@ - +
-

Cwtch UI Reproducible Builds (Linux)

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

- +

Progress Towards Reproducible UI Builds

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/feed.json b/build-staging/de/blog/feed.json index 8ef79aef..f312c62a 100644 --- a/build-staging/de/blog/feed.json +++ b/build-staging/de/blog/feed.json @@ -6,9 +6,9 @@ "items": [ { "id": "https://docs.cwtch.im/de/blog/cwtch-ui-reproducible-builds-linux", - "content_html": "

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

\"A

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

", + "content_html": "

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

\"A

", "url": "https://docs.cwtch.im/de/blog/cwtch-ui-reproducible-builds-linux", - "title": "Cwtch UI Reproducible Builds (Linux)", + "title": "Progress Towards Reproducible UI Builds", "date_modified": "2023-07-14T00:00:00.000Z", "author": { "name": "Sarah Jamie Lewis" diff --git a/build-staging/de/blog/index.html b/build-staging/de/blog/index.html index 9a5fb500..e105ef12 100644 --- a/build-staging/de/blog/index.html +++ b/build-staging/de/blog/index.html @@ -12,14 +12,14 @@ - +
-

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

- + \ No newline at end of file diff --git a/build-staging/de/blog/page/2/index.html b/build-staging/de/blog/page/2/index.html index 8b8c4382..4295851a 100644 --- a/build-staging/de/blog/page/2/index.html +++ b/build-staging/de/blog/page/2/index.html @@ -12,14 +12,14 @@ - +
-

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 Minuten Lesezeit
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 18 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 Minuten Lesezeit
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- + \ No newline at end of file diff --git a/build-staging/de/blog/path-to-cwtch-stable/index.html b/build-staging/de/blog/path-to-cwtch-stable/index.html index ebcd2a0f..e3a31a5a 100644 --- a/build-staging/de/blog/path-to-cwtch-stable/index.html +++ b/build-staging/de/blog/path-to-cwtch-stable/index.html @@ -12,13 +12,13 @@ - +
-

Path to Cwtch Stable

· 10 Minuten Lesezeit
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

Tenets of Cwtch Stable

It is important to state that Cwtch Stable does not mean an end to Cwtch development. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:

  1. Consistent Interface – each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.
  2. Universal Availability and Cohesive Support – people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.
  3. Reproducible Builds – Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.
  4. Proven Security – we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.

Known Problems

To begin, let's outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.

  1. Lack of a Stable API for future feature development – while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)
  2. Special functionality in libCwtch-go – our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)
  3. libCwtch-rs partial support - we currently do not officially consider libCwtch-rs when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)
  4. Lack of Reproducible Pipelines - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)
  5. Lack of up to date, and translated, Security Documentation – the Cwtch security handbook is currently isolated from the rest of our documentation and doesn’t benefit from cross-linking, or translations. (Tenet 4)
  6. No Automated UI Tests – we put a lot of work into building out a testing framework for the UI, but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)
  7. Code Signing Provider – our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)
  8. Second-class Android Support - while we have put a lot of effort behind Android support across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)
  9. Lack of Fuzzing – while Fuzzbot sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)
  10. Lack of Formal Release Acceptance Process – currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to “unrelated” changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)
  11. Inconsistent Cwtch Information Discovery – our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)
  12. Incomplete Documentation – docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)

Plan of Action

Outside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:

  1. Define, Publish, and Implement a Cwtch Interface Specification Documentation – this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)
  2. Define, Publish, and Implement a Cwtch Release Process – this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)
  3. Define, Publish, and Implement a Cwtch Support Document - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)
  4. Define, Publish, and Implement a Cwtch Packaging Document - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)
  5. Define, Publish, and Implement a Reproducible Builds Document – this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)
  6. Expand the Cwtch Documentation Site – to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)
  7. Expand our Automated Testing to include UI and Fuzzing - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)
  8. Re-evaluate all Issues across all Cwtch related repositories – issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don’t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.
  9. Define a Stable Feature Set – there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)

Goals and Timelines

With all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:

  1. By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).
  2. By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.
  3. By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.
  4. By 31st March 2023, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).
  5. By 31st March 2023 the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.
  6. By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.
  7. By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.
  8. By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.

As these documents are written, and these goals met we will be posting them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, Cwtch development.

Help us get there!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Path to Cwtch Stable

· 10 Minuten Lesezeit
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

Tenets of Cwtch Stable

It is important to state that Cwtch Stable does not mean an end to Cwtch development. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:

  1. Consistent Interface – each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.
  2. Universal Availability and Cohesive Support – people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.
  3. Reproducible Builds – Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.
  4. Proven Security – we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.

Known Problems

To begin, let's outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.

  1. Lack of a Stable API for future feature development – while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)
  2. Special functionality in libCwtch-go – our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)
  3. libCwtch-rs partial support - we currently do not officially consider libCwtch-rs when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)
  4. Lack of Reproducible Pipelines - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)
  5. Lack of up to date, and translated, Security Documentation – the Cwtch security handbook is currently isolated from the rest of our documentation and doesn’t benefit from cross-linking, or translations. (Tenet 4)
  6. No Automated UI Tests – we put a lot of work into building out a testing framework for the UI, but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)
  7. Code Signing Provider – our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)
  8. Second-class Android Support - while we have put a lot of effort behind Android support across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)
  9. Lack of Fuzzing – while Fuzzbot sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)
  10. Lack of Formal Release Acceptance Process – currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to “unrelated” changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)
  11. Inconsistent Cwtch Information Discovery – our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)
  12. Incomplete Documentation – docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)

Plan of Action

Outside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:

  1. Define, Publish, and Implement a Cwtch Interface Specification Documentation – this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)
  2. Define, Publish, and Implement a Cwtch Release Process – this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)
  3. Define, Publish, and Implement a Cwtch Support Document - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)
  4. Define, Publish, and Implement a Cwtch Packaging Document - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)
  5. Define, Publish, and Implement a Reproducible Builds Document – this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)
  6. Expand the Cwtch Documentation Site – to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)
  7. Expand our Automated Testing to include UI and Fuzzing - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)
  8. Re-evaluate all Issues across all Cwtch related repositories – issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don’t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.
  9. Define a Stable Feature Set – there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)

Goals and Timelines

With all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:

  1. By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).
  2. By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.
  3. By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.
  4. By 31st March 2023, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).
  5. By 31st March 2023 the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.
  6. By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.
  7. By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.
  8. By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.

As these documents are written, and these goals met we will be posting them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, Cwtch development.

Help us get there!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/de/blog/rss.xml b/build-staging/de/blog/rss.xml index d56939f6..29053691 100644 --- a/build-staging/de/blog/rss.xml +++ b/build-staging/de/blog/rss.xml @@ -10,11 +10,11 @@ de Copyright © ${new Date().getFullYear()} Open Privacy Research Society - <![CDATA[Cwtch UI Reproducible Builds (Linux)]]> + <![CDATA[Progress Towards Reproducible UI Builds]]> https://docs.cwtch.im/de/blog/cwtch-ui-reproducible-builds-linux https://docs.cwtch.im/de/blog/cwtch-ui-reproducible-builds-linux Fri, 14 Jul 2023 00:00:00 GMT - Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

]]> + Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

]]> cwtch cwtch-stable reproducible-builds diff --git a/build-staging/de/blog/tags/api/index.html b/build-staging/de/blog/tags/api/index.html index 460fc67f..c298aa37 100644 --- a/build-staging/de/blog/tags/api/index.html +++ b/build-staging/de/blog/tags/api/index.html @@ -12,13 +12,13 @@ - +
-

Ein Beitrag markiert mit "api"

Alle Schlagwörter anzeigen

· 18 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

- +

Ein Beitrag markiert mit "api"

Alle Schlagwörter anzeigen

· 18 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/autobindings/index.html b/build-staging/de/blog/tags/autobindings/index.html index 6e8d3314..822f4d79 100644 --- a/build-staging/de/blog/tags/autobindings/index.html +++ b/build-staging/de/blog/tags/autobindings/index.html @@ -12,14 +12,14 @@ - +
-

2 Beiträge markiert mit "autobindings"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

2 Beiträge markiert mit "autobindings"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

- + \ No newline at end of file diff --git a/build-staging/de/blog/tags/bindings/index.html b/build-staging/de/blog/tags/bindings/index.html index 4a191d61..22a9e879 100644 --- a/build-staging/de/blog/tags/bindings/index.html +++ b/build-staging/de/blog/tags/bindings/index.html @@ -12,14 +12,14 @@ - +
-

5 Beiträge markiert mit "bindings"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

5 Beiträge markiert mit "bindings"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- + \ No newline at end of file diff --git a/build-staging/de/blog/tags/cwtch-stable/index.html b/build-staging/de/blog/tags/cwtch-stable/index.html index 095a5bf5..efef904a 100644 --- a/build-staging/de/blog/tags/cwtch-stable/index.html +++ b/build-staging/de/blog/tags/cwtch-stable/index.html @@ -12,14 +12,14 @@ - +
-

18 Beiträge markiert mit "cwtch-stable"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

18 Beiträge markiert mit "cwtch-stable"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

- + \ No newline at end of file diff --git a/build-staging/de/blog/tags/cwtch-stable/page/2/index.html b/build-staging/de/blog/tags/cwtch-stable/page/2/index.html index f18617a2..dcec9840 100644 --- a/build-staging/de/blog/tags/cwtch-stable/page/2/index.html +++ b/build-staging/de/blog/tags/cwtch-stable/page/2/index.html @@ -12,14 +12,14 @@ - +
-

18 Beiträge markiert mit "cwtch-stable"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

18 Beiträge markiert mit "cwtch-stable"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 Minuten Lesezeit
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 18 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 Minuten Lesezeit
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- + \ No newline at end of file diff --git a/build-staging/de/blog/tags/cwtch/index.html b/build-staging/de/blog/tags/cwtch/index.html index ba3f1537..ae3fefcd 100644 --- a/build-staging/de/blog/tags/cwtch/index.html +++ b/build-staging/de/blog/tags/cwtch/index.html @@ -12,14 +12,14 @@ - +
-

18 Beiträge markiert mit "cwtch"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

18 Beiträge markiert mit "cwtch"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

- + \ No newline at end of file diff --git a/build-staging/de/blog/tags/cwtch/page/2/index.html b/build-staging/de/blog/tags/cwtch/page/2/index.html index cdcc261e..4172580e 100644 --- a/build-staging/de/blog/tags/cwtch/page/2/index.html +++ b/build-staging/de/blog/tags/cwtch/page/2/index.html @@ -12,14 +12,14 @@ - +
-

18 Beiträge markiert mit "cwtch"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

18 Beiträge markiert mit "cwtch"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 Minuten Lesezeit
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 18 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 Minuten Lesezeit
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- + \ No newline at end of file diff --git a/build-staging/de/blog/tags/developer-documentation/index.html b/build-staging/de/blog/tags/developer-documentation/index.html index ab1f3c1b..87b52957 100644 --- a/build-staging/de/blog/tags/developer-documentation/index.html +++ b/build-staging/de/blog/tags/developer-documentation/index.html @@ -12,13 +12,13 @@ - +
-

2 Beiträge markiert mit "developer-documentation"

Alle Schlagwörter anzeigen

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

- +

2 Beiträge markiert mit "developer-documentation"

Alle Schlagwörter anzeigen

· 2 Minuten Lesezeit
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/documentation/index.html b/build-staging/de/blog/tags/documentation/index.html index 4d032bc5..204e60b1 100644 --- a/build-staging/de/blog/tags/documentation/index.html +++ b/build-staging/de/blog/tags/documentation/index.html @@ -12,13 +12,13 @@ - +
-

Ein Beitrag markiert mit "documentation"

Alle Schlagwörter anzeigen
- +

Ein Beitrag markiert mit "documentation"

Alle Schlagwörter anzeigen
+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/index.html b/build-staging/de/blog/tags/index.html index e8933870..280ca30a 100644 --- a/build-staging/de/blog/tags/index.html +++ b/build-staging/de/blog/tags/index.html @@ -12,13 +12,13 @@ - +
-

Schlagwörter

- +

Schlagwörter

+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/libcwtch/index.html b/build-staging/de/blog/tags/libcwtch/index.html index dfb2eb81..e007d64f 100644 --- a/build-staging/de/blog/tags/libcwtch/index.html +++ b/build-staging/de/blog/tags/libcwtch/index.html @@ -12,14 +12,14 @@ - +
-

2 Beiträge markiert mit "libcwtch"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

2 Beiträge markiert mit "libcwtch"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 Minuten Lesezeit
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

- + \ No newline at end of file diff --git a/build-staging/de/blog/tags/nightly/index.html b/build-staging/de/blog/tags/nightly/index.html index ee8fb7e4..24b1a940 100644 --- a/build-staging/de/blog/tags/nightly/index.html +++ b/build-staging/de/blog/tags/nightly/index.html @@ -12,14 +12,14 @@ - +
-

Ein Beitrag markiert mit "nightly"

Alle Schlagwörter anzeigen

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

Ein Beitrag markiert mit "nightly"

Alle Schlagwörter anzeigen

· 2 Minuten Lesezeit
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

- + \ No newline at end of file diff --git a/build-staging/de/blog/tags/planning/index.html b/build-staging/de/blog/tags/planning/index.html index 2b0858a5..64099e6d 100644 --- a/build-staging/de/blog/tags/planning/index.html +++ b/build-staging/de/blog/tags/planning/index.html @@ -12,13 +12,13 @@ - +
-

4 Beiträge markiert mit "planning"

Alle Schlagwörter anzeigen

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 18 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 Minuten Lesezeit
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- +

4 Beiträge markiert mit "planning"

Alle Schlagwörter anzeigen

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 6 Minuten Lesezeit
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 18 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 Minuten Lesezeit
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/release/index.html b/build-staging/de/blog/tags/release/index.html index 54cf569e..8282e0b6 100644 --- a/build-staging/de/blog/tags/release/index.html +++ b/build-staging/de/blog/tags/release/index.html @@ -12,13 +12,13 @@ - +
-

2 Beiträge markiert mit "release"

Alle Schlagwörter anzeigen

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

- +

2 Beiträge markiert mit "release"

Alle Schlagwörter anzeigen

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 3 Minuten Lesezeit
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/repliqate/index.html b/build-staging/de/blog/tags/repliqate/index.html index 36328b2a..5cef76e3 100644 --- a/build-staging/de/blog/tags/repliqate/index.html +++ b/build-staging/de/blog/tags/repliqate/index.html @@ -12,13 +12,13 @@ - +
-

3 Beiträge markiert mit "repliqate"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- +

3 Beiträge markiert mit "repliqate"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/reproducible-builds/index.html b/build-staging/de/blog/tags/reproducible-builds/index.html index ed044284..5ef947c3 100644 --- a/build-staging/de/blog/tags/reproducible-builds/index.html +++ b/build-staging/de/blog/tags/reproducible-builds/index.html @@ -12,13 +12,13 @@ - +
-

3 Beiträge markiert mit "reproducible-builds"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- +

3 Beiträge markiert mit "reproducible-builds"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 Minuten Lesezeit
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/security-handbook/index.html b/build-staging/de/blog/tags/security-handbook/index.html index 015e0bc9..fabdf756 100644 --- a/build-staging/de/blog/tags/security-handbook/index.html +++ b/build-staging/de/blog/tags/security-handbook/index.html @@ -12,13 +12,13 @@ - +
-

Ein Beitrag markiert mit "security-handbook"

Alle Schlagwörter anzeigen
- +

Ein Beitrag markiert mit "security-handbook"

Alle Schlagwörter anzeigen
+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/support/index.html b/build-staging/de/blog/tags/support/index.html index 84824b54..c9eec536 100644 --- a/build-staging/de/blog/tags/support/index.html +++ b/build-staging/de/blog/tags/support/index.html @@ -12,13 +12,13 @@ - +
-

3 Beiträge markiert mit "support"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 Minuten Lesezeit
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

- +

3 Beiträge markiert mit "support"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 Minuten Lesezeit
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

+ \ No newline at end of file diff --git a/build-staging/de/blog/tags/testing/index.html b/build-staging/de/blog/tags/testing/index.html index a7da9425..ce72bf29 100644 --- a/build-staging/de/blog/tags/testing/index.html +++ b/build-staging/de/blog/tags/testing/index.html @@ -12,13 +12,13 @@ - +
-

2 Beiträge markiert mit "testing"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

- +

2 Beiträge markiert mit "testing"

Alle Schlagwörter anzeigen

· 5 Minuten Lesezeit
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

+ \ No newline at end of file diff --git a/build-staging/de/developing/building-a-cwtch-app/building-an-echobot/index.html b/build-staging/de/developing/building-a-cwtch-app/building-an-echobot/index.html index bb76e033..f9ca82f2 100644 --- a/build-staging/de/developing/building-a-cwtch-app/building-an-echobot/index.html +++ b/build-staging/de/developing/building-a-cwtch-app/building-an-echobot/index.html @@ -12,14 +12,14 @@ - +

Building a Cwtch Echobot

In this tutorial we will walk through building a simple Cwtch Echobot. A bot that, when messaged, simply responds with the message it was sent.

For completeness, we will build an Echobot in multiple difference Cwtch frameworks to get a feel for the different levels of functionality offered by each library or framework.

Using CwtchBot (Go)

CwtchBot Framework

This tutorial uses the CwtchBot framework.

Start by creating a new Go project, and a file main.go. In the main function:

package main

import (
    "cwtch.im/cwtch/event"
    "cwtch.im/cwtch/model"
    "cwtch.im/cwtch/model/attr"
    "cwtch.im/cwtch/model/constants"
    "fmt"
    "git.openprivacy.ca/sarah/cwtchbot"
    _ "github.com/mutecomm/go-sqlcipher/v4"
    "os/user"
    "path"
)

func main() {
    user, _ := user.Current()
    cwtchbot := bot.NewCwtchBot(path.Join(user.HomeDir, "/.echobot/"), "echobot")
    cwtchbot.Launch()

    // Set Some Profile Information
    cwtchbot.Peer.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name, "echobot2")
    cwtchbot.Peer.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.ProfileAttribute1, "A Cwtchbot Echobot")

    fmt.Printf("echobot address: %v\n", cwtchbot.Peer.GetOnion())

    for {
        message := cwtchbot.Queue.Next()
        cid, _ := cwtchbot.Peer.FetchConversationInfo(message.Data[event.RemotePeer])
        switch message.EventType {
        case event.NewMessageFromPeer:
            msg := cwtchbot.UnpackMessage(message.Data[event.Data])
            fmt.Printf("Message: %v\n", msg)
            reply := string(cwtchbot.PackMessage(msg.Overlay, msg.Data))
            cwtchbot.Peer.SendMessage(cid.ID, reply)
        case event.ContactCreated:
            fmt.Printf("Auto approving stranger %v %v\n", cid, message.Data[event.RemotePeer])
            // accept the stranger as a new contact
            cwtchbot.Peer.AcceptConversation(cid.ID)
            // Send Hello...
            reply := string(cwtchbot.PackMessage(model.OverlayChat, "Hello!"))
            cwtchbot.Peer.SendMessage(cid.ID, reply)
        }
    }
}

Using Imp (Rust)

Imp (Rust) Bot Framework

This tutorial uses the Imp Cwtch Bot framework (Rust). This framework is currently a work-in-progress and the API design is subject to change. IMP is also based on libcwtch-rs which is currently based on an older pre-stable API version of Cwtch. We are planning in updating libcwtch-rs in Summer 2023.

use std::borrow::BorrowMut;
use std::thread;
use chrono::{DateTime, FixedOffset};
use libcwtch;
use libcwtch::CwtchLib;
use libcwtch::structs::*;
use libcwtch::event::*;
use cwtch_imp::imp;
use cwtch_imp::behaviour::*;
use cwtch_imp::imp::Imp;

const BOT_HOME: &str = "~/.cwtch/bots/echobot";
const BOT_NAME: &str = "echobot";

struct Echobot {}

fn main() {
    let behaviour: Behaviour = BehaviourBuilder::new().name(BOT_NAME.to_string()).new_contact_policy(NewContactPolicy::Accept).build();
    let event_loop_handle = thread::spawn(move || {
        let mut echobot = Echobot {};
        let mut bot = Imp::spawn(behaviour,String::new(), BOT_HOME.to_string());
        bot.event_loop::<Echobot>(echobot.borrow_mut());
    });
    event_loop_handle.join().expect("Error running event loop");
}

impl imp::EventHandler for Echobot {
    fn on_new_message_from_contact(&self, cwtch: &dyn libcwtch::CwtchLib, profile: &Profile, conversation_id: ConversationID, handle: String, timestamp_received: DateTime<FixedOffset>, message: Message) {
        let response = Message {
            o: MessageType::TextMessage,
            d: message.d,
        };
        cwtch.send_message(&profile.profile_id, conversation_id, &response);
    }

    fn handle(&mut self, cwtch: &dyn CwtchLib, profile_opt: Option<&Profile>, event: &Event) {
        match event {
            Event::NewPeer { profile_id, tag, created, name, default_picture, picture, online, profile_data } => {
                println!(
                    "\n***** {} at {} *****\n",
                    name, profile_id.as_str()
                );
            }
            _ => (),
        };
    }
}
- + \ No newline at end of file diff --git a/build-staging/de/developing/building-a-cwtch-app/core-concepts/index.html b/build-staging/de/developing/building-a-cwtch-app/core-concepts/index.html index 387f718c..b0210643 100644 --- a/build-staging/de/developing/building-a-cwtch-app/core-concepts/index.html +++ b/build-staging/de/developing/building-a-cwtch-app/core-concepts/index.html @@ -12,13 +12,13 @@ - +

Core Concepts

This page documents the core concepts that you, as a Cwtch App Developer, will encounter fairly frequently.

Cwtch Home Directory

Often referred to as $CWTCH_HOME, the Cwtch application home directory is the location where Cwtch stores all information from a Cwtch application.

Profiles

Cwtch profiles are saved as encrypted sqlite3 databases. You will rarely/never have to interact directly with the database. Instead each library provides a set of interfaces to interact with the Cwtch App, create profiles, manage profiles, and engage in conversations.

The Event Bus

Regardless of which library you end up choosing, the one constant interface you will have to get used to is the EventBus. Cwtch handles all asynchronous tasks (e.g. receiving a message from a peer) automatically, eventually placing a message on the EventBus. Application can subscribe to certain kinds of messages e.g. NewMessageFromPeer and setup an event handler to run code in response to such a message.

For an example see the Echo Bot tutorial.

Settings

Most Cwtch settings (with the exception of experiments) are designed for downstream graphical user interfaces e.g. themes / column layouts - in particular the Cwtch UI. As such these settings are not used at all by Cwtch libraries, and are only intended as a convenient storage place for UI configuration.

Experiments

Certain Cwtch features are gated behind experiments. These experiments need to be enabled before functionality related to them will activate. Different libraries may expose different experiments, and some libraries may not support certain experiments at all.

- + \ No newline at end of file diff --git a/build-staging/de/developing/building-a-cwtch-app/intro/index.html b/build-staging/de/developing/building-a-cwtch-app/intro/index.html index 95b94a40..22c96487 100644 --- a/build-staging/de/developing/building-a-cwtch-app/intro/index.html +++ b/build-staging/de/developing/building-a-cwtch-app/intro/index.html @@ -12,13 +12,13 @@ - +

Getting Started

Choosing A Cwtch Library

Cwtch Go Lib

The official Cwtch library is written in Go and can be found at https://git.openprivacy.ca/cwtch.im/cwtch. This library allows access to all Cwtch functionality.

CwtchBot

We also provide a specialized Cwtch Bot framework in Go that provides a more lightweight and tailored approach to building chat bots. For an introduction to building chatbots with the CwtchBot framework check out the building an echobot tutorial.

Autobindings (C-bindings)

The official c-bindings for Cwtch are automatically generated from the Cwtch Go Library. The API is limited compared to accessing the Cwtch Go Library directly, and is explicitly tailored towards building the Cwtch UI.

libCwtch-rs (Rust)

An experimental rust-fied version of Cwtch Autobindings is available in libCwtch-rs. While we have plans to officially adopt rust bindings in the future, right now Rust support lags behind the rest of the Cwtch ecosystem.

- + \ No newline at end of file diff --git a/build-staging/de/developing/category/building-a-cwtch-app/index.html b/build-staging/de/developing/category/building-a-cwtch-app/index.html index e8967173..fb5b6f14 100644 --- a/build-staging/de/developing/category/building-a-cwtch-app/index.html +++ b/build-staging/de/developing/category/building-a-cwtch-app/index.html @@ -12,13 +12,13 @@ - +

Eine Cwtch App erstellen

- + \ No newline at end of file diff --git a/build-staging/de/developing/intro/index.html b/build-staging/de/developing/intro/index.html index 028b42f9..41f6b9d6 100644 --- a/build-staging/de/developing/intro/index.html +++ b/build-staging/de/developing/intro/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/de/developing/release/index.html b/build-staging/de/developing/release/index.html index 10b8a8d7..c689396d 100644 --- a/build-staging/de/developing/release/index.html +++ b/build-staging/de/developing/release/index.html @@ -12,13 +12,13 @@ - +

Release and Packaging Process

Cwtch builds are automatically constructed via Drone. In order to be built the tasks must be approved by a project team member.

Automated Testing

Drone carries out a suite of automated tests at various stages of the release pipeline.

Test SuiteRepositoryNotes
Integration Testcwtch.im/cwtchA full exercise of peer-to-peer and group messaging
File Sharing Testcwtch.im/cwtchTests that file sharing and image downloading work as expected
Automated Download Testcwtch.im/cwtchTests that automated image downloading (e.g. profile pictures) work as expected
UI Integration Testcwtch.im/cwtch-uiA suite of Gherkin tests to exercise various UI flows like Creating / Deleting profiles and changing settings

Cwtch Autobindings

Drone produces the following build artifacts for all Cwtch autobindings builds.

Build ArtifactPlatformNotes
android/cwtch-sources.jarAndroidgomobile derived source code for the Android Cwtch library
android/cwtch.aarAndroidAndroid Cwtch library. Supports arm, arm64, and amd64.
linux/libCwtch.hLinuxC header file
linux/libCwtch.soLinuxx64 shared library
windows/libCwtch.hWindowsC header file
windows/libCwtch.dllWindowsx64 bit shared library
macos/libCwtch.arm64.dylibMacOSArm64 shared library
macos/libCwtch.x64.dylibMacOSx64 shared library

UI Nightly Builds

We make unreleased versions of Cwtch available for testing as Cwtch Nightlies.

Each nightly build folder contains a collection of build artifacts e.g. (APK files for Android, installer executables for Android) in single convenient folder. A full list of build artifacts currently produced is as follows:

Build ArtifactPlatformNotes
cwtch-VERSION.apkAndroidSupports arm, arm64, and amd64. Can be sideloaded.
cwtch-VERSION.aabAndroidAndroid App Bundle for publishing to appstores
Cwtch-VERSION.dmgMacOS
cwtch-VERSION.tar.gzLinuxContains the code, libs, and assets in addition to install scripts for various devices
cwtch-VERSION.zipWindows
cwtch-installer-VERSION.exeWindowsNSIS powered installation wizard

Nightly builds are regularly purged from the system

Official Releases

The Cwtch Team meets on a regular basis and reaches consensus based on nightly testing feedback and project roadmaps.

When the decision is made to cut a release build, a nightly version is built with a new git tag reflecting the release version e.g. v.1.12.0. The build artifacts are then copied to the Cwtch release website to a dedicated versioned folder.

Reproducible Builds

We use repliqate to provide reproducible build scripts for Cwtch.

We update the repliqate-scripts repository with scripts for all official releases. Currently only Cwtch bindings are reproducible

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/appearance/index.html b/build-staging/de/docs/category/appearance/index.html index 1a7c723d..3700ca42 100644 --- a/build-staging/de/docs/category/appearance/index.html +++ b/build-staging/de/docs/category/appearance/index.html @@ -12,13 +12,13 @@ - +

Darstellung

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/behaviour/index.html b/build-staging/de/docs/category/behaviour/index.html index 5e1ca41b..dfdfa939 100644 --- a/build-staging/de/docs/category/behaviour/index.html +++ b/build-staging/de/docs/category/behaviour/index.html @@ -12,13 +12,13 @@ - +

Verhalten

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/contribute/index.html b/build-staging/de/docs/category/contribute/index.html index 3b7eb16c..1fc21b03 100644 --- a/build-staging/de/docs/category/contribute/index.html +++ b/build-staging/de/docs/category/contribute/index.html @@ -12,13 +12,13 @@ - +

Mitwirken

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/conversations/index.html b/build-staging/de/docs/category/conversations/index.html index e76b8886..5e971e25 100644 --- a/build-staging/de/docs/category/conversations/index.html +++ b/build-staging/de/docs/category/conversations/index.html @@ -12,13 +12,13 @@ - +

Konversationen

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/experiments/index.html b/build-staging/de/docs/category/experiments/index.html index efe16079..57d43c40 100644 --- a/build-staging/de/docs/category/experiments/index.html +++ b/build-staging/de/docs/category/experiments/index.html @@ -12,13 +12,13 @@ - +

Experimentelle Funktionen

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/getting-started/index.html b/build-staging/de/docs/category/getting-started/index.html index 8ca3e370..50e4a0e2 100644 --- a/build-staging/de/docs/category/getting-started/index.html +++ b/build-staging/de/docs/category/getting-started/index.html @@ -12,13 +12,13 @@ - +

Erste Schritte

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/groups/index.html b/build-staging/de/docs/category/groups/index.html index a3bad09c..f32fc116 100644 --- a/build-staging/de/docs/category/groups/index.html +++ b/build-staging/de/docs/category/groups/index.html @@ -12,13 +12,13 @@ - +

Gruppen

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/platforms/index.html b/build-staging/de/docs/category/platforms/index.html index 5702771e..0a8e2ca6 100644 --- a/build-staging/de/docs/category/platforms/index.html +++ b/build-staging/de/docs/category/platforms/index.html @@ -12,13 +12,13 @@ - +

Plattformen

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/profiles/index.html b/build-staging/de/docs/category/profiles/index.html index 4dc1e68f..d48ff5ef 100644 --- a/build-staging/de/docs/category/profiles/index.html +++ b/build-staging/de/docs/category/profiles/index.html @@ -12,13 +12,13 @@ - +

Profile

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/servers/index.html b/build-staging/de/docs/category/servers/index.html index 224434be..5d545859 100644 --- a/build-staging/de/docs/category/servers/index.html +++ b/build-staging/de/docs/category/servers/index.html @@ -12,13 +12,13 @@ - +

Server

- + \ No newline at end of file diff --git a/build-staging/de/docs/category/settings/index.html b/build-staging/de/docs/category/settings/index.html index 44e2503a..64669d5d 100644 --- a/build-staging/de/docs/category/settings/index.html +++ b/build-staging/de/docs/category/settings/index.html @@ -12,13 +12,13 @@ - +

Einstellungen

- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/accept-deny-new-conversation/index.html b/build-staging/de/docs/chat/accept-deny-new-conversation/index.html index 15cf7866..54881c20 100644 --- a/build-staging/de/docs/chat/accept-deny-new-conversation/index.html +++ b/build-staging/de/docs/chat/accept-deny-new-conversation/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/add-contact/index.html b/build-staging/de/docs/chat/add-contact/index.html index 78139484..eb1a4c5f 100644 --- a/build-staging/de/docs/chat/add-contact/index.html +++ b/build-staging/de/docs/chat/add-contact/index.html @@ -12,13 +12,13 @@ - +

Neues Gespräch beginnen

  1. Ein Profil auswählen
  2. Klicke auf den Hinzufügen Button
  3. Wähle 'Kontakt hinzufügen'
  4. Eine Cwtch-Adresse einfügen
  5. Der Kontakt wird zu deiner Kontaktliste hinzugefügt
info Info

Diese Dokumentationsseite ist ein Muster. Du kannst helfen, indem du es mit vergrößerst.

- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/block-contact/index.html b/build-staging/de/docs/chat/block-contact/index.html index 42e68cb1..e8ef9149 100644 --- a/build-staging/de/docs/chat/block-contact/index.html +++ b/build-staging/de/docs/chat/block-contact/index.html @@ -12,13 +12,13 @@ - +

Einen Kontakt blockieren

  1. In einem Konversationsfenster
  2. Zu Einstellungen gehen
  3. Scrolle nach unten zum Kontakt blockieren
  4. Verschiebe den Schalter auf Kontakt blockieren
info Info

Diese Dokumentationsseite ist ein Muster. Du kannst helfen, indem du es mit vergrößerst.

- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/conversation-settings/index.html b/build-staging/de/docs/chat/conversation-settings/index.html index 9a77f142..7e0c78a8 100644 --- a/build-staging/de/docs/chat/conversation-settings/index.html +++ b/build-staging/de/docs/chat/conversation-settings/index.html @@ -12,13 +12,13 @@ - +

Konversationseinstellungen aufrufen

Klicke in einem Konversationsfenster auf das Einstellungssymbol in der oberen Leiste.

Diese Aktion öffnet einen neuen Bildschirm, auf dem du den Kontakt ansehen und verwalten kannst.

- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/delete-contact/index.html b/build-staging/de/docs/chat/delete-contact/index.html index 66672564..8c466406 100644 --- a/build-staging/de/docs/chat/delete-contact/index.html +++ b/build-staging/de/docs/chat/delete-contact/index.html @@ -12,13 +12,13 @@ - +

Entfernen einer Konversation

Warnung

Diese Funktion wird unwiderruflich löschen. Dieses kann nicht rückgängig gemacht werden.

  • In einem Chat mit Kontakt, gehe in die Konversationseinstellungen oben rechts
  • Scrolle zum Verlasse diese Konversation und drücken darauf.
  • Sie wirst aufgefordert zu bestätigen, wenn du die Unterhaltung verlassen möchtest. Diese Aktion kann nicht rückgängig gemacht werden.
info Info

Diese Dokumentationsseite ist ein Muster. Du kannst helfen, indem du es mit vergrößerst.

- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/introduction/index.html b/build-staging/de/docs/chat/introduction/index.html index 9e7e3cb7..d2b5a199 100644 --- a/build-staging/de/docs/chat/introduction/index.html +++ b/build-staging/de/docs/chat/introduction/index.html @@ -12,13 +12,13 @@ - +

Eine Einführung in die Cwtch P2P Chat

Cwtch benutzt Tor v3 Onion Dienste, um anonyme, Peer-to-Peer-Verbindungen zwischen Profilen herzustellen.

Wie P2P-Chat unter der Haube funktioniert

Um mit deinen Freunden in einem Peer-to-Peer-Gespräch zu chatten, müssen beide online sein.

Nach einer erfolgreichen Verbindung beteiligen sich beide Seiten an einem -Authentifizierungsprotokoll von:

  • Behauptet, dass jede Seite Zugang zu dem privaten Schlüssel hat, der mit ihrer öffentlichen Identität verbunden ist.
  • Erzeugt einen ephemeren Session-Schlüssel, der zur Verschlüsselung aller weiteren Kommunikation während der Sitzung verwendet wird.

Dieser Austausch (detailliert im -Authentifizierungsprotokolldokumentiert) ist offline verweigerbar d. h. es ist möglich für jede Seite Transkripte dieses Protokoll-Auszutausches zu fälschen und daher ist es unmöglich definitiv zu beweisen, dass der Austausch überhaupt stattgefunden hat.

Sobald der Authentifizierungsprozess erfolgreich ist, kannst Du und dein Freund sicher sein, dass niemand anderes etwas über den Inhalt oder die Metadaten eurer Konversation erfahren kann.

- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/message-formatting/index.html b/build-staging/de/docs/chat/message-formatting/index.html index 8bb83219..7ad3d550 100644 --- a/build-staging/de/docs/chat/message-formatting/index.html +++ b/build-staging/de/docs/chat/message-formatting/index.html @@ -12,13 +12,13 @@ - +

Nachrichtenformatierung

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Nachrichten Formatierung Experiment eingeschaltet ist.

Optional kannst du Klickbare Links aktivieren, um URLs in Nachrichten in Cwtch anklickbar zu machen.

Cwtch unterstützt zur Zeit folgende Formatierungsmarkierungen für Nachrichten:

  • **bold** welches fett rendern wird
  • *italic* welches kursiv rendern wird
  • code welches code rendern wird
  • ^superscript^ das superscript rendern wird
  • _subscript_ welches subscript rendern wird
  • ~~strikthrough~~ welches strikethrough rendern wird
- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/reply-to-message/index.html b/build-staging/de/docs/chat/reply-to-message/index.html index d2117f88..b7313788 100644 --- a/build-staging/de/docs/chat/reply-to-message/index.html +++ b/build-staging/de/docs/chat/reply-to-message/index.html @@ -12,13 +12,13 @@ - +

Auf eine Nachricht antworten

  1. Wähle eine Nachricht aus, auf die du antworten möchtest
  2. Nachricht nach rechts ziehen
  3. Eine Antwort auf die zitierte Nachricht schreiben
  4. Senden anklicken
- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/save-conversation-history/index.html b/build-staging/de/docs/chat/save-conversation-history/index.html index 7b5e42f1..93deec5e 100644 --- a/build-staging/de/docs/chat/save-conversation-history/index.html +++ b/build-staging/de/docs/chat/save-conversation-history/index.html @@ -12,13 +12,13 @@ - +

Gesprächsverlauf speichern

Standardmäßig speichert Cwtch aus Gründen der Privatsphäre keine Unterhaltungshistorie zwischen den Sitzungen.

Um den Verlauf für eine bestimmte Konversation zu aktivieren:

  1. Gehe in einem Konversationsfenster zu Einstellungen
  2. Gehe zu Verlauf speichern
  3. Klicke das Dropdown-Menü
  4. Verlauf speichern auswählen
  5. Jetzt wird dein Verlauf gespeichert

Die Konversationshistorie kann an jedem beliebigen Punkt abgeschaltet werden, indem du im Dropdown-Menü "Verlauf löschen" auswählst.

- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/share-address-with-friends/index.html b/build-staging/de/docs/chat/share-address-with-friends/index.html index 353db2c7..69768b2e 100644 --- a/build-staging/de/docs/chat/share-address-with-friends/index.html +++ b/build-staging/de/docs/chat/share-address-with-friends/index.html @@ -12,13 +12,13 @@ - +

Teilen von Cwtch Adressen

Es gibt viele Möglichkeiten, eine Cwtch Adresse zu teilen.

Teilen deiner Cwtch Adresse

  1. Zu deinem Profil gehen
  2. Klicke auf das Kopiere-Adresse-Symbol

Du kannst diese Adresse nun teilen. Personen mit dieser Adresse können dich als Cwtch Kontakt hinzufügen.

Für Informationen zum Blockieren von Verbindungen von Personen, die du nicht kennst, lies bitte Einstellungen: Unbekannte Verbindungen blockieren

Teilen der Cwtch Adresse von Freunden

Innerhalb von Cwtch gibt es einen weiteren Mechanismus zum Austausch von Cwtch-Adressen.

info Info

Diese Dokumentationsseite ist ein Muster. Du kannst helfen, indem du es mit vergrößerst.

- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/share-file/index.html b/build-staging/de/docs/chat/share-file/index.html index 76282c34..413bdae7 100644 --- a/build-staging/de/docs/chat/share-file/index.html +++ b/build-staging/de/docs/chat/share-file/index.html @@ -12,13 +12,13 @@ - +

Eine Datei teilen

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Datei Teilen Experiment eingeschaltet ist.

Optional kannst du Bilder und Profilbilder Vorschau aktivieren, um geteilte Bilder als Vorschau im Konversationsfenster zu sehen.

In einer Konversation

  1. Klicke auf das Anhang-Symbol
  2. Finde die Datei, die du senden möchtest
  3. Bestätige, dass du es senden möchtest

Wie funktioniert das Teilen von Dateien mit Gruppen? Sind meine Dateien irgendwo auf einem Server gespeichert?

Dateien werden über onion-to-onion Cwtch Verbindungen direkt von der Person verschickt, die die Datei dem Empfänger anbietet. Das ursprüngliche Angebot zum Senden einer Datei wird als Standard Cwtch Konversation/Overlay-Nachricht veröffentlicht. Für Gruppen bedeutet dies, dass das ursprüngliche Angebot (welches den Dateinamen, die Größe, Hash und eine Nonce beinhaltet) auf den Gruppenserver gestellt wird aber dann verbindet sich jeder Empfänger zu dir, um den eigentlichen Dateiinhalt zu erhalten.

Muss ich somit online sein, um eine Datei zu senden?

Ja. Wenn die Person, die die Datei anbietet, offline geht, musst du warten, bis sie online kommt, um die Übertragung fortzusetzen. Das zugrunde liegende Protokoll teilt die Dateien in einzelne, überprüfbare Chunks, so dass Sie in einer zukünftigen Version eine Datei "rehosten" können, die in einer Gruppe veröffentlicht wird und sogar Download von mehreren Hosts auf einmal (eine Art von Bittorrent) möglich sein wird.

Warum tauchen neue Kontakte in meiner Liste auf?

Dies ist darauf zurückzuführen, wie Cwtch derzeit Verbindungen von unbekannten Adressen behandelt. Da eine Datei in eine Gruppe geschrieben wird, führt dies dazu, dass Gruppenmitglieder sich direkt mit dir verbinden, einige dieser Mitglieder befinden sich möglicherweise noch nicht in deiner Kontaktliste, so dass deren Downloadverbindung zu dir als Kontaktanfrage in deiner Liste erscheint.

Was heißt "SHA512"?

SHA512 ist ein kryptographischer Hash der verwendet werden kann, um zu überprüfen, dass die heruntergeladene Datei eine korrekte Kopie der angebotenen Datei ist. Cwtch macht diese Verifizierung automatisch, aber du bist herzlich eingeladen, es selbst auszuprobieren! Beachte, dass wir auch ein zufälliges nonce in Datei-Angeboten einschließen, so dass die Leute dich nicht einfach nach einem zufälligen Hash fragen können, den du haben kannst, oder Dateien aus Unterhaltungen, von denen sie nicht selber dabei sind.

Gibt es eine Begrenzung der Dateigröße?

Das aktuelle Limit beträgt 10 Gigabytes pro Datei.

Was sind diese .manifest Dateien?

Die .manifest-Dateien werden beim Herunterladen der Datei verwendet, um zu überprüfen, ob einzelne Chunks korrekt empfangen werden, und um die Fortsetzung der unterbrochenen Übertragung zu unterstützen. Sie enthalten auch die Informationen aus dem ursprünglichen Datei-Angebot. Du kannst diese sicher löschen, sobald der Download abgeschlossen ist. Auf Android werden die Manifeste im Cache der App gespeichert und können über die Systemeinstellungen gelöscht werden.

Was ist mit den Datei-Metadaten?

Wir schicken den Namen der Datei als Vorschlag und um zu helfen, die Datei von anderen Dateiangeboten zu unterscheiden. Vor dem Absenden des Angebots wird der gesamte Pfad abgeschnitten. Du solltest dich vor versteckten Metadaten hüten, die in der Datei selbst gespeichert sein könnten, was je nach Dateiformat variiert. Zum Beispiel können Bilder Geo-Lokationen und Informationen über die Kamera enthalten, die sie aufgenommen haben und PDF-Dateien sind dafür berüchtigt, versteckte Informationen wie den Namen des Autors oder die Maschine, auf der sie erstellt wurden, zu enthalten. Im Allgemeinen solltest du nur Dateien mit Leuten senden und empfangen, denen du vertraust.

Kann ich Dateien automatisch herunterladen?

Wenn das Bild-Vorschau und Profilbilder Experiment aktiviert ist, wird Cwtch automatisch Bilder von akzeptierten Unterhaltungen herunterladen.

- + \ No newline at end of file diff --git a/build-staging/de/docs/chat/unblock-contact/index.html b/build-staging/de/docs/chat/unblock-contact/index.html index 1668560e..257a0cc6 100644 --- a/build-staging/de/docs/chat/unblock-contact/index.html +++ b/build-staging/de/docs/chat/unblock-contact/index.html @@ -12,13 +12,13 @@ - +

Einen Kontakt entsperren

  1. Wähle den Kontakt in Ihrer Konversationsliste aus. Gesperrte Kontakte werden an das Ende der Liste verschoben.
  2. Gehe zu den Konversationseinstellungen
  3. Scrolle nach unten zum Kontakt sperren
  4. Verschiebe den Schalter auf Kontakt entsperren
info Info

Diese Dokumentationsseite ist ein Muster. Du kannst helfen, indem du es mit vergrößerst.

- + \ No newline at end of file diff --git a/build-staging/de/docs/contribute/developing/index.html b/build-staging/de/docs/contribute/developing/index.html index 3a4de995..60a01e5a 100644 --- a/build-staging/de/docs/contribute/developing/index.html +++ b/build-staging/de/docs/contribute/developing/index.html @@ -12,13 +12,13 @@ - +

Entwicklung von Cwtch

Dieser Abschnitt dokumentiert einige Möglichkeiten, um mit der Cwtch-Entwicklung zu beginnen.

Cwtch-Fehlerverfolgungsprozess

Alle Cwtch-Probleme werden aus dem cwtch-ui git Repositoryverfolgt, auch wenn der Fehler / das Feature in einer Upstream-Bibliothek entsteht. Dies erlaubt uns, alles an einem Ort zu halten.

Probleme sind in 4 verschiedene Kategorien unterteilt:

  • Unbearbeitete - Dies sind neue Probleme, die vom Cwtch Team nicht diskutiert wurden.
  • Geplant - Diese Probleme wurden für eine kommende Veröffentlichung eingeplant. Normalerweise werden sie mit der Release Version getaggt, in der sie voraussichtlich in cwtch-1.11 behoben werden. Ein Kern-Cwtch-Team-Mitglied arbeitet wahrscheinlich an diesem Problem oder wird in den nächsten Wochen an diesem Thema arbeiten.
  • Gewünscht - Dies sind Probleme, die wir gerne beheben würden, aber aus irgendeinem Grund können wir diese nicht planen. Dies könnte daran liegen, dass die Funktion groß ist und viel Aufwand erfordert, oder weil es einen Blocker gibt (z.B. Eine fehlende Funktion in Flutter oder einer anderen Bibliothek), die die Arbeit an der Funktion verhindert.
  • Hilfe gesucht - Dies sind in der Regel kleine Probleme, die wir gerne beheben würden, die aber als geringe Priorität eingestuft wurden. Dies sind ideale erste Probleme für Freiwillige.

Wenn du an einem offenen Fehler/Feature arbeiten möchtest, bitte kommentiere das Problem und ein Mitglied des Cwtch Teams wird dir Ratschläge geben, wohin du von dort gehen solltest. Dies hilft uns, den Überblick zu behalten, wer an welchen Problemen arbeitet, und reduziert den Umfang der doppelten Arbeit. Wir sind bestrebt, die meisten Anfragen innerhalb von 24 Stunden zu beantworten, fühle dich frei, an ein Problem zu "erinnern", wenn es länger als diese Zeit dauert.

Hinweis

Aufgrund eines Problems mit unserem E-Mail-Provider sind wir derzeit nicht in der Lage, E-Mails von unserer gitea-Instanz zu versenden. Bitte überprüfe regelmäßig offene Probleme / Pull-Requests auf Updates (oder abonniere die RSS-Feeds des Projektarchivs)

Cwtch Pull-Request Prozess

Alle Pull-Requests müssen von einem Kernmitglied des Cwtch Teams überprüft und genehmigt werden, bevor das Zusammenführen erfolgt. Sarah prüft alle neuen und aktiven Pull-Anfragen mehrmals in der Woche.

Bot bauen

Alle Cwtch Projekte werden mit automatisierten Builds und Tests eingerichtet. Es wird erwartet, dass jeder Pull-Request diese Pipelines durchlaufen kann, bevor er zusammengeführt wird. Wenn buildbot einen Fehler meldet, dann wird Sarah mit dir zusammenarbeiten, um das Problem und alle notwendigen Korrekturen zu ermitteln.

Der Buildbot kann aus Gründen, die außerhalb deiner Kontrolle liegen, fehlschlagen, z.B. viele unserer Integrationstests sind auf das Einrichten von Tor-Verbindungen angewiesen, diese können gelegentlich spröde sein und zu Timeouts und Fehlern führen. Bestätige immer die Hauptursache für einen Testfehler, bevor du entscheidest, was als nächstes zu tun ist.

Nützliche Ressourcen

Hinweis

Alle Beiträge sind berechtigt für Aufkleber

- + \ No newline at end of file diff --git a/build-staging/de/docs/contribute/documentation/index.html b/build-staging/de/docs/contribute/documentation/index.html index a23e24a9..fa8608e8 100644 --- a/build-staging/de/docs/contribute/documentation/index.html +++ b/build-staging/de/docs/contribute/documentation/index.html @@ -12,13 +12,13 @@ - +

Stilregeln der Dokumentation

Dieser Abschnitt dokumentiert die erwartete Struktur und Qualität der Cwtch-Dokumentation.

Screenshots und Übertragung von Zeichen

Die meisten Cwtch-Dokumentationen sollte mindestens einen Screenshot oder ein animiertes Bild enthalten. Screenshots der Cwtch-Anwendung sollten sich auf die in der Dokumentation beschriebene Funktion konzentrieren.

Um die Konsistenz zwischen Screenshots zu gewährleisten, schlagen wir vor, dass das betreffende Profil besonderen, konstanten und Rollen dienen sollte.

  • Alice - wird verwendet, um das primäre Profil zu repräsentieren.
  • Bob - der primäre Kontakt, nützlich bei der Darstellung von Peer-to-Peer-Funktionen
  • Carol - ein sekundärer Kontakt, nützlich bei der Darstellung von Gruppenfunktionen
  • Mallory - stellt einen böswilligen Partner dar (welcher verwendet wird, um die Blockierfunktionalität zu demonstrieren)

Dialog und Inhalt

Wo Screenshots und Demonstrationen Dialog, Gespräche und/oder Bilder zeigen, halte bitte die Gespräche kurz zu einem lässigen Thema. Beispiele dafür sind:

  • Organisieren eines Picknicks
  • Teilen von Fotos aus einem Urlaub
  • Senden des Dokuments zur Prüfung

Experimente

Alle Funktionen, die auf die Aktivierung eines Experiments angewiesen sind, sollten dies alles oben auf der Seite hervorheben z. B.:

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Beispiel Experiment eingeschaltet ist.

Risiko

Wenn eine Funktion zur Zerstörung des Schlüsselmaterials oder zur dauerhaften Löschung des Status führen könnte dann sollten diese auch oben in der Dokumentation aufgerufen werden, z. B.:

Warnung

Diese Funktion wird das Schlüsselmaterial unwiderruflich löschen. Dieses kann nicht rückgängig gemacht werden.

- + \ No newline at end of file diff --git a/build-staging/de/docs/contribute/stickers/index.html b/build-staging/de/docs/contribute/stickers/index.html index c91eec59..a75e57cf 100644 --- a/build-staging/de/docs/contribute/stickers/index.html +++ b/build-staging/de/docs/contribute/stickers/index.html @@ -12,13 +12,13 @@ - +

Aufkleber

Alle Beiträge sind für Aufkleber berechtigt. Wenn du zu Bugs, Features, Testen oder Sprache beiträgst oder in der Vergangenheit einen wesentlichen Beitrag geleistet hast, schreibe bitte eine E-Mail an erinn@openprivacy. mit Details und einer Adresse für uns, damit wir die Aufkleber dir schicken können.

Ein Foto von Cwtch-Aufklebern

- + \ No newline at end of file diff --git a/build-staging/de/docs/contribute/testing/index.html b/build-staging/de/docs/contribute/testing/index.html index 5dd331a9..c96044e2 100644 --- a/build-staging/de/docs/contribute/testing/index.html +++ b/build-staging/de/docs/contribute/testing/index.html @@ -12,13 +12,13 @@ - +

Cwtch testen

Dieser Abschnitt dokumentiert einige Möglichkeiten, um mit Cwtch-Tests zu beginnen.

Laufender Fuzzbot

FuzzBot ist unser Entwicklungs-Testbot. Du kannst FuzzBot als Kontakt hinzufügen: cwtch:4y2hxlxqzautabituedksnh2ulcgm2coqbure6wvfpg4gi2ci25ta5ad.

FuzzBot Hilfe

Wenn Du FuzzBot eine Hilfe- Nachricht sendest, werden alle derzeit verfügbaren Testbefehle angezeigt.

Weitere Informationen über FuzzBot findest Du in unserem Discreet Log Development Blog.

Trete der Cwtch Release Candidate Tester Gruppe bei

Wenn Du Fuzzbot den Befehl testgroup-invite sendest, lädt FuzzBot Dich zur Cwtch Testers Group ein! Dort kannst du Fragen stellen, Fehlerberichte schreiben und Feedback geben.

Cwtch Nightlies

Cwtch Nightly Builds sind Entwicklungs-Builds, die neue Features enthalten, die zum Testen bereit sind.

Die aktuellsten Entwicklungsversionen von Cwtch sind auf unserem Build-Server verfügbar.

Wir empfehlen nicht, dass Tester immer auf die neueste Nightly aktualisieren, sondern wir werden eine Nachricht an die Cwtch Release Candidate Testers Gruppe schicken, wenn eine bedeutsame Nightly verfügbar wird. Eine Nightly wird als bedeutsam angesehen, wenn sie eine neue Funktion oder eine größere Fehlerbehebung enthält.

Hinweis

Alle Beiträge sind berechtigt für Aufkleber

Feedback abgeben

Es gibt drei wichtige Möglichkeiten, Test-Feedback an das Team zu übermitteln:

  • Über Cwtch: Entweder über die Release Candidate Tester Gruppe oder direkt über ein Cwtch Team-Mitglied.
  • Via Gitea: Bitte öffne ein Problem unter https://git.openprivacy.ca/cwtch. m/cwtch-ui/issues - Bitte mache dir keine Gedanken über doppelte Probleme, wir werden doppelte Probleme als Teil unseres Triage Prozesses entfernen.
  • Per E-Mail: E-Mail team@cwtch.im mit dem Fehlerbericht und eines unserer Teams wird ihn prüfen.
Hinweis

Aufgrund eines Problems mit unserem E-Mail-Provider sind wir derzeit nicht in der Lage, E-Mails von unserer gitea-Instanz zu versenden. Bitte überprüfe regelmäßig offene Probleme / Pull-Requests auf Updates (oder abonniere die RSS-Feeds des Projektarchivs)

- + \ No newline at end of file diff --git a/build-staging/de/docs/contribute/translate/index.html b/build-staging/de/docs/contribute/translate/index.html index 1726f8ca..dcfd9afb 100644 --- a/build-staging/de/docs/contribute/translate/index.html +++ b/build-staging/de/docs/contribute/translate/index.html @@ -12,13 +12,13 @@ - +

Cwtch übersetzen

Wenn du Übersetzungen zu Cwtch beitragen möchtest, entweder zur App oder zu diesem Handbuch, kommt hier wie dies möglich ist.

Übersetzungen zur Cwtch-Anwendung beitragen

Es gibt zwei Möglichkeiten, zu Cwtch Anwendungen beizutragen.

Trete unserem Lokalise-Team bei

Wir verwenden Lokalise für die Verwaltung von Übersetzungen für die Cwtch-Anwendung.

  1. Registriere dich für ein Lokalise-Konto
  2. Sende eine E-Mail an team@cwtch.im mit der Sprache, die du übersetzen möchtest und einer E-Mail-Adresse, mit der wir dich in unser Lokalise-Team einladen können.

Direkt über Git

Für neue Übersetzungen, kannst du eine Kopie von https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/l10n/intl_en.arb erstellen und übersetzen - Du kannst dann entweder Pull-Requests einreichen oder direkt Aktualisierungen an uns senden (team@cwtch.im) und wir werden sie zusammenführen.

Um zu existierenden Übersetzungen hinzuzufügen, kannst du Pull-Requests direkt auf jede Datei in https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/l10n/ einstellen und wir werden sie überprüfen und zusammenführen.

Cwtch-Benutzerhandbuch

Dieses Handbuch wird über Crowdin übersetzt.

Um unserem Crowdin-Projekt beizutreten:

  1. Registrieren dich für ein Konto bei Crowdin.
  2. Treten dem cwtch-users-handbook Projekt bei.

Wir bündeln Änderungen an der Dokumentation in Batches und synchronisieren sie regelmäßig mit dem Crowdin-Projekt.

Hinweis

Alle Beiträge sind berechtigt für Aufkleber

- + \ No newline at end of file diff --git a/build-staging/de/docs/getting-started/supported_platforms/index.html b/build-staging/de/docs/getting-started/supported_platforms/index.html index 252cb387..b959a023 100644 --- a/build-staging/de/docs/getting-started/supported_platforms/index.html +++ b/build-staging/de/docs/getting-started/supported_platforms/index.html @@ -12,13 +12,13 @@ - +

Unterstützte Platformen

Die folgende Tabelle stellt unser aktuelles Verständnis von Cwtch-Unterstützung auf verschiedenen Betriebssystemen und Architekturen dar (Stand Cwtch 1.10 und Januar 2023).

In vielen Fällen suchen wir nach Testern, die bestätigen, dass verschiedene Funktionen funktionieren. Wenn du daran interessiert bist, Cwtch auf einer bestimmten Plattform zu testen oder als freiwilliger Helfer bei der offiziellen Unterstützung einer hier nicht aufgelisteten Plattform helfen möchtest, dann schaue dir Beitragen zu Cwtch an.

Legende:

  • ✅: Offiziell unterstützt. Cwtch sollte auf diesen Plattformen ohne Probleme funktionieren. Regressionen werden als hohe Priorität behandelt.
  • 🟡: Beste Anstrengung zur Unterstützung. Cwtch sollte auf diesen Plattformen funktionieren, aber es kann dokumentierte oder unbekannte Probleme geben. Es kann notwendig sein, Tests durchzuführen. Einige Funktionen erfordern möglicherweise zusätzliche Arbeit. Freiwilligenarbeit wird gewürdigt.
  • ❌: Nicht unterstützt. Cwtch wird wahrscheinlich nicht auf diesen Systemen funktionieren. Wir werden vermutlich keine Fehlerberichte für diese Systeme akzeptieren.
PlattformOffizielle Cwtch BuildsQuellencode-UnterstützungAnmerkungen
Windows 11Nur 64-Bit amd64.
Windows 10Nur 64-Bit amd64. Nicht offiziell unterstützt, aber offizielle Builds könnten funktionieren.
Windows 8 und darunter🟡Nicht unterstützt. Dedizierte Builds aus dem Quellcode könnten funktionieren. Testen erforderlich.
OSX 10 und darunter🟡Nur 64-Bit. Offizielle Builds sollen auf Catalina funktionieren, aber nicht auf High Sierra
OSX 11Nur 64-Bit. Offizielle Builds unterstützen sowohl arm64 als auch x86 Architekturen.
OSX 12Nur 64-Bit. Offizielle Builds unterstützen sowohl arm64 als auch x86 Architekturen.
OSX 13Nur 64-Bit. Offizielle Builds unterstützen sowohl arm64 als auch x86 Architekturen.
Debian 11Nur 64-Bit amd64.
Debian 10🟡Nur 64-Bit amd64.
Debian 9 und darunter🟡Nur 64-Bit amd64. Builds aus dem Quellcode sollten funktionieren, aber offizielle Builds könnten mit installierten Abhängigkeiten inkompatibel sein.
Ubuntu 22.04Nur 64-Bit amd64.
Andere Ubuntu🟡Nur 64-Bit. Testen erforderlich. Builds aus dem Quellcode sollten funktionieren, aber offizielle Builds könnten mit installierten Abhängigkeiten inkompatibel sein.
CentOS🟡🟡Testen erforderlich.
Gentoo🟡🟡Testen erforderlich.
Arch🟡🟡Testen erforderlich.
Whonix🟡🟡Bekannte Probleme. Für die Unterstützung sind spezielle Änderungen an Cwtch erforderlich.
Raspian (arm64)🟡Builds aus dem Quellcode erstellt, funktionieren.
Andere Linux-Distributionen🟡🟡Testen erforderlich.
Android 9 und darunter🟡🟡Offizielle Builds könnten funktionieren.
Android 10Offizielle SDK unterstützen arm, arm64 und amd64 Architekturen.
Android 11Offizielle SDK unterstützen arm, arm64 und amd64 Architekturen.
Android 12Offizielle SDK unterstützen arm, arm64 und amd64 Architekturen.
Android 13Offizielle SDK unterstützen arm, arm64 und amd64 Architekturen.
LineageOSOffizielle SDK unterstützen arm, arm64 und amd64 Architekturen.
Andere Android Distributionen🟡🟡Testen erforderlich.
- + \ No newline at end of file diff --git a/build-staging/de/docs/groups/accept-group-invite/index.html b/build-staging/de/docs/groups/accept-group-invite/index.html index 354fbcf2..7fce1dac 100644 --- a/build-staging/de/docs/groups/accept-group-invite/index.html +++ b/build-staging/de/docs/groups/accept-group-invite/index.html @@ -12,13 +12,13 @@ - +

Eine Gruppeneinladung annehmen

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Gruppen Experiment eingeschaltet ist.

  1. Wenn ein Freund dir eine Gruppenanfrage sendet
  2. Wähle ob du dieser Gruppe beitreten möchtest oder nicht
  3. Die Gruppe ist jetzt in deiner Kontaktliste
- + \ No newline at end of file diff --git a/build-staging/de/docs/groups/create-group/index.html b/build-staging/de/docs/groups/create-group/index.html index a2378077..645be0ea 100644 --- a/build-staging/de/docs/groups/create-group/index.html +++ b/build-staging/de/docs/groups/create-group/index.html @@ -12,13 +12,13 @@ - +

Eine neue Gruppe erstellen

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Gruppen Experiment eingeschaltet ist.

  1. In deinem Kontakt-Bereich
  2. Drücke auf die Plus-Schaltfläche
  3. Drücke auf Gruppe erstellen
  4. Gib deiner Gruppe einen Namen
  5. Drücke auf Erstellen
- + \ No newline at end of file diff --git a/build-staging/de/docs/groups/edit-group-name/index.html b/build-staging/de/docs/groups/edit-group-name/index.html index a224faf7..a8c412eb 100644 --- a/build-staging/de/docs/groups/edit-group-name/index.html +++ b/build-staging/de/docs/groups/edit-group-name/index.html @@ -12,13 +12,13 @@ - +

Einen Gruppennamen bearbeiten

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Gruppen Experiment eingeschaltet ist.

Gruppennamen sind privat, sie werden nicht weitergegeben, sie sind Ihr lokaler Name für die Gruppe.

  1. Gehe im Chat-Fenster zu den Einstellungen
  2. Ändere den Namen der Gruppe
  3. Drücke den Speicherknopf
  4. Jetzt hat deine Gruppe einen neuen Namen
- + \ No newline at end of file diff --git a/build-staging/de/docs/groups/introduction/index.html b/build-staging/de/docs/groups/introduction/index.html index c0bd296a..f9698ab2 100644 --- a/build-staging/de/docs/groups/introduction/index.html +++ b/build-staging/de/docs/groups/introduction/index.html @@ -12,13 +12,13 @@ - +

Eine Einführung in die Cwtch Gruppen

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Gruppen Experiment eingeschaltet ist.

Hinweis: Metadaten resistente Kommunikation ist noch ein aktives Entwicklungsfeld und was hier dokumentiert ist wird sehr wahrscheinlich in der Zukunft sich ändern.

Standardmäßig unterstützt Cwtch nur Peer-to-Peer online Chats. Um Mehrparteien-Gespräche zu unterstützen und Offline-Auslieferung zu ermöglichen, ist ein (nicht vertrauenswürdiger) Dritter erforderlich. Wir nennen diese Entitäten (Dritten) "Server"

Diese Server können von jedem eingerichtet werden und sind dafür gedacht, immer online zu sein. Am wichtigsten ist, dass die Kommunikation mit einem Server so gestaltet ist, dass der Server so wenig Informationen wie möglich über den Inhalt oder die Metadaten erfährt.

In vielerlei Hinsicht ist die Kommunikation mit einem Server identisch mit einer regulären Cwtch Peer, alle Schritte werden gleich unternommen, aber der Server fungiert immer als eingehender Peer, und der ausgehende Peer verwendet immer neu generierte ephemere (flüchtige) Schlüsselpaare - so dass jede Serversitzung getrennt wird.

Somit unterscheidet sich die Peer zu Server Konversation nur in der Art der Nachrichten, die zwischen zwei Seiten gesendet werden, mit dem Server, der alle Nachrichten, die er erhält, speichert und damit den Clients erlaubt den Server nach älteren Nachrichten abzufragen.

Das mit Servern verbundene Risikomodell ist komplizierter als Peer-to-Peer-Kommunikation, da wir derzeit Leute benötigen, die Server in Cwtch mit opt-in zum Gruppen-Chat-Experiment verwenden möchten um auf nicht vertrauenswürdigen Servern Gruppen hinzuzufügen, zu verwalten und zu erstellen.

Wie Gruppen unter der Haube funktionieren

Wenn eine Person eine Gruppendiskussion starten will, generiert sie einen zufälligen geheimen Gruppenschlüssel. Alle Gruppenkommunikation wird mit diesem Schlüssel verschlüsselt.

Zusammen mit dem Gruppenschlüssel entscheidet der Gruppenersteller sich auch für einen Cwtch Server als Host der Gruppe zu verwenden. Weitere Informationen darüber, wie Server sich selbst authentifizieren, findest du unter Schlüsselbündel.

Ein Gruppen Identifikator wird mit dem Gruppenschlüssel und dem Gruppenserver generiert und diese drei Elemente sind in einer Einladung verpackt, die an potenzielle Gruppenmitglieder gesendet werden kann (z.B. über existierende Peer-to-Peer-Verbindungen).

Um eine Nachricht an die Gruppe zu senden, verbindet sich ein Profil mit dem Server, der die Gruppe beherbergt (siehe unten), und verschlüsselt deine Nachricht mit dem Gruppenschlüssel `und erzeugt eine kryptographische Signatur über dieGruppen-Id, Gruppen Server` und die entschlüsselte Nachricht (siehe: Nachrichtenformate für weitere Informationen).

Um Nachrichten von der Gruppe zu erhalten, verbindet sich ein Profil mit dem Server, der die Gruppe beherbergt und lädt alle Nachrichten (seit ihrer vorherigen Verbindung) herunter. Die Profile versuchen dann jede Nachricht mit dem Gruppenschlüssel und wenn dies erfolgreich war, dann die Signatur zu verifizieren (siehe Cwtch Server Cwtch Groupen für einen Überblick über Attacken und Abschwächungen).

- + \ No newline at end of file diff --git a/build-staging/de/docs/groups/leave-group/index.html b/build-staging/de/docs/groups/leave-group/index.html index dcf5a5de..6467683c 100644 --- a/build-staging/de/docs/groups/leave-group/index.html +++ b/build-staging/de/docs/groups/leave-group/index.html @@ -12,13 +12,13 @@ - +

Wie man eine Gruppe verlässt?

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Gruppen Experiment eingeschaltet ist.

Warnung

Diese Funktion wird das Schlüsselmaterial unwiderruflich löschen. Dieses kann nicht rückgängig gemacht werden.

  1. Gehen Sie im Chat-Fenster zu den Einstellungen
  2. Im Einstellungsfenster nach unten scrollen
  3. Drücke auf Konversation verlassen
  4. Bestätige, dass du verlassen möchtest
- + \ No newline at end of file diff --git a/build-staging/de/docs/groups/manage-known-servers/index.html b/build-staging/de/docs/groups/manage-known-servers/index.html index 2d6ac855..ca6192de 100644 --- a/build-staging/de/docs/groups/manage-known-servers/index.html +++ b/build-staging/de/docs/groups/manage-known-servers/index.html @@ -12,13 +12,13 @@ - +

Server verwalten

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Gruppen Experiment eingeschaltet ist.

Cwtch Gruppen werden von nicht vertrauenswürdigen Servern gehostet. Wenn du die Server sehen möchtest, über die du kennst, ihren Status und die auf ihnen gehosteten Gruppen:

  1. In deinem Kontakt-Bereich
  2. Zum Server verwalten Symbol gehen

Import lokal gehosteter Server

  1. Um einen lokal gehosteten Server zu importieren klicke auf lokalen Server auswählen
  2. Wähle den gewünschten Server aus
- + \ No newline at end of file diff --git a/build-staging/de/docs/groups/send-invite/index.html b/build-staging/de/docs/groups/send-invite/index.html index 8ac6d0dc..5fb8d3a1 100644 --- a/build-staging/de/docs/groups/send-invite/index.html +++ b/build-staging/de/docs/groups/send-invite/index.html @@ -12,13 +12,13 @@ - +

Einladungen an eine Gruppe senden

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Gruppen Experiment eingeschaltet ist.

  1. Gehe zu einem Chat mit einem Kontakt
  2. Klicke auf das Einladungs-Symbol
  3. Wähle die Gruppe aus, in die du einladen möchtest
  4. Klicke Einladen
  5. Du hast eine Einladung gesendet
- + \ No newline at end of file diff --git a/build-staging/de/docs/intro/index.html b/build-staging/de/docs/intro/index.html index b7ca5566..57c845ca 100644 --- a/build-staging/de/docs/intro/index.html +++ b/build-staging/de/docs/intro/index.html @@ -12,13 +12,13 @@ - +

Was ist Cwtch?

Cwtch (/kʊtʃ/ - ein walisisches Wort, das grob übersetzt „eine Umarmung, die einen sicheren Ort schafft“ bedeutet) ist eine dezentralisierte, Privatspähre bewahrende, metadatenresistente Messenger-App.

  • Dezentralisiert und offen: Es gibt keinen „Cwtch-Dienst“ oder „Cwtch-Netzwerk“. Die Cwtch Teilnehmer können ihre eigenen sicheren Räume hosten oder ihre Infrastruktur anderen anbieten, die auf der Suche nach einem sicheren Raum sind. Das Cwtch-Protokoll ist offen und jeder kann Bots, Dienste und Benutzeroberflächen erstellen und in Cwtch integrieren und interagieren.
  • Datenschutz wahrend: Alle Kommunikation in Cwtch ist Ende-zu-Ende verschlüsselt und findet über Tor v3 onion Dienste statt.
  • Metadaten resistent: Cwtch wurde so konzipiert, dass ohne ihre ausdrückliche Zustimmung keine Informationen ausgetauscht oder zugänglich sind einschließlich On-the-wire Nachrichten und Protokoll-Metadaten.

Sicherheit und Verschlüsselung

Für einen detaillierteren Blick auf die in Cwtch verwendete Sicherheit, Privatsphäre und die zugrunde liegende Verschlüsselungstechnologie lesen Sie ies bitte unser Sicherheitshandbuch

Erste Schritte

Du kannst die neueste Version von Cwtch von herunterladen https://cwtch.im/download/

- + \ No newline at end of file diff --git a/build-staging/de/docs/platforms/tails/index.html b/build-staging/de/docs/platforms/tails/index.html index d3eb3a24..e5335f2b 100644 --- a/build-staging/de/docs/platforms/tails/index.html +++ b/build-staging/de/docs/platforms/tails/index.html @@ -12,13 +12,13 @@ - +

Cwtch in Tails laufen lassen

Warnung Neues Feature

Neu in Cwtch 1.12

Diese Funktionalität kann unvollständig und/oder gefährlich sein, wenn sie falsch benutzt wird. Bitte hilf uns bei der Überprüfung und dem Test.

Die folgenden Schritte erfordern, dass Tails mit einem Administrationspasswort gestartet wurde.

Tails verwendet Onion Grater um den Zugriff auf den Kontrollport zu schützen. Wir haben eine Onion Gratar Konfiguration cwtch-tails.yml paketiert und ein Skript (install-tails.sh) mit dem Cwtch unter Linux eingerichtet.

Der Tails-spezifische Teil des Skripts wird unten reproduziert:

    # Tails needs to be have been setup up with an Administration account
    # 
    # Make Auth Cookie Readable
    sudo chmod o+r /var/run/tor/control.authcookie
    # Copy Onion Grater Config
    sudo cp cwtch.yml /etc/onion-grater.d/cwtch.yml
    # Restart Onion Grater so the Config Takes effect
    sudo systemctl restart onion-grater.service

Beim Start sollte Cwtch auf Tails die CWTCH_TAILS=true Umgebungsvariable übergeben werden, um Cwtch automatisch für die Ausführung in einer Tails-ähnlichen Umgebung zu konfigurieren:

exec env CWTCH_TAILS=true LD_LIBRARY_PATH=~/.local/lib/cwtch/:~/.local/lib/cwtch/Tor ~/.local/lib/cwtch/cwtch

Installationsort

Der obige Befehl und die unten stehende Onion Gratar Konfiguration gehen davon aus, dass Cwtch in ~/.local/lib/cwtch/cwtch installiert wurde - wenn Cwtch irgendwo anders installiert wurde (oder wenn Du es direkt aus dem Download-Ordner laufen lässt) musst du die Befehle anpassen.

Onion Grater Konfiguration

Die Onion Gratar Konfiguration cwtch-tails.yml wird unten reproduziert. Wie erwähnt, kann diese Konfiguration wahrscheinlich noch viel weiter eingeschränkt werden. 

    ---
    # TODO: This can likely be restricted even further, especially in regards to the ADD_ONION pattern

    - apparmor-profiles:
        - '/home/amnesia/.local/lib/cwtch/cwtch'
      users:

        - 'amnesia'
      commands:
        AUTHCHALLENGE:

          - 'SAFECOOKIE .*'
        SETEVENTS:

          - 'CIRC WARN ERR'
          - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
        GETINFO:

          - '.*'
        GETCONF:

          - 'DisableNetwork'
        SETCONF:

          - 'DisableNetwork.*'
        ADD_ONION:

          - '.*'
        DEL_ONION:

          - '.+'
        HSFETCH:

          - '.+'
      events:
        CIRC:
          suppress: true
        ORCONN:
          suppress: true
        INFO:
          suppress: true
        NOTICE:
          suppress: true
        WARN:
          suppress: true
        ERR:
          suppress: true
        HS_DESC:
          response:

        - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
          replacement: '650 HS_DESC CREATED {} {} {} redacted {}'

        - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
          replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'

        - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
          replacement: '650 HS_DESC UPLOADED {} {} redacted'

        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH'
          replacement: '650 HS_DESC REQUESTED {} NO_AUTH'

        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
          replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'

        - pattern:     '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
          replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'

        - pattern:     '.*'
          replacement: ''
        HS_DESC_CONTENT:
          suppress: true

Dauerhaft

Standardmäßig erstellt Cwtch $HOME/.cwtch und speichert dort alle verschlüsselten Profile und Einstellungsdateien. Um Profil/Konversationen in Cwtch auf Tails zu speichern, musst du diesen Ordner in einem nicht flüchtigen Zuhause sichern.

Siehe Tails Dokumentation zum Einrichten von Dauerhaftem Speicher

- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/availability-status/index.html b/build-staging/de/docs/profiles/availability-status/index.html index 0bdb8135..c2903997 100644 --- a/build-staging/de/docs/profiles/availability-status/index.html +++ b/build-staging/de/docs/profiles/availability-status/index.html @@ -12,13 +12,13 @@ - +

Verfügbarkeitsstatus einstellen

Warnung Neues Feature

Neu in Cwtch 1.12

Diese Funktionalität kann unvollständig und/oder gefährlich sein, wenn sie falsch benutzt wird. Bitte hilf uns bei der Überprüfung und dem Test.

Klicke im -Konversationsfenster auf das Status-Symbol neben deinem Profilbild.

Ein Dropdown-Menü wird angezeigt mit verschiedenen Optionen wie Verfügbar, Abwesend und Beschäftigt

Wenn du Abwesend oder Beschäftigt als Status auswählst, wird sich die Grenzlinie deines Profilbildes ändern, um den Status zu reflektieren

Kontakte sehen diese Änderung in ihrem Konversationsfenster.

- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/change-name/index.html b/build-staging/de/docs/profiles/change-name/index.html index 393f241e..659438c9 100644 --- a/build-staging/de/docs/profiles/change-name/index.html +++ b/build-staging/de/docs/profiles/change-name/index.html @@ -12,13 +12,13 @@ - +

Ändern Deines Anzeigenamens

  1. In der Ansicht Profile verwalten, klicke auf den Stift neben dem Profil, das Du bearbeiten möchtest
  2. Ändere deinen Namen
  3. Profil speichern klicken
- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/change-password/index.html b/build-staging/de/docs/profiles/change-password/index.html index 7c09bd81..5a204114 100644 --- a/build-staging/de/docs/profiles/change-password/index.html +++ b/build-staging/de/docs/profiles/change-password/index.html @@ -12,13 +12,13 @@ - +

Passwort ändern

  1. Drücke den Stift neben dem Profil, das du bearbeiten möchtest
  2. Gehe zum aktuellen Passwort und gib dein aktuelles Passwort ein
  3. Gehe zu neuem Passwort und gib dein neues Passwort ein
  4. Passwort erneut eingeben
  5. Profil speichern klicken
- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/change-profile-image/index.html b/build-staging/de/docs/profiles/change-profile-image/index.html index defbd705..c52e36e5 100644 --- a/build-staging/de/docs/profiles/change-profile-image/index.html +++ b/build-staging/de/docs/profiles/change-profile-image/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/create-a-profile/index.html b/build-staging/de/docs/profiles/create-a-profile/index.html index c566c4b3..f7917f8a 100644 --- a/build-staging/de/docs/profiles/create-a-profile/index.html +++ b/build-staging/de/docs/profiles/create-a-profile/index.html @@ -12,13 +12,13 @@ - +

Ein neues Profil erstellen

  1. Drücke die + Aktionstaste in der rechten unteren Ecke und wähle "Neues Profil"
  2. Wähle einen Anzeigenamen
  3. Wähle dies aus, wenn Du dieses Profil lokal mit starker Verschlüsselung schützen möchtest:
    • Passwort: Dein Konto ist vor anderen Personen geschützt, die dieses Gerät evtl. verwenden können
    • Kein Passwort: Jeder, der Zugriff auf dieses Gerät hat, kann auf dieses Profil zugreifen
  4. Gib dein Passwort ein und gib es erneut ein
  5. Neues Profil hinzufügen anklicken

Eine Anmerkung zu passwortgeschützten (verschlüsselten) Profilen

Die Profile werden lokal auf der Festplatte gespeichert und mittels eines Schlüssels verschlüsselt, der von einem Benutzer bekannten Passwort abgeleitet wird (via pbkdf2).

Beachte, dass einmal verschlüsselt und auf der Festplatte gespeichert die einzige Möglichkeit, ein Profil wiederherzustellen, ist das erneute Ableiten des Schlüssels aus dem Passwort - so ist es nicht möglich, eine vollständige Liste der Profile anzugeben, auf die ein Benutzer Zugriff haben könnte, bis er ein Passwort eingegeben hat.

Siehe auch: Cwtch Sicherheits-Handbuch: Profil Verschlüsselung & Speicher

- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/delete-profile/index.html b/build-staging/de/docs/profiles/delete-profile/index.html index 37f811d3..d5e5c90c 100644 --- a/build-staging/de/docs/profiles/delete-profile/index.html +++ b/build-staging/de/docs/profiles/delete-profile/index.html @@ -12,13 +12,13 @@ - +

Ein Profil löschen

Warnung

Diese Funktion wird das Schlüsselmaterial unwiderruflich löschen. Dies kann nicht rückgängig gemacht werden.

  1. Drücke den Stift neben dem Profil, das du bearbeiten möchtest
  2. Scrolle nach unten zum Ende des Bildschirms
  3. Löschen drücken
  4. Drücke wirklich Profil löschen
- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/exporting-profile/index.html b/build-staging/de/docs/profiles/exporting-profile/index.html index c54452ff..4ddf4b2a 100644 --- a/build-staging/de/docs/profiles/exporting-profile/index.html +++ b/build-staging/de/docs/profiles/exporting-profile/index.html @@ -12,13 +12,13 @@ - +

Sicherung oder Export eines Profils

Auf der Profil-Verwaltungsseite:

  1. Klicke auf den Stift neben dem Profil, das du bearbeiten möchtest
  2. Scrolle nach unten zum Ende des Bildschirms
  3. Wähle "Export Profil"
  4. Wähle einen Ort und einen Dateinamen
  5. Bestätigen

Nach der Bestätigung wird Cwtch eine Kopie des Profils an der angegebenen Stelle ablegen. Diese Datei wird auf die gleiche Stufe verschlüsselt wie das Profil. Siehe Eine Notiz über passwortgeschützte (verschlüsselte) Profile für weitere Informationen zu verschlüsselten Profilen.

Diese Datei kann in eine andere Cwtch-Instanz auf jedem Gerät importiert werden.

- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/importing-a-profile/index.html b/build-staging/de/docs/profiles/importing-a-profile/index.html index fdff008e..20b68b26 100644 --- a/build-staging/de/docs/profiles/importing-a-profile/index.html +++ b/build-staging/de/docs/profiles/importing-a-profile/index.html @@ -12,13 +12,13 @@ - +

Profil importieren

  1. Drücke die + Aktionstaste in der rechten unteren Ecke und wähle "Importiere Profil"
  2. Wähle eine exportierte Cwtch-Profildatei zum Importieren
  3. Gib das Passwort ein, das dem Profil zugeordnet ist und bestätige es.

Nach der Bestätigung wird Cwtch versuchen, die angegebene Datei mit einem aus dem angegebenen Passwort abgeleiteten Schlüssel zu entschlüsseln. Wenn es erfolgreich ist, erscheint das Profil auf dem Profilverwaltungs-Seite und kann verwendet werden.

Hinweis

Während ein Profil auf mehrere Geräte importiert werden kann zur Zeit nur eine Version des Profils aktiv sein. Ein gleichzeitiger Betrieb auf allen Geräten ist nicht möglich.

Versuche, das gleiche Profil auf mehreren Geräten gleichzeitig zu verwenden, können zu Verfügbarkeitsproblemen und Nachrichtenfehlern führen.

- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/introduction/index.html b/build-staging/de/docs/profiles/introduction/index.html index c2e8938b..e5579d35 100644 --- a/build-staging/de/docs/profiles/introduction/index.html +++ b/build-staging/de/docs/profiles/introduction/index.html @@ -12,13 +12,13 @@ - +

Eine Einführung in die Cwtch Profile

Mit Cwtch kannst Du eines von mehrere Profile erstellen. Jedes Profil erzeugt ein zufälliges ed25519 Schlüsselpaar, welches kompatibel mit dem Tor-Netzwerk ist.

Dies ist der Identifikator, den Du Personen geben kannst und den diese verwenden können, um dich über Cwtch zu kontaktieren.

Cwtch ermöglicht das Erstellen und Verwalten mehrerer separater Profile. Jedes Profil ist mit einem anderen Schlüsselpaar verknüpft, welches einen anderen Onion-Dienst startet.

Profile verwalten

Beim Start startet Cwtch den Bildschirm "Profile verwalten". Von diesem Bildschirm aus kannst Du:

- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/profile-info/index.html b/build-staging/de/docs/profiles/profile-info/index.html index c69b6b1a..c3c87884 100644 --- a/build-staging/de/docs/profiles/profile-info/index.html +++ b/build-staging/de/docs/profiles/profile-info/index.html @@ -12,13 +12,13 @@ - +

Profilattribute einstellen

Warnung Neues Feature

Neu in Cwtch 1.12

Diese Funktionalität kann unvollständig und/oder gefährlich sein, wenn sie falsch benutzt wird. Bitte hilf uns bei der Überprüfung und dem Test.

Im Profilverwaltungsfenster befinden sich drei freiformatige Textfelder unterhalb deines Profilbilds.

Du kannst diese Felder mit allen Informationen ausfüllen, die du potenzielle Kontakte wissen möchtest. Diese Informationen sind öffentlich - lege hier keine Informationen an, die du nicht mit allen teilen möchtest.

Kontakte können diese Informationen in den Konversationseinstellungen einsehen.

- + \ No newline at end of file diff --git a/build-staging/de/docs/profiles/unlock-profile/index.html b/build-staging/de/docs/profiles/unlock-profile/index.html index 650134d3..1b86ee1b 100644 --- a/build-staging/de/docs/profiles/unlock-profile/index.html +++ b/build-staging/de/docs/profiles/unlock-profile/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/de/docs/servers/create-server/index.html b/build-staging/de/docs/servers/create-server/index.html index 24590bf2..84d12f7f 100644 --- a/build-staging/de/docs/servers/create-server/index.html +++ b/build-staging/de/docs/servers/create-server/index.html @@ -12,13 +12,13 @@ - +

Wie man einen Server erstellt

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Server Hosting Experiment eingeschaltet ist.

  1. Zum Server-Symbol gehen
  2. Drücke den + Action-Button, um einen neuen Server zu erstellen
  3. Wähle einen Namen für deinen Server
  4. Wähle ein Passwort für deinen Server
  5. Klicke auf "Server hinzufügen"
- + \ No newline at end of file diff --git a/build-staging/de/docs/servers/delete-server/index.html b/build-staging/de/docs/servers/delete-server/index.html index ddb34cdb..ef26b19d 100644 --- a/build-staging/de/docs/servers/delete-server/index.html +++ b/build-staging/de/docs/servers/delete-server/index.html @@ -12,13 +12,13 @@ - +

Wie man einen Server löscht

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Server Hosting Experiment eingeschaltet ist.

  1. Zum Server-Symbol gehen
  2. Wähle den Server aus, den du löschen möchtest
  3. Drücke das Stift-Symbol
  4. Scrolle nach unten und gib dein Passwort ein
  5. Drücke Löschen
  6. Drücke wirklich Löschen
  7. Dein Server ist gelöscht
- + \ No newline at end of file diff --git a/build-staging/de/docs/servers/edit-server/index.html b/build-staging/de/docs/servers/edit-server/index.html index fa6fefdf..044c8b23 100644 --- a/build-staging/de/docs/servers/edit-server/index.html +++ b/build-staging/de/docs/servers/edit-server/index.html @@ -12,13 +12,13 @@ - +

Wie man einen Server bearbeitet

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Server Hosting Experiment eingeschaltet ist.

  1. Zum Server-Symbol gehen
  2. Wähle den Server aus, den du bearbeiten möchtest
  3. Drücke das Stift-Symbol
  4. Ändere die Beschreibung oder den Server aktivieren oder deaktivieren
  5. Klicke auf "Server speichern"
- + \ No newline at end of file diff --git a/build-staging/de/docs/servers/introduction/index.html b/build-staging/de/docs/servers/introduction/index.html index 33bc5ad1..ee8ef49d 100644 --- a/build-staging/de/docs/servers/introduction/index.html +++ b/build-staging/de/docs/servers/introduction/index.html @@ -12,13 +12,13 @@ - +

Server Einführung

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Server Hosting Experiment eingeschaltet ist.

Der Cwtch Kontakt zu Kontakt Chat ist vollständig peer to peer, d. h. wenn ein Teilnehmer offline ist, kannst du mit ihm nicht chatten, und es gibt keinen Mechanismus um mit mehreren Personen zu chatten.

Um Gruppenchat (und Offline-Zustellung) zu unterstützen, haben wir nicht vertrauenswürdige Cwtch-Server erstellt, die Nachrichten für eine Gruppe hosten können. Die Nachrichten werden mit dem Gruppenschlüssel verschlüsselt und über flüchtige Onions abgeholt, so dass der Server keine Möglichkeit hat zu wissen, welche Nachrichten für welche Gruppen er hat oder wer darauf zugreift.

Derzeit werden Server in der Cwtch-App nur auf der Desktop-Version unterstützt, da die Internet-Verbindung von mobilen Geräten zu instabil und nicht geeignet für den Betrieb eines Servers ist.

- + \ No newline at end of file diff --git a/build-staging/de/docs/servers/share-key/index.html b/build-staging/de/docs/servers/share-key/index.html index 86798556..2a6295cc 100644 --- a/build-staging/de/docs/servers/share-key/index.html +++ b/build-staging/de/docs/servers/share-key/index.html @@ -12,13 +12,13 @@ - +

Wie du dein Server-Schlüsselpaket teilst

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Server Hosting Experiment eingeschaltet ist.

Dein Server-Schlüsselbündel ist das Datenpaket, das eine Cwtch-App benötigt, um einen Server nutzen zu können. Wenn du nur andere Cwtch-Benutzer auf deinen Server aufmerksam machen möchtest, kannst du dies mit ihnen teilen. Dann haben sie die Möglichkeit, eigene Gruppen auf dem Server zu erstellen.

  1. Zum Server-Symbol gehen
  2. Wähle den gewünschten Server aus
  3. Benutze das Kopier-Adressen-Symbol um die Server-Schlüssel zu kopieren
  4. Teile die Schlüssel nicht mit Leuten, denen du nicht vertraust
- + \ No newline at end of file diff --git a/build-staging/de/docs/servers/unlock-server/index.html b/build-staging/de/docs/servers/unlock-server/index.html index 9f6fc0a4..c57152a4 100644 --- a/build-staging/de/docs/servers/unlock-server/index.html +++ b/build-staging/de/docs/servers/unlock-server/index.html @@ -12,13 +12,13 @@ - +

Wie man einen Server entsperrt

Experimentelle Funktionen erforderlich

Diese Funktion erfordert, dass Experimente aktiviert und das Server Hosting Experiment eingeschaltet ist.

Wenn du deinen Server mit einem Passwort geschützt hast, muss er bei jedem Neustart der Anwendung entsperrt werden.

  1. Zum Server-Symbol gehen
  2. Klicken Sie auf das rosa Entsperr-Symbol
  3. Gib das Kennwort deines Servers ein
  4. Drücke Entsperren
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/appearance/change-language/index.html b/build-staging/de/docs/settings/appearance/change-language/index.html index b21aea64..35f93f6f 100644 --- a/build-staging/de/docs/settings/appearance/change-language/index.html +++ b/build-staging/de/docs/settings/appearance/change-language/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/appearance/light-dark-mode/index.html b/build-staging/de/docs/settings/appearance/light-dark-mode/index.html index ae2ac877..7e02a4b3 100644 --- a/build-staging/de/docs/settings/appearance/light-dark-mode/index.html +++ b/build-staging/de/docs/settings/appearance/light-dark-mode/index.html @@ -12,13 +12,13 @@ - +

Helles/Dunkles Design und Theme-Aufteilung

  1. Drücke das Einstellungssymbol
  2. Du kannst ein helles oder dunkles Thema wählen, indem Du den Schalter „Verwende helles Theme“ einschaltest
  3. Wähle mit dem Dropdown-Menü „Farb-Theme“ ein Theme aus, das Dir gefällt
    1. Cwtch: lila Tönung
    2. Geist: Graue Tönung
    3. Meerjungfrau: Türkise und violette Tönung
    4. Mitternacht: Schwarze und graue Tönung
    5. Neon 1: lila und rosa Tönung
    6. Neon 2: lila und türkise Tönung
    7. Kürbis: lila und orange Tönung
    8. Hexe: Grüne und rosa Tönung
    9. Vampir: Violette und rote Tönung
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/appearance/streamer-mode/index.html b/build-staging/de/docs/settings/appearance/streamer-mode/index.html index 71ca067f..01c336c6 100644 --- a/build-staging/de/docs/settings/appearance/streamer-mode/index.html +++ b/build-staging/de/docs/settings/appearance/streamer-mode/index.html @@ -12,13 +12,13 @@ - +

Streamer/Präsentationsmodus

Streamer/Präsentationsmodus macht die App optisch privater. In diesem Modus wird Cwtch keine Hilfsinformationen wie Cwtch-Adressen und andere sensible Informationen auf den Hauptbildschirmen anzeigen.

Dies ist nützlich, wenn Du Screenshots machst oder Cwtch auf andere Art und Weise öffentlich anzeigst.

  1. Drücke das Einstellungssymbol
  2. "Streamer-Modus" auf "An"
  3. Überprüfe, ob es funktioniert, indem Du Dein Profil oder Deine Kontaktliste ansiehst
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/appearance/ui-columns/index.html b/build-staging/de/docs/settings/appearance/ui-columns/index.html index 3e5a42c0..4fdebbec 100644 --- a/build-staging/de/docs/settings/appearance/ui-columns/index.html +++ b/build-staging/de/docs/settings/appearance/ui-columns/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/behaviour/block-unknown-connections/index.html b/build-staging/de/docs/settings/behaviour/block-unknown-connections/index.html index 5f764ef8..9c244946 100644 --- a/build-staging/de/docs/settings/behaviour/block-unknown-connections/index.html +++ b/build-staging/de/docs/settings/behaviour/block-unknown-connections/index.html @@ -12,13 +12,13 @@ - +

Unbekannte Verbindungen blockieren

Standardmäßig interpretiert Cwtch Verbindungen von unbekannten Cwtch-Adressen als Kontaktanfragen. Du kannst dieses Verhalten durch die Blockierung unbekannter Verbindungen ändern.

Wenn aktiviert, schließt Cwtch automatisch alle Verbindungen von Cwtch-Adressen, die Du nicht zur Konversationsliste hinzugefügt hast. Dadurch wird verhindert, dass Personen, die Deine Cwtch-Adresse haben, sich mit Dir in Verbindung setzen, es sei denn, Du fügst diese hinzu.

Zum Aktivieren:

  1. Zu den Einstellungen
  2. Blockieren unbekannter Kontakte aktivieren
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/behaviour/notification-content/index.html b/build-staging/de/docs/settings/behaviour/notification-content/index.html index abbbdbb2..72e12528 100644 --- a/build-staging/de/docs/settings/behaviour/notification-content/index.html +++ b/build-staging/de/docs/settings/behaviour/notification-content/index.html @@ -12,13 +12,13 @@ - +

Benachrichtigungsinhalt

  1. Zu den Einstellungen
  2. Zum Verhalten scrollen
  3. Der Benachrichtigungsinhalt steuert den Inhalt von Benachrichtigungen
    1. Einfaches Event: nur "Neue Nachricht"
    2. Konversationsinformation: "Neue Nachricht von XXXXX"
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/behaviour/notification-policy/index.html b/build-staging/de/docs/settings/behaviour/notification-policy/index.html index 6b4e4f69..ebc5ed74 100644 --- a/build-staging/de/docs/settings/behaviour/notification-policy/index.html +++ b/build-staging/de/docs/settings/behaviour/notification-policy/index.html @@ -12,13 +12,13 @@ - +

Benachrichtigungsrichtlinie

  1. Zu den Einstellungen
  2. Zum Verhalten scrollen
  3. Die Benachrichtigungsrichtlinie steuert das Benachrichtigungsverhalten
  4. Auf Voreinstellung klicken, um das Verhalten zum Einschalten oder Stummschalten aller Benachrichtigungen zu ändern
  5. Wähle deine bevorzugte Benachrichtigungsrichtlinie
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/experiments/clickable-links/index.html b/build-staging/de/docs/settings/experiments/clickable-links/index.html index 383b1e4e..eefe955b 100644 --- a/build-staging/de/docs/settings/experiments/clickable-links/index.html +++ b/build-staging/de/docs/settings/experiments/clickable-links/index.html @@ -12,13 +12,13 @@ - +

Experiment klickbarer Links

Gefahr

Wenn aktiviert, stellt diese Funktion ein Entanonymisierung Risiko dar.

keine URLs von Personen öffnen, denen Du nicht vertraust. Links, die über Cwtch gesendet werden, werden über den Standard Browser auf dem System geöffnet. Die meisten Webbrowser können keine Anonymität anbieten.

Aktiviere das Experiment mit klickbaren Links

Anklickbare Links sind standardmäßig nicht aktiviert. Um Cwtch das Öffnen von Links in Nachrichten zu ermöglichen:

  1. Zu den Einstellungen
  2. Experimente aktivieren
  3. Aktiviere das Klickbare Links Experiment

Risiko

Klickbare Links in Nachrichten sind ein sehr nützliches Feature, aber es gibt Risiken, die Du beachten solltest, wenn Du diese Funktion aktivierst.

Um eine versehentliche Auslösung zu verhindern, öffnet Cwtch nach einem Klick auf einen Link in einer Nachricht zuerst eine zusätzliche Aufforderung mit zwei Optionen:

  1. Die URL in die Zwischenablage kopieren
  2. Öffne die URL im -Standard-Browser

Du kannst die Zurück-Taste auf DeinemGerät verwenden oder von dieser Eingabeaufforderung wegklicken, um die Auswahl einer der beiden Optionen zu vermeiden.

Cwtch kann Dich nicht schützen, wenn Du böswillige Links öffnest.

Die URL wird im -Standard-Browser geöffnet, was wahrscheinlich mindestens Deine IP-Adresse dem Server bekanntgeben wird, der die URL hostet. Webseiten können auch andere Browser-Verwundbarkeiten nutzen, um zusätzliche Informationen zu sammeln oder Deinen Computer weiter auszunutzen.

- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/experiments/file-sharing/index.html b/build-staging/de/docs/settings/experiments/file-sharing/index.html index f6fc5480..4d3ca4a9 100644 --- a/build-staging/de/docs/settings/experiments/file-sharing/index.html +++ b/build-staging/de/docs/settings/experiments/file-sharing/index.html @@ -12,13 +12,13 @@ - +

Dateifreigabe

Diese Einstellung aktiviert Cwtch Dateisharing-Funktionalität. Dies zeigt die Option "Datei teilen" im Konversationsbereich an und erlaubt dir Dateien von Konversationen herunterzuladen.

Optional kannst du Bildvorschau und Profilbilder aktivieren, um Bilddateien automatisch herunterzuladen, Bilder im Konversationsfenster anzuzeigen und die Funktion Profilbilder aktivieren;

Info

Diese Dokumentationsseite ist ein Muster. Du kannst helfen, indem du es mit vergrößerst.

- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/experiments/group-experiment/index.html b/build-staging/de/docs/settings/experiments/group-experiment/index.html index e7edb64f..2d1ce591 100644 --- a/build-staging/de/docs/settings/experiments/group-experiment/index.html +++ b/build-staging/de/docs/settings/experiments/group-experiment/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/experiments/image-previews-and-profile-pictures/index.html b/build-staging/de/docs/settings/experiments/image-previews-and-profile-pictures/index.html index 81dca4d3..152d55f6 100644 --- a/build-staging/de/docs/settings/experiments/image-previews-and-profile-pictures/index.html +++ b/build-staging/de/docs/settings/experiments/image-previews-and-profile-pictures/index.html @@ -12,13 +12,13 @@ - +

Bildvorschau und Profilbilder

Vorsicht

Dieses experimentelle Funktion erfordert das File Sharing aktiviert ist.

Wenn aktiviert, wird Cwtch die Bilddateien automatisch herunterladen, Bildvorschau im Konversationsfenster anzeigen und Profilbilder aktivieren;

Auf dem Desktop, durch das Aktivieren dieser experimentellen Funktion wird der Zugriff auf eine zusätzliche Einstellung "Downloadordner` erlaubt, die geändert werden kann, um Cwtch zu sagen, wo (automatisch) Bilder heruntergeladen werden sollen.

- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/experiments/message-formatting/index.html b/build-staging/de/docs/settings/experiments/message-formatting/index.html index bf4af474..10ab1526 100644 --- a/build-staging/de/docs/settings/experiments/message-formatting/index.html +++ b/build-staging/de/docs/settings/experiments/message-formatting/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/experiments/qrcodes/index.html b/build-staging/de/docs/settings/experiments/qrcodes/index.html index 979bbe60..e7abb048 100644 --- a/build-staging/de/docs/settings/experiments/qrcodes/index.html +++ b/build-staging/de/docs/settings/experiments/qrcodes/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/experiments/server-hosting/index.html b/build-staging/de/docs/settings/experiments/server-hosting/index.html index 5919a486..68188ad8 100644 --- a/build-staging/de/docs/settings/experiments/server-hosting/index.html +++ b/build-staging/de/docs/settings/experiments/server-hosting/index.html @@ -12,13 +12,13 @@ - +

Server Hosting

Server-Hosting ist derzeit eine experimentelle Funktion in Cwtch, es ist standardmäßig nicht aktiviert.

  1. Zu den Einstellungen
  2. Experimente aktivieren
  3. Server-Hosting-Experiment aktivieren
  4. Du wirst wahrscheinlich auch das Gruppenexperiment aktivieren wollen, wenn du an einer Gruppe teilnehmen möchtest, die auf deinem Server gehostet wird
- + \ No newline at end of file diff --git a/build-staging/de/docs/settings/introduction/index.html b/build-staging/de/docs/settings/introduction/index.html index 8af8658d..29a5d6a4 100644 --- a/build-staging/de/docs/settings/introduction/index.html +++ b/build-staging/de/docs/settings/introduction/index.html @@ -12,13 +12,13 @@ - +

Eine Einführung in die Cwtch App-Einstellungen

Darstellung

Dies sind Einstellungen, die das Aussehen von Cwtch beeinflussen, einschließlich Themen und Lokalisierung.

Verhalten

Diese Einstellungen beeinflussen die Reaktion von Cwtch auf bestimmte Ereignisse wie z.B. Benachrichtigungen für neue Nachrichten oder Anfragen von unbekannten öffentlichen Adressen.

Experimente

Es gibt viele Funktionen in Cwtch, die man gerne ausprobieren möchte, deren Implementierung aber zusätzliche Metadaten erfordert oder Risiko, über das Minimum hinaus, das Cwtch für grundlegende Operationen benötigt, hinausgeht.

Unter Experimente findest du eine Anzahl von optionalen Einstellungen, die, wenn aktiviert, Dir zusätzliche Funktionen wie Gruppenchat, Dateiaustausch oder Nachrichtenformatierung bieten.

Du solltest sorgfältig über die neuen Risiken nachdenken, die damit verbunden sein könnten, wenn Du diese Funktionen aktivierst und wenn Du dich damit komfortabel fühlt, kannst du diese aktivieren. Für viele überwiegen die Vorteile des Dateiaustauschs, Bildvorschau und Gruppenchat die möglichen Schäden bei weitem - aber wir verlangen trotzdem von jedem, dass diese Funktionen selber aktiviert werden müssen.

Du kannst die Funktionen jederzeit wieder deaktivieren, alle Funktionen sind lokal innerhalb der Cwtch-App implementiert.

- + \ No newline at end of file diff --git a/build-staging/de/docs/tor/index.html b/build-staging/de/docs/tor/index.html index 25a69a20..5b4ff2f3 100644 --- a/build-staging/de/docs/tor/index.html +++ b/build-staging/de/docs/tor/index.html @@ -12,13 +12,13 @@ - +

Tor

Cwtch verwendet Tor um Routing und Verbindungen bereitzustellen. Die Verwendung von Tor-versteckten Diensten für das Hosten von Profilen und nebenbei generierte "ephemerale" Verbindungen, wenn eine Verbindung aufgebaut wird, bietet eine starke Anonymität für Benutzer von Cwtch.

Tor-Übersicht

Da wir Cwtch eine zusätzliche Netzwerk-Ebene hinzufügen, bieten wir eine Übersicht, um den Tor-Netzwerk-Status zu sehen und Änderungen vorzunehmen. Um darauf zuzugreifen

  1. Klicke auf das Tor-Symbol in der Profilliste tor icon
  2. Den Tor Netzwerkstatus anzeigen
Tor-Status: Online
Torversion: 0.4.6.9

Reset Tor

Das Tor-Netzwerk selbst kann gelegentlich veraltete Verbindungen haben, die nicht sofort von ihm oder Cwtch erkannt werden (wir versuchen dies immer weiter zu verbessern). Manchmal kann ein Benutzer Kontakte oder Gruppen finden, die offline erscheinen, auch wenn diese meinen, dass sie online sein sollten. Wenn du alle Netzwerkverbindungen in Cwtch neu starten möchtest, bieten wir einen Mechanismus zum Tor Neustart von innerhalb der App an. Der Reset Button startet Tor aus der Cwtch App heraus neu.

Cache-Tor-Konsens

Standardmäßig starten wir jedesmal einen neuen Tor-Prozess, wenn die App bootet, und es erfordert das Herunterladen eines Tor-Netzwerk-Zustandes, bevor dieser gestartet werden kann. Dieser Prozess ist nicht so schnell. Wenn du den Cwtch-Start beschleunigen möchtest, kannst du den Tor-Cache-Konsens aktivieren, um zukünftige Starts zu beschleunigen. Wenn du in ein Start Problem kommst, wo die Daten veraltet oder korrupt sind und Cwtch meldet, dass es nicht starten kann, dann deaktiviere diese Einstellung und reset Tor erneut, dann sollte es funktionieren.

Erweiterte Tor Einstellungen

Wir bieten dir auch die Möglichkeit an, in diesem Abschnitt eine erweiterte Tor-Konfiguration bereitzustellen, indem wir dir erlauben:

  • Gib einen benutzerdefinierten SOCKS-Port an, um eine Verbindung zu einem bestehenden Tor herzustellen
  • Gib einen benutzerdefinierten Kontroll-Port an, um eine Verbindung zu einem bestehenden Tor herzustellen
  • und gib weitere Optionen an, indem du benutzerdefinierte torrc Optionen eingibst
- + \ No newline at end of file diff --git a/build-staging/de/index.html b/build-staging/de/index.html index aa2989be..8004af20 100644 --- a/build-staging/de/index.html +++ b/build-staging/de/index.html @@ -12,13 +12,13 @@ - +

Das Cwtch Handbuch

Dein Leitfaden zum Einrichten und Benutzen einer widerstandsfähigen Infrastruktur

Erste Schritte mit Cwtch
- + \ No newline at end of file diff --git a/build-staging/de/security/category/connectivity--tor/index.html b/build-staging/de/security/category/connectivity--tor/index.html index 5146943f..f6542de4 100644 --- a/build-staging/de/security/category/connectivity--tor/index.html +++ b/build-staging/de/security/category/connectivity--tor/index.html @@ -12,13 +12,13 @@ - +

Verbindung & Tor

- + \ No newline at end of file diff --git a/build-staging/de/security/category/cwtch-components/index.html b/build-staging/de/security/category/cwtch-components/index.html index 0dea0e75..d5ba0f98 100644 --- a/build-staging/de/security/category/cwtch-components/index.html +++ b/build-staging/de/security/category/cwtch-components/index.html @@ -12,13 +12,13 @@ - +

Cwtch Komponenten

- + \ No newline at end of file diff --git a/build-staging/de/security/category/cwtch-ui/index.html b/build-staging/de/security/category/cwtch-ui/index.html index 4e48262d..32c3f400 100644 --- a/build-staging/de/security/category/cwtch-ui/index.html +++ b/build-staging/de/security/category/cwtch-ui/index.html @@ -12,13 +12,13 @@ - +

Cwtch-UI

📄️ Bildervorschau

Basierend auf dem Filesharing in Cwtch 1.3 werden die Bildvorschauen durch die Erweiterung des vorgeschlagenen Dateinamens (und nein, wir sind nicht daran interessiert, MIME-Typen oder magische Zahlen zu verwenden) und die angezeigte Größe bestimmt. Wenn diese Option aktiviert ist, lädt das Vorschausystem automatisch freigegebene Bilder in einen konfigurierten Download-Ordner herunter und zeigt sie als Teil der Nachricht selbst an. (Aufgrund von Beschränkungen auf Android werden sie im privaten Cache der App gespeichert und Sie haben die Möglichkeit, sie später an anderer Stelle zu speichern) Die Dateigrößenbeschränkung ist noch nicht festgelegt, wird aber deutlich niedriger sein als die allgemeine Größenbeschränkung für die gemeinsame Nutzung von Dateien, die derzeit bei 10 Gigabyte liegt.

- + \ No newline at end of file diff --git a/build-staging/de/security/category/cwtch/index.html b/build-staging/de/security/category/cwtch/index.html index 6a1a08d0..2454315a 100644 --- a/build-staging/de/security/category/cwtch/index.html +++ b/build-staging/de/security/category/cwtch/index.html @@ -12,13 +12,13 @@ - +

Cwtch

- + \ No newline at end of file diff --git a/build-staging/de/security/category/tapir/index.html b/build-staging/de/security/category/tapir/index.html index f5bf295c..b7d96220 100644 --- a/build-staging/de/security/category/tapir/index.html +++ b/build-staging/de/security/category/tapir/index.html @@ -12,13 +12,13 @@ - +

Tapir

- + \ No newline at end of file diff --git a/build-staging/de/security/components/connectivity/intro/index.html b/build-staging/de/security/components/connectivity/intro/index.html index 578e7178..0d015762 100644 --- a/build-staging/de/security/components/connectivity/intro/index.html +++ b/build-staging/de/security/components/connectivity/intro/index.html @@ -12,13 +12,13 @@ - +

Verbindung

Cwtch nutzt Tor Onion Services (v3) für die Kommunikation zwischen Knoten.

Wir stellen das openprivacy/connectivity Paket zur Verfügung, um den Tor-Daemon zu verwalten und Onion Dienste durch Tor einzurichten und abzubauen.

Bekannte Risiken

Privater Schlüssel dem Tor Prozess ausgesetzt

Status: Teilweise gemildert (Erfordert physischen Zugriff oder Privilegierte Eskalation zum ausnutzen)

Wir müssen den privaten Schlüssel eines Onion Dienstes an die Konnektivitätsbibliothek übergeben über die Listen Schnittstelle (und damit zum Tor Prozess). Dies ist einer der kritischsten Bereiche, der außerhalb unserer Kontrolle liegt. Jede Bindung an einen Rogue-Tor-Prozess oder ein Binary führt zur Kompromittierung des privaten Schlüssels von Onion führen.

Eindämmung

Verbindungsversuche als Standard an den vom System bereitgestellten Tor-Prozess zu binden, nur wenn ihm ein Authentifizierungs-Token zur Verfügung gestellt wurde.

Andernfalls versucht die Konnektivität immer einen eigenen Tor-Prozess mit einem bekannten guten Binärpaket, das mit dem System gepackt wurde (außerhalb des Geltungsbereichs des Konnektivitäts-Paketes)

Langfristig hoffen wir, dass eine integrierte Bibliothek verfügbar sein wird und die direkte Verwaltung über eine In-Prozessoberfläche ermöglicht, um zu verhindern, dass der private Schlüssel die Prozessgrenze verlässt (oder andere alternative Pfade, die es uns erlauben, die volle Kontrolle über den privaten Schlüssel im Speicher zu erhalten.)

Tor-Prozess-Management

Status: Teilweise gemildert (Erfordert physischen Zugriff oder Privilegierte Eskalation zum ausnutzen)

Viele Probleme können sich aus der Verwaltung eines separaten Prozesses ergeben, einschließlich der Notwendigkeit, neu zu starten, zu beenden und anderweitig eine angemessene Verwaltung zu gewährleisten.

Die ACN Schnittstelle bietet Restart, Close und GetBootstrapStatus Schnittstellen die es Anwendungen erlauben, den zugrunde liegenden Tor-Prozess zu verwalten. Zusätzlich kann die SetStatusCallback Methode verwendet werden, um eine Anwendung zu benachrichtigen, wenn der Status des Tor-Prozesses sich ändert.

Wenn jedoch genügend privilegierte Benutzer es wünschen, können sie diesen Mechanismus stören, und als solches ist der Tor-Prozess eine zerbrechlichere Komponente in der Interaktion als andere.

Teststatus

Die aktuelle Konnektivität hat begrenzte Test Möglichkeiten keine davon wird während Pull-Requests oder Zusammenschlüssen ausgeführt. Es gibt keine Integrationstests.

Es ist anzumerken, dass die Konnektivität sowohl von Tapir als auch von Cwtch in ihren Integrationstests verwendet wird (und dies trotz fehlender Tests auf Paketebene ist systemweiten Prüfbedingungen ausgesetzt)

- + \ No newline at end of file diff --git a/build-staging/de/security/components/cwtch/groups/index.html b/build-staging/de/security/components/cwtch/groups/index.html index 425a717f..59ea446a 100644 --- a/build-staging/de/security/components/cwtch/groups/index.html +++ b/build-staging/de/security/components/cwtch/groups/index.html @@ -12,13 +12,13 @@ - +

Gruppen

Das Cwtch Risikomodell für Gruppen ist größtenteils in zwei unterschiedliche Profile aufgeteilt:

  • Gruppen aus gegenseitig vertrauenswürdigen Teilnehmern, in denen Peers als ehrlich angenommen werden.
  • Gruppen, die aus Fremden bestehen, in denen von Peers angenommen wird, dass sie potenziell bösartig sind.

Die meisten der in diesem Abschnitt beschriebenen Eindämmungen beziehen sich auf den letztgenannten Fall, aber wirken sich natürlich auch auf den Ersteren aus. Selbst wenn angenommen wird, dass ehrliche Peers später böswillig werden, gibt es Mechanismen, die solches Böse erkennen und verhindern können, dass es in der Zukunft passiert.

Überblick über die Risiken: Schlüssel-Ableitung

Im Idealfall würden wir ein Protokoll wie OTR verwenden, die Einschränkungen, die uns im Moment daran hindern, sind:

  • Offline-Nachrichten sind nicht garantiert, dass sie alle Peers erreichen, und als solche können alle Metadaten in Bezug auf Schlüsselmaterial verloren gehen. Wir benötigen einen Schlüsselableitungs-Prozess, der robust ist für fehlende Nachrichten oder unvollständige Übertragungen.

Risiko: Schädlicher Peer- verrät Gruppenschlüssel und/oder Unterhaltung

Status: Teilweise gemildert (aber unmöglich vollständig zu mildern)

Ob mit vertrauenswürdigen kleineren Gruppen oder partiell öffentliche größeren Gruppen, es gibt immer die Möglichkeit, dass ein böswilliger Akteur Gruppe Nachrichten verraten kann.

Wir planen, es den Peers zu erleichtern, Gruppen zu fork, den gleichen Schlüssel zu entschärfen, der zur Verschlüsselung vieler sensibler Informationen verwendet wird und ein gewisses Maß an Weiterleitungsgeheimhaltung für frühere Gruppengespräche bereitzustellen.

Risiko: Aktive Angriffe von Gruppenmitgliedern

Status: Teilweise gemildert

Gruppenmitglieder, die Zugang zum Schlüsselmaterial der Gruppe haben, können sich mit einem Server oder anderen Gruppenmitgliedern verschwören, um die Konsistenz des Transkripts zu unterbrechen.

Während wir die Zensur angesichts dieser aktiven Absprachen nicht direkt verhindern können, so verfügen wir doch über eine Reihe von Mechanismen, die ehrlichen Gruppen-Mitgliedern das Vorhandensein einer Zensur offenbaren sollten.

Eindämmung:

  • Weil jede Nachricht vom öffentlichen Schlüssel der Peers signiert ist, es sollte nicht möglich sein (innerhalb der kryptographischen Annahmen der zugrunde liegenden Kryptographie) für ein Gruppenmitglied ein anderes nachzuahmen.
  • Jede Nachricht enthält eine eindeutige Identifikation, die aus dem Inhalt abgeleitet wird und den vorherigen Hash der Nachrichten - wodurch es Kollaborateuren unmöglich gemacht wird, Nachrichten von nicht geheimen Mitgliedern einzufügen, ohne eine implizite Meldungs-Kette zu enthüllen (die wenn sie versuchen andere Nachrichten zu zensieren würde eine solche Zensur offenbaren)

Abschließend: Wir arbeiten aktiv daran, den Cwtch-Servern eine Nichtabstreitbarkeit hinzuzufügen, so dass dass sie selbst in dem, was sie effizient zensieren können, eingeschränkt sind.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/cwtch/key_bundles/index.html b/build-staging/de/security/components/cwtch/key_bundles/index.html index 208c9bfd..29e00a56 100644 --- a/build-staging/de/security/components/cwtch/key_bundles/index.html +++ b/build-staging/de/security/components/cwtch/key_bundles/index.html @@ -12,13 +12,13 @@ - +

Schlüsselbündel

Cwtch-Server identifizieren sich mit signierten Schlüsselbündeln. Diese Schlüsselbündel enthalten eine Liste der benötigten Schlüssel, um die Kommunikation der Cwtch-Gruppe sicher zu machen und Metadaten widerstandsfähig zu machen.

Zum Zeitpunkt des Schreibens wird erwartet, dass Schlüsselbündel 3 Schlüssel enthalten:

  1. Ein öffentlicher Tor v3 Onion Service Public Key für das Token Board (ed25519)- verwendet um sich über Tor mit dem Dienst zu verbinden und Nachrichten zu empfangen.
  2. Ein öffentlicher Schlüssel des Tor-v3-Onion Service für den Token Service (ed25519) - der verwendet wird, um Tokens zu erwerben, um über eine kleine Proof-Work-Übung auf den Dienst zu posten.
  3. Ein Public Key für den Privacy-Pass - verwendet im Token-Akquisitionsprozess (ein ristretto Kurvenpunkt) . Siehe: OPTR2019-01

Das Schlüsselbündel ist signiert und kann über den ersten v3-Onion Service Schlüssel verifiziert werden, so dass es an die onion-Adresse gebunden wird.

Überprüfe Schlüsselbündel

Profile, die Server-Schlüsselpakete importieren, überprüfen sie anhand des folgenden "trust-on-first-use"-Algorithmus (TOFU):

  1. Überprüfung der angehängten Signatur mit der v3-Onion Adresse des Servers. (Wenn dies fehlschlägt, wird der Importprozess gestoppt)
  2. Überprüfung, ob jeder Schlüsseltyp existiert. (Wenn dies fehlschlägt, wird der Importprozess gestoppt)
  3. Wenn das Profil zuvor das Server-Schlüsselbündel importiert hat, Sicherstellung, dass alle Schlüssel gleich sind. (Wenn dies fehlschlägt, wird der Importprozess gestoppt)
  4. Speichern der Schlüssel im Kontakt-Eintrag des Servers.

In Zukunft wird dieser Algorithmus wahrscheinlich so geändert, dass neue öffentliche Schlüssel hinzugefügt werden können (z.B. um Tokens über eine Zcash Adresse zu erwerben.)

Technisch gesehen kann der Server in den Schritten (2) und (3() als bösartig angesehen werden, weil er ein gültiges Schlüsselbündel unterzeichnet hat, das nicht den Spezifikationen entspricht. Wenn Gruppen von "experimentell" in "stable" verschoben werden, führt eine solche Aktion dazu, dass eine Warnung an das Profil kommuniziert wird.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/cwtch/message_formats/index.html b/build-staging/de/security/components/cwtch/message_formats/index.html index 03de314f..a1c671df 100644 --- a/build-staging/de/security/components/cwtch/message_formats/index.html +++ b/build-staging/de/security/components/cwtch/message_formats/index.html @@ -12,13 +12,13 @@ - +

Nachrichtenformate

Peer-to-Peer Nachrichten

PeerMessage {
    ID      string // A unique Message ID (primarily used for acknowledgments)
    Context string // A unique context identifier i.e. im.cwtch.chat
    Data    []byte // The context-dependent serialized data packet.
}

Kontext-Bezeichner

  • im.cwtch.raw - Daten enthalten eine Klartext-Chat-Nachricht (siehe: Overlays für weitere Informationen)

  • im.cwtch.acknowledgement - Daten sind leer und ID verweist auf eine zuvor gesendete Nachricht

  • im.cwtch.getVal und im.cwtch.retVal - Wird für die Abfrage / Rückgabe spezifischer Informationen über einen Peer verwendet. Daten enthalten eine serialisierte peerGetVal und peerRetVal Struktur.

      peerGetVal struct {
              Scope string
              Path string
      }

      type peerRetVal struct {
          Val    string // Serialized path-dependent value
          Exists bool
      }

Klartext / Entschlüsselte Gruppennachrichten

type DecryptedGroupMessage struct {
    Text      string // plaintext of the message
    Onion     string // The Cwtch address of the sender
    Timestamp uint64 // A user specified timestamp
    // NOTE: SignedGroupID is now a misnomer, the only way this is signed is indirectly via the signed encrypted group messages
    // We now treat GroupID as binding to a server/key rather than an "owner" - additional validation logic (to e.g.
    // respect particular group constitutions) can be built on top of group messages, but the underlying groups are
    // now agnostic to those models.
    SignedGroupID      []byte 
    PreviousMessageSig []byte // A reference to a previous message
    Padding            []byte // random bytes of length = 1800 - len(Text)
}

Entschlüsselte Gruppennachrichten enthalten zufällige Füllung zu einer festen Größe, die der Länge aller Felder mit fester Länge + 1800 entspricht. Dies stellt sicher, dass alle verschlüsselten Gruppen-Nachrichten gleich lang sind.

Verschlüsselte Gruppennachrichten

// EncryptedGroupMessage provides an encapsulation of the encrypted group message stored on the server
type EncryptedGroupMessage struct {
    Ciphertext []byte
    Signature  []byte // Sign(groupID + group.GroupServer + base64(decrypted group message)) using the senders Cwtch key
}

Die Berechnung der Signatur erfordert das Wissen über die Gruppen-Id der Nachricht, des Servers, mit dem die Gruppe verbunden ist und der entschlüsselten Gruppennachricht (und damit der Gruppenschlüssel). Es ist vom Absender der Nachricht (ed25519) signiert und kann mit ihrem öffentlichen Cwtch-Adressschlüssel verifiziert werden.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/cwtch/server/index.html b/build-staging/de/security/components/cwtch/server/index.html index bb37ccf6..440a5eea 100644 --- a/build-staging/de/security/components/cwtch/server/index.html +++ b/build-staging/de/security/components/cwtch/server/index.html @@ -12,13 +12,13 @@ - +

Cwtch Server

Ziel des Cwtch-Protokolls ist es, die Gruppenkommunikation über Nicht vertrauenswürdige Infrastruktur zu aktivieren.

Im Gegensatz zu Relay basierten Schemata, bei denen die Gruppen einen Führer, einen Satz von Führern, oder ein vertrauenswürdiger Server von Drittanbietern zuweisen, um sicherzustellen, dass jedes Mitglied der Gruppe Nachrichten zeitnah senden und empfangen kann (selbst wenn Mitglieder offline sind) - hat die nicht vertrauenswürdige Infrastruktur das Ziel, diese Eigenschaften zu realisieren ohne Vertrauen anzunehmen.

Das ursprüngliche Cwtch-Papier hat eine Reihe von Eigenschaften definiert, die Cwtch-Server erwartbar zur Verfügung stellen sollten:

  • Cwtch Server kann von mehreren Gruppen oder nur einer verwendet werden.
  • Ein Cwtch Server, ohne Zusammenarbeit mit einem Gruppenmitglied, sollte niemals die Identität der Teilnehmer innerhalb einer Gruppe erlernen.
  • Ein Cwtch Server sollte niemals den Inhalt einer Kommunikation erlernen.
  • Ein Cwtch-Server sollte niemals in der Lage sein, Nachrichten als einer bestimmten Gruppe zugehörig unterscheiden zu können.

Wir stellen hier fest, dass diese Eigenschaften ein Superset der Designziele der privaten Informationsabfrage sind.

Bösartige Server

Wir erwarten das Vorhandensein bösartiger Entitäten innerhalb des Cwtch-Ökosystems.

Wir legen auch Wert auf Dezentralisierung und erlaubnisfreien Zugang zum Ökosystem und stützen daher keine Sicherheitsansprüche auf die folgenden Punkte:

  • Jede Nicht-Kollusionsannahme zwischen einer Reihe von Cwtch-Servern
  • Jedes von Dritten definierte Prüfverfahren

Die Peers selbst werden ermutigt, Cwtch-Server einzurichten und zu betreiben, wo sie effizientere Eigenschaften garantieren können, indem sie die Vertrauens- und Sicherheits Annahmen voraussetzen - standardmäßig ist das Protokoll jedoch so konzipiert, dass es auch ohne diese Annahmen sicher ist - auf Kosten der Effizienz, wo es nötig ist.

Erkennbare Fehler

  • Wenn ein Cwtch-Server eine bestimmte Nachricht nicht an eine Gruppe von Gruppenmitgliedern weiterleitet, wird es eine erkennbare Lücke im Nachrichtenbaum einiger Peers geben, die durch Peer-to-Peer Klatsch entdeckt werden kann.
  • Ein Cwtch-Server kann keine Nachricht ohne das Schlüsselmaterial, das der Gruppe bekannt ist, ändern (jeder Versuch, dies für eine Teilmenge von Gruppenmitgliedern zu tun, führt dazu, dass es das gleiche Verhalten hat, wie wenn keine Nachricht weitergeleitet wird).
  • Während ein Server Nachrichten duplizieren kann, haben diese keine Auswirkungen auf den Gruppen-Nachrichtenbaum (aufgrund der Verschlüsselung, Nonces und Nachrichtenidentitäten) - die Quelle der Vervielfältigung ist für einen Peer nicht bekannt.

Effizienz

Zum Zeitpunkt des Schreibens dieser Seite ist nur ein Protokoll für das Erreichen der gewünschten Eigenschaften bekannt, naive PIR oder "der Server sendet alles, und die Peers sichten es".

Dies hat einen offensichtlichen Einfluss auf die Effizienz der Bandbreite, insbesondere für Peers mit mobilen Geräten, als solche entwickeln wir aktiv neue Protokolle, in denen die Datenschutz- und Effizienzgarantien auf unterschiedliche Weise ausgehandelt werden können.

Beim Zeitpunkt des Schreibens dieser Seite erlauben die Server sowohl einen vollständigen Download aller gespeicherten Nachrichten, und eine Anfrage, um Nachrichten von einer bestimmten Nachricht herunterzuladen.

Alle Peers, wenn sie einer Gruppe auf einem neuen Server beitreten, laden alle Nachrichten vom Server herunter und von dann an laden sie nur neue Nachrichten.

Hinweis: Dieses Verhalten erlaubt eine milde Form der Metadatenanalyse. Der Server kann neue Nachrichten für jedes verdächtige eindeutige Profil anzeigen und dann diese eindeutigen Signaturen benutzen um eindeutige Sitzungen im Laufe der Zeit zu verfolgen (über Anfragen für neue Nachrichten).

Dies wird durch 2 Verwirrungsfaktoren gemildert:

  1. Profile können ihre Verbindungen jederzeit aktualisieren - was zu einer neuen Serversitzung führt.
  2. Profile können jederzeit von einem Server "synchronisieren" - was zu einem neuen Aufruf führt, um alle Nachrichten herunterzuladen. Die am meisten verbreitete Benutzungsgrundlage für dieses Verhalten ist das Abrufen älterer Nachrichten aus einer Gruppe.

In Kombination setzen diese 2 Abschwächungen Grenzen auf das, was der Server herausfinden kann, aber wir können noch keine vollständige Metadatenresistenz bieten.

Für mögliche zukünftige Lösungen für dieses Problem siehe Niwl

Den Server wird vor böswilligen Peers schützen

Das Hauptrisiko für Server besteht in Form von Spam, der von Peers erzeugt wird. Im Prototyp von Cwtch wurde ein Spamschutzmechanismus eingeführt, der von anderen Peers verlangte, einen willkürlichen Nachweis der Arbeit mit einem server-spezifizierten Parameter durchzuführen.

Dies ist keine robuste Lösung in Anwesenheit eines bestimmten Gegners mit einer beträchtlichen Menge an Ressourcen und damit wird eines der wichtigsten externen Risiken für das Cwtch-System wird Zensur-Via-Ressourcen-Erschöpfung.

Wir haben eine mögliche Lösung dafür in Token basierten Diensten skizziert, aber beachte, dass dies ebenfalls weiterentwickelt werden muss.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/ecosystem-overview/index.html b/build-staging/de/security/components/ecosystem-overview/index.html index 0bcd8f38..639731cb 100644 --- a/build-staging/de/security/components/ecosystem-overview/index.html +++ b/build-staging/de/security/components/ecosystem-overview/index.html @@ -12,13 +12,13 @@ - +

Komponenten Ecosystem Übersicht

Cwtch besteht aus mehreren kleineren Komponenten-Bibliotheken. Dieses Kapitel gibt einen kurzen Überblick über jede Komponente und wie sie sich auf das größere Cwtch-Ökosystem bezieht.

offene Privatsphäre/Konnektivität

Zusammenfassung: Eine Bibliothek, die eine ACN (Anonymous Communication Network ) Netzwerkabstraktion zur Verfügung stellt.

Das Ziel der Konnektivität ist es, die zugrunde liegenden Bibliotheken/Software zu abstrahieren, die für die Kommunikation mit einer spezifischen ACN benötigt wird. Zurzeit unterstützen wir nur Tor und deshalb ist die Aufgabe der Verbindung folgendes:

  • Start und Stopp des Tor Prozesses
  • Bereitstellen der Konfiguration des Tor-Prozesses
  • Erlaube unveränderte Verbindungen zu Endpunkten über den Tor-Prozess (z.B. Verbindung mit Onion-Diensten)
  • Endpunkte über den Tor-Prozess zur Verfügung stellen (z.B. Host-Onion-Dienste)
  • Statusaktualisierungen über den zugrunde liegenden Tor-Prozess bereitstellen

Für weitere Informationen siehe Konnektivität

cwtch.im/tapir

Zusammenfassung: Tapir ist eine kleine Bibliothek für das Erstellen von p2p Anwendungen über anonyme Kommunikationssysteme.

Das Ziel von Tapir ist es, Anwendungen über eine bestimmte ACN zu abstrahieren. Tapir unterstützt:

Für weitere Informationen siehe Tapir

cwtch.im/cwtch

Zusammenfassung: Cwtch ist die Hauptbibliothek für die Implementierung des Cwtch-Protokolls / System.

Das Ziel von Cwtch ist die Bereitstellung von Implementierungen für cwtch-spezifische Anwendungen wie z.B. Nachrichtensendung, Gruppen und Dateifreigabe (implementiert als Tapir Anwendungen), Schnittstellen zur Verwaltung und Speicherung von Cwtch Profilen, bietet neben der Verwaltung anderer Kernfunktionen auch einen Eventbus für Subsystem Splitting und das Erstellen von Plugins mit neuen Funktionen.

Die Cwtch Bibliothek ist auch für die Pflege kanonischer Modelldarstellungen für Formate und Overlays zuständig.

cwtch.im/libcwtch-go

Zusammenfassung: libcwtch-go stellt C (auch für Android) Bindungen für Cwtch bereit für die Benutzung in UI Implementierungen.

Das Ziel von libcwtch-go ist es, die Lücke zwischen der Backend Cwtch Bibliothek und allen Frontend-Systemen zu überbrücken, die in einer anderen Sprache geschrieben werden können.

Die von libcwtch bereitgestellte API ist wesentlich eingeschränkter als die von Cwtch direkt bereitgestellte API, jede libcwtch API paketiert normalerweise mehrere Aufrufe an Cwtch.

libcwtch-go ist auch für die Verwaltung der UI-Einstellungen und des experimentellen Gateways zuständig. Es wird auch oft als Staging-Boden für experimentelle Funktionen und Code verwendet, die möglicherweise am Ende in Cwtch enden.

cwtch-ui

Zusammenfassung: Eine flutterbasierte Oberfläche (UI) für Cwtch.

Cwtch UI verwendet libcwtch-go um ein vollständiges UI für Cwtch bereitzustellen, das es Leuten ermöglicht, Profile zu erstellen und zu verwalten, Kontakte und Gruppen hinzuzufügen, Nachrichten zu versenden, Dateien freizugeben (bald) und vieles mehr.

Das UI ist auch für die Verwaltung von Lokalisierung und Übersetzungen zuständig.

Für weitere Informationen siehe Cwtch UI

Zusätzliche Komponenten

Gelegentlich wird Open Privacy Teile von Cwtch in eigenständige Bibliotheken einbeziehen, die nicht Cwtch spezifisch sind. Diese werden hier kurz zusammengefasst:

openprivacy/log

Ein Open Privacy spezifisches Logging-Framework, das in allen Cwtch Paketen verwendet wird.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/intro/index.html b/build-staging/de/security/components/intro/index.html index 676e0587..f5a20841 100644 --- a/build-staging/de/security/components/intro/index.html +++ b/build-staging/de/security/components/intro/index.html @@ -12,13 +12,13 @@ - +

Cwtch technische Grundlagen

Diese Seite bietet einen kurzen technischen Überblick über das Cwtch-Protokoll.

Ein Cwtch Profil

Benutzer können eines von mehreren Cwtch Profilen erstellen. Jedes Profil erzeugt ein zufälliges ed25519 Schlüsselpaar, welches kompatibel mit Tor ist.

Zusätzlich zum kryptographischen Material enthält ein Profil auch eine Liste von Kontakten (öffentliche Schlüssel für das Cwtch-Profil + zugeordnete Daten über dieses Profil wie Nickname und (optional) historische Nachrichten), eine Liste von Gruppen (mit kryptographischem Gruppenmaterial zusätzlich zu anderen zugehörigen Daten wie dem Gruppennickname und historischen Nachrichten).

2-Parteien-Konversionen: Peer to Peer

Damit 2 Parteien ein Peer-to-Peer-Gespräch führen können, müssen beide online sein, aber nur eine Partei muss über ihren Onion-Dienst erreichbar sein. Um der Klarheit willen kennzeichnen wir oft eine Partei als den "eingehenden Peer" (die Person, die den Onion-Dienst beherbergt) und die andere Partei den "ausgehenden Peer" (der sich mit dem Onion-Dienst verbindet).

Nach einer Verbindung beteiligen sich beide Seiten an einem -Authentifizierungsprotokoll von:

  • Behauptet, dass jede Partei Zugriff auf den privaten Schlüssel hat, der mit ihrer öffentlichen Identität verbunden ist.
  • Erzeugt einen kurzlebigen Sitzungs-Schlüssel, der zur Verschlüsselung aller weiteren Kommunikation während der Sitzung verwendet wird.

Dieser Austausch (detailliert im -Authentifizierungsprotokolldokumentiert) ist offline verweigerbar d. h. es ist möglich für jede Seite Transkripte dieses Protokoll-Austausches zu fälschen und daher ist es unmöglich definitiv zu beweisen, dass der Austausch überhaupt stattgefunden hat.

Nach dem Authentifizierungsprotokoll können beide Parteien frei miteinander kommunizieren.

Mehrparteien-Unterhaltungen: Gruppen und Kommunikation zwischen Peer to Server

Hinweis: Metadaten resistente Kommunikation ist noch ein aktives Entwicklungsfeld und was hier dokumentiert ist wird sehr wahrscheinlich in der Zukunft sich ändern.

Wenn eine Person eine Gruppendiskussion starten möchte, generiert sie einen zufälligen geheimen Gruppenschlüssel. Alle Gruppenkommunikation wird mit diesem Schlüssel verschlüsselt.

Zusammen mit dem Gruppenschlüssel entscheidet der Gruppenersteller sich auch für einen Cwtch Server als Host der Gruppe zu verwenden. Weitere Informationen darüber, wie Server sich selbst authentifizieren, findest du unter Schlüsselbündel.

Ein Gruppen Identifikator wird mit dem Gruppenschlüssel und dem Gruppenserver generiert und diese drei Elemente sind in einer Einladung verpackt, die an potenzielle Gruppenmitglieder gesendet werden kann (z.B. über existierende Peer-to-Peer-Verbindungen).

Um eine Nachricht an die Gruppe zu senden, verbindet sich ein Profil mit dem Server, der die Gruppe beherbergt (siehe unten), und verschlüsselt deine Nachricht mit dem Gruppenschlüssel und erzeugt eine kryptographische Signatur über die Gruppen-Id, Gruppen Server und die entschlüsselte Nachricht (siehe: Nachrichtenformate für weitere Informationen).

Um Nachrichten von der Gruppe zu erhalten, verbindet sich ein Profil mit dem Server, der die Gruppe beherbergt und lädt alle Nachrichten (seit seiner vorherigen Verbindung) herunter. Die Profile versuchen dann jede Nachricht mit dem Gruppenschlüssel zu entschlüsseln und wenn dies erfolgreich war, dann die Signatur zu verifizieren (siehe Cwtch Server Cwtch Gruppen für einen Überblick über Attacken und Abschwächungen).

Server sind Peers

In vielerlei Hinsicht ist die Kommunikation mit einem Server identisch mit einer regulären Cwtch Gegenstelle, die gleichen Schritte oben werden durchgeführt, aber der Server fungiert immer als eingehender Peer, und der ausgehende Peer verwendet immer neu generierte kurzlebige Schlüsselpaare als "Langfristige Identität".

Somit unterscheidet sich die Peer zu Server Konversation nur in der Art der Nachrichten, die zwischen zwei Seiten gesendet werden, mit dem Server, der alle Nachrichten, die er erhält, weiterleitet und außerdem den Clients erlaubt den Server nach älteren Nachrichten abzufragen.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/tapir/authentication_protocol/index.html b/build-staging/de/security/components/tapir/authentication_protocol/index.html index ce68bc8c..b8c8900b 100644 --- a/build-staging/de/security/components/tapir/authentication_protocol/index.html +++ b/build-staging/de/security/components/tapir/authentication_protocol/index.html @@ -12,13 +12,13 @@ - +

Authentifizierungsprotokoll

Jeder Peer erhält eine offene Verbindung CC:

I=InitializeIdentity()Ie=InitializeEphemeralIdentity()I,IeCP,eCk=KDF(Pei+Pie+Peie)c=E(k,transkript.ommit())cCcpCD(k,cp)=?transcript.LatestCommit()I = \mathrm{InitializeIdentity()} \\ I_e = \mathrm{InitializeEphemeralIdentity()} \\ I,I_e \rightarrow C \\ P, _e \leftarrow C \\ k = \mathrm{KDF}({P_e}^{i} + {P}^{i_e} + {P_e}^{i_e}) \\ c = \mathrm{E}(k, transkript. ommit()) \\ c \rightarrow C \\ c_p \leftarrow C\\ \mathrm{D}(k, c_p) \stackrel{?}{=} transcript.LatestCommit()

Das obige stellt ein Skizzenprotokoll dar, in Wirklichkeit gibt es ein paar Implementierungsdetails die es zu erwähnen gilt:

Einmal von der Schlüssel-Ableitungsfunktion (KDF\mathrm{KDF}) abgeleitet, wird der Schlüssel (kk) auf an gesetzt. Dies bedeutet, dass die Authentifizierungs-App die Verschlüsselung oder Entschlüsselung nicht explizit durchführt.

Die Verkettung von Teilen des 3DH Austauschs ist streng geregelt:

  • DH der langfristigen Identität der ausgehenden Verbindung durch den flüchtigen Schlüssel der eingehenden Verbindung.
  • DH der langfristigen Identität der eingehenden Verbindung durch den flüchtigen Schlüssel der ausgehenden Verbindung.
  • DH der beiden ephemeren Identitäten der eingehenden und ausgehenden Verbindungen.

Diese strikte Reihenfolge stellt sicher, dass beide Seiten der Verbindung den gleichen Sitzungsschlüssel ableiten.

Kryptographische Eigenschaften

Während einer Online-Sitzung können alle mit dem Sitzungsschlüssel verschlüsselten Nachrichten von den Peers als von ihrem Peers kommend authentifiziert werden (oder zumindest jemand, der über einen geheimen Schlüssel der Peers verfügt, da dies mit der Onion Adresse in Verbindung steht).

Sobald die Sitzung beendet ist, ein Transkript mit den langfristigen und kurzlebigen öffentlichen Schlüsseln, ein abgeleiteter Session-Schlüssel und alle verschlüsselten Nachrichten in der Sitzung können nicht als authentisch bewiesen werden. dieses Protokoll bietet die Nachricht & Teilnehmer Zurückweisung (offline verweigerbar) zusätzlich zur Nachrichtenunverlinkbarkeit (offline verweigerbar) für den Fall, dass jemand damit zufrieden ist, dass eine einzelne Nachricht im Transkript von einem Peer stammt, es gibt keine Möglichkeit, eine andere Nachricht mit zu verknüpfen.

Intuition für die obigen Ausführungen: Das einzige kryptographische Material, das mit dem Transkript zusammenhängt, ist der abgeleitete Sitzungsschlüssel - wenn der Sitzungsschlüssel veröffentlicht wird, kann er verwendet werden, um neue Nachrichten im Transkript zu schmieden - und als solche unterliegt jede eigenständige Transkription der Möglichkeit einer Fälschung und kann daher nicht verwendet werden, um einen Peer kryptographisch an eine Unterhaltung zu binden.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/tapir/packet_format/index.html b/build-staging/de/security/components/tapir/packet_format/index.html index 14c938b3..2b84bffb 100644 --- a/build-staging/de/security/components/tapir/packet_format/index.html +++ b/build-staging/de/security/components/tapir/packet_format/index.html @@ -12,13 +12,13 @@ - +

Paketformat

Alle Tapir-Pakete haben eine feste Länge (8192 Bytes) und die ersten 2 Bytes zeigen die tatsächliche Länge der Nachricht, len Bytes an Daten und der Rest mit null aufgefüllt:

| len (2 bytes) | data (len bytes) | paddding (8190-len bytes)|

Einmal verschlüsselt, ist das gesamte 8192-Byte-Datenpaket mit libsodium secretbox verschlüsselt unter Verwendung der Standardstruktur ( beachte in diesem Fall die tatsächlich benutzbare Größe des Datenpakets ist 8190-14, um die Nonce in der Geheimbox zu unterbringen)

Informationen darüber, wie der geheime Schlüssel abgeleitet wird, findest du im Authentifizierungsprotokoll

- + \ No newline at end of file diff --git a/build-staging/de/security/components/ui/android/index.html b/build-staging/de/security/components/ui/android/index.html index 83d5e4db..3bffa96c 100644 --- a/build-staging/de/security/components/ui/android/index.html +++ b/build-staging/de/security/components/ui/android/index.html @@ -12,13 +12,13 @@ - +

Android Dienst

Angepasst von: Discreet Log #11: Integration von FFI-Prozessen mit Android-Diensten

Zusätzlich zu der Notwendigkeit, einfache Methodenaufrufe in die Cwtch-Bibliothek zu machen, müssen wir auch in der Lage sein, mit langlaufenden Cwtch-Go-Routinen zu kommunizieren (und Ereignisse von ihnen zu empfangen), die den Tor-Prozess im Hintergrund laufen lassen, den Verbindungs- und Gesprächsstatus für alle deine Kontakte verwalten und einige andere Überwachungs- und Wartungsaufgaben erledigen. Auf herkömmlichen Multitasking-Desktop-Betriebssystemen ist dies kein wirkliches Problem, aber auf mobilen Geräten mit Android müssen wir mit kürzeren Sitzungen, häufigen Entladevorgängen sowie Netzwerk- und Energiebeschränkungen zurechtkommen, die sich im Laufe der Zeit ändern können. Da Cwtch metadatenresistent und datenschutzorientiert sein soll, wollen wir auch Benachrichtigungen bereitstellen, ohne den Google-Push-Benachrichtigungsdienst zu nutzen.

Die Lösung für langlaufende Netzwerkanwendungen wie Cwtch besteht darin, unseren FFI-Code in einen Android Foreground Service zu integrieren. (Und nein, es ist mir nicht entgangen, dass der Code für unser Backend in einem sogenannten ForegroundService untergebracht ist) Die WorkManager-API ermöglicht es uns, mit ein wenig Fingerspitzengefühl verschiedene Arten von Diensten zu erstellen und zu verwalten, darunter auch ForegroundServices. Dies erwies sich als eine gute Wahl für uns, da unser gomobile FFI-Handler bereits in Kotlin geschrieben war und WorkManager uns erlaubt, eine Kotlin-Coroutine zu spezifizieren, die als Dienst aufgerufen wird.

Wenn Sie uns folgen wollen, unsere WorkManager-Spezifikationen werden in der handleCwtch()-Methode von MainActivity.kt erstellt, und die Worker selbst sind in FlwtchWorker.kt definiert.

Unsere einfachen Methodenaufrufe an FFI-Routinen werden auch als WorkManager-Arbeitsanforderungen aktualisiert, so dass wir die Rückgabewerte bequem über den Ergebnis-Callback zurückgeben können.

Ein erster Aufruf (passenderweise Start genannt) wird von FlwtchWorker gekapert, um unsere Eventbus-Schleife zu werden. Da es sich bei FlwtchWorker um eine Co-Routine handelt, ist es für sie ein Leichtes, bei Bedarf aufzugeben und fortzufahren, während sie darauf wartet, dass Ereignisse erzeugt werden. Die Goroutinen von Cwtch können dann Ereignisse ausgeben, die von FlwtchWorker aufgegriffen und entsprechend weitergeleitet werden.

Die Eventbus-Schleife von FlwtchWorker ist nicht nur ein langweiliger Forwarder. Es muss auf bestimmte Nachrichtentypen geprüft werden, die den Android-Status beeinflussen. So sollten beispielsweise bei neuen Nachrichtenereignissen normalerweise Benachrichtigungen angezeigt werden, auf die der Benutzer klicken kann, um das entsprechende Konversationsfenster aufzurufen, auch wenn die App nicht im Vordergrund läuft. Wenn es an der Zeit ist, das Ereignis an die Anwendung weiterzuleiten, verwenden wir LocalBroadcastManager, um die Benachrichtigung an MainActivity.onIntent zu erhalten. Von dort aus verwenden wir wiederum Flutter MethodChannels, um die Ereignisdaten von Kotlin an die Flutter-Engine des Frontends weiterzuleiten, wo das Ereignis schließlich von Dart-Code geparst wird, der die Benutzeroberfläche nach Bedarf aktualisiert.

Nachrichten und andere permanente Zustände werden vom Dienst auf der Festplatte gespeichert, so dass das Frontend nicht aktualisiert werden muss, wenn die Anwendung nicht geöffnet ist. Einige Dinge (wie z. B. Daten und ungelesene Nachrichten) können dann jedoch zu Desynchronisationen zwischen Front- und Backend führen, so dass wir dies beim Starten/Fortsetzen der Anwendung überprüfen, um zu sehen, ob wir Cwtch neu initialisieren und/oder den UI-Status neu synchronisieren müssen.

Schließlich haben wir bei der Implementierung dieser Dienste unter Android festgestellt, dass WorkManager sehr gut darin ist, alte Warteschlangen aufrechtzuerhalten, und zwar so gut, dass alte Worker sogar nach einer Neuinstallation der Anwendung wieder aufgenommen wurden! Das Hinzufügen von Aufrufen zu pruneWork() hilft, dies abzumildern, solange die Anwendung ordnungsgemäß heruntergefahren wurde und alte Aufträge ordnungsgemäß abgebrochen wurden. Dies ist unter Android jedoch häufig nicht der Fall, so dass wir es als zusätzliche Abschwächung für sinnvoll erachten, die Arbeit mit dem Namen des nativen Bibliotheksverzeichnisses zu kennzeichnen:

private fun getNativeLibDir(): String {
    val ainfo = this.applicationContext.packageManager.getApplicationInfo(
            "im.cwtch.flwtch", // Must be app name
            PackageManager.GET_SHARED_LIBRARY_FILES)
    return ainfo.nativeLibraryDir
}

... dann brechen wir bei jedem Start der Anwendung alle Aufträge ab, die nicht mit dem richtigen aktuellen Bibliotheksverzeichnis gekennzeichnet sind. Da sich der Name dieses Verzeichnisses bei jeder Installation der Anwendung ändert, verhindert diese Technik, dass wir versehentlich mit einem veralteten Service Worker fortfahren.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/ui/image_previews/index.html b/build-staging/de/security/components/ui/image_previews/index.html index e7fc5ce1..72e6b050 100644 --- a/build-staging/de/security/components/ui/image_previews/index.html +++ b/build-staging/de/security/components/ui/image_previews/index.html @@ -12,13 +12,13 @@ - +

Bildervorschau

Basierend auf dem Filesharing in Cwtch 1.3 werden die Bildvorschauen durch die Erweiterung des vorgeschlagenen Dateinamens (und nein, wir sind nicht daran interessiert, MIME-Typen oder magische Zahlen zu verwenden) und die angezeigte Größe bestimmt. Wenn diese Option aktiviert ist, lädt das Vorschausystem automatisch freigegebene Bilder in einen konfigurierten Download-Ordner herunter und zeigt sie als Teil der Nachricht selbst an. (Aufgrund von Beschränkungen auf Android werden sie im privaten Cache der App gespeichert und Sie haben die Möglichkeit, sie später an anderer Stelle zu speichern) Die Dateigrößenbeschränkung ist noch nicht festgelegt, wird aber deutlich niedriger sein als die allgemeine Größenbeschränkung für die gemeinsame Nutzung von Dateien, die derzeit bei 10 Gigabyte liegt.

Im Moment unterstützen wir nur Einzelbildnachrichten und jede Bildbearbeitung/jeder Bildausschnitt muss in einer separaten Anwendung erfolgen. Wie in den FAQ zum Filesharing erwähnt, enthalten Bilddateien häufig auch wichtige versteckte Metadaten und du solltest sie nur mit Personen teilen, denen du vertraust.

Bekannte Risiken

Andere Anwendungen und/oder das Betriebssystem, die Informationen aus Bildern ableiten

Bilder müssen irgendwo gespeichert werden und wir haben uns dafür entschieden, sie zunächst unverschlüsselt im Dateisystem zu speichern. Wir haben dies aus 2 Gründen gemacht:

  1. Um leistungsfähigere Dateifreigabeverfahren wie Rehosting zu unterstützen, müssen wir in der Lage sein, Dateien effizient zu scannen und Chunks zu liefern - dies über eine verschlüsselte Datenbankschicht zu tun, würde die Leistung beeinträchtigen.
  2. Diese Informationen müssen immer die Anwendungsgrenze passieren (entweder über Anzeigetreiber oder durch Speichern und Anzeigen der Datei in einer externen Anwendung) - es gibt nichts, was Cwtch nach diesem Punkt tun kann.

Bösartige Bilder, die Cwtch zum Absturz bringen oder anderweitig kompromittieren

Flutter verwendet Skia, um Bilder zu rendern. Der zugrundeliegende Code ist zwar speicherunsicher, wird aber im Rahmen der regulären Entwicklung ausführlich zerfusselt.

Wir führen auch unsere eigenen Fuzz-Tests von Cwtch-Komponenten durch. Bei dieser Analyse haben wir einen einzigen Absturzfehler gefunden, der mit einer fehlerhaften GIF-Datei, die den Renderer dazu veranlasste, eine lächerliche Menge an Speicher zuzuweisen (und schließlich vom Kernel abgelehnt wurde). Um zu verhindern, dass sich dies auf Cwtch auswirkt, haben wir die Richtlinie eingeführt, immer eine maximale cacheWidth und/oder cacheHeight für Bild-Widgets.

Bösartige Bilder werden auf verschiedenen Plattformen unterschiedlich gerendert, was zur Offenlegung von Metadaten führen kann

Vor kurzem wurde ein Fehler in Apples png-Parser gefunden, der dazu führte, dass ein Bild auf Apple-Geräten anders dargestellt wurde als auf Nicht-Apple-Geräten.

Wir haben einige Tests mit unseren Mac-Builds durchgeführt und konnten dieses Problem für Flutter nicht replizieren (da alle Flutter-Builds Skia für das Rendering verwenden), aber wir werden solche Fälle weiterhin in unseren Testkorpus aufnehmen.

Die Bildvorschau bleibt vorerst experimentell und auf freiwilliger Basis.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/ui/input/index.html b/build-staging/de/security/components/ui/input/index.html index f3840f50..27e1c73c 100644 --- a/build-staging/de/security/components/ui/input/index.html +++ b/build-staging/de/security/components/ui/input/index.html @@ -12,13 +12,13 @@ - +

Eingabe

Risiko: Abfangen von Cwtch-Inhalten oder Metadaten durch eine IME auf mobilen Geräten

Status: Teilweise gemildert

Jede Komponente, die die Möglichkeit hat, Daten zwischen einer Person und der Cwtch-App abzufangen, stellt ein potenzielles Sicherheitsrisiko.

Einer der wahrscheinlichsten Abfangjäger ist ein IME (Input Method Editor) eines Drittanbieters, der häufig um Zeichen zu erzeugen, die von ihrem Gerät nicht unterstützt werden.

Selbst gutartige und standardmäßige IME-Anwendungen können unbeabsichtigt Informationen über den Inhalt einer Person preisgeben, z. B. durch Cloud-Synchronisierung, Cloud-Übersetzung oder persönliche Wörterbücher.

Letztlich kann dieses Problem nicht von Cwtch allein gelöst werden, sondern stellt ein größeres Risiko dar, welches auf das gesamte mobile Ökosystem auswirkt.

Ein ähnliches Risiko besteht auf dem Desktop durch die Verwendung ähnlicher Eingabeanwendungen (zusätzlich zu den Software-Keyloggern), Wir sind jedoch der Ansicht, dass dies völlig außerhalb des Rahmens der Cwtch-Risikobewertung liegt (in Übereinstimmung mit anderen Angriffen auf die Sicherheit des zugrunde liegenden Betriebssystems selbst).

Dies wird in Cwtch 1.2 teilweise durch die Verwendung von enableIMEPersonalizedLearning: false entschärft. Siehe diesen PR für weitere Informationen.

- + \ No newline at end of file diff --git a/build-staging/de/security/components/ui/overlays/index.html b/build-staging/de/security/components/ui/overlays/index.html index 1495868b..860ba832 100644 --- a/build-staging/de/security/components/ui/overlays/index.html +++ b/build-staging/de/security/components/ui/overlays/index.html @@ -12,13 +12,13 @@ - +

Nachrichten Overlays

Angepasst von: Discreet Log #8: Anmerkungen zur Cwtch Chat API

Hinweis: Dieser Abschnitt behandelt Overlay-Protokolle, die auf das Cwtch-Protokoll aufsetzen. Für Informationen über das Cwtch-Protokoll Nachrichten selbst schaue unter Nachrichtenformate

Wir sehen Cwtch als eine Plattform für die Bereitstellung einer authentifizierten Transportschicht für Anwendungen auf höherer Ebene. Es steht den Entwicklern frei, selbst zu entscheiden, welche Protokolle der Anwendungsschicht sie verwenden wollen, ob sie maßgeschneiderte binäre Nachrichtenformate wünschen oder einfach nur eine HTTP-Bibliothek aufsetzen und die Sache abhaken wollen. Cwtch kann neue Schlüsselpaare für Sie generieren (die zu Onion-Adressen werden; es sind keine DNS-Registrierungen erforderlich!) und du kannst mit REST sicher sein, dass alle Daten, die deine Anwendung vom (anonymen Kommunikations-) Netz empfängt, bereits authentifiziert wurden.

In unserem aktuellen Stack sind die Nachrichten in einen minimalen JSON-Rahmen verpackt, der einige kontextbezogene Informationen über den Nachrichtentyp hinzufügt. Und da es sich bei serialisierten JSON-Objekten nur um Wörterbücher handelt, können wir später bei Bedarf problemlos weitere Metadaten hinzufügen.

Chat-Overlays, Listen und Bulletins

Das ursprüngliche Cwtch alpha zeigte "Overlays": verschiedene Arten, denselben Datenkanal zu interpretieren, abhängig von der Struktur der atomaren Daten selbst. Wir haben einfache Checklisten und BBS/Klassifizierungsanzeigen als Overlays eingefügt, die mit jedem Cwtch-Kontakt angeschaut und geteilt werden konnten, sei es mit einem einzelnen Peer oder einer Gruppe. Das Übertragungsformat sah wie folgt aus:

{o:1,d:"hey there!"}
{o:2,d:"bread",l:"groceries"}
{o:3,d:"garage sale",p:"[parent message signature]"}

Overlay-Feld o bestimmt, ob es ein Chat (1), Liste (2), oder Bulletin (3) Nachricht war. Das Datenfeld d ist überladen und Listen/Bulletins benötigen zusätzliche Informationen darüber, welcher Gruppe/Beitrag sie angehören. (Wir verwenden Nachrichtensignaturen anstelle von IDs, um Probleme wie Ordnungsprobleme und böswillig erstellte IDs zu vermeiden. Auf diese Weise teilt auch das Cwtch-Protokoll dem Frontend mit, welche Nachricht abgeholt wird)

Datenstruktur

Die Implementierung von baumstrukturierten Daten auf einem sequentiellen Nachrichtenspeicher hat offensichtliche Leistungsnachteile. Betrachte z. B. die Nachrichtenansicht, die die neuesten Nachrichten zuerst lädt und nur so weit zurückgeht, dass sie das aktuelle Ansichtsfenster ausfüllt, im Vergleich zu einem (etwas pathologischen) Forum, in dem fast jede Nachricht ein Kind der allerersten Nachricht in der Historie ist, die Gigabytes an Daten enthalten kann. Wenn die Benutzeroberfläche nur Beiträge der obersten Ebene anzeigt, bis der Benutzer sie erweitert, müssen wir den gesamten Verlauf analysieren, bevor wir genügend Informationen erhalten, um überhaupt etwas anzuzeigen.

Ein weiteres Problem besteht darin, dass das Multiplexen all dieser Überlagerungen in einem Datenspeicher "Löcher" in den Daten erzeugt, die lazy-loaded listviews und Scrollbars verwirren. Die Anzahl der Nachrichten kann darauf hinweisen, dass es eine Menge weiterer Informationen gibt, die angezeigt werden können, wenn der Benutzer einfach scrollt, aber wenn sie tatsächlich abgerufen und geparst werden, könnten wir feststellen, dass nichts davon für das aktuelle Overlay relevant ist.

Keines dieser Probleme ist unüberwindbar, aber sie zeigen einen Fehler in unseren ursprünglichen Annahmen über die Art des kollaborativen Nachrichtenflusses und die Art und Weise, wie wir mit diesen Daten umgehen sollten.

Overlay Typen

Wie oben erwähnt, werden Overlays in einem sehr einfachen JSON-Format mit der folgenden Struktur angegeben:

type ChatMessage struct {
    O int    `json:"o"`
    D string `json:"d"`
}

Wo O für Overlay mit den unten dokumentierten unterstützten Overlays steht:

1: data is a chat string
2: data is a list state/delta
3: data is a bulletin state/delta
100: contact suggestion; data is a peer onion address
101: contact suggestion; data is a group invite string

Chat-Nachrichten (Overlay 1)

Die einfachste Variante ist eine Chat-Nachricht, die einfach nur rohe, unverarbeitete Informationen über die Chat-Nachricht enthält.

{o:1,d:"got milk?"}

Einladungen (Overlays 100 und 101)

Anstatt die Einladung als eingehende Kontaktanfrage auf Profilebene zu erhalten, werden neue Inline-Einladungen mit einem bestimmten Kontakt/einer bestimmten Gruppe geteilt, wo sie später eingesehen und/oder angenommen werden können, auch wenn sie zunächst (möglicherweise versehentlich) abgelehnt wurden.

Das Format ist für diese gleichermaßen einfach:

{o:100,d:"u4ypg7yyyrrvf2aceeclq5dgwtkirzletltbqofnb6km7u542qqk4jyd"}
{o:101,d:"torv3eyJHcm91cElEIjoiOWY3MWExYmFhNDkzNTAzMzAyZDFmODRhMzI2ODY2OWUiLCJHcm91cE5hbWUiOiI5ZjcxYTFiYWE0OTM1MDMzMDJkMWY4NGEzMjY4NjY5ZSIsIlNpZ25lZEdyb3VwSUQiOiJyVGY0dlJKRkQ2LzFDZjFwb2JQR0xHYzdMNXBKTGJTelBLRnRvc3lvWkx6R2ZUd2Jld0phWllLUWR5SGNqcnlmdXVRcjk3ckJ2RE9od0NpYndKbCtCZz09IiwiVGltZXN0YW1wIjowLCJTaGFyZWRLZXkiOiJmZVVVQS9OaEM3bHNzSE9lSm5zdDVjNFRBYThvMVJVOStPall2UzI1WUpJPSIsIlNlcnZlckhvc3QiOiJ1cjMzZWRid3ZiZXZjbHM1dWU2anBrb3ViZHB0Z2tnbDViZWR6ZnlhdTJpYmY1Mjc2bHlwNHVpZCJ9"}

Dies stellt eine Abkehr von unserem ursprünglichen "Overlays"-Denken hin zu einer stärker handlungsorientierten Darstellung dar. Das Chat-"Overlay" kann mitteilen, dass jemand etwas getan hat, selbst wenn es auf "ein Element zu einer Liste hinzugefügt" umschrieben wird, und die Listen und Bulletins und andere schön chaotische Daten können ihren Zustand vorberechnet und separat gespeichert haben.

Listen / Bulletin Boards

Hinweis: Wird voraussichtlich in Cwtch Beta 1.5 definiert werden

- + \ No newline at end of file diff --git a/build-staging/de/security/deployment/index.html b/build-staging/de/security/deployment/index.html index 5803c5d0..1fb46e62 100644 --- a/build-staging/de/security/deployment/index.html +++ b/build-staging/de/security/deployment/index.html @@ -12,13 +12,13 @@ - +

Veröffentlichung

Risiko: Binärdateien werden auf der Website durch böswillige Versionen ersetzt

Status: Teilweise gemildert

Während dieser Prozess jetzt größtenteils automatisiert ist, sollte diese Automatisierung jemals kompromittiert sein, dann gibt es in unserem aktuellen Prozess nichts, was dies erkennen würde.

Wir benötigen:

  • Reproduzierbare Builds - derzeit verwenden wir öffentliche Docker-Container für alle Builds, was jedem erlauben sollte, verteilte Builds mit denen aus dem Quellcode zu vergleichen.
  • Signierte Veröffentlichungen - Open Privacy verwaltet noch keinen öffentlichen Datensatz von Mitarbeitern öffentlichen Schlüsseln. Dies ist wahrscheinlich eine Notwendigkeit um veröffentlichte Builds zu signieren und eine Audit-Kette zu erstellen, die von der Organisation unterstützt wird. Dieser Prozess muss per Definition manuell sein.
- + \ No newline at end of file diff --git a/build-staging/de/security/development/index.html b/build-staging/de/security/development/index.html index 796a1a88..040e3094 100644 --- a/build-staging/de/security/development/index.html +++ b/build-staging/de/security/development/index.html @@ -12,13 +12,13 @@ - +

Entwicklung

Der Hauptprozess gegen böswillige Akteure bei der Entwicklung von Cwtch ist die Offenheit des Prozesses.

Um diese Offenheit zu verstärken, werden automatisierte buidls, Tests und Paketierungen als Teil der Repositories definiert - Verbesserung der Robustheit der Codebasis in jeder Phase.

Während die einzelnen Tests nicht perfekt sind und alle Prozesse Lücken haben, sollten wir verpflichtet sein, es so einfach wie möglich machen, etwas zu Cwtch beizutragen und gleichzeitig Pipelines und Prozesse so erstellen, dass Fehler (unabsichtlich oder bösartig) so früh wie möglich abgefangen werden.

Risiko: Entwickler liefert bösartigen Code direkt aus

Status: Gemildert

trunk ist derzeit gesperrt und nur 3 Open Privacy Mitarbeiter haben die Berechtigung um es zu überschreiben und darüber hinaus die Verantwortung für die Überwachung der Änderungen.

Darüber hinaus löst jeder neue Pull-Request und Merge automatisierte Builds & Tests aus, die E-Mails und Audit Protokolle auslösen.

Der Code ist auch Open Source und von jedem überprüfbar.

Risiko: Code Regressionen

Status: Teilweise gemildert (Siehe einzelne Projekteinträge in diesem Handbuch für weitere Informationen)

Unsere automatisierten Pipelines haben die Möglichkeit, Regressionen zu erfassen, wenn dieses Verhalten erkennbar ist.

Die größte Herausforderung besteht darin, festzulegen, wie solche Regressionen für die UI erkannt werden - wo das Verhalten nicht so streng definiert ist wie für die einzelnen Bibliotheken.

- + \ No newline at end of file diff --git a/build-staging/de/security/intro/index.html b/build-staging/de/security/intro/index.html index 9d609716..73a4820c 100644 --- a/build-staging/de/security/intro/index.html +++ b/build-staging/de/security/intro/index.html @@ -12,13 +12,13 @@ - +

Cwtch Sicherheitshandbuch

Willkommen im Cwtch Sicherheitshandbuch! Der Zweck dieses Handbuchs ist es, eine Anleitung für die verschiedenen Komponenten des Cwtch Ökosystems zu liefern um die bekannten Risiken und Abschwächungen zu dokumentieren und Diskussionen über Verbesserungen und Aktualisierungen für Cwtch sichere Entwicklungsprozesse zu ermöglichen.

Was ist Cwtch?

Cwtch (/kʊtʃ/ - ein walisisches Wort, das in etwa mit "eine Umarmung, die einen sicheren Ort schafft" übersetzt werden kann) ist ein dezentralisiertes, datenschutzfreundliches Mehrparteien-Nachrichtenprotokoll, das zum Aufbau metadatenresistenter Anwendungen verwendet werden kann.

  • Dezentralisiert und offen: Es gibt keinen „Cwtch-Dienst“ oder „Cwtch-Netzwerk“. Die Cwtch Teilnehmer können ihre eigenen sicheren Räume hosten oder ihre Infrastruktur anderen anbieten, die auf der Suche nach einem sicheren Raum sind. Das Cwtch-Protokoll ist offen und jeder kann Bots, Dienste und Benutzeroberflächen erstellen und in Cwtch integrieren und interagieren.
  • Datenschutz wahrend: Alle Kommunikation in Cwtch ist Ende-zu-Ende verschlüsselt und findet über Tor v3 onion Dienste statt.
  • Metadaten resistent: Cwtch wurde so konzipiert, dass ohne deine ausdrückliche Zustimmung keine Informationen ausgetauscht oder zugänglich sind einschließlich On-the-wire Nachrichten und Protokoll-Metadaten.

Eine (kurze) Geschichte des metadatenresistenten Chats

In den letzten Jahren ist das öffentliche Bewusstsein für die Notwendigkeit und Vorteile von Ende-zu-Ende-verschlüsselten Lösungen mit Anwendungen wie Signal, Whatsapp und Wire gestiegen. Diese bieten Benutzern jetzt sichere Kommunikation.

Diese Werkzeuge benötigen jedoch verschiedene Ebenen von Metadaten, um zu funktionieren und viele dieser Metadaten können verwendet werden, um Details darüber zu erfahren, wie und warum eine Person ein Kommunikationstool nutzt. [rottermanner2015privacy].

Ein Werkzeug, das versucht hat, Metadaten zu reduzieren, ist Ricochet welches 2014 zum ersten Mal veröffentlicht wurde. Ricochet nutzte die Onion-Dienste von Tor v2, um eine sichere Ende-zu-Ende-verschlüsselte Kommunikation zu gewährleisten und die Metadaten der Kommunikation zu schützen.

Es gab keine zentralisierten Server, die beim Routen von Ricochet Unterhaltungen helfen. Keine andere als die an einem Gespräch beteiligten Parteien konnte wissen, dass ein solches Gespräch stattfindet.

Ricochet war nicht ohne Einschränkungen, es gab weder eine Multidevice Unterstützung noch einen Mechanismus zur Unterstützung der Gruppenkommunikation oder eine Unterstützung zum Senden von Nachrichten, während ein Kontakt offline ist.

Dies machte die Annahme von Ricochet zu einer schwierigen Angelegenheit. selbst diejenigen in Umgebungen, die am besten von Metadatenresistenz profitieren würden, wissen nicht, dass es [ermoshina2017can] gibt [renaud2014doesn].

Darüber hinaus ist jede Lösung für dezentralisierte, metadatenresistente Kommunikation mit grundlegenden Problemen konfrontiert, wenn es um Effizienz, Datenschutz und Gruppensicherheit geht (wie von Konsens und Konsistenz der Transkription definiert).

Moderne Alternativen zu Ricochet sind Briar, Zbay und Ricochet Refresh - Jedes Tool versucht, für eine andere Reihe von Kompromissen zu optimieren, z. Briar möchte es Menschen ermöglichen, auch dann zu kommunizieren, wenn die zugrunde liegende Netzwerkinfrastruktur ausgefallen ist, und bietet gleichzeitig Schutz vor Metadatenüberwachung.

Das Cwtch-Projekt begann 2017 als ein Erweiterungsprotokoll für Ricochet, das Gruppengespräche über nicht vertrauenswürdige Server, um dezentrale, metadatenresistente Anwendungen zu ermöglichen (wie gemeinsame Listen und Bulletin Board)

Eine Alpha-Version von Cwtch wurde im Februar 2019 gestartet und seitdem hat das Cwtch-Team ( betrieben von der Open Privacy Research Society) Forschung und Entwicklung zu Cwtch und den zugrunde liegenden Protokollen und Bibliotheken und Problembereichen durchgeführt.

- + \ No newline at end of file diff --git a/build-staging/de/security/references/index.html b/build-staging/de/security/references/index.html index eb05c1da..70da7b1d 100644 --- a/build-staging/de/security/references/index.html +++ b/build-staging/de/security/references/index.html @@ -12,13 +12,13 @@ - +

Referenzen

  • Atwater, Erinn und Sarah Jamie Lewis. "Token Based Services-Differences from Privacy Pass."

  • Brooks, John. Ricochet: Anonymous instant messaging for real privacy. https://ricochet.im . Zugriffen: 2018-03-10

  • Ermoshina K, Halpin H, Musiani F. Can johnny build a protocol? co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols. In European Workshop on Usable Security 2017.

  • Ermoshina, K., Musiani, F. and Halpin, H., 2016, September. End-to-end encrypted messaging protocols: An overview. In International Conference on Internet Science (pp. 244-254). Springer, Cham.

  • Farb, M., Lin, Y.H., Kim, T.H.J., McCune, J. and Perrig, A., 2013, September. Safeslinger: easy-to-use and secure public-key exchange. In Proceedings of the 19th annual international conference on Mobile computing & networking (pp. 417-428).

  • Greschbach, B., Kreitz, G. and Buchegger, S., 2012, March. The devil is in the metadata—New privacy challenges in Decentralised Online Social Networks. In 2012 IEEE international conference on pervasive computing and communications workshops (pp. 333-339). IEEE.

  • Langley, Adam. Pond. https://github.com/agl/pond. Zugriffen: 2018-05-21.

  • Le Blond, S., Zhang, C., Legout, A., Ross, K. and Dabbous, W., 2011, November. I know where you are and what you are sharing: exploiting p2p communications to invade users' privacy. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference (pp. 45-60).

  • Lewis, Sarah Jamie. "Cwtch: Privacy Preserving Infrastructure for Asynchronous, Decentralized, Multi-Party and Metadata Resistant Applications." (2018).

  • Kalysch, A., Bove, D. and Müller, T., 2018, November. How Android's UI Security is Undermined by Accessibility. In Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium (pp. 1-10).

  • Renaud, K., Volkamer, M. and Renkema-Padmos, A., 2014, July. Why doesn’t Jane protect her privacy?. In International Symposium on Privacy Enhancing Technologies Symposium (pp. 244-262). Springer, Cham.

  • Rottermanner, C., Kieseberg, P., Huber, M., Schmiedecker, M. and Schrittwieser, S., 2015, December. Privacy and data protection in smartphone messengers. In Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (pp. 1-10).

  • Unger, Nik et al. “SoK: secure messaging”. In: Security and Privacy (SP), 2015 IEEE Sympo-sium on. IEEE. 2015, pp. 232–249 link

- + \ No newline at end of file diff --git a/build-staging/de/security/risk/index.html b/build-staging/de/security/risk/index.html index ce937daa..6dcd5cac 100644 --- a/build-staging/de/security/risk/index.html +++ b/build-staging/de/security/risk/index.html @@ -12,13 +12,13 @@ - +

Risiko-Modell

Es ist bekannt, dass Kommunikationsmetadaten von verschiedenen Gegnern ausgenutzt werden, um die Sicherheit von Systemen zu untergraben, Opfer zu verfolgen und groß angelegte Analysen sozialer Netzwerke durchzuführen, um die Massenüberwachung zu unterstützen. Metadaten-resistente Tools stecken noch in den Kinderschuhen und es fehlt an Forschung zur Konstruktion und Benutzererfahrung solcher Tools.

Cwtch wurde ursprünglich als Erweiterung des Metadaten-resistenten Protokolls Ricochet konzipiert, um die asynchrone Multi-Peer-Gruppenkommunikation durch die Verwendung einer verwerfbaren, nicht vertrauenswürdigen, anonymen Infrastruktur zu unterstützen.

Seitdem hat sich Cwtch zu einem eigenständigen Protokoll entwickelt. In diesem Abschnitt werden die verschiedenen bekannten Risiken beschrieben, die Cwtch zu mindern versucht, und es wird im Rest des Dokuments stark darauf verwiesen, wenn die verschiedenen Unterkomponenten der Cwtch-Architektur erörtert werden.

Bedrohungsmodell

Es ist wichtig zu erkennen und zu verstehen, dass Metadaten in Kommunikationsprotokollen allgegenwärtig sind, es ist in der Tat notwendig, dass solche Protokolle effizient und in großem Umfang funktionieren. Informationen, die für die Unterstützung von Peers und Servern nützlich sind, sind jedoch auch für Gegner, die solche Informationen ausnutzen möchten, von großer Bedeutung.

Für unsere Problemstellung gehen wir davon aus, dass der Inhalt einer Kommunikation so verschlüsselt ist, dass ein Angreifer sie praktisch nicht knacken kann (siehe tapir und cwtch für Details zu der von uns verwendeten Verschlüsselung) und daher konzentrieren wir uns auf den Kontext der Kommunikationsmetadaten.

Wir bemühen uns, die folgenden Kommunikationskontexte zu schützen:

  • Wer ist an einer Kommunikation beteiligt? Es kann möglich sein, Personen oder einfach Geräte- oder Netzwerkkennungen zu identifizieren. Beispiel: „An dieser Kommunikation sind Alice, eine Journalistin, und Bob, ein Regierungsangestellter, beteiligt.“.
  • Wo sind die Gesprächsteilnehmer? Beispiel: „Während dieser Kommunikation war Alice in Frankreich und Bob in Kanada.“
  • Wann hat ein Gespräch stattgefunden? Der Zeitpunkt und die Länge der Kommunikation können viel über die Art eines Anrufs verraten, z. B. „Bob, ein Regierungsangestellter, hat gestern Abend eine Stunde lang mit Alice telefoniert. Dies ist das erste Mal, dass sie kommuniziert haben.“ *Wie wurde das Gespräch vermittelt? Ob eine Konversation über eine verschlüsselte oder unverschlüsselte E-Mail stattgefunden hat, kann nützliche Informationen liefern. Beispiel: „Alice hat gestern eine verschlüsselte E-Mail an Bob gesendet, während sie normalerweise nur Klartext-E-Mails aneinander senden.“
  • Worum geht es in dem Gespräch? Selbst wenn der Inhalt der Kommunikation verschlüsselt ist, ist es manchmal möglich, einen wahrscheinlichen Kontext eines Gesprächs abzuleiten, ohne genau zu wissen, was gesagt wird, z. „Eine Person hat zum Abendessen in einem Pizzaladen angerufen“ oder „Jemand hat um 3 Uhr morgens eine bekannte Selbstmord-Hotline angerufen.“

Über einzelne Konversationen hinaus versuchen wir auch, uns gegen Kontextkorrelationsangriffe zu verteidigen, wobei mehrere Konversationen analysiert werden, um Informationen auf höherer Ebene abzuleiten:

  • Beziehungen: Entdeckung sozialer Beziehungen zwischen zwei Entitäten durch Analyse der Häufigkeit und Länge ihrer Kommunikation über einen bestimmten Zeitraum. z.B. Carol und Eve telefonieren jeden Tag mehrere Stunden am Stück.
  • Cliquen: Entdeckung sozialer Beziehungen zwischen einer Gruppe von Einheiten, die alle miteinander interagieren. z.B. Alice, Bob und Eve kommunizieren alle miteinander.
  • Lose verbundene Cliquen und Brücken-Individuen: Entdeckung von Gruppen, die über Vermittler miteinander kommunizieren, indem Kommunikationsketten analysiert werden (z. B. jedes Mal, wenn Alice mit Bob spricht, spricht sie fast unmittelbar danach mit Carol; Bob und Carol kommunizieren nie.)
  • Muster des Lebens: Entdecken, welche Kommunikation zyklisch und vorhersehbar ist. z.B. Alice ruft Eve jeden Montagabend etwa eine Stunde lang an.

Aktive Angriffe

Falschdarstellungsangriffe

Cwtch bietet keine globale Anzeigenamenregistrierung und daher sind Personen, die Cwtch verwenden, anfälliger für Angriffe, die auf falscher Darstellung beruhen, d. h. Personen, die vorgeben, andere Personen zu sein:

Ein grundlegender Ablauf eines dieser Angriffe sieht wie folgt aus, obwohl auch andere Abläufe existieren:

  • Alice hat einen Freund namens Bob und einen anderen namens Eve
  • Eve findet heraus, dass Alice einen Freund namens Bob hat
  • Eve erstellt Tausende neuer Konten, um eines zu finden, das ein ähnliches Bild / einen ähnlichen öffentlichen Schlüssel wie Bob hat (wird nicht identisch sein, könnte aber jemanden für ein paar Minuten täuschen)
  • Eve nennt dieses neue Konto "Eve Neues Konto" und fügt Alice als Freundin hinzu.
  • Eve ändert dann ihren Namen auf "Eve Neues Konto" in "Bob"
  • Alice sendet Nachrichten, die für „Bob“ bestimmt sind, an Eves gefälschtes Bob-Konto

Da es bei Angriffen mit falscher Darstellung an sich um Vertrauen und Verifizierung geht, besteht die einzige absolute Möglichkeit, sie zu verhindern, darin, dass Benutzer den öffentlichen Schlüssel absolut validieren. Das ist offensichtlich nicht ideal und wird in vielen Fällen einfach nicht passieren.

Daher möchten wir einige Hinweise zur Benutzererfahrung in der ui bereitstellen, um Menschen bei der Entscheidung zu helfen, Konten zu vertrauen und/oder Konten zu unterscheiden die möglicherweise versuchen, sich als andere Benutzer auszugeben.

Eine Anmerkung zu physischen Angriffen

Cwtch betrachtet Angriffe, die physischen Zugriff (oder gleichwertigen Zugriff) auf den Computer des Benutzers erfordern, nicht als praktisch verteidigbar. Im Interesse einer guten Sicherheitstechnik werden wir jedoch in diesem Dokument immer noch auf Angriffe oder Bedingungen verweisen, die ein solches Privileg erfordern und darauf hinweisen, wo von uns eingerichtete Minderungsmaßnahmen fehlschlagen.

- + \ No newline at end of file diff --git a/build-staging/developing/building-a-cwtch-app/building-an-echobot/index.html b/build-staging/developing/building-a-cwtch-app/building-an-echobot/index.html index 3d5f4918..df7e8d27 100644 --- a/build-staging/developing/building-a-cwtch-app/building-an-echobot/index.html +++ b/build-staging/developing/building-a-cwtch-app/building-an-echobot/index.html @@ -12,14 +12,14 @@ - +

Building a Cwtch Echobot

In this tutorial we will walk through building a simple Cwtch Echobot. A bot that, when messaged, simply responds with the message it was sent.

For completeness, we will build an Echobot in multiple difference Cwtch frameworks to get a feel for the different levels of functionality offered by each library or framework.

Using CwtchBot (Go)

CwtchBot Framework

This tutorial uses the CwtchBot framework.

Start by creating a new Go project, and a file main.go. In the main function:

package main

import (
    "cwtch.im/cwtch/event"
    "cwtch.im/cwtch/model"
    "cwtch.im/cwtch/model/attr"
    "cwtch.im/cwtch/model/constants"
    "fmt"
    "git.openprivacy.ca/sarah/cwtchbot"
    _ "github.com/mutecomm/go-sqlcipher/v4"
    "os/user"
    "path"
)

func main() {
    user, _ := user.Current()
    cwtchbot := bot.NewCwtchBot(path.Join(user.HomeDir, "/.echobot/"), "echobot")
    cwtchbot.Launch()

    // Set Some Profile Information
    cwtchbot.Peer.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name, "echobot2")
    cwtchbot.Peer.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.ProfileAttribute1, "A Cwtchbot Echobot")

    fmt.Printf("echobot address: %v\n", cwtchbot.Peer.GetOnion())

    for {
        message := cwtchbot.Queue.Next()
        cid, _ := cwtchbot.Peer.FetchConversationInfo(message.Data[event.RemotePeer])
        switch message.EventType {
        case event.NewMessageFromPeer:
            msg := cwtchbot.UnpackMessage(message.Data[event.Data])
            fmt.Printf("Message: %v\n", msg)
            reply := string(cwtchbot.PackMessage(msg.Overlay, msg.Data))
            cwtchbot.Peer.SendMessage(cid.ID, reply)
        case event.ContactCreated:
            fmt.Printf("Auto approving stranger %v %v\n", cid, message.Data[event.RemotePeer])
            // accept the stranger as a new contact
            cwtchbot.Peer.AcceptConversation(cid.ID)
            // Send Hello...
            reply := string(cwtchbot.PackMessage(model.OverlayChat, "Hello!"))
            cwtchbot.Peer.SendMessage(cid.ID, reply)
        }
    }
}

Using Imp (Rust)

Imp (Rust) Bot Framework

This tutorial uses the Imp Cwtch Bot framework (Rust). This framework is currently a work-in-progress and the API design is subject to change. IMP is also based on libcwtch-rs which is currently based on an older pre-stable API version of Cwtch. We are planning in updating libcwtch-rs in Summer 2023.

use std::borrow::BorrowMut;
use std::thread;
use chrono::{DateTime, FixedOffset};
use libcwtch;
use libcwtch::CwtchLib;
use libcwtch::structs::*;
use libcwtch::event::*;
use cwtch_imp::imp;
use cwtch_imp::behaviour::*;
use cwtch_imp::imp::Imp;

const BOT_HOME: &str = "~/.cwtch/bots/echobot";
const BOT_NAME: &str = "echobot";

struct Echobot {}

fn main() {
    let behaviour: Behaviour = BehaviourBuilder::new().name(BOT_NAME.to_string()).new_contact_policy(NewContactPolicy::Accept).build();
    let event_loop_handle = thread::spawn(move || {
        let mut echobot = Echobot {};
        let mut bot = Imp::spawn(behaviour,String::new(), BOT_HOME.to_string());
        bot.event_loop::<Echobot>(echobot.borrow_mut());
    });
    event_loop_handle.join().expect("Error running event loop");
}

impl imp::EventHandler for Echobot {
    fn on_new_message_from_contact(&self, cwtch: &dyn libcwtch::CwtchLib, profile: &Profile, conversation_id: ConversationID, handle: String, timestamp_received: DateTime<FixedOffset>, message: Message) {
        let response = Message {
            o: MessageType::TextMessage,
            d: message.d,
        };
        cwtch.send_message(&profile.profile_id, conversation_id, &response);
    }

    fn handle(&mut self, cwtch: &dyn CwtchLib, profile_opt: Option<&Profile>, event: &Event) {
        match event {
            Event::NewPeer { profile_id, tag, created, name, default_picture, picture, online, profile_data } => {
                println!(
                    "\n***** {} at {} *****\n",
                    name, profile_id.as_str()
                );
            }
            _ => (),
        };
    }
}
- + \ No newline at end of file diff --git a/build-staging/developing/building-a-cwtch-app/core-concepts/index.html b/build-staging/developing/building-a-cwtch-app/core-concepts/index.html index 4071cf83..5aa9c792 100644 --- a/build-staging/developing/building-a-cwtch-app/core-concepts/index.html +++ b/build-staging/developing/building-a-cwtch-app/core-concepts/index.html @@ -12,13 +12,13 @@ - +

Core Concepts

This page documents the core concepts that you, as a Cwtch App Developer, will encounter fairly frequently.

Cwtch Home Directory

Often referred to as $CWTCH_HOME, the Cwtch application home directory is the location where Cwtch stores all information from a Cwtch application.

Profiles

Cwtch profiles are saved as encrypted sqlite3 databases. You will rarely/never have to interact directly with the database. Instead each library provides a set of interfaces to interact with the Cwtch App, create profiles, manage profiles, and engage in conversations.

The Event Bus

Regardless of which library you end up choosing, the one constant interface you will have to get used to is the EventBus. Cwtch handles all asynchronous tasks (e.g. receiving a message from a peer) automatically, eventually placing a message on the EventBus. Application can subscribe to certain kinds of messages e.g. NewMessageFromPeer and setup an event handler to run code in response to such a message.

For an example see the Echo Bot tutorial.

Settings

Most Cwtch settings (with the exception of experiments) are designed for downstream graphical user interfaces e.g. themes / column layouts - in particular the Cwtch UI. As such these settings are not used at all by Cwtch libraries, and are only intended as a convenient storage place for UI configuration.

Experiments

Certain Cwtch features are gated behind experiments. These experiments need to be enabled before functionality related to them will activate. Different libraries may expose different experiments, and some libraries may not support certain experiments at all.

- + \ No newline at end of file diff --git a/build-staging/developing/building-a-cwtch-app/intro/index.html b/build-staging/developing/building-a-cwtch-app/intro/index.html index 14d0c389..96766c08 100644 --- a/build-staging/developing/building-a-cwtch-app/intro/index.html +++ b/build-staging/developing/building-a-cwtch-app/intro/index.html @@ -12,13 +12,13 @@ - +

Getting Started

Choosing A Cwtch Library

Cwtch Go Lib

The official Cwtch library is written in Go and can be found at https://git.openprivacy.ca/cwtch.im/cwtch. This library allows access to all Cwtch functionality.

CwtchBot

We also provide a specialized Cwtch Bot framework in Go that provides a more lightweight and tailored approach to building chat bots. For an introduction to building chatbots with the CwtchBot framework check out the building an echobot tutorial.

Autobindings (C-bindings)

The official c-bindings for Cwtch are automatically generated from the Cwtch Go Library. The API is limited compared to accessing the Cwtch Go Library directly, and is explicitly tailored towards building the Cwtch UI.

libCwtch-rs (Rust)

An experimental rust-fied version of Cwtch Autobindings is available in libCwtch-rs. While we have plans to officially adopt rust bindings in the future, right now Rust support lags behind the rest of the Cwtch ecosystem.

- + \ No newline at end of file diff --git a/build-staging/developing/category/building-a-cwtch-app/index.html b/build-staging/developing/category/building-a-cwtch-app/index.html index 2e6cd93d..55e5533f 100644 --- a/build-staging/developing/category/building-a-cwtch-app/index.html +++ b/build-staging/developing/category/building-a-cwtch-app/index.html @@ -12,13 +12,13 @@ - +

Building a Cwtch App

- + \ No newline at end of file diff --git a/build-staging/developing/intro/index.html b/build-staging/developing/intro/index.html index d1e8bc80..fcb2e08b 100644 --- a/build-staging/developing/intro/index.html +++ b/build-staging/developing/intro/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/developing/release/index.html b/build-staging/developing/release/index.html index 5134c00d..d406b594 100644 --- a/build-staging/developing/release/index.html +++ b/build-staging/developing/release/index.html @@ -12,13 +12,13 @@ - +

Release and Packaging Process

Cwtch builds are automatically constructed via Drone. In order to be built the tasks must be approved by a project team member.

Automated Testing

Drone carries out a suite of automated tests at various stages of the release pipeline.

Test SuiteRepositoryNotes
Integration Testcwtch.im/cwtchA full exercise of peer-to-peer and group messaging
File Sharing Testcwtch.im/cwtchTests that file sharing and image downloading work as expected
Automated Download Testcwtch.im/cwtchTests that automated image downloading (e.g. profile pictures) work as expected
UI Integration Testcwtch.im/cwtch-uiA suite of Gherkin tests to exercise various UI flows like Creating / Deleting profiles and changing settings

Cwtch Autobindings

Drone produces the following build artifacts for all Cwtch autobindings builds.

Build ArtifactPlatformNotes
android/cwtch-sources.jarAndroidgomobile derived source code for the Android Cwtch library
android/cwtch.aarAndroidAndroid Cwtch library. Supports arm, arm64, and amd64.
linux/libCwtch.hLinuxC header file
linux/libCwtch.soLinuxx64 shared library
windows/libCwtch.hWindowsC header file
windows/libCwtch.dllWindowsx64 bit shared library
macos/libCwtch.arm64.dylibMacOSArm64 shared library
macos/libCwtch.x64.dylibMacOSx64 shared library

UI Nightly Builds

We make unreleased versions of Cwtch available for testing as Cwtch Nightlies.

Each nightly build folder contains a collection of build artifacts e.g. (APK files for Android, installer executables for Android) in single convenient folder. A full list of build artifacts currently produced is as follows:

Build ArtifactPlatformNotes
cwtch-VERSION.apkAndroidSupports arm, arm64, and amd64. Can be sideloaded.
cwtch-VERSION.aabAndroidAndroid App Bundle for publishing to appstores
Cwtch-VERSION.dmgMacOS
cwtch-VERSION.tar.gzLinuxContains the code, libs, and assets in addition to install scripts for various devices
cwtch-VERSION.zipWindows
cwtch-installer-VERSION.exeWindowsNSIS powered installation wizard

Nightly builds are regularly purged from the system

Official Releases

The Cwtch Team meets on a regular basis and reaches consensus based on nightly testing feedback and project roadmaps.

When the decision is made to cut a release build, a nightly version is built with a new git tag reflecting the release version e.g. v.1.12.0. The build artifacts are then copied to the Cwtch release website to a dedicated versioned folder.

Reproducible Builds

We use repliqate to provide reproducible build scripts for Cwtch.

We update the repliqate-scripts repository with scripts for all official releases. Currently only Cwtch bindings are reproducible

- + \ No newline at end of file diff --git a/build-staging/docs/category/appearance/index.html b/build-staging/docs/category/appearance/index.html index 85d4ca02..597fa7e9 100644 --- a/build-staging/docs/category/appearance/index.html +++ b/build-staging/docs/category/appearance/index.html @@ -12,13 +12,13 @@ - +

Appearance

- + \ No newline at end of file diff --git a/build-staging/docs/category/behaviour/index.html b/build-staging/docs/category/behaviour/index.html index 45c73dbc..da873781 100644 --- a/build-staging/docs/category/behaviour/index.html +++ b/build-staging/docs/category/behaviour/index.html @@ -12,13 +12,13 @@ - +

Behaviour

- + \ No newline at end of file diff --git a/build-staging/docs/category/contribute/index.html b/build-staging/docs/category/contribute/index.html index 08af95e8..4c92c6e5 100644 --- a/build-staging/docs/category/contribute/index.html +++ b/build-staging/docs/category/contribute/index.html @@ -12,13 +12,13 @@ - +

Contribute

- + \ No newline at end of file diff --git a/build-staging/docs/category/conversations/index.html b/build-staging/docs/category/conversations/index.html index b770b7d5..34e4091e 100644 --- a/build-staging/docs/category/conversations/index.html +++ b/build-staging/docs/category/conversations/index.html @@ -12,13 +12,13 @@ - +

Conversations

- + \ No newline at end of file diff --git a/build-staging/docs/category/experiments/index.html b/build-staging/docs/category/experiments/index.html index 7455abaf..92c574a4 100644 --- a/build-staging/docs/category/experiments/index.html +++ b/build-staging/docs/category/experiments/index.html @@ -12,13 +12,13 @@ - +

Experiments

- + \ No newline at end of file diff --git a/build-staging/docs/category/getting-started/index.html b/build-staging/docs/category/getting-started/index.html index ad7dfb0d..62c4a336 100644 --- a/build-staging/docs/category/getting-started/index.html +++ b/build-staging/docs/category/getting-started/index.html @@ -12,13 +12,13 @@ - +

Getting started

- + \ No newline at end of file diff --git a/build-staging/docs/category/groups/index.html b/build-staging/docs/category/groups/index.html index d6eb7aa1..da15c3f6 100644 --- a/build-staging/docs/category/groups/index.html +++ b/build-staging/docs/category/groups/index.html @@ -12,13 +12,13 @@ - +

Groups

- + \ No newline at end of file diff --git a/build-staging/docs/category/platforms/index.html b/build-staging/docs/category/platforms/index.html index 9d908c95..a92ef3fa 100644 --- a/build-staging/docs/category/platforms/index.html +++ b/build-staging/docs/category/platforms/index.html @@ -12,13 +12,13 @@ - +

Platforms

- + \ No newline at end of file diff --git a/build-staging/docs/category/profiles/index.html b/build-staging/docs/category/profiles/index.html index d948c4e5..baa459fd 100644 --- a/build-staging/docs/category/profiles/index.html +++ b/build-staging/docs/category/profiles/index.html @@ -12,13 +12,13 @@ - +

Profiles

- + \ No newline at end of file diff --git a/build-staging/docs/category/servers/index.html b/build-staging/docs/category/servers/index.html index adccf3b5..f50e59f2 100644 --- a/build-staging/docs/category/servers/index.html +++ b/build-staging/docs/category/servers/index.html @@ -12,13 +12,13 @@ - +

Servers

- + \ No newline at end of file diff --git a/build-staging/docs/category/settings/index.html b/build-staging/docs/category/settings/index.html index c0e49f57..aabb94a8 100644 --- a/build-staging/docs/category/settings/index.html +++ b/build-staging/docs/category/settings/index.html @@ -12,13 +12,13 @@ - +

Settings

- + \ No newline at end of file diff --git a/build-staging/docs/chat/accept-deny-new-conversation/index.html b/build-staging/docs/chat/accept-deny-new-conversation/index.html index 58da157e..1fa60d81 100644 --- a/build-staging/docs/chat/accept-deny-new-conversation/index.html +++ b/build-staging/docs/chat/accept-deny-new-conversation/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/chat/add-contact/index.html b/build-staging/docs/chat/add-contact/index.html index 4e07db7b..f986cd8f 100644 --- a/build-staging/docs/chat/add-contact/index.html +++ b/build-staging/docs/chat/add-contact/index.html @@ -12,14 +12,14 @@ - +

Starting a New Conversation

  1. Select a Profile
  2. Click on the Add button
  3. Chose 'Add Contact'
  4. Paste a Cwtch Address
  5. The contact will be added to your contacts list
info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/docs/chat/block-contact/index.html b/build-staging/docs/chat/block-contact/index.html index 0d4712c6..6db3fe0b 100644 --- a/build-staging/docs/chat/block-contact/index.html +++ b/build-staging/docs/chat/block-contact/index.html @@ -12,14 +12,14 @@ - +

Blocking a Contact

  1. On a conversation window
  2. Go to Settings
  3. Scroll down to Block Contact
  4. Move the switch to Block Contact
info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/docs/chat/conversation-settings/index.html b/build-staging/docs/chat/conversation-settings/index.html index 13d2218c..bcaa6c11 100644 --- a/build-staging/docs/chat/conversation-settings/index.html +++ b/build-staging/docs/chat/conversation-settings/index.html @@ -12,13 +12,13 @@ - +

Accessing Conversation Settings

In a conversation window, click on the Settings icon in the top bar.

This action will open up a new screen where you can view and manage the contact.

- + \ No newline at end of file diff --git a/build-staging/docs/chat/delete-contact/index.html b/build-staging/docs/chat/delete-contact/index.html index eb51af26..049d3276 100644 --- a/build-staging/docs/chat/delete-contact/index.html +++ b/build-staging/docs/chat/delete-contact/index.html @@ -12,14 +12,14 @@ - +

Removing a Conversation

danger

This feature will result in irreversible deletion. This cannot be undone.

  • In a chat with a contact, go to the conversation settings on the top right
  • Scroll to the leave this conversation button, and press it.
  • You will be prompted to confirm if you want to leave the conversation. This action cannot be undone.
info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/docs/chat/introduction/index.html b/build-staging/docs/chat/introduction/index.html index 1d6782e9..94647485 100644 --- a/build-staging/docs/chat/introduction/index.html +++ b/build-staging/docs/chat/introduction/index.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the fact - it is impossible to definitely prove that the exchange happened at all.

Once the authentication process is successful then both you and your friend can communicate away assured that no one else can learn anything about the contents or the metadata of your conversation.

- + \ No newline at end of file diff --git a/build-staging/docs/chat/message-formatting/index.html b/build-staging/docs/chat/message-formatting/index.html index 8309167e..83063ca1 100644 --- a/build-staging/docs/chat/message-formatting/index.html +++ b/build-staging/docs/chat/message-formatting/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Message Formatting

Experiments Required

This feature requires Experiments Enabled and the Message Formatting Experiment turned on.

Optionally, you can enable Clickable Links to make URLs in messages clickable in Cwtch.

Cwtch currently supports the following formatting markdown for messages:

  • **bold** which will render bold
  • *italic* which will render italic
  • code which will render code
  • ^superscript^ which will render superscript
  • _subscript_ which will render subscript
  • ~~strikthrough~~ which will render strikethrough
- + \ No newline at end of file diff --git a/build-staging/docs/chat/reply-to-message/index.html b/build-staging/docs/chat/reply-to-message/index.html index b9d3a264..581333a0 100644 --- a/build-staging/docs/chat/reply-to-message/index.html +++ b/build-staging/docs/chat/reply-to-message/index.html @@ -12,13 +12,13 @@ - +

Replying to a Message

  1. Select a message you want to reply to
  2. Pull a message right
  3. Write an answer to the quoted message
  4. Hit send
- + \ No newline at end of file diff --git a/build-staging/docs/chat/save-conversation-history/index.html b/build-staging/docs/chat/save-conversation-history/index.html index 7dd2eedb..8255393d 100644 --- a/build-staging/docs/chat/save-conversation-history/index.html +++ b/build-staging/docs/chat/save-conversation-history/index.html @@ -12,13 +12,13 @@ - +

Saving Conversation History

By default, for privacy, Cwtch does not preserve conversation history between sessions.

To enable history for a specific conversation:

  1. On a conversation window go to Settings
  2. Go to Save History
  3. Click the dropdown menu
  4. Pick Save History
  5. Now your history will be saved

Conversation history can be turned off at any point by selecting "Delete History" from the drop down menu.

- + \ No newline at end of file diff --git a/build-staging/docs/chat/share-address-with-friends/index.html b/build-staging/docs/chat/share-address-with-friends/index.html index 191b185b..c9a2d2b8 100644 --- a/build-staging/docs/chat/share-address-with-friends/index.html +++ b/build-staging/docs/chat/share-address-with-friends/index.html @@ -12,14 +12,14 @@ - +

Sharing Cwtch Addresses

There are many ways to share a Cwtch address.

Sharing Your Cwtch Address

  1. Go to your profile
  2. Click the copy address icon

You can now share this address. People with this address will be able to add you as a Cwtch contact.

For information on blocking connections from people you don't know please see Settings: Block Unknown Connections

Sharing A Friends Cwtch Address

Inside of Cwtch there is another mechanism for exchanging Cwtch addresses.

info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/docs/chat/share-file/index.html b/build-staging/docs/chat/share-file/index.html index 9a25454a..c7236a3a 100644 --- a/build-staging/docs/chat/share-file/index.html +++ b/build-staging/docs/chat/share-file/index.html @@ -12,14 +12,14 @@ - +

Sharing a File

Experiments Required

This feature requires Experiments Enabled and the File Sharing Experiment turned on.

Optionally, you can enable Image Previews and Profile Pictures to see display shared image previews in the conversation window.

In a Conversation,

  1. Click on the attachment icon
  2. Find the file you want to send
  3. Confirm you want to send it

How does file sharing with groups work? Are my files stored on a server somewhere?

Files are sent through onion-to-onion Cwtch connections directly from the person offering the file to the person receiving it. The initial offer to send a file is posted as a standard Cwtch conversation/overlay message. For groups, this means that the initial offer (containing the filename, size, hash, and a nonce) is posted to the group server, but then each recipient connects to you individually to receive the actual file contents.

Does that mean I have to be online to send a file?

Yes. If the person offering the file goes offline, you will have to wait for them to come online to resume the file transfer. The underlying protocol splits the files into individually-requestable, verifiable chunks, so that in a future release you will be able to "rehost" a file posted to a group, and even download from multiple hosts at once (sort of like bittorrent).

Why are new contacts popping up in my list?

This is due to how Cwtch currently handles connections from unknown addresses. Since posting a file to a group results in group members connecting to you directly, some of those members might not be in your contact list already and so their download connection to you will appear in your list as a contact request.

What is "SHA512"?

SHA512 is a cryptographic hash that can be used to verify that the file you downloaded is a correct copy of the file that was offered. Cwtch does this verification for you automatically, but you're welcome to try it yourself! Note that we also include a random nonce with file offers, so people can't just ask you for any random hash you might have, or files from conversations they're not part of.

Is there a file size limit?

The current limit is 10 gigabytes per file.

What are these .manifest files?

The .manifest files are used while downloading the file to verify that individual chunks are received correctly, and support resuming interrupted transfers. They also contain the info from the original file offer. You can safely delete them once the download is complete. On Android, the manifests are stored in the app's cache, and can be cleared through your system settings.

What about file metadata?

We send the file's name as a suggestion and to help distinguish it from other file offers. The full path is stripped before sending the offer. You should be wary of hidden metadata that might be stored in the file itself, which varies depending on the file's format. For example, images might contain geolocation info and information about the camera that took them, and PDF files are notorious for containing hidden information such as the author's name or the machine they were created on. In general, you should only send and receive files with people you trust.

Can I download files automatically?

If the Image Previews and Profile Pictures experiment is enabled then Cwtch will automatically download images from accepted conversations

- + \ No newline at end of file diff --git a/build-staging/docs/chat/unblock-contact/index.html b/build-staging/docs/chat/unblock-contact/index.html index 94aeb34e..446b8ff1 100644 --- a/build-staging/docs/chat/unblock-contact/index.html +++ b/build-staging/docs/chat/unblock-contact/index.html @@ -12,14 +12,14 @@ - +

Unblocking a Contact

  1. Select the contact in your Conversation list. Blocked contacts are moved to the bottom of the list.
  2. Go to Conversation Settings
  3. Scroll down to Block Contact
  4. Move the switch to Unblock Contact
info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/docs/contribute/developing/index.html b/build-staging/docs/contribute/developing/index.html index 2adbe354..869368be 100644 --- a/build-staging/docs/contribute/developing/index.html +++ b/build-staging/docs/contribute/developing/index.html @@ -12,13 +12,13 @@ - +

Developing Cwtch

This section documents some ways to get started with Cwtch Development.

Cwtch Issues Tracking Process

All Cwtch issues are tracked from the cwtch-ui git repository, even if the bug/feature originates in an upstream library. This allows us to keep everything in one place.

Issues are generally divided into 4 distinct categories:

  • Unprocessed - These are new issues that have not been discussed by the Cwtch team.
  • Scheduled - These issues have been planned for an upcoming release. They are usually tagged with the release they are expected to be fixed in e.g. cwtch-1.11. A core Cwtch team member is likely working on the issue, or is expecting to work on the issue in the coming weeks.
  • Desired - These are issues that we would like to fix but for some reason we are unable to schedule. This might be because the feature is large and requires a lot of effort, or because there is some blocker (e.g. a missing feature in Flutter or some other library) that prevents work on the feature.
  • Help Wanted - These are generally small issues that we would like to fix but that have been designated low priority. These are ideal first issues for volunteers.

If you would like to work on an open bug/feature, please comment on the issue and a member of the Cwtch team will follow up with advice on where to go from there. This helps us keep track of who is working on what problems, and reduces the amount of duplicate work. We aim to answer most queries within 24 hours, feel free to "bump" an issue if it takes longer than that.

note

Due to an issue with our email provider, we are currently unable to consistently send email from our gitea instance. Please regularly check open issues / pull-requests for updates (or subscribe to the repository's RSS feeds)

Cwtch Pull-Request Process

All pull-requests must be reviewed and approved by a core Cwtch team member prior to merging. Sarah reviews all new and active pull requests multiple times a week.

Build Bot

All Cwtch projects are set up with automated builds and testing. Every pull request is expected to be able to pass through these pipelines prior to being merged. If buildbot reports a failure then Sarah will work with you to determine the issue, and any necessary fixes.

Buildbot can fail for reasons beyond your control e.g. many of our integration tests rely setting up Tor connections, these can be brittle on occasion and result in timeouts and failures. Always confirm the root cause of a test failure before deciding what to do next.

Useful Resources

note

All contributions are eligible for stickers

- + \ No newline at end of file diff --git a/build-staging/docs/contribute/documentation/index.html b/build-staging/docs/contribute/documentation/index.html index c5d9a73c..f5a77402 100644 --- a/build-staging/docs/contribute/documentation/index.html +++ b/build-staging/docs/contribute/documentation/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Documentation Style Guide

This section documents the expected structure and quality of Cwtch documentation.

Screenshots and Cast of Characters

Most Cwtch documentation should feature at least one screenshot or animated image. Screenshots of the Cwtch application should be focused on the feature being described by the documentation.

To ensure consistency between screenshots we suggest that the profile involved should serve particular, constant, roles.

  • Alice - used to represent the primary profile.
  • Bob - the primary contact, useful when demonstrating peer-to-peer features
  • Carol - a secondary contact, useful when demonstrating group features
  • Mallory - representing a malicious peer (to be used when demonstrating blocking functionality)

Dialogue and Content

Where screenshots and demonstrations show dialogue, conversations, and/or images please keep the conversations short, on a casual topic. Examples include:

  • Organizing a picnic
  • Sharing photos from a vacation
  • Sending a document for review

Experiments

All features that rely on an experiment being enabled should all this out prominently at the top of the page e.g.:

Experiments Required

This feature requires Experiments Enabled and the Example Experiment turned on.

Risks

If a feature might result in destruction of key material or permanent deletion of state, then these should also be called out at the top of the documentation e.g.:

danger

This feature will result in irreversible deletion of key material. This cannot be undone.

- + \ No newline at end of file diff --git a/build-staging/docs/contribute/stickers/index.html b/build-staging/docs/contribute/stickers/index.html index 800b176a..d01caabb 100644 --- a/build-staging/docs/contribute/stickers/index.html +++ b/build-staging/docs/contribute/stickers/index.html @@ -12,13 +12,13 @@ - +

Stickers

All contributions are eligible for stickers. If you are contributing to bug, feature, testing, or language, or have contributed significantly in the past then please email erinn@openprivacy.ca with details and an address for us to mail stickers to.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/docs/contribute/testing/index.html b/build-staging/docs/contribute/testing/index.html index f88602d4..754040c3 100644 --- a/build-staging/docs/contribute/testing/index.html +++ b/build-staging/docs/contribute/testing/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Testing Cwtch

This section documents some ways to get started with Cwtch Testing.

Running Fuzzbot

FuzzBot is our development testing bot. You can add FuzzBot as a contact: cwtch:4y2hxlxqzautabituedksnh2ulcgm2coqbure6wvfpg4gi2ci25ta5ad.

FuzzBot Help

Sending FuzzBot a help message will trigger it to send a reply with all the currently available testing commands.

For more information on FuzzBot see our Discreet Log development blog.

Join the Cwtch Release Candidate Testers Group

Sending Fuzzbot the command testgroup-invite will cause FuzzBot to invite you to the Cwtch Testers Group! There you can ask questions, post bug reports and offer feedback.

Cwtch Nightlies

Cwtch Nightly builds are development builds that contain new features that are ready for testing.

The most recent few development versions of Cwtch are available from our build server.

We do not recommend that testers always upgrade to the latest nightly, Instead, we will post a message to the Cwtch Release Candidate Testers group when a significant nightly becomes available. A nightly is considered significant if it contains a new feature or a major bug fix.

note

All contributions are eligible for stickers

Submitting Feedback

There are three main ways of submitting testing feedback to the team:

  • Via Cwtch: Either via the Release Candidate Testers Group or directly to a Cwtch team member.
  • Via Gitea: Please open an issue in https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues - please do not worry about duplicate issues, we will de-duplicate as part of our triage process.
  • Via Email: Email team@cwtch.im with the bug report and one of our team will look into it.
note

Due to an issue with our email provider, we are currently unable to consistently send email from our gitea instance. Please regularly check open issues / pull-requests for updates (or subscribe to the repository's RSS feeds)

- + \ No newline at end of file diff --git a/build-staging/docs/contribute/translate/index.html b/build-staging/docs/contribute/translate/index.html index a037ba1a..15416215 100644 --- a/build-staging/docs/contribute/translate/index.html +++ b/build-staging/docs/contribute/translate/index.html @@ -12,13 +12,13 @@ - +

Translating Cwtch

If you would like to contribute translations to Cwtch the application or this handbook here is how

Contributing Translations to the Cwtch Application

There are two ways to contribute to Cwtch applications.

Join our Lokalise Team

We use Lokalise for managing translations for the Cwtch application.

  1. Sign up for a Lokalise account
  2. Email team@cwtch.im with the language you are interested in translating and an email we can use to invite you to our Lokalise team.

Directly via Git

For new translations, you can make a copy of https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/l10n/intl_en.arb and begin translating - you can then either submit pull requests or directly send updates to us (team@cwtch.im) and we will merge them in.

For adding to existing translations you can make pull requests directly on any file in https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/l10n/ and we will review and merge them in.

Cwtch User's Handbook

This handbook is translated through Crowdin.

To join our Crowdin project:

  1. Sign up for an account on Crowdin.
  2. Join the cwtch-users-handbook project.

We bundle up changes to the documentation in batches and sync them with the Crowdin project on a regular basis.

note

All contributions are eligible for stickers

- + \ No newline at end of file diff --git a/build-staging/docs/getting-started/supported_platforms/index.html b/build-staging/docs/getting-started/supported_platforms/index.html index 3a4e7e73..0478c705 100644 --- a/build-staging/docs/getting-started/supported_platforms/index.html +++ b/build-staging/docs/getting-started/supported_platforms/index.html @@ -12,14 +12,14 @@ - +

Supported Platforms

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. If you are interested in testing Cwtch on a specific platform, or want to volunteer to help us official support a platform not listed here, then check out Contibuting to Cwtch.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOSOfficial SDK supprts arm, arm64, and amd64 architectures.
Other Android Distributions🟡🟡Testing Needed.
- + \ No newline at end of file diff --git a/build-staging/docs/groups/accept-group-invite/index.html b/build-staging/docs/groups/accept-group-invite/index.html index 78bbd5c8..5819ff29 100644 --- a/build-staging/docs/groups/accept-group-invite/index.html +++ b/build-staging/docs/groups/accept-group-invite/index.html @@ -12,14 +12,14 @@ - +

Accepting a Group Invite

Experiments Required

This feature requires Experiments Enabled and the Group Experiment turned on.

  1. If a friend sends you a group request
  2. Choose if you want or not to join this group
  3. Now the group is on your contact list
- + \ No newline at end of file diff --git a/build-staging/docs/groups/create-group/index.html b/build-staging/docs/groups/create-group/index.html index f6a27a83..4f743974 100644 --- a/build-staging/docs/groups/create-group/index.html +++ b/build-staging/docs/groups/create-group/index.html @@ -12,14 +12,14 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/groups/edit-group-name/index.html b/build-staging/docs/groups/edit-group-name/index.html index 74fc5a7e..19ef1e0f 100644 --- a/build-staging/docs/groups/edit-group-name/index.html +++ b/build-staging/docs/groups/edit-group-name/index.html @@ -12,14 +12,14 @@ - +

Editing a Group Name

Experiments Required

This feature requires Experiments Enabled and the Group Experiment turned on.

Group names are private to you, it will not be shared, it is your local name for the group.

  1. On the chat pane go to settings
  2. Change the name of the group
  3. Press the save button
  4. Now your group has a new name
- + \ No newline at end of file diff --git a/build-staging/docs/groups/introduction/index.html b/build-staging/docs/groups/introduction/index.html index 644440d7..291e1706 100644 --- a/build-staging/docs/groups/introduction/index.html +++ b/build-staging/docs/groups/introduction/index.html @@ -12,7 +12,7 @@ - + @@ -33,7 +33,7 @@ their message using the Group Key and generates a cryptographic sig and the decrypted message (see: wire formats for more information).

To receive message from the group, a profile connected to the server hosting the group and downloads all messages (since their previous connection). Profiles then attempt to decrypt each message using the Group Key and if successful attempt to verify the signature (see Cwtch Servers Cwtch Groups for an overview of attacks and mitigations).

- + \ No newline at end of file diff --git a/build-staging/docs/groups/leave-group/index.html b/build-staging/docs/groups/leave-group/index.html index 8a8518cd..f01bb9f8 100644 --- a/build-staging/docs/groups/leave-group/index.html +++ b/build-staging/docs/groups/leave-group/index.html @@ -12,14 +12,14 @@ - +

How to Leave a Group

Experiments Required

This feature requires Experiments Enabled and the Group Experiment turned on.

danger

This feature will result in irreversible deletion of key material. This cannot be undone.

  1. On the chat pane go to settings
  2. Scroll down on the settings pane
  3. Press on leave conversation
  4. Confirm you want to leave
- + \ No newline at end of file diff --git a/build-staging/docs/groups/manage-known-servers/index.html b/build-staging/docs/groups/manage-known-servers/index.html index d38281b0..56f075c4 100644 --- a/build-staging/docs/groups/manage-known-servers/index.html +++ b/build-staging/docs/groups/manage-known-servers/index.html @@ -12,14 +12,14 @@ - +

Managing Servers

Experiments Required

This feature requires Experiments Enabled and the Group Experiment turned on.

Cwtch groups are hosted by untrusted servers. If you want to see the servers you know about, their status, and the groups hosted on them:

  1. On your contacts pane
  2. Got to the manage servers icon

Import locally hosted server

  1. To import a locally hosted server click on select local server
  2. Select the server you want
- + \ No newline at end of file diff --git a/build-staging/docs/groups/send-invite/index.html b/build-staging/docs/groups/send-invite/index.html index eeeef2fb..89f01b95 100644 --- a/build-staging/docs/groups/send-invite/index.html +++ b/build-staging/docs/groups/send-invite/index.html @@ -12,14 +12,14 @@ - +

Sending Invites to a Group

Experiments Required

This feature requires Experiments Enabled and the Group Experiment turned on.

  1. Go to a chat with a friend
  2. Press on the invite icon
  3. Select the group you want to invite them to
  4. Press Invite
  5. You have sent an invite
- + \ No newline at end of file diff --git a/build-staging/docs/intro/index.html b/build-staging/docs/intro/index.html index feada7c3..4fdbb4b3 100644 --- a/build-staging/docs/intro/index.html +++ b/build-staging/docs/intro/index.html @@ -12,14 +12,14 @@ - +

What is Cwtch?

Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messaging app.

  • Decentralized and Open: There is no “Cwtch service” or “Cwtch network”. Participants in Cwtch can host their own safe spaces, or lend their infrastructure to others seeking a safe space. The Cwtch protocol is open, and anyone is free to build bots, services and user interfaces and integrate and interact with Cwtch.
  • Privacy Preserving: All communication in Cwtch is end-to-end encrypted and takes place over Tor v3 onion services.
  • Metadata Resistant: Cwtch has been designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata.

Security, Encryption and Safety

For a more in depth look at the security, privacy, and underlying encryption technology used in Cwtch, please consult our Security Handbook

Getting Started

You can download the latest version of Cwtch from https://cwtch.im/download/

- + \ No newline at end of file diff --git a/build-staging/docs/platforms/tails/index.html b/build-staging/docs/platforms/tails/index.html index 78662845..8779dda1 100644 --- a/build-staging/docs/platforms/tails/index.html +++ b/build-staging/docs/platforms/tails/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Running Cwtch on Tails

New Feature

New in Cwtch 1.12

This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.

The following steps require that Tails has been launched with an Administration Password.

Tails uses Onion Grater to guard access to the control port. We have packaged an oniongrater configuration cwtch-tails.yml and setup script (install-tails.sh) with Cwtch on Linux.

The tails-specific part of the script is reproduced below:

    # Tails needs to be have been setup up with an Administration account
    # 
    # Make Auth Cookie Readable
    sudo chmod o+r /var/run/tor/control.authcookie
    # Copy Onion Grater Config
    sudo cp cwtch.yml /etc/onion-grater.d/cwtch.yml
    # Restart Onion Grater so the Config Takes effect
    sudo systemctl restart onion-grater.service

When launching, Cwtch on Tails should be passed the CWTCH_TAILS=true environment variable to automatically configure Cwtch for running in a Tails-like environment:

exec env CWTCH_TAILS=true LD_LIBRARY_PATH=~/.local/lib/cwtch/:~/.local/lib/cwtch/Tor ~/.local/lib/cwtch/cwtch

Install Location

The above command, and the below onion grater configuration assume that Cwtch was installed in ~/.local/lib/cwtch/cwtch - if Cwtch was installed somewhere else (or if you are running directly from the download folder) then you will need to adjust the commands.

Onion Grater Configuration

The oniongrater configuration cwtch-tails.yml is reproduced below. As noted this configuration is can likely be restricted much further. 

    ---
    # TODO: This can likely be restricted even further, especially in regards to the ADD_ONION pattern
    - apparmor-profiles:
        - '/home/amnesia/.local/lib/cwtch/cwtch'
      users:
        - 'amnesia'
      commands:
        AUTHCHALLENGE:
          - 'SAFECOOKIE .*'
        SETEVENTS:
          - 'CIRC WARN ERR'
          - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
        GETINFO:
          - '.*'
        GETCONF:
          - 'DisableNetwork'
        SETCONF:
          - 'DisableNetwork.*'
        ADD_ONION:
          - '.*'
        DEL_ONION:
          - '.+'
        HSFETCH:
          - '.+'
      events:
        CIRC:
          suppress: true
        ORCONN:
          suppress: true
        INFO:
          suppress: true
        NOTICE:
          suppress: true
        WARN:
          suppress: true
        ERR:
          suppress: true
        HS_DESC:
          response:
        - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
          replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
        - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
          replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
        - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
          replacement: '650 HS_DESC UPLOADED {} {} redacted'
        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH'
          replacement: '650 HS_DESC REQUESTED {} NO_AUTH'
        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
          replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'
        - pattern:     '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
          replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'
        - pattern:     '.*'
          replacement: ''
        HS_DESC_CONTENT:
          suppress: true

Persistence

By default, Cwtch creates $HOME/.cwtch and saves all encrypted profiles and settings files there. In order to save any profiles/conversations in Cwtch on Tails you will have to backup this folder to a non-volatile home.

See the Tails documentation for setting up persistent storage

- + \ No newline at end of file diff --git a/build-staging/docs/profiles/availability-status/index.html b/build-staging/docs/profiles/availability-status/index.html index 1922358f..137df52a 100644 --- a/build-staging/docs/profiles/availability-status/index.html +++ b/build-staging/docs/profiles/availability-status/index.html @@ -12,13 +12,13 @@ - +

Setting Availability Status

New Feature

New in Cwtch 1.12

This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.

On the conversations pane click the Status icon next to your profile picture.

A drop-down menu will appear with various options e.g. Available, Away, and Busy

When you select Away or Busy as a status the border of your profile picture will change to reflect the status

Contacts will see this change reflected in their conversations pane.

- + \ No newline at end of file diff --git a/build-staging/docs/profiles/change-name/index.html b/build-staging/docs/profiles/change-name/index.html index dc6cd6a6..6f229015 100644 --- a/build-staging/docs/profiles/change-name/index.html +++ b/build-staging/docs/profiles/change-name/index.html @@ -12,13 +12,13 @@ - +

Changing Your Display Name

  1. On the Manage Profiles view, Press the pencil next to the profile you want to edit
  2. Change your name
  3. Click save profile
- + \ No newline at end of file diff --git a/build-staging/docs/profiles/change-password/index.html b/build-staging/docs/profiles/change-password/index.html index 302d35e8..698f0674 100644 --- a/build-staging/docs/profiles/change-password/index.html +++ b/build-staging/docs/profiles/change-password/index.html @@ -12,13 +12,13 @@ - +

Changing Your Password

  1. Press the pencil next to the profile you want to edit
  2. Go to current password and input your current password
  3. Go to new password and input your new password
  4. Re enter your password
  5. Click Save profile
- + \ No newline at end of file diff --git a/build-staging/docs/profiles/change-profile-image/index.html b/build-staging/docs/profiles/change-profile-image/index.html index 4d5e51bd..1a240ba1 100644 --- a/build-staging/docs/profiles/change-profile-image/index.html +++ b/build-staging/docs/profiles/change-profile-image/index.html @@ -12,14 +12,14 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/profiles/create-a-profile/index.html b/build-staging/docs/profiles/create-a-profile/index.html index 3e2fa48b..d1ee2576 100644 --- a/build-staging/docs/profiles/create-a-profile/index.html +++ b/build-staging/docs/profiles/create-a-profile/index.html @@ -12,13 +12,13 @@ - +

Creating a New Profile

  1. Press the + action button in the right bottom corner and select "New Profile"
  2. Select a display name
  3. Select if you want to protect this profile locally with strong encryption:
    • Password: your account is protected from other people who may use this device
    • No Password: anyone who has access to this device may be able to access this profile
  4. Fill in your password and re-enter it
  5. Click add new profile

A note on Password Protected (Encrypted) Profiles

Profiles are stored locally on disk and encrypted using a key derived from user-known password (via pbkdf2).

Note that, once encrypted and stored on disk, the only way to recover a profile is by rederiving the key from the password - as such it isn't possible to provide a full list of profiles a user might have access to until they enter a password.

See also: Cwtch Security Handbook: Profile Encryption & Storage

- + \ No newline at end of file diff --git a/build-staging/docs/profiles/delete-profile/index.html b/build-staging/docs/profiles/delete-profile/index.html index 7ef5b092..27171c3f 100644 --- a/build-staging/docs/profiles/delete-profile/index.html +++ b/build-staging/docs/profiles/delete-profile/index.html @@ -12,13 +12,13 @@ - +

Deleting a Profile

danger

This feature will result in irreversible deletion of key material. This cannot be undone.

  1. Press the pencil next to the profile you want to edit
  2. Scroll down to the bottom of the screen
  3. Press delete
  4. Press really delete profile
- + \ No newline at end of file diff --git a/build-staging/docs/profiles/exporting-profile/index.html b/build-staging/docs/profiles/exporting-profile/index.html index eac1c444..027c72f1 100644 --- a/build-staging/docs/profiles/exporting-profile/index.html +++ b/build-staging/docs/profiles/exporting-profile/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Backup or Exporting a Profile

On the Profile Management Screen:

  1. Select the pencil next to the profile you want to edit
  2. Scroll down to the bottom of the screen
  3. Select "Export Profile"
  4. Choose a location, and a file name
  5. Confirm

Once confirmed, Cwtch will place a copy of the profile at the given location. This file is encrypted to the same level that the profile is. See A note on Password Protected (Encrypted) Profiles for more information on encrypted profiles.

This file can be imported into another instance of Cwtch on any device.

- + \ No newline at end of file diff --git a/build-staging/docs/profiles/importing-a-profile/index.html b/build-staging/docs/profiles/importing-a-profile/index.html index eba121dd..403ea8ef 100644 --- a/build-staging/docs/profiles/importing-a-profile/index.html +++ b/build-staging/docs/profiles/importing-a-profile/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Importing a Profile

  1. Press the + action button in the right bottom corner and select "Import Profile"
  2. Select an exported Cwtch profile file to import
  3. Enter the password associated with the profile and confirm.

Once confirmed, Cwtch will attempt to decrypt the provided file using a key derived from the given password. If successful the profile will appear on the Profile Management screen and will be ready to use.

note

While a profile can be imported onto multiple devices, currently only one version of a profile can be in-use across all devices at any one time.

Attempts to use the same profile across multiple devices may result in availability issues and messaging failures.

- + \ No newline at end of file diff --git a/build-staging/docs/profiles/introduction/index.html b/build-staging/docs/profiles/introduction/index.html index ba801a93..5d301ce6 100644 --- a/build-staging/docs/profiles/introduction/index.html +++ b/build-staging/docs/profiles/introduction/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

An Introduction to Cwtch Profiles

With Cwtch you can create one of more Profiles. Each profile generates a random ed25519 key pair compatible with the Tor Network.

This is the identifier that you can give out to people and that they can use to contact you via Cwtch.

Cwtch allows you to create and manage multiple, separate profiles. Each profile is associated with a different key pair which launches a different onion service.

Manage Profiles

On start up Cwtch will launch the Manage Profiles screen. From this screen you can:

- + \ No newline at end of file diff --git a/build-staging/docs/profiles/profile-info/index.html b/build-staging/docs/profiles/profile-info/index.html index eb9a914e..1572c849 100644 --- a/build-staging/docs/profiles/profile-info/index.html +++ b/build-staging/docs/profiles/profile-info/index.html @@ -12,13 +12,13 @@ - +

Setting Profile Attributes

New Feature

New in Cwtch 1.12

This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.

On the profile management pane there are three free-form text fields below your profile picture.

You can fill these fields with any information your would like potential contacts to know. This information is public - do not put any information in here that you do not want to share with everyone.

Contacts will be able to see this information in conversation settings

- + \ No newline at end of file diff --git a/build-staging/docs/profiles/unlock-profile/index.html b/build-staging/docs/profiles/unlock-profile/index.html index ce305fd9..8c8a0a22 100644 --- a/build-staging/docs/profiles/unlock-profile/index.html +++ b/build-staging/docs/profiles/unlock-profile/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/servers/create-server/index.html b/build-staging/docs/servers/create-server/index.html index 110ed1d5..785c5bd0 100644 --- a/build-staging/docs/servers/create-server/index.html +++ b/build-staging/docs/servers/create-server/index.html @@ -12,14 +12,14 @@ - +

How to create a server

Experiments Required

This feature requires Experiments Enabled and the Server Hosting Experiment turned on.

  1. Go to the server icon
  2. Press the + action button to make a new server
  3. Choose a name for your server
  4. Select a password for your server
  5. Click on “Add Server”
- + \ No newline at end of file diff --git a/build-staging/docs/servers/delete-server/index.html b/build-staging/docs/servers/delete-server/index.html index b36886fe..37334674 100644 --- a/build-staging/docs/servers/delete-server/index.html +++ b/build-staging/docs/servers/delete-server/index.html @@ -12,14 +12,14 @@ - +

How to delete server

Experiments Required

This feature requires Experiments Enabled and the Server Hosting Experiment turned on.

  1. Go to the server Icon
  2. Select the server you want to delete
  3. Press the pencil icon
  4. Scroll down and input your password
  5. Press delete
  6. Press really delete
  7. Your server is deleted
- + \ No newline at end of file diff --git a/build-staging/docs/servers/edit-server/index.html b/build-staging/docs/servers/edit-server/index.html index 6c5dcfbd..7060578b 100644 --- a/build-staging/docs/servers/edit-server/index.html +++ b/build-staging/docs/servers/edit-server/index.html @@ -12,14 +12,14 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/servers/introduction/index.html b/build-staging/docs/servers/introduction/index.html index e16a4b57..311bfaa3 100644 --- a/build-staging/docs/servers/introduction/index.html +++ b/build-staging/docs/servers/introduction/index.html @@ -12,14 +12,14 @@ - +

Servers Introduction

Experiments Required

This feature requires Experiments Enabled and the Server Hosting Experiment turned on.

Cwtch contact to contact chat is fully peer to peer, which means if one peer is offline, you cannot chat, and there is no mechanism for multiple people to chat.

To support group chat (and offline delivery) we have created untrusted Cwtch servers which can host messages for a group. The messages are encrypted with the group key, and fetch via ephemeral onions, so the server has no way to know what messages for what groups it might be holding, or who is accessing it.

Currently running servers in the Cwtch app is only supported on the Desktop version as mobile devices' internet conection and environment is too unstable and unsuitable to running a server.

- + \ No newline at end of file diff --git a/build-staging/docs/servers/share-key/index.html b/build-staging/docs/servers/share-key/index.html index e3355b8b..b96914f4 100644 --- a/build-staging/docs/servers/share-key/index.html +++ b/build-staging/docs/servers/share-key/index.html @@ -12,14 +12,14 @@ - +

How to share your Server Key Bundle

Experiments Required

This feature requires Experiments Enabled and the Server Hosting Experiment turned on.

Your server key bundle is the package of data a Cwtch app needs in order to use a server. If you just want to make other Cwtch users aware of your server, you can share this with them. Then they will have the ability to create their own groups on the server.

  1. Go to the server Icon
  2. Select the server you want
  3. Use the copy address icon to copy the server keys
  4. Don’t share the keys with people you don’t trust
- + \ No newline at end of file diff --git a/build-staging/docs/servers/unlock-server/index.html b/build-staging/docs/servers/unlock-server/index.html index 0762372f..3427b30d 100644 --- a/build-staging/docs/servers/unlock-server/index.html +++ b/build-staging/docs/servers/unlock-server/index.html @@ -12,14 +12,14 @@ - +

How to Unlock a server

Experiments Required

This feature requires Experiments Enabled and the Server Hosting Experiment turned on.

If you protected your server with a password, it will need to be unlocked each time you restart the application.

  1. Go to the server Icon
  2. Click on the pink unlock icon
  3. Input the password of your server
  4. Press Unlock
- + \ No newline at end of file diff --git a/build-staging/docs/settings/appearance/change-language/index.html b/build-staging/docs/settings/appearance/change-language/index.html index daf91968..a5f4c6ed 100644 --- a/build-staging/docs/settings/appearance/change-language/index.html +++ b/build-staging/docs/settings/appearance/change-language/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/settings/appearance/light-dark-mode/index.html b/build-staging/docs/settings/appearance/light-dark-mode/index.html index 0ee592f6..ca0ab5ea 100644 --- a/build-staging/docs/settings/appearance/light-dark-mode/index.html +++ b/build-staging/docs/settings/appearance/light-dark-mode/index.html @@ -12,14 +12,14 @@ - +

Light/Dark and themes Breakdown

  1. Press the setting icon
  2. You can choose light or dark theme by toggling the “use light themes” switch
  3. Using the “color theme” drop down menu, pick a theme you like
    1. Cwtch: purple tones
    2. Ghost: Grey tones
    3. Mermaid: Turquoise and purple tones
    4. Midnight: Black and gray tones
    5. Neon 1: purple and pink tones
    6. Neon 2: purple and turquoise tones
    7. Pumpkin: purple and orange tones
    8. Witch: Green and pink tones
    9. Vampire: Purple and red tones
- + \ No newline at end of file diff --git a/build-staging/docs/settings/appearance/streamer-mode/index.html b/build-staging/docs/settings/appearance/streamer-mode/index.html index e96dc61e..d719ae22 100644 --- a/build-staging/docs/settings/appearance/streamer-mode/index.html +++ b/build-staging/docs/settings/appearance/streamer-mode/index.html @@ -12,14 +12,14 @@ - +

Streamer/Presentation Mode

Streamer/Presentation mode makes the app more visually private. In this mode, Cwtch will not display auxiliary information like Cwtch addresses and other sensitive information on the main screens.

This is useful when taking screenshots or otherwise displaying Cwtch in a more public way.

  1. Press the settings icon
  2. Toggle "Streamer Mode" to On
  3. Check it works by looking at your profile or at your contact list
- + \ No newline at end of file diff --git a/build-staging/docs/settings/appearance/ui-columns/index.html b/build-staging/docs/settings/appearance/ui-columns/index.html index b4486f4b..11dd42c4 100644 --- a/build-staging/docs/settings/appearance/ui-columns/index.html +++ b/build-staging/docs/settings/appearance/ui-columns/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/settings/behaviour/block-unknown-connections/index.html b/build-staging/docs/settings/behaviour/block-unknown-connections/index.html index c0092b0a..790c2e6e 100644 --- a/build-staging/docs/settings/behaviour/block-unknown-connections/index.html +++ b/build-staging/docs/settings/behaviour/block-unknown-connections/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Block Unknown Connections

By default, Cwtch interprets connections from unknown Cwtch addresses as Contact Requests. You can change this behaviour through the Block Unknown Connections setting.

If enabled, Cwtch will auto close all connections from Cwtch addresses that you have not added to your conversation list. This will prevent people who have your Cwtch address from contacting you unless you also add them.

To enable:

  1. Go to Settings
  2. Toggle on Block Unknown Contacts
- + \ No newline at end of file diff --git a/build-staging/docs/settings/behaviour/notification-content/index.html b/build-staging/docs/settings/behaviour/notification-content/index.html index f453f485..f80bd0a3 100644 --- a/build-staging/docs/settings/behaviour/notification-content/index.html +++ b/build-staging/docs/settings/behaviour/notification-content/index.html @@ -12,13 +12,13 @@ - +

Notification Content

  1. Go to settings
  2. Scroll to behaviour
  3. The notification content controls the contents of notifications
    1. Plain Event: "New Message" only
    2. Conversation Information: "New Message from XXXXX"
- + \ No newline at end of file diff --git a/build-staging/docs/settings/behaviour/notification-policy/index.html b/build-staging/docs/settings/behaviour/notification-policy/index.html index b318d530..75960a4d 100644 --- a/build-staging/docs/settings/behaviour/notification-policy/index.html +++ b/build-staging/docs/settings/behaviour/notification-policy/index.html @@ -12,14 +12,14 @@ - +

Notification policy

  1. Go to settings
  2. Scroll to behaviour
  3. The notification policy controls the notification behaviour
  4. Click on Default all to change the behaviour to opt in or to mute all notifications
  5. Pick your preferred notification Policy
- + \ No newline at end of file diff --git a/build-staging/docs/settings/experiments/clickable-links/index.html b/build-staging/docs/settings/experiments/clickable-links/index.html index c21a0483..f85945ec 100644 --- a/build-staging/docs/settings/experiments/clickable-links/index.html +++ b/build-staging/docs/settings/experiments/clickable-links/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Clickable Links Experiment

danger

This feature, if enabled, presents a deanonymization risk.

Do not open URLs from people you do not trust. Links sent via Cwtch are opened via the default browser on the system. Most web browsers cannot provide anonymity.

Enable the Clickable Links Experiment

Clickable links are not enabled by default. To allow Cwtch to open links in messages:

  1. Go to Settings
  2. Enable Experiments
  3. Enable the Clickable Links Experiment

Risks

Clickable links in messages are a very useful feature however there are risks you should be aware of if you choose to enable this feature.

To prevent accidental triggering, after clicking on a link in a message, Cwtch will first open an additional prompt with two options:

  1. Copy the URL to the Clipboard
  2. Open the URL in the default web browser

You can use the back button on your device, or click away from this prompt to avoid selecting either option.

Cwtch cannot protect you if you open malicious links.

The URL is opened in the default web browser which will likely, at a minimum, expose your IP address to the server hosting the URL. Web pages may also use other browser vulnerabilities to gather additional information, or further exploit your computer.

- + \ No newline at end of file diff --git a/build-staging/docs/settings/experiments/file-sharing/index.html b/build-staging/docs/settings/experiments/file-sharing/index.html index e95c512e..dba9a2bb 100644 --- a/build-staging/docs/settings/experiments/file-sharing/index.html +++ b/build-staging/docs/settings/experiments/file-sharing/index.html @@ -12,14 +12,14 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/settings/experiments/group-experiment/index.html b/build-staging/docs/settings/experiments/group-experiment/index.html index 5425b97f..375d15f9 100644 --- a/build-staging/docs/settings/experiments/group-experiment/index.html +++ b/build-staging/docs/settings/experiments/group-experiment/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/settings/experiments/image-previews-and-profile-pictures/index.html b/build-staging/docs/settings/experiments/image-previews-and-profile-pictures/index.html index 2ff112db..2780b175 100644 --- a/build-staging/docs/settings/experiments/image-previews-and-profile-pictures/index.html +++ b/build-staging/docs/settings/experiments/image-previews-and-profile-pictures/index.html @@ -12,13 +12,13 @@ - +

Image Previews and Profile Pictures

caution

This experiment requires the File Sharing experiment enabled.

When enabled, Cwtch will download image files automatically, display image previews in the conversation window, and enable the Profile Pictures feature;

On Desktop, enabling this experiment will allow access to an additional setting "Download Folder` which can be changed to tell Cwtch where to (automatically) download pictures.

- + \ No newline at end of file diff --git a/build-staging/docs/settings/experiments/message-formatting/index.html b/build-staging/docs/settings/experiments/message-formatting/index.html index 4e0df327..674b6e70 100644 --- a/build-staging/docs/settings/experiments/message-formatting/index.html +++ b/build-staging/docs/settings/experiments/message-formatting/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/settings/experiments/qrcodes/index.html b/build-staging/docs/settings/experiments/qrcodes/index.html index 5981c4ef..f0b7183f 100644 --- a/build-staging/docs/settings/experiments/qrcodes/index.html +++ b/build-staging/docs/settings/experiments/qrcodes/index.html @@ -12,14 +12,14 @@ - +
- + \ No newline at end of file diff --git a/build-staging/docs/settings/experiments/server-hosting/index.html b/build-staging/docs/settings/experiments/server-hosting/index.html index bbaabd80..8de87495 100644 --- a/build-staging/docs/settings/experiments/server-hosting/index.html +++ b/build-staging/docs/settings/experiments/server-hosting/index.html @@ -12,13 +12,13 @@ - +

Server Hosting

Server hosting is currently an experimental feature in Cwtch, it is not enabled by default.

  1. Go to Settings
  2. Enable Experiments
  3. Enable the Server Hosting experiment
  4. You will probably also want to enable the Group experiment if you want to participate on a group hosted on your server
- + \ No newline at end of file diff --git a/build-staging/docs/settings/introduction/index.html b/build-staging/docs/settings/introduction/index.html index 0aa86bb1..0875876d 100644 --- a/build-staging/docs/settings/introduction/index.html +++ b/build-staging/docs/settings/introduction/index.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ risk, beyond the minimum that Cwtch requires for basic operations.

As such additional features like group chat, file sharing or message formatting.

You should think carefully when enabling these features about the new risks that might be involved, and if you are comfortable opting-in to those risks. For many the benefits of file sharing, image previews and group chat far outweigh the potential harms - but for other we require everyone to opt-in to these features.

You can opt-out at any time, all features are implemented locally within the Cwtch app.

- + \ No newline at end of file diff --git a/build-staging/docs/tor/index.html b/build-staging/docs/tor/index.html index 79fecf49..07b66bcf 100644 --- a/build-staging/docs/tor/index.html +++ b/build-staging/docs/tor/index.html @@ -12,13 +12,13 @@ - +

Tor

Cwtch uses Tor to provide routing and connections. Using Tor hidden services to host profiles and on the fly generated "ephemeral" connections when making a connection provides strong anonymity guarantees to users of Cwtch.

Tor Pane

Since we are adding an additional networking layer to Cwtch, we provide a pane to view Tor network status and make changes. To access it

  1. From the profile list pane, click the Tor icon tor icon
  2. View the tor network status
Tor Status: Online
Tor Version: 0.4.6.9

Reset Tor

The Tor network itself can occasionally have stale connections that aren't detected immediatly by it or Cwtch (we're always trying to improve this). Sometimes a user may find contacts or groups appearing offline they feel should be online. If you'd like to restart all the networking connections in Cwtch, we provide a mechanism to reboot tor from within the app. The reset button will reboot Tor from within the Cwtch app.

Cache Tor Consensus

By default we start a fresh Tor process every time the app boots, and it requires downloading some Tor network state before it can start. This process is not instant. If you want to speed up Cwtch booting, you can enable Caching Tor Conensus to speed up future boots. If you run into a boot problem where the data is stale or corrupted and Cwtch is reporting it cannot boot Tor, disable this feature and reset tor again, and it should work.

Advanced Tor Configuration

We also offer the option to provide advance Tor configuration option in this section by allowing you to

  • Specify a custom SOCKS port to connect to an existing Tor over
  • Specify a custom Control port to connect to an existing Tor over
  • and specify further options by entering custom torrc options
- + \ No newline at end of file diff --git a/build-staging/es/404.html b/build-staging/es/404.html index d10fd548..e595d05d 100644 --- a/build-staging/es/404.html +++ b/build-staging/es/404.html @@ -12,13 +12,13 @@ - - + +

Página No Encontrada

No pudimos encontrar lo que buscas.

Por favor, contacta al propietario del sitio al que está enlazada la URL original y hazle saber que el enlace está roto.

- - + + \ No newline at end of file diff --git a/build-staging/es/assets/js/0991cafe.e01c2db3.js b/build-staging/es/assets/js/0991cafe.e01c2db3.js deleted file mode 100644 index ad6c4837..00000000 --- a/build-staging/es/assets/js/0991cafe.e01c2db3.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[5876],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var n=a(7294);function o(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function r(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function i(e){for(var t=1;t=0||(o[a]=e[a]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(o[a]=e[a])}return o}var s=n.createContext({}),c=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var a=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=c(a),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||r;return a?n.createElement(m,i(i({ref:t},p),{},{components:a})):n.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=a.length,i=new Array(r);i[0]=u;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[h]="string"==typeof e?e:o,i[1]=l;for(var c=2;c{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var n=a(7462),o=(a(7294),a(3905));const r={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/es/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5 de julio de 2023",tags:[{label:"cwtch",permalink:"/es/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/es/blog/tags/cwtch-stable"},{label:"planning",permalink:"/es/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Cwtch UI Reproducible Builds (Linux)",permalink:"/es/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/es/blog/cwtch-nightly-1-12"}},s={authorsImageUrls:[void 0]},c=[{value:"Update on the Cwtch Stable Roadmap",id:"update-on-the-cwtch-stable-roadmap",level:2},{value:"Next Steps, Refinements, Additional Work",id:"next-steps-refinements-additional-work",level:2},{value:"Get Involved",id:"get-involved",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],p={toc:c},h="wrapper";function d(e){let{components:t,...r}=e;return(0,o.kt)(h,(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,o.kt)("strong",{parentName:"p"},"Beta")," to ",(0,o.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,o.kt)("p",null,"This post ",(0,o.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,o.kt)("p",null,(0,o.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})),(0,o.kt)("h2",{id:"update-on-the-cwtch-stable-roadmap"},"Update on the Cwtch Stable Roadmap"),(0,o.kt)("p",null,"Back in March we extended and updated several goals from ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/path-to-cwtch-stable"},"our January roadmap")," that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing."),(0,o.kt)("p",null,"(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A Cwtch Release Process Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/#official-releases"},"Release Process")),(0,o.kt)("li",{parentName:"ul"},"A Cwtch Packaging Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/"},"Packaging Documentation")),(0,o.kt)("li",{parentName:"ul"},"Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new ",(0,o.kt)("a",{parentName:"li",href:"/docs/contribute/documentation"},"documentation style guide"),", and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have also released developer-centric documentation including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A guide to building Cwtch-apps using official libraries \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/category/building-a-cwtch-app"},"Building a Cwtch App")),(0,o.kt)("li",{parentName:"ul"},"Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. "))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th June 2023")," the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"An implementation of ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129"},"Conversation Search")," \ud83d\udfe1 - currently in ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518"},"active development")),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27"},"Profile statuses")," and other associated information \u2705 - released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")),(0,o.kt)("li",{parentName:"ul"},"An update to the network handling code to allow for ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593"},"better Protocol Engine management")," \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12"),". We now believe these changes will be complete in Cwtch Beta 1.13."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st July 2023")," the Cwtch team will have completed several infrastructure upgrades including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/openprivacy/repliqate"},"Repliqate")," to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks."),(0,o.kt)("li",{parentName:"ul"},"Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below)."),(0,o.kt)("li",{parentName:"ul"},"New testing environments for F-droid, Whonix, Raspberry Pi and other ",(0,o.kt)("a",{parentName:"li",href:"/docs/getting-started/supported_platforms"},"partially supported systems")," \ud83d\udfe1 - we have already launched an environment for testing ",(0,o.kt)("a",{parentName:"li",href:"/docs/platforms/tails"},"Tails"),". Other platforms are underway."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st August 2023")," the Cwtch team will have a released Cwtch Stable Release Candidate:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable."),(0,o.kt)("li",{parentName:"ul"},"Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security."),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("strong",{parentName:"li"},"This does not mark an end to Cwtch development"),", or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.")))),(0,o.kt)("h2",{id:"next-steps-refinements-additional-work"},"Next Steps, Refinements, Additional Work"),(0,o.kt)("p",null,"As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. "),(0,o.kt)("p",null,"Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like."),(0,o.kt)("p",null,"However, ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")," featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing."),(0,o.kt)("p",null,"The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup."),(0,o.kt)("p",null,"We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards."),(0,o.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,o.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,o.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,o.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,o.kt)("h2",{id:"get-involved"},"Get Involved"),(0,o.kt)("p",null,"We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/developing"},"Developing Cwtch")," - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on."),(0,o.kt)("p",null,"We also also updated our guides on ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/translate"},"Translating Cwtch")," and ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/testing"},"Testing Cwtch"),"."),(0,o.kt)("p",null,"If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to ",(0,o.kt)("inlineCode",{parentName:"p"},"team@cwtch.im")," (or open an issue) with any questions. All types of contributions ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/stickers"},"are eligible for stickers"),"."),(0,o.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,o.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,o.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,o.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,o.kt)("p",null,"Donations of ",(0,o.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,o.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"A Photo of Cwtch Stickers",src:a(4515).Z,width:"1024",height:"768"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/0991cafe.f14e1324.js b/build-staging/es/assets/js/0991cafe.f14e1324.js new file mode 100644 index 00000000..d825ae03 --- /dev/null +++ b/build-staging/es/assets/js/0991cafe.f14e1324.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[5876],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var n=a(7294);function o(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function r(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function i(e){for(var t=1;t=0||(o[a]=e[a]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(o[a]=e[a])}return o}var s=n.createContext({}),c=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var a=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=c(a),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||r;return a?n.createElement(m,i(i({ref:t},p),{},{components:a})):n.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=a.length,i=new Array(r);i[0]=u;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[h]="string"==typeof e?e:o,i[1]=l;for(var c=2;c{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var n=a(7462),o=(a(7294),a(3905));const r={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/es/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5 de julio de 2023",tags:[{label:"cwtch",permalink:"/es/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/es/blog/tags/cwtch-stable"},{label:"planning",permalink:"/es/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Progress Towards Reproducible UI Builds",permalink:"/es/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/es/blog/cwtch-nightly-1-12"}},s={authorsImageUrls:[void 0]},c=[{value:"Update on the Cwtch Stable Roadmap",id:"update-on-the-cwtch-stable-roadmap",level:2},{value:"Next Steps, Refinements, Additional Work",id:"next-steps-refinements-additional-work",level:2},{value:"Get Involved",id:"get-involved",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],p={toc:c},h="wrapper";function d(e){let{components:t,...r}=e;return(0,o.kt)(h,(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,o.kt)("strong",{parentName:"p"},"Beta")," to ",(0,o.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,o.kt)("p",null,"This post ",(0,o.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,o.kt)("p",null,(0,o.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})),(0,o.kt)("h2",{id:"update-on-the-cwtch-stable-roadmap"},"Update on the Cwtch Stable Roadmap"),(0,o.kt)("p",null,"Back in March we extended and updated several goals from ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/path-to-cwtch-stable"},"our January roadmap")," that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing."),(0,o.kt)("p",null,"(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A Cwtch Release Process Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/#official-releases"},"Release Process")),(0,o.kt)("li",{parentName:"ul"},"A Cwtch Packaging Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/"},"Packaging Documentation")),(0,o.kt)("li",{parentName:"ul"},"Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new ",(0,o.kt)("a",{parentName:"li",href:"/docs/contribute/documentation"},"documentation style guide"),", and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have also released developer-centric documentation including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A guide to building Cwtch-apps using official libraries \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/category/building-a-cwtch-app"},"Building a Cwtch App")),(0,o.kt)("li",{parentName:"ul"},"Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. "))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th June 2023")," the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"An implementation of ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129"},"Conversation Search")," \ud83d\udfe1 - currently in ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518"},"active development")),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27"},"Profile statuses")," and other associated information \u2705 - released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")),(0,o.kt)("li",{parentName:"ul"},"An update to the network handling code to allow for ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593"},"better Protocol Engine management")," \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12"),". We now believe these changes will be complete in Cwtch Beta 1.13."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st July 2023")," the Cwtch team will have completed several infrastructure upgrades including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/openprivacy/repliqate"},"Repliqate")," to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks."),(0,o.kt)("li",{parentName:"ul"},"Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below)."),(0,o.kt)("li",{parentName:"ul"},"New testing environments for F-droid, Whonix, Raspberry Pi and other ",(0,o.kt)("a",{parentName:"li",href:"/docs/getting-started/supported_platforms"},"partially supported systems")," \ud83d\udfe1 - we have already launched an environment for testing ",(0,o.kt)("a",{parentName:"li",href:"/docs/platforms/tails"},"Tails"),". Other platforms are underway."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st August 2023")," the Cwtch team will have a released Cwtch Stable Release Candidate:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable."),(0,o.kt)("li",{parentName:"ul"},"Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security."),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("strong",{parentName:"li"},"This does not mark an end to Cwtch development"),", or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.")))),(0,o.kt)("h2",{id:"next-steps-refinements-additional-work"},"Next Steps, Refinements, Additional Work"),(0,o.kt)("p",null,"As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. "),(0,o.kt)("p",null,"Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like."),(0,o.kt)("p",null,"However, ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")," featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing."),(0,o.kt)("p",null,"The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup."),(0,o.kt)("p",null,"We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards."),(0,o.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,o.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,o.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,o.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,o.kt)("h2",{id:"get-involved"},"Get Involved"),(0,o.kt)("p",null,"We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/developing"},"Developing Cwtch")," - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on."),(0,o.kt)("p",null,"We also also updated our guides on ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/translate"},"Translating Cwtch")," and ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/testing"},"Testing Cwtch"),"."),(0,o.kt)("p",null,"If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to ",(0,o.kt)("inlineCode",{parentName:"p"},"team@cwtch.im")," (or open an issue) with any questions. All types of contributions ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/stickers"},"are eligible for stickers"),"."),(0,o.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,o.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,o.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,o.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,o.kt)("p",null,"Donations of ",(0,o.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,o.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"A Photo of Cwtch Stickers",src:a(4515).Z,width:"1024",height:"768"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/814f3328.3e0cbbbe.js b/build-staging/es/assets/js/814f3328.3e0cbbbe.js deleted file mode 100644 index 8feb3775..00000000 --- a/build-staging/es/assets/js/814f3328.3e0cbbbe.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2535],{5641:t=>{t.exports=JSON.parse('{"title":"Recent Logs","items":[{"title":"Cwtch UI Reproducible Builds (Linux)","permalink":"/es/blog/cwtch-ui-reproducible-builds-linux"},{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update-june"},{"title":"Cwtch Beta 1.12","permalink":"/es/blog/cwtch-nightly-1-12"},{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/es/blog/cwtch-nightly-v.11-74"},{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/es/blog/cwtch-developer-documentation"},{"title":"Availability Status and Profile Attributes","permalink":"/es/blog/availability-status-profile-attributes"},{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update"},{"title":"Cwtch Beta 1.11","permalink":"/es/blog/cwtch-nightly-1-11"},{"title":"Updates to Cwtch Documentation","permalink":"/es/blog/cwtch-documentation"},{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/es/blog/autobindings-ii"},{"title":"Autogenerating Cwtch Bindings","permalink":"/es/blog/autobindings"},{"title":"Notes on Cwtch UI Testing (II)","permalink":"/es/blog/cwtch-testing-ii"},{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/es/blog/cwtch-android-reproducibility"},{"title":"Notes on Cwtch UI Testing","permalink":"/es/blog/cwtch-testing-i"},{"title":"Cwtch UI Platform Support","permalink":"/es/blog/cwtch-platform-support"},{"title":"Making Cwtch Bindings Reproducible","permalink":"/es/blog/cwtch-bindings-reproducible"},{"title":"Cwtch Stable API Design","permalink":"/es/blog/cwtch-stable-api-design"},{"title":"Path to Cwtch Stable","permalink":"/es/blog/path-to-cwtch-stable"}]}')}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/814f3328.50c95b15.js b/build-staging/es/assets/js/814f3328.50c95b15.js new file mode 100644 index 00000000..23431bde --- /dev/null +++ b/build-staging/es/assets/js/814f3328.50c95b15.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2535],{5641:t=>{t.exports=JSON.parse('{"title":"Recent Logs","items":[{"title":"Progress Towards Reproducible UI Builds","permalink":"/es/blog/cwtch-ui-reproducible-builds-linux"},{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update-june"},{"title":"Cwtch Beta 1.12","permalink":"/es/blog/cwtch-nightly-1-12"},{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/es/blog/cwtch-nightly-v.11-74"},{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/es/blog/cwtch-developer-documentation"},{"title":"Availability Status and Profile Attributes","permalink":"/es/blog/availability-status-profile-attributes"},{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update"},{"title":"Cwtch Beta 1.11","permalink":"/es/blog/cwtch-nightly-1-11"},{"title":"Updates to Cwtch Documentation","permalink":"/es/blog/cwtch-documentation"},{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/es/blog/autobindings-ii"},{"title":"Autogenerating Cwtch Bindings","permalink":"/es/blog/autobindings"},{"title":"Notes on Cwtch UI Testing (II)","permalink":"/es/blog/cwtch-testing-ii"},{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/es/blog/cwtch-android-reproducibility"},{"title":"Notes on Cwtch UI Testing","permalink":"/es/blog/cwtch-testing-i"},{"title":"Cwtch UI Platform Support","permalink":"/es/blog/cwtch-platform-support"},{"title":"Making Cwtch Bindings Reproducible","permalink":"/es/blog/cwtch-bindings-reproducible"},{"title":"Cwtch Stable API Design","permalink":"/es/blog/cwtch-stable-api-design"},{"title":"Path to Cwtch Stable","permalink":"/es/blog/path-to-cwtch-stable"}]}')}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/95c68178.a9d25d45.js b/build-staging/es/assets/js/95c68178.a9d25d45.js deleted file mode 100644 index 28e98e5d..00000000 --- a/build-staging/es/assets/js/95c68178.a9d25d45.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[6205],{3264:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"cwtch-ui-reproducible-builds-linux","metadata":{"permalink":"/es/blog/cwtch-ui-reproducible-builds-linux","source":"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md","title":"Cwtch UI Reproducible Builds (Linux)","description":"","date":"2023-07-14T00:00:00.000Z","formattedDate":"14 de julio de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/es/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"repliqate","permalink":"/es/blog/tags/repliqate"}],"readingTime":4.06,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Reproducible Builds (Linux)","description":"","slug":"cwtch-ui-reproducible-builds-linux","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update-june"}},"content":"Earlier this year we talked about the changes we have made to make [Cwtch Bindings Reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible).\\n\\nIn this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. \\n\\nThis will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Building the Cwtch UI\\n\\nThe official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the `stable` channel.\\n\\nAll builds are conducted through the `flutter` tool e.g. `flutter build`. We inject two build flags as part of the official build `VERSION` and `COMMIT_DATE`:\\n\\n\\t\\tflutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\\n\\nThese flags are defined to be identical to Cwtch Bindings. `VERSION` is the latest git tag: `git describe --tags --abbrev=1` and `COMMIT_DATE` is the date of the latest commit on the branch ``echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE``\\n\\nAll Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in `LIBCWTCH-GO.version`, and fetched via the fetch-libcwtch scripts).\\n\\nThe binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.\\n\\n## Changes we made for reproducible builds\\n\\nFor reproducible linux builds we had to modify the generated `linux/CMakeLists.txt` file to include the following compiler and linker flags:\\n\\n* `-fno-ident` - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.\\n* `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts\\n* `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.\\n\\nWe also define a new [link script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections.\\n\\n### Tar Archives\\n\\nFinally, following the [guide at https://reproducible-builds.org/docs/archives/](https://reproducible-builds.org/docs/archives/) we defined standard metadata for the generated Tar archives to make them also reproducible.\\n\\n## Limitations and Next Steps\\n\\nThe above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script\\n\\nHowever, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others.\\n\\nIn order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.\\n\\n### Pinned Dependencies\\n\\nWhile our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. \\n\\nThe major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). \\n\\nHowever this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n\\n## Stay up to date!\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development."},{"id":"cwtch-stable-roadmap-update-june","metadata":{"permalink":"/es/blog/cwtch-stable-roadmap-update-june","source":"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","date":"2023-07-05T00:00:00.000Z","formattedDate":"5 de julio de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/es/blog/tags/planning"}],"readingTime":5.26,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","slug":"cwtch-stable-roadmap-update-june","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Reproducible Builds (Linux)","permalink":"/es/blog/cwtch-ui-reproducible-builds-linux"},"nextItem":{"title":"Cwtch Beta 1.12","permalink":"/es/blog/cwtch-nightly-1-12"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the Cwtch Stable Roadmap\\n\\nBack in March we extended and updated several goals from [our January roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document \u2705 - [Release Process](https://docs.cwtch.im/developing/release/#official-releases)\\n - A Cwtch Packaging Document \u2705 - [Packaging Documentation](https://docs.cwtch.im/developing/release/)\\n - Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new [documentation style guide](/docs/contribute/documentation), and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries \u2705 - [Building a Cwtch App](https://docs.cwtch.im/developing/category/building-a-cwtch-app)\\n - Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. \\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129) \ud83d\udfe1 - currently in [active development](https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information \u2705 - released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12)\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593) \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12). We now believe these changes will be complete in Cwtch Beta 1.13.\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms) \ud83d\udfe1 - we have already launched an environment for testing [Tails](/docs/platforms/tails). Other platforms are underway.\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\n\\n## Next Steps, Refinements, Additional Work\\n\\nAs you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. \\n\\nOther work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.\\n\\nHowever, [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12) featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.\\n\\nThe work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.\\n\\nWe are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-12","metadata":{"permalink":"/es/blog/cwtch-nightly-1-12","source":"@site/blog/2023-06-16-cwtch-1.12.md","title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","date":"2023-06-16T00:00:00.000Z","formattedDate":"16 de junio de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"release","permalink":"/es/blog/tags/release"}],"readingTime":2.455,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","slug":"cwtch-nightly-1-12","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog13_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update-june"},"nextItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/es/blog/cwtch-nightly-v.11-74"}},"content":"[Cwtch 1.12 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new features like [profile attributes](https://docs.cwtch.im/docs/profiles/profile-info), support for new platforms like [Tails](https://docs.cwtch.im/docs/platforms/tails), and multiple improvements to performance and stability.\\n\\n![](/img/devlog13.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic1.12.png)](/img/picnic1.12.png)\\n\\n
A screenshot of Cwtch 1.12
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Profile Attributes** - profiles can now be augmented with [additional public information](https://docs.cwtch.im/docs/profiles/profile-info)\\n - **Availability Status** - you can now notify contacts that you [are **away** or **busy**](https://docs.cwtch.im/docs/profiles/availability-status)\\n - **Five New Supported Localizations**: **Japanese**, **Korean**, **Slovak**, **Swahili** and **Swedish**\\n - **Support for Tails** - adds an [OnionGrater](https://docs.cwtch.im/docs/platforms/tails) configuration and a new `CWTCH_TAILS` environment variable that enables special Tor behaviour.\\n- **Bug Fixes / Improvements:**\\n - Based on Flutter 3.10\\n - Inter is now the main UI font\\n - New Font Scaling setting\\n - New Network Management code to better manage Tor on unstable networks\\n - File Sharing Experiment Fixes\\n \\t- Fix performance issues for file bubble\\n \\t- Allow restarting of file shares that have timed out\\n \\t- Fix NPE in FileBubble caused by deleting the underlying file\\n \\t- Move from RetVal to UpdateConversationAttributes to minimze UI thread issues\\n - Updates to Linux install scripts to support more distributions\\n - Add a Retry Peer connection to prioritize connection attempts for certain conversations\\n - Updates to `_FlDartProject` to allow custom setting of Flutter asset paths\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Slovak**, **Spanish**, **Swahili**, **Swedish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Japanese** (29%), **Korean** (23%), **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n## Reproducible Bindings\\n\\nCwtch 1.12 is based on libCwtch version `libCwtch-autobindings-2023-06-13-10-50-v0.0.5`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-v.11-74","metadata":{"permalink":"/es/blog/cwtch-nightly-v.11-74","source":"@site/blog/2023-06-07-new-nightly.md","title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","date":"2023-06-07T00:00:00.000Z","formattedDate":"7 de junio de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/es/blog/tags/developer-documentation"}],"readingTime":1.845,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","slug":"cwtch-nightly-v.11-74","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog10_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.12","permalink":"/es/blog/cwtch-nightly-1-12"},"nextItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/es/blog/cwtch-developer-documentation"}},"content":"We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog10.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-06-05-17-36-v1.11.0-74-g0406](https://build.openprivacy.ca/files/flwtch-2023-06-05-17-36-v1.11.0-74-g0406/).\\n\\nThis version has a large number of improvements and bug fixes including:\\n\\n* A new Font Scaling setting\\n* Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.\\n* Updated UI font styles\\n* Dependency updates, including a new base of Flutter 3.10.\\n* A fix for stuck file downloading notifications on Android\\n* A fix for missing profile images in certain edge cases on Android\\n* Japanese, Swedish, and Swahili translation options\\n* A new retry peer connection button for prompting Cwtch to prioritize specific connections\\n* [Tails support](/docs/platforms/tails)\\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-developer-documentation","metadata":{"permalink":"/es/blog/cwtch-developer-documentation","source":"@site/blog/2023-04-28-developer-docs.md","title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","date":"2023-04-28T00:00:00.000Z","formattedDate":"28 de abril de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/es/blog/tags/developer-documentation"}],"readingTime":2.595,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","slug":"cwtch-developer-documentation","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/es/blog/cwtch-nightly-v.11-74"},"nextItem":{"title":"Availability Status and Profile Attributes","permalink":"/es/blog/availability-status-profile-attributes"}},"content":"One of the larger remaining goals outlined in our [Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents. \\n\\nIn this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!\\n\\nWe are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog9.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Cwtch Development Handbook\\n\\nWe have created a new documentation section, [the developers handbook](/developing/intro). This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).\\n\\n### Release and Packaging Process\\n\\nThe new handbook features a breakdown of [Cwtch release processes](/developing/release) - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.\\n\\n### Cwtch Application Development and Cwtchbot v0.1.0!\\n\\nFor the first time ever we now have [comprehensive documentation on how to build a Cwtch Application](/developing/category/building-a-cwtch-app). This section of the development handbook covers everything from [choosing a Cwtch library](/developing/building-a-cwtch-app/intro#choosing-a-cwtch-library), to [building your first application](/developing/building-a-cwtch-app/building-an-echobot).\\n\\nTogether with this new documentation we have also [released version 0.1 of the Cwtchbot framework](https://git.openprivacy.ca/sarah/cwtchbot), updating calls to use the [new Cwtch Stable API](/blog/cwtch-stable-api-design).\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-04-26-20-57-v1.11.0-33-gb4371](https://build.openprivacy.ca/files/flwtch-2023-04-26-20-57-v1.11.0-33-gb4371/).\\n\\nThis version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the [in-development Tails support](/docs/platforms/tails). \\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"availability-status-profile-attributes","metadata":{"permalink":"/es/blog/availability-status-profile-attributes","source":"@site/blog/2023-04-06-availability-and-profile-attributes.md","title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","date":"2023-04-06T00:00:00.000Z","formattedDate":"6 de abril de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"nightly","permalink":"/es/blog/tags/nightly"}],"readingTime":1.445,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","slug":"availability-status-profile-attributes","tags":["cwtch","cwtch-stable","nightly"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/es/blog/cwtch-developer-documentation"},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update"}},"content":"Two new Cwtch features are now available to test in nightly: [Availability Status](/docs/profiles/availability-status) and [Profile Information](/docs/profiles/profile-info).\\n\\nAdditionally, we have also published draft guidance on [running Cwtch on Tails](/docs/platforms/tails) that we would like volunteers to test and report back on.\\n \\nThe Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like\\nours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Availability Status\\n\\nNew in this nightly is the ability to notify your conversations that you are \\"Away\\" or \\"Busy\\".\\n\\n
\\n\\n[![](/img/profiles/status-tooltip-busy-set.png)](/img/profiles/status-tooltip-busy-set.png)\\n\\n
\\n
\\n\\nRead more: [Availability Status](/docs/profiles/availability-status)\\n\\n## Profile Attributes\\n\\nAlso new is the ability to augment your profile with a few small pieces of **public** information.\\n\\n
\\n\\n[![](/img/profiles/attributes-set.png)](/img/profiles/attributes-set.png)\\n\\n
\\n
\\n\\nRead more: [Profile Information](/docs/profiles/profile-info)\\n \\n## Downloading the Nightly\\n\\n[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-18-28-v1.11.0-7-g0290** are available below.\\n\\n* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/)\\n* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n* Mac: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/)\\n* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update","metadata":{"permalink":"/es/blog/cwtch-stable-roadmap-update","source":"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","date":"2023-03-31T00:00:00.000Z","formattedDate":"31 de marzo de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/es/blog/tags/planning"}],"readingTime":5.61,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","slug":"cwtch-stable-roadmap-update","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Availability Status and Profile Attributes","permalink":"/es/blog/availability-status-profile-attributes"},"nextItem":{"title":"Cwtch Beta 1.11","permalink":"/es/blog/cwtch-nightly-1-11"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap](/blog/path-to-cwtch-stable) we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the January Roadmap\\n\\nBack in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \u274c not started.)\\n\\n- By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). \u2705\\n- By **1st February 2023**, the Cwtch team will have [finalized a feature set that defines Cwtch Stable](/blog/cwtch-stable-api-design) and established a timeline for including these features in upcoming Cwtch Beta releases. \u2705\\n- By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:\\n - [Security and Design Documents](/security/intro) \u2705\\n - Infrastructure and [Support](/docs/getting-started/supported_platforms) \ud83d\udfe1\\n - in addition to a new development blog. \u2705\\n- By **31st March 2023**, the Cwtch team will have created:\\n - a [style guide for documentation](/docs/contribute/documentation), and \u2705\\n - have used it to ensure that all Cwtch features have consistent documentation available, \ud83d\udfe1\\n - with at least one screenshot (where applicable). \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have published: \\n - a Cwtch [Interface Specification Document](/blog/cwtch-stable-api-design) \u2705\\n - a Cwtch Release Process Document \ud83d\udfe1\\n - a Cwtch [Support Plan document](/blog/cwtch-platform-support) \u2705\\n - a Cwtch Packaging Document \ud83d\udfe1\\n - a document describing the [Reproducible Builds Process](/blog/cwtch-bindings-reproducible) \u2705\\n - These documents will be available on the newly expanded Cwtch Documentation website \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. \u2705\\n- By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \u274c\\n- By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable \u2705 (this post!)\\n\\nWhile we didn\'t hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:\\n\\n* [Cwtch Autobindings](/blog/autobindings) with [compile-time optional experiments](/blog/autobindings-ii)\\n* [Cwtch 1.11](/blog/cwtch-nightly-1-11) - with support for reproducible bindings, two new localizations (Slovak and Korean), in addition to a myriad of bug fixes and performance improvements.\\n* [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) - a tool for testing and confirming reproducible builds processes based on Qemu, and a Debian Cloud image.\\n\\n## A Timeline for Cwtch Stable\\n\\nNow for the big news, we plan on releasing a candidate Cwtch Stable release during **Summer 2023**. Here is our plan for getting there:\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document\\n - A Cwtch Packaging Document\\n - Completion of documentation of existing Cwtch features, including relevant screenshots.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries\\n - Automatically generated API documentation for libCwtch\\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593)\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms)\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-11","metadata":{"permalink":"/es/blog/cwtch-nightly-1-11","source":"@site/blog/2023-03-29-cwtch-1.11.md","title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","date":"2023-03-29T00:00:00.000Z","formattedDate":"29 de marzo de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"release","permalink":"/es/blog/tags/release"}],"readingTime":2.365,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","slug":"cwtch-nightly-1-11","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog12_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update"},"nextItem":{"title":"Updates to Cwtch Documentation","permalink":"/es/blog/cwtch-documentation"}},"content":"[Cwtch 1.11 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new [reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) and [automatically generated](https://docs.cwtch.im/blog/autobindings) bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.\\n\\n![](/img/devlog12.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic.png)](/img/picnic.png)\\n\\n
A screenshot of Cwtch 1.11
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Based on new Reproducible Cwtch Stable Autobuilds** - this is the first release of cwtch based on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) in addition to our new [automatically generated](https://docs.cwtch.im/blog/autobindings)\\n - **Two New Supported Localizations**: **Slovak** and **Korean**\\n- **Bug Fixes / Improvements:**\\n - When preserving a message draft, quoted messages are now also saved\\n - Layout issues caused by pathological unicode are now prevented\\n - Improved performance of message row rendering\\n - Clickable Links: Links in replies are now selectable\\n - Clickable Links: Fixed error when highlighting certain URIs \\n - File Downloading: Fixes for file downloading and exporting on 32bit Android devices\\n - Server Hosting: Fixes for several layout issues\\n - Build pipeline now runs automated UI tests\\n - Fix issues caused by scrollbar controller overriding\\n - Initial support for the Blodeuwedd Assistant (currently compile-time disabled)\\n - Cwtch Library:\\n - [New Stable Cwtch Peer API](/blog/cwtch-stable-api-design)\\n - Ported File Downloading and Image Previews experiments into Cwtch\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Spanish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n\\n\\n## Reproducible Bindings\\n\\nCwtch 1.11 is based on libCwtch version `2023-03-16-15-07-v0.0.3-1-g50c853a`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-documentation","metadata":{"permalink":"/es/blog/cwtch-documentation","source":"@site/blog/2023-03-10-cwtch-documentation.md","title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","date":"2023-03-10T00:00:00.000Z","formattedDate":"10 de marzo de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"documentation","permalink":"/es/blog/tags/documentation"},{"label":"security-handbook","permalink":"/es/blog/tags/security-handbook"}],"readingTime":2.57,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","slug":"cwtch-documentation","tags":["cwtch","cwtch-stable","documentation","security-handbook"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.11","permalink":"/es/blog/cwtch-nightly-1-11"},"nextItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/es/blog/autobindings-ii"}},"content":"One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.\\n\\n![](/img/devlog9.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Cwtch Secure Development Handbook\\n \\nOne of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.\\n\\nWe have [now ported the the handbook to this documentation site](/security/intro), along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation. \\n\\n## Volunteer Development\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Next Steps\\n\\nWe still have more work to do on the documentation front:\\n\\n* Ensuring all pages [implement the new documentation style guide](/docs/contribute/documentation), and include appropriate screenshots and descriptions.\\n* Expanding the security handbook to provide information on [reproducible builds](/blog/cwtch-bindings-reproducible), [the new Cwtch Stable API](/blog/cwtch-stable-api-design) and upcoming improvements around fuzz testing.\\n* Creating new documentation sections on the [libCwtch autobindings API](/blog/autobindings) and building applications on top of Cwtch.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings-ii","metadata":{"permalink":"/es/blog/autobindings-ii","source":"@site/blog/2023-03-03-autobindings-optional-experiments.md","title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","date":"2023-03-03T00:00:00.000Z","formattedDate":"3 de marzo de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"autobindings","permalink":"/es/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/es/blog/tags/libcwtch"}],"readingTime":4.655,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","slug":"autobindings-ii","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Updates to Cwtch Documentation","permalink":"/es/blog/cwtch-documentation"},"nextItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/es/blog/autobindings"}},"content":"[Last time we looked at autobindings](https://docs.cwtch.im/blog/autobindings) we mentioned that one of the next steps was introducing support for **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)**. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## The Structure of an Application Experiment\\n\\nAn application-level experiment consists of:\\n\\n1. A set of top-level APIs, e.g. `CreateServer`, `LoadServer`, `DeleteServer` - these are the APIs that we want to expose to calling applications.\\n2. An encapsulating structure for the set of APIs, e.g. `ServersFunctionality` - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.\\n3. A global variable that exists at the top level of libCwtch, e.g. `var serverExperiment *servers.ServersFunctionality servers` - our single pointer to the underlying functionality.\\n4. A set of management-related APIs, e.g. `Init`, `UpdateSettings`, `OnACNEvent` - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are\\nchanged (e.g. if the server hosting experiment is disabled we need to tear down all active servers).\\n5. Management code within `_startCwtch` and `_reconnectCwtch` that calls the management APIs on the global variable.\\n\\nFrom a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead\\nof on `application` or a specific `profile`.\\n\\nMost of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.\\n\\n### New Required Management APIs\\n\\nTo achieve this weaving, we now require application-level experiments to implement an `EventHandlerInterface` interface and expose itself via an\\ninitialize constructor `Init(acn, appDir) -> EventHandlerInterface`, and `Enable(app, acn)`.\\n\\nFor now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.\\n\\nWe can then generate, and optionally include blocks of code like:\\n\\n\\t\\t = .Init(&globalACN, appDir)\\n\\t\\teventHandler.AddModule()\\n\\t\\t.Enable(application, &globalACN)\\n\\nand place them at specific points in the code. `EventHandler` has also been extended to maintain a collection of `modules` so that it can\\npass on interesting events.\\n\\n### Adding Support for Application Experiments in the Spec File\\n\\nWe have introduced a new `!` operator which can be used to gate APIs behind a configured experiment. Along with a new\\ntemplating option `exp` which will call the function on the configured experiment, and `global` to allow the setting up\\nof a global functionality within the library.\\n\\n\\t\\t# Server Hosting Experiment\\n\\t\\t!serverExperiment import \\"git.openprivacy.ca/cwtch.im/cwtch-autobindings/experiments/servers\\"\\n\\t\\t!serverExperiment global serverExperiment *servers.ServersFunctionality servers\\n\\t\\t!serverExperiment exp CreateServer application password string:description bool:autostart\\n\\t\\t!serverExperiment exp SetServerAttribute application string:handle string:key string:val\\n\\t\\t!serverExperiment exp LoadServers application acn password\\n\\t\\t!serverExperiment exp LaunchServers application acn\\n\\t\\t!serverExperiment exp LaunchServer application string:handle\\n\\t\\t!serverExperiment exp StopServer application string:handle\\n\\t\\t!serverExperiment exp StopServers application\\n\\t\\t!serverExperiment exp DestroyServers\\n\\t\\t!serverExperiment exp DeleteServer application string:handle password\\n\\n### Generation-Time Inclusion\\n\\n Without any arguments provided `generate-bindings` will not generate code for any experiments.\\n\\n In order to determine what experimental code to generate, `generate-bindings` now interprets arguments as enabled compile time experiments, e.g. `generate-bindings serverExperiment` will turn on\\n generation of server hosting code, per the spec file above.\\n\\n### Cwtch UI Integration\\n\\nThe UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. `c_LoadServers` - if it doesn\'t then the UI is safe to assume the\\nfeature is not available.\\n\\n
\\n\\n![](/img/dev9-host-disabled.png)\\n\\n
A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.
\\n
\\n\\n## Nightlies & Next Steps\\n\\nWe are now publishing [nightlies](https://build.openprivacy.ca/files/libCwtch-autobindings-v0.0.2/) of autobinding derived libCwtch-go, along with [Repliqate scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.2) for reproducibility.\\n\\nWith application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced\\nin the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.\\n\\nHowever, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:\\n\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs).\\n * **Documentation generation**: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings","metadata":{"permalink":"/es/blog/autobindings","source":"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md","title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","date":"2023-02-24T00:00:00.000Z","formattedDate":"24 de febrero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"autobindings","permalink":"/es/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/es/blog/tags/libcwtch"}],"readingTime":4.545,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","slug":"autobindings","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/es/blog/autobindings-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/es/blog/cwtch-testing-ii"}},"content":"The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of\\nwhat the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to **automatically generate** these bindings: [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings).\\n\\nThis this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the [path to Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable).\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## A Brief History of Cwtch Bindings\\n\\nPrior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by [therecipe/qt](https://github.com/therecipe/qt). However, after encountering numerous\\ncrash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.\\n\\nAs part of early prototyping efforts for Flutter we built out a first version of [libCwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go), and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.\\n\\nThis approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular [experimental features](https://docs.cwtch.im/blog/cwtch-stable-api-design#the-cwtch-experiment-landscape) - handle settings, [duplication of logic between Cwtch and libCwtch-go](https://docs.cwtch.im/blog/cwtch-stable-api-design#bindings), and [special behaviour in libCwtch-go that better belongs in the core Cwtch library](https://docs.cwtch.im/blog/cwtch-stable-api-design#appendix-a-special-behaviour-defined-by-libcwtch-go).\\n\\nAs part of a broader effort to [refine the Cwtch API in preparation for Cwtch Stable](https://docs.cwtch.im/blog/cwtch-stable-api-design) we have taken the opportunity to fix many of these problems.\\n\\n## Cwtch Autobindings\\n\\nThe current `lib.go` file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the `BlockContact` API implementation is:\\n\\n\\t//export c_BlockContact\\n\\tfunc c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {\\n\\t\\tBlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))\\n\\t}\\n\\n\\tfunc BlockContact(profileOnion string, conversationID int) {\\n\\t\\tprofile := application.GetPeer(profileOnion)\\n\\t\\tif profile != nil {\\n\\t\\t\\tprofile.BlockConversation(conversationID)\\n\\t\\t}\\n\\t}\\n\\nAll that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.\\n\\nIn the new [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings) we reduce these multiple lines to [a single one](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec#L19):\\n\\n\\tprofile BlockConversation conversation\\n\\nDefining a `profile`-level function, called `BlockConversation` which takes in a single parameter of type `conversation`.\\n\\nUsing a similar boilerplate-reduction for the reset of `lib.go` yields [5-basic function prototypes](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/README.md#spec-file-format):\\n\\n* Application-level functions e.g. `CreateProfile`\\n* Profile-level functions e.g. `BlockConversation`\\n* Profile-level functions that return data e.g. `GetMessage`\\n* Experimental Profile-level feature functions e.g. `DownloadFile`\\n* Experimental Profile-level feature functions that return data e.g. `ShareFile`\\n\\nOnce aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be [described in fewer than 50 lines, including comments](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec). Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).\\n\\n## Next Steps\\n\\nCwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:\\n\\n * **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)** (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on `cwtch-server`). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don\'t support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart-side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs)\\n * **Documentation generation**: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n * **Cwtch API**: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the [Cwtch Stable API redesign](https://docs.cwtch.im/blog/cwtch-stable-api-design). In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-ii","metadata":{"permalink":"/es/blog/cwtch-testing-ii","source":"@site/blog/2023-02-17-cwtch-testing-ii.md","title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","date":"2023-02-17T00:00:00.000Z","formattedDate":"17 de febrero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"support","permalink":"/es/blog/tags/support"},{"label":"testing","permalink":"/es/blog/tags/testing"}],"readingTime":1.75,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","slug":"cwtch-testing-ii","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog7_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/es/blog/autobindings"},"nextItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/es/blog/cwtch-android-reproducibility"}},"content":"In this development log, we investigate some text-based UI bugs encountered by [Fuzzbot](https://docs.cwtch.im/docs/contribute/testing#running-fuzzbot), add more [automated UI tests](/blog/cwtch-testing-i) to the pipeline, and announce a new release of the Cwtchbot library.\\n\\n![](/img/devlog7.png)\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Constraining Cwtch UI Fields\\n\\nFuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this\\ndoesn\'t pose a safety issue, it is unsightly.\\n\\n
\\n\\n[![](/img/dl7-before.png)](/img/dl7-before.png)\\n\\n
Screenshot demonstrating how certain strings would violate the bounds of their containers.
\\n
\\n\\nThese cases were fixed by parenting impacted elements in a `Container` with `clip: hardEdge` and `decoration:BoxDecoration()` (note that both of these are required as Container widgets in Flutter cannot set clipping logic\\nwithout an associated decoration).\\n\\n
\\n\\n[![](/img/dl7-after.png)](/img/dl7-after.png)\\n\\n
Now these clipped strings are tightly constrained to their container bounds.
\\n
\\n\\nThese fixes are available in the [latest Cwtch Nightly](/docs/contribute/testing#cwtch-nightlies), and will be officially released in Cwtch 1.11.\\n\\n## More Automated UI Tests\\n\\nWe have added two new sets of automated UI tests to our pipeline:\\n\\n- *02: Global Settings* - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. ([PR: 628](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/628))\\n- *04: Profile Management* - these tests check that creating, unlocking, and deleting a profile work as expected. ([PR: 632](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/632))\\n\\n## New Release of Cwtchbot\\n\\n[Cwtchbot](https://git.openprivacy.ca/sarah/cwtchbot) has been updated to use the latest Cwtch 0.18.10 API.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-android-reproducibility","metadata":{"permalink":"/es/blog/cwtch-android-reproducibility","source":"@site/blog/2023-02-10-android-reproducibility.md","title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","date":"2023-02-10T00:00:00.000Z","formattedDate":"10 de febrero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/es/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"repliqate","permalink":"/es/blog/tags/repliqate"}],"readingTime":2.92,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","slug":"cwtch-android-reproducibility","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog6_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/es/blog/cwtch-testing-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing","permalink":"/es/blog/cwtch-testing-i"}},"content":"In this development log, we continue our previous work on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible), uncovering the final few sources of variation between our [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!\\n\\n![](/img/devlog6.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Changes Necessary for Reproducible Android Bindings\\n\\nAfter a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:\\n\\n- **Insufficient path stripping introduced by Android NDK tools** - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 [changed the binutils and default linker](https://github.com/android/ndk/wiki/Changelog-r22) to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our [long term support plan](https://docs.cwtch.im/blog/cwtch-platform-support), we will be moving towards adopting the latest NDK in the future.\\n- **Paths in DWARF entries** - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.\\n\\n
\\n\\n[![](/img/aar-diff.png)](/img/aar-diff.png)\\n\\n
Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
\\n
\\n\\n- **Go Compiler Acquisition** - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there *was* a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.\\n\\n## Repliqate Scripts\\n\\nWith those issues now fixed, Cwtch Android bindings are **officially reproducible!** The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under [cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script) in the [Cwtch Repliqate scripts repository](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/).\\n\\nThis is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-i","metadata":{"permalink":"/es/blog/cwtch-testing-i","source":"@site/blog/2023-02-03-cwtch-testing-i.md","title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","date":"2023-02-03T00:00:00.000Z","formattedDate":"3 de febrero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"support","permalink":"/es/blog/tags/support"},{"label":"testing","permalink":"/es/blog/tags/testing"}],"readingTime":4.74,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","slug":"cwtch-testing-i","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog5_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/es/blog/cwtch-android-reproducibility"},"nextItem":{"title":"Cwtch UI Platform Support","permalink":"/es/blog/cwtch-platform-support"}},"content":"We first [introduced UI tests last January](https://openprivacy.ca/discreet-log/23-cucumber-testing/). At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.\\n\\nOne of the main threads of work that needs to be complete early in the [Cwtch Stable roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.\\n\\n![](/img/devlog5.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Current Limitations of Flutter Gherkin\\n\\nThe original [flutter_gherkin](https://pub.dev/packages/flutter_gherkin) is under semi-active development; however, the latest published versions don\'t support using it with `flutter test`.\\n\\n- **Flutter Test** was originally intended to run single widget/unit tests for a Flutter project.\\n- **Flutter Drive** was originally intended to run integration tests *on a device or an emulator*.\\n\\nHowever, in recent releases these lines have become blurred. The new [integration_test](https://docs.flutter.dev/testing/integration-tests) package that comes built into newer Flutter releases has support for both `flutter drive` and `flutter test`. This was a great change because it decreases the required overhead to run larger integration tests (`flutter drive` sets up a host-controller model that requires a dedicated control channel to be setup, whereas `flutter test` can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).\\n\\nThere is thankfully code in the `flutter_gherkin` repository that supports running tests with `flutter test`, however this code currently has a few issues:\\n\\n- The test code generation produces code that doesn\'t compile without minor changes.\\n- Certain functionality like \\"take a screenshot\\" does not work on desktop.\\n\\nAdditionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:\\n\\n- Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.\\n- Certain Flutter widgets like `DropdownButton` are not compatible with built-in steps like `tap` because they internally contain multiple copies of the same widget.\\n\\nBecause of the above issues we have chosen to [fork flutter_gherkin](https://git.openprivacy.ca/openprivacy/flutter_gherkin) to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.\\n\\n## Integrating Tests into the Pipeline\\n\\nOne of the major limitations of `flutter test` is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.\\n\\nThankfully it is possible to use [Xfvb](https://en.wikipedia.org/wiki/Xvfb) to create a virtual framebuffer, and set `DISPLAY` to render to that buffer:\\n\\n export DISPLAY=:99\\n Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &\\n\\nThis allows us to neutralize our main issue with `flutter test`, and efficiently run tests in our pipeline.\\n\\n## Catching Bugs!\\n\\nThis small amount of integration work has already caught its first bug.\\n\\nOnce we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. [02_save_load.feature](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/integration_test/features/01_general/02_save_load.feature) simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on\\ndevelopment environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.\\n\\nThe cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory `$USER_HOME/Downloads` didn\'t exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.\\n\\nAs we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!\\n\\n## Next Steps\\n\\n- **More automated tests:** We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.\\n- **More platforms:** Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across [our target platforms](https://docs.cwtch.im/docs/getting-started/supported_platforms). We expect to start this work soon; expect more news in a future Cwtch Testing update!\\n\\n- **More steps:** One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the `expect to see the message` step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. `send a file` or `set profile picture`.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-platform-support","metadata":{"permalink":"/es/blog/cwtch-platform-support","source":"@site/blog/2023-01-27-platform-support.md","title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","date":"2023-01-27T00:00:00.000Z","formattedDate":"27 de enero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"support","permalink":"/es/blog/tags/support"}],"readingTime":10.535,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","slug":"cwtch-platform-support","tags":["cwtch","cwtch-stable","support"],"image":"/img/devlog4_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing","permalink":"/es/blog/cwtch-testing-i"},"nextItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/es/blog/cwtch-bindings-reproducible"}},"content":"One of the [tenets for Cwtch Stable is **Universal Availability and Cohesive Support**](https://docs.cwtch.im/blog/path-to-cwtch-stable#tenets-of-cwtch-stable):\\n\\n> \\"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\"\\n\\nThis development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.\\n\\nThe questions we aim to answer in this post are: \\n\\n- What systems do we currently support?\\n- How do we decide what systems are supported?\\n- How do we handle new OS versions?\\n- How does application support differ from library support?\\n- What blockers exist for systems we wish to support, but currently cannot e.g ios?\\n\\n![](/img/devlog4.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Constraints on support\\n\\nFrom CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems. \\n\\nIn this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.\\n\\n### Limitations on general-purpose computing \\n\\nIn order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to *other* onion services). \\n\\nOn desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, **blocked entirely**. \\n\\nThis is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.\\n\\nWhile we expect that [Arti](https://gitlab.torproject.org/tpo/core/arti) will improve the management of onion services and connections, there is no way around the need to have an active process managing such services. \\n\\nAs Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.\\n\\nWe encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don\'t place restrictions on what you can do with your own device.\\n\\n### Constraints introduced by the Flutter SDK\\n\\nThe Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by [platforms that are supported by the Flutter SDK](https://docs.flutter.dev/development/tools/sdk/release-notes/supported-platforms).\\n\\nTo summarize, as of writing this document those platforms are:\\n\\n- Android API 16 and above (arm, arm64, and amd64)\\n- Debian-based Linux Distributions (64-bit only)\\n- macOS El Capitan (10.11) and above\\n- Windows 7 & above (64-bit only)\\n\\nTo put it plainly, without porting Cwtch UI to a different UI platform **we cannot support a 32-bit desktop version**.\\n\\n### Constraints introduced by Appstore Policy \\n\\nAs of writing, [Google is pushing applications to target API 31 or above](https://developer.android.com/google/play/requirements/target-sdk). This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.\\n\\n### CPU Architecture and Cwtch Bindings\\n\\nWe currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.\\n\\nIt is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.\\n\\n| Architecture / Platform | Windows | Linux | macOS | Android |\\n|--------------------------|---------|-----|-------| -------------|\\n| arm | \u274c | \u274c | \u274c | \u2705\ufe0f| \\n| arm64 | \u274c | \ud83d\udfe1 | \u2705 | \u2705\ufe0f | \\n| x86-64 / amd64 | \u2705 | \u2705 | \u2705\ufe0f | \u2705\ufe0f |\\n\\n\\"\ud83d\udfe1\\" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).\\n\\n### Testing and official support\\n\\nAs a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the [Cwtch Release Candidate Testers](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.\\n\\nWe officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.\\n\\n### End-of-life platforms\\n\\nOperating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. [Windows 7 fell out of support on January 14, 2020](https://www.microsoft.com/en-us/windows/end-of-support), Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.\\n\\nLikewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.\\n\\nThe same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. [Cwtch currently requires libc 2.31+](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#linux-specific-considerations).\\n\\nAndroid versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our [Cwtch Release Candidate Testers groups](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to help us understand the limitations of Android support across different API versions.\\n\\n## How we decide to officially support a platform\\n\\nTo help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:\\n\\n1. **The target platform needs to be officially supported by our development tools** - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.\\n2. **The target operating system needs to be supported by the Vendor** - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).\\n3. **The target platform must be backwards compatible with the most recent version in general use** - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch *may* run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).\\n4. **People want to use Cwtch on that platform** - We will generally only consider new platform support if people ask us about it. If Cwtch isn\'t available for a platform you want to use it on, then please get in touch and ask us about it!\\n\\n## Summary of official support\\n\\nThe table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023). \\n\\nIn many cases we are looking for testers to confirm that various functionality works. A version of this table will be [maintained as part of the Cwtch Handbook](/docs/getting-started/supported_platforms).\\n\\n**Legend:**\\n\\n- \u2705: **Officially Supported**. Cwtch should work on these platforms without issue. Regressions are treated as high priority.\\n- \ud83d\udfe1: **Best Effort Support**. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.\\n- \u274c: **Not Supported**. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.\\n\\n\\n\\n| Platform | Official Cwtch Builds | Source Support | Notes |\\n|-----------------------------|-----------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------|\\n| Windows 11 | \u2705 | \u2705 | 64-bit amd64 only. |\\n| Windows 10 |\u2705 | \u2705 | 64-bit amd64 only. Not officially supported, but official builds may work. |\\n| Windows 8 and below | \u274c | \ud83d\udfe1 | Not supported. Dedicated builds from source may work. Testing Needed. |\\n| OSX 10 and below | \u274c | \ud83d\udfe1 | 64-bit Only. Official builds have been reported to work on Catalina but not High Sierra |\\n| OSX 11 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 12 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 13 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| Debian 11 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Debian 10 | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. |\\n| Debian 9 and below | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies. |\\n| Ubuntu 22.04 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Other Ubuntu | \ud83d\udfe1 | \u2705 | 64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies. | \\n| CentOS | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Gentoo | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Arch | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Whonix | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support. ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550) |\\n| Raspian (arm64) | \ud83d\udfe1 | \u2705 | Builds from source work. |\\n| Other Linux Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Android 9 and below | \ud83d\udfe1 | \ud83d\udfe1 | Official builds may work. |\\n| Android 10 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 11 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 12 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 13 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| LineageOS | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support.](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/607) |\\n| Other Android Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-bindings-reproducible","metadata":{"permalink":"/es/blog/cwtch-bindings-reproducible","source":"@site/blog/2023-01-20-reproducible-builds-bindings.md","title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","date":"2023-01-20T00:00:00.000Z","formattedDate":"20 de enero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/es/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"repliqate","permalink":"/es/blog/tags/repliqate"}],"readingTime":7.915,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","slug":"cwtch-bindings-reproducible","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog3_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Platform Support","permalink":"/es/blog/cwtch-platform-support"},"nextItem":{"title":"Cwtch Stable API Design","permalink":"/es/blog/cwtch-stable-api-design"}},"content":"From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.\\n\\nBut open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.\\n\\nThe whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can **independently verify** that the binaries we release are built from the Cwtch source code.\\n\\nIn this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n\x3c!--truncate--\x3e\\n\\n## How Cwtch Bindings are Built\\n\\nSince we launched Cwtch Beta we have used Docker containers as part of our continuous build process.\\n\\nWhen a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.\\n\\nThe Cwtch Bindings build pipeline results in four compiled libraries:\\n\\n- **libcwtch.so** \u2013 For Linux Platforms, built using the [official golang:1.19.X Docker Image](https://hub.docker.com/_/golang)\\n- **libcwtch.dll** \u2013 For Windows Platforms, built using our own [mingw-go Docker Image](https://git.openprivacy.ca/openprivacy/mingw-go)\\n- **libcwtch.ld** \u2013 For OSX Platforms, built using our dedicated OSX build server (Big Sur 11.6.1)\\n- **cwtch.aar** \u2013 For Android Platforms, built using our own [Android/GoMobile Docker Image](https://git.openprivacy.ca/openprivacy/android-go-mobile)\\n\\nThese compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.\\n\\n## Making libCwtch Reproducible\\n\\nDocker containers alone aren\'t enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:\\n\\n* **Go Build ID**: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.\\n* **Build Paths and Go Environment Variables**: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary \u2013 ostensibly to aid with debugging. These can be removed using the `trimPath` option, which we now specify for all bindings builds.\\n\\n### Linux Specific Considerations\\n\\nAfter the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.\\n\\nOur Drone/Docker build environments are based on [Debian Bullseye](https://www.debian.org/releases/bullseye/) which provides [libc6-dev version 2.31](https://packages.debian.org/bullseye/i386/libc6-dev). Other development setups will likely link libc-dev 2.34+.\\n\\nlibc6-dev 2.34 is notable [because it removed dependencies on libpthread and libdl](https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread) \u2013 neither are used in libCwtch, but they are currently referenced \u2013 which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.\\n\\nThis means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on [Next Steps](#next-steps) for more information).\\n\\n### Windows Specific Considerations\\n\\nThe headers of PE files technically contain a timestamp field. In recent years an [effort has been made to use this field for other purposes](https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705), but by default `go build` will still include the timestamp of the file when producing a DLL file (at least when using CGO).\\n\\nFortunately this field can be zeroed out through passing `-Xlinker \u2013no-insert-timestamp` into the `mingw32-gcc` process.\\n\\nWith that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.\\n\\n\\n### Android Specific Considerations\\n\\nWith the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:\\n\\n* Cwtch makes use of [GoMobile](https://github.com/golang/mobile) for compiling Android libraries. We pin to a specific version `43a0384520996c8376bfb8637390f12b44773e65` in our Docker containers. Unlike `go build`, the `trimpPath` parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized `/tmp/go-build*` references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.\\n* We still use [sdk-tools](https://developer.android.com/studio/releases/sdk-tools) instead of the new [commandline-tools](https://developer.android.com/studio/command-line). The latest version of sdk-tools is `4333796` and available from: [https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip](https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip). As part of our plans for Cwtch Stable we will be updating this dependency.\\n* Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated `openjdk:8` image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency. \\n\\nAll of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.\\n\\n### OSX Specific Considerations\\n\\nPerhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.\\n\\nAs with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.\\n\\nIn order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.\\n\\nIn an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a [proprietary SDK](https://www.apple.com/legal/sla/docs/xcode.pdf). There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.\\n\\nBecause of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.\\n\\n## Introducing Repliqate!\\n\\nWith all the above changes, **Cwtch Bindings for Linux and Windows are fully reproducible!**\\n\\nThat alone is great, but we also want to make it easier for **you** to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.\\n\\nTo make this process accessible we are releasing a new tool called [repliqate](https://git.openprivacy.ca/openprivacy/repliqate).\\n\\nRepliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.\\n\\nRepliqate runs [build-scripts](https://git.openprivacy.ca/openprivacy/repliqate#writing-a-build-script) to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from [builds.openprivacy.ca](https://build.openprivacy.ca/files/).\\n\\nWe now provide [Repliqate build-scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts) for reproducible both [Linux libCwtch.so builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-linux.script), [Windows libCwtch.dll builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-windows.script)!\\n\\nWe also have a partially repeatable [Android cwtch.aar build](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-android.script) script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.\\n\\nYou can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.\\n\\n## Next Steps\\n\\nReproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.\\n\\nAs we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-api-design","metadata":{"permalink":"/es/blog/cwtch-stable-api-design","source":"@site/blog/2023-01-13-cwtch-stable-api-design.md","title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","date":"2023-01-13T00:00:00.000Z","formattedDate":"13 de enero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/es/blog/tags/planning"},{"label":"api","permalink":"/es/blog/tags/api"}],"readingTime":17.28,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","slug":"cwtch-stable-api-design","tags":["cwtch","cwtch-stable","planning","api"],"image":"/img/devlog2_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/es/blog/cwtch-bindings-reproducible"},"nextItem":{"title":"Path to Cwtch Stable","permalink":"/es/blog/path-to-cwtch-stable"}},"content":"Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications. \\n\\nAs we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.\\n\\nAs we move out of Beta and [towards Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable) it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.\\n\\nIn this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.\\n\\n![](/img/devlog2.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Clarifying Terminology\\n\\nOver the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:\\n\\n- **Cwtch** refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application. \\n- **Cwtchlib** refers to the [reference implementation of the Cwtch Protocol](https://git.openprivacy.ca/cwtch.im/cwtch) / Application framework, currently written in Go.\\n- **Bindings** refers to C/Java/Kotlin/Rust bindings (primarily [libcwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go)) that act as an interface between Cwtchlib and downstream applications.\\n- `CwtchPeer` is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).\\n- `ProtocolEngine` is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, `ProtocolEngine` is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.\\n\\n\\n### Tenets of the Cwtch API Design\\n\\nBased on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:\\n\\n- **Robustness** - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.\\n- **Completeness** - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.\\n- **Security** \u2013 experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.\\n\\n### The Cwtch Experiment Landscape\\n\\nA summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.\\n\\n- **Groups** \u2013 the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized `ProtocolEngine` functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup. \\n - **Hybrid Groups** - we have plans to upgrade the Groups experience to a more flexible \u201chybrid-groups\u201d protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.\\n- **Filesharing** \u2013 like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in `ProtocolEngine`.\\n- **Profile Images** \u2013 based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.\\n- **Server Hosting** \u2013 the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.\\n- **Message Formatting** \u2013 notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history\\n- **Search / Microblogging** \u2013 proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.\\n- **Status / Profile Metadata** \u2013 proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.\\n\\n### The Problem with Experiments\\n\\nWe have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the `SendMessages` interface that only allows callers to send messages.\\n\\nWe have also worked to package experimental functionality into so-called **Gated Functionalities** that are only available if a given experiment is turned on.\\n\\nTogether, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:\\n\\n- The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. `SendMessages` \u2013 there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).\\n- The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.\\n- This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.\\n\\n### Restricting Powerful Cwtch APIs\\n\\nTo carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:\\n\\n- Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through `Application` and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.\\n- Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a `RestrictedCwtchConversationInterface` which decorates a Cwtch Profile interface such that it can only interact with a single conversation \u2013 these can then be passed into hooks and interface functions to limit their impact.\\n- Registered Hooks at pre-specified points with restricted capabilities \u2013 to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow `CwtchPeer` to control which experiments get access to which events at a given time.\\n\\n#### Pre-Registered Hooks\\n\\nIn order to implement certain functionality actions need to take place in-between events handled by `CwtchPeer`. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).\\n\\nThis is currently only possible with invasive changes to the `CwtchPeer` interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.\\n\\nWe are introducing a new set of Cwtch APIs designed for this purpose:\\n\\n- `OnNewPeerMessage` - hooked prior to inserting the message into the database.\\n- `OnPeerMessageConfirmed` \u2013 hooked after a peer message has been inserted into the database.\\n- `OnEncryptedGroupMessage` \u2013 hooked after receiving an encrypted message from a group server.\\n- `OnGroupMessageReceived` \u2013 hooked after a successful decryption of a group message, but before inserting it into the database.\\n- `OnContactRequestValue` \u2013 hooked on request of a scoped (the permission level of the attribute e.g. `public` or `conversation` level attributes), zoned ( relating to a specific feature e.g. `filesharing` or `chat`), and keyed (the name of the attribute e.g. `name` or `manifest`) value from a contact.\\n- `OnContactReceiveValue` \u2013 hooked on receipt of a requested scoped,zoned, and keyed value from a contact.\\n\\nIncluding the following APIs for managing hooked functionality:\\n\\n- `RegisterEvents` - returns a set of events that the extension is interested processing.\\n- `RegisterExperiments` - returns a set of experiments that the extension is interested in being notified about\\n- `OnEvent` - to be called by `CwtchPeer` whenever an event registered with `RegisterEvents` is called (assuming all experiments registered through `RegisterExperiments` is active)\\n\\n#### `ProtocolEngine` Subsystems\\n\\nAs mentioned in our experiment summary, some functionality needs to be implemented directly in the `ProtocolEngine`. The `ProtocolEngine` is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).\\n\\nSome types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a `ProtocolEngine`.\\n\\nAt the moment is this done through the concept of informal \u201csubsystems\u201d, modular add-ons to `ProtocolEngine` that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider `ProtocolEngine` ecosystem. \\n\\nWe are formalizing this subsystem into an interface, similar to the hooked functionality in `CwtchPeer`:\\n\\n- `RegisterEvents` - returns a set of events that the subsystem needs to consume to operate.\\n- `OnEvent` \u2013 to be called by `ProtocolEngine` whenever an event registered with `RegisterEvents` is called (when all the experiments registered through `RegisterExperiments` are active)\\n- `RegisterContexts` - returns the set of contexts that the subsystem implements e.g. `im.cwtch.filesharing`\\n\\nThis also requires a formalization of two *engine specific* events (for use on the event bus):\\n\\n- `SendCwtchMessage` \u2013 encapsulating the existing `CwtchPeerMessage` that is used internally in `ProtocolEngine` for messages between subsystems.\\n- `CwtchMessageReceived` \u2013 encapsulating the existing `handlePeerMessage` function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.\\n\\nAnd the introduction of three **additional** `ProtocolEnine` specific events:\\n\\n- `StartEngineSubsystem` \u2013 replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.\\n- `StopEngineSubsystem` \u2013 replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.\\n- `SubsystemStatus` \u2013 a generic event that can be published by subsystems with a collection of fields useful for debugging\\n\\nThis will allow us to move the following functionality, currently part of `ProtocolEngine` itself, into generic subsystems:\\n\\n- **Attribute Lookup Handling** - this functionality is currently part of the overloaded `handlePeerMessage` function, filtered using the `Context` parameter of the `CwtchPeerMessage`. As such it can be entirely delegated to a subsystem. \\n- **Filesharing Chunk Request Handling** \u2013 this is also part of handlePeerMessage, also filtered using the `Context` parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by `handlePeerMessage`)\\n- **Filesharing Start File Share/Stop File Share** \u2013 this is currently part of the `handleEvent` behaviour of `ProtocolEngine` and can be moved into an `OnEvent` handler of the file sharing subsystem (where such events are already processed).\\n\\nThe introduction of pre-registered hooks in combination with the formalizations of `ProtocolEngine` subsystems will allow the follow functionality, currently implemented in `CwtchPeer` or libcwtch-go to be moved to standalone packages:\\n\\n- **Filesharing** makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension. \\n - Filesharing also depends on the file sharing subsystem to be enabled in a `ProtocolEngine`. This subsystem is responsible for processing chunk requests.\\n- **Profile Images** \u2013 we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)\\n- **Legacy Groups** \u2013 while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.\\n- **Status/Profile Metadata** \u2013 status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.\\n \\n#### Impact on Enabling (Powerful) New Functionality\\n\\nNone of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:\\n\\n- **Search** \u2013 a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.\\n- **Non Chat Conversation Contexts** - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.\\n\\n## Application Experiments\\n\\nOne kind of experiment we haven\u2019t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting \u2013 this allows a Cwtch desktop client to setup and manage Cwtch Servers.\\n\\nThis kind of functionality doesn\u2019t belong in Cwtchlib \u2013 as it would necessarily introduce unrelated dependencies into the core library.\\n\\nThis functionality also doesn\u2019t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.\\n\\n## Bindings\\n\\nThe last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.\\n\\nWe can split the bindings into four core areas:\\n\\n- **Application Management** - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.\\n- **Application Experiments** - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.\\n- **Core Profile Management** - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.\\n- **Experimental Profile Features** \u2013 auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.\\n\\nThe flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.\\n\\nIn an ideal future, all of these bindings could be **generated automatically** from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)\\n\\nWe can define three types of C/Java/Kotlin interface function templates:\\n\\n- `ProfileMethodName(profilehandle String, args...)` \u2013 which directly resolves the Cwtch Profile and calls the function.\\n- `ProfileExperimentalMethodName(profilehandle String, args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.\\n- `ApplicationExperimentalMethodName(args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.\\n\\nAll we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context `ProfileInterface` for the first, exported methods of the various `Functionalities` for the second, and `ApplicationExperiment` definitions for the third.\\n\\n## Timelines and Next Actions\\n\\n- **Freeze any changes to the bindings interface** - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 \u2013 until we have implemented the proposed changes into cwtchlib.\\n- As part of Cwtch 1.11 and 1.12 Release Cycles\\n - Implement the `ProtocolEngine` Subsystem Design as outlined above.\\n - Implement the Hooks API.\\n - Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib \u2013 with the exception of behaviour related to Application Experiments (i.e. Server Hosting).\\n - Move event handling from the bindings into Application.\\n - Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) \u2013 keeping the existing interface definitions.\\n- Once Automated UI Tests have been integrated into the Cwtch UI Repository:\\n - Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings **and** a dart calling convention library from cwtchlib and any configured application experiments libraries\\n - Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).\\n - At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n## Appendix A: Special Behaviour Defined by libcwtch-go\\n\\nThe following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:\\n\\n- Application Settings\\n - Including Enabling / Disabling Experiment\\n- ACN Process Management - starting/stopping/restarting/configuring Tor.\\n- Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)\\n- Logging Levels - configuring appropriate logging levels (e.g. `INFO` or `DEBUG`)\\n- Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.\\n- UI Contact Structures - aggregating contact information for the main Cwtch UI.\\n- Group Experiment Functionality\\n - Experiment Gating\\n - GetServerInfoList\\n - GetServerInfo\\n - UI Server Struct Definition\\n- Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.\\n- \\"Unencrypted\\" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated \\"unencrypted\\".\\n- Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).\\n- Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.\\n- Cwtch Profile Engine Activation - starting/stopping a `ProtocolEngine` when requested by the UI, or in response to changes in ACN state.\\n- UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.\\n- File sharing restarts \\n- UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn\'t directly embedded within the event (e.g. converting `handle` to a `conversation id`). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.\\n- Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)"},{"id":"path-to-cwtch-stable","metadata":{"permalink":"/es/blog/path-to-cwtch-stable","source":"@site/blog/2023-01-06-path-to-cwtch-stable.md","title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","date":"2023-01-06T00:00:00.000Z","formattedDate":"6 de enero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/es/blog/tags/planning"}],"readingTime":9.995,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","slug":"path-to-cwtch-stable","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable API Design","permalink":"/es/blog/cwtch-stable-api-design"}},"content":"As of December 2022 we have released 10 versions of Cwtch Beta since the [initial launch, 18 months ago, in June 2021](https://openprivacy.ca/discreet-log/10-cwtch-beta-and-beyond/).\\n\\nThere is a consensus among the team that the next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable.\\n\\nThis post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.\\n\\n![](/img/devlog1.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Tenets of Cwtch Stable\\n\\nIt is important to state that Cwtch Stable **does not mean an end to Cwtch development**. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:\\n\\n1. **Consistent Interface** \u2013 each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.\\n2. **Universal Availability and Cohesive Support** \u2013 people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\n3. **Reproducible Builds** \u2013 Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.\\n4. **Proven Security** \u2013 we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.\\n\\n### Known Problems\\n\\nTo begin, let\'s outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.\\n\\n1. **Lack of a Stable API for future feature development** \u2013 while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)\\n2. **Special functionality in libCwtch-go** \u2013 our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)\\n3. **libCwtch-rs partial support** - we currently do not officially consider [libCwtch-rs](https://lib.rs/crates/libcwtch) when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)\\n4. **Lack of Reproducible Pipelines** - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)\\n5. **Lack of up to date, and translated, Security Documentation** \u2013 the [Cwtch security handbook](https://docs.openprivacy.ca/cwtch-security-handbook/) is currently isolated from the rest of our documentation and doesn\u2019t benefit from cross-linking, or translations. (Tenet 4)\\n6. **No Automated UI Tests** \u2013 we put a lot of work into [building out a testing framework for the UI](https://openprivacy.ca/discreet-log/23-cucumber-testing/), but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)\\n7. **Code Signing Provider** \u2013 our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)\\n8. **Second-class Android Support** - while we have put [a lot of effort behind Android support](https://openprivacy.ca/discreet-log/27-android-improvements/) across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)\\n9. **Lack of Fuzzing** \u2013 while [Fuzzbot](https://openprivacy.ca/discreet-log/07-fuzzbot/) sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)\\n10. **Lack of Formal Release Acceptance Process** \u2013 currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to \u201cunrelated\u201d changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)\\n11. **Inconsistent Cwtch Information Discovery** \u2013 our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)\\n12. **Incomplete Documentation** \u2013 docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)\\n\\n### Plan of Action\\n\\nOutside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:\\n\\n1. **Define, Publish, and Implement a Cwtch Interface Specification Documentation** \u2013 this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)\\n2. **Define, Publish, and Implement a Cwtch Release Process** \u2013 this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)\\n3. **Define, Publish, and Implement a Cwtch Support Document** - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)\\n4. **Define, Publish, and Implement a Cwtch Packaging Document** - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)\\n5. **Define, Publish, and Implement a Reproducible Builds Document** \u2013 this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)\\n6. **Expand the Cwtch Documentation Site** \u2013 to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)\\n7. **Expand our Automated Testing to include UI and Fuzzing** - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)\\n8. **Re-evaluate all Issues across all Cwtch related repositories** \u2013 issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don\u2019t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.\\n9. **Define a Stable Feature Set** \u2013 there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)\\n\\n### Goals and Timelines\\n\\nWith all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:\\n\\n1. By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).\\n2. By **1st February 2023**, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.\\n3. By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.\\n4. By **31st March 2023**, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).\\n5. By **31st March 2023** the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.\\n6. By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.\\n7. By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.\\n8. By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.\\n\\nAs these documents are written, and these goals met we will be posting them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, Cwtch development.\\n\\n### Help us get there!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"}]}')}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/95c68178.bcf8d14c.js b/build-staging/es/assets/js/95c68178.bcf8d14c.js new file mode 100644 index 00000000..302f9935 --- /dev/null +++ b/build-staging/es/assets/js/95c68178.bcf8d14c.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[6205],{3264:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"cwtch-ui-reproducible-builds-linux","metadata":{"permalink":"/es/blog/cwtch-ui-reproducible-builds-linux","source":"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md","title":"Progress Towards Reproducible UI Builds","description":"","date":"2023-07-14T00:00:00.000Z","formattedDate":"14 de julio de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/es/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"repliqate","permalink":"/es/blog/tags/repliqate"}],"readingTime":4.16,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Progress Towards Reproducible UI Builds","description":"","slug":"cwtch-ui-reproducible-builds-linux","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update-june"}},"content":"Earlier this year we talked about the changes we have made to make [Cwtch Bindings Reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible).\\n\\nIn this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. \\n\\nThis will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Building the Cwtch UI\\n\\nThe official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the `stable` channel.\\n\\nAll builds are conducted through the `flutter` tool e.g. `flutter build`. We inject two build flags as part of the official build `VERSION` and `COMMIT_DATE`:\\n\\n\\t\\tflutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\\n\\nThese flags are defined to be identical to Cwtch Bindings. `VERSION` is the latest git tag: `git describe --tags --abbrev=1` and `COMMIT_DATE` is the date of the latest commit on the branch ``echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE``\\n\\nAll Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in `LIBCWTCH-GO.version`, and fetched via the fetch-libcwtch scripts).\\n\\nThe binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.\\n\\n## Changes we made for reproducible builds\\n\\nFor reproducible linux builds we had to modify the generated `linux/CMakeLists.txt` file to include the following compiler and linker flags:\\n\\n* `-fno-ident` - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.\\n* `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts\\n* `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.\\n\\nWe have also defined a new [linker script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections.\\n\\n### Tar Archives\\n\\nFinally, following the [guide at reproducible-builds.org](https://reproducible-builds.org/docs/archives/) we have defined standard metadata for the generated Tar archives to make them also reproducible.\\n\\n## Limitations and Next Steps\\n\\nThe above changes mean that official linux builds of the same commit will now result in identical artifacts.\\n\\nThe next step is to roll these changes into [repliqate](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) as we have done with our bindings builds.\\n\\nHowever, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others.\\n\\nIn order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.\\n\\n### Pinned Dependencies\\n\\nAdditionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. \\n\\nThe major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). \\n\\nHowever this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.\\n\\n## Stay up to date!\\n\\nWe expect to make additional progress on this in the coming weeks and months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update-june","metadata":{"permalink":"/es/blog/cwtch-stable-roadmap-update-june","source":"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","date":"2023-07-05T00:00:00.000Z","formattedDate":"5 de julio de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/es/blog/tags/planning"}],"readingTime":5.26,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","slug":"cwtch-stable-roadmap-update-june","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Progress Towards Reproducible UI Builds","permalink":"/es/blog/cwtch-ui-reproducible-builds-linux"},"nextItem":{"title":"Cwtch Beta 1.12","permalink":"/es/blog/cwtch-nightly-1-12"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the Cwtch Stable Roadmap\\n\\nBack in March we extended and updated several goals from [our January roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document \u2705 - [Release Process](https://docs.cwtch.im/developing/release/#official-releases)\\n - A Cwtch Packaging Document \u2705 - [Packaging Documentation](https://docs.cwtch.im/developing/release/)\\n - Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new [documentation style guide](/docs/contribute/documentation), and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries \u2705 - [Building a Cwtch App](https://docs.cwtch.im/developing/category/building-a-cwtch-app)\\n - Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. \\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129) \ud83d\udfe1 - currently in [active development](https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information \u2705 - released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12)\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593) \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12). We now believe these changes will be complete in Cwtch Beta 1.13.\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms) \ud83d\udfe1 - we have already launched an environment for testing [Tails](/docs/platforms/tails). Other platforms are underway.\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\n\\n## Next Steps, Refinements, Additional Work\\n\\nAs you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. \\n\\nOther work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.\\n\\nHowever, [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12) featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.\\n\\nThe work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.\\n\\nWe are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-12","metadata":{"permalink":"/es/blog/cwtch-nightly-1-12","source":"@site/blog/2023-06-16-cwtch-1.12.md","title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","date":"2023-06-16T00:00:00.000Z","formattedDate":"16 de junio de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"release","permalink":"/es/blog/tags/release"}],"readingTime":2.455,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","slug":"cwtch-nightly-1-12","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog13_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update-june"},"nextItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/es/blog/cwtch-nightly-v.11-74"}},"content":"[Cwtch 1.12 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new features like [profile attributes](https://docs.cwtch.im/docs/profiles/profile-info), support for new platforms like [Tails](https://docs.cwtch.im/docs/platforms/tails), and multiple improvements to performance and stability.\\n\\n![](/img/devlog13.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic1.12.png)](/img/picnic1.12.png)\\n\\n
A screenshot of Cwtch 1.12
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Profile Attributes** - profiles can now be augmented with [additional public information](https://docs.cwtch.im/docs/profiles/profile-info)\\n - **Availability Status** - you can now notify contacts that you [are **away** or **busy**](https://docs.cwtch.im/docs/profiles/availability-status)\\n - **Five New Supported Localizations**: **Japanese**, **Korean**, **Slovak**, **Swahili** and **Swedish**\\n - **Support for Tails** - adds an [OnionGrater](https://docs.cwtch.im/docs/platforms/tails) configuration and a new `CWTCH_TAILS` environment variable that enables special Tor behaviour.\\n- **Bug Fixes / Improvements:**\\n - Based on Flutter 3.10\\n - Inter is now the main UI font\\n - New Font Scaling setting\\n - New Network Management code to better manage Tor on unstable networks\\n - File Sharing Experiment Fixes\\n \\t- Fix performance issues for file bubble\\n \\t- Allow restarting of file shares that have timed out\\n \\t- Fix NPE in FileBubble caused by deleting the underlying file\\n \\t- Move from RetVal to UpdateConversationAttributes to minimze UI thread issues\\n - Updates to Linux install scripts to support more distributions\\n - Add a Retry Peer connection to prioritize connection attempts for certain conversations\\n - Updates to `_FlDartProject` to allow custom setting of Flutter asset paths\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Slovak**, **Spanish**, **Swahili**, **Swedish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Japanese** (29%), **Korean** (23%), **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n## Reproducible Bindings\\n\\nCwtch 1.12 is based on libCwtch version `libCwtch-autobindings-2023-06-13-10-50-v0.0.5`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-v.11-74","metadata":{"permalink":"/es/blog/cwtch-nightly-v.11-74","source":"@site/blog/2023-06-07-new-nightly.md","title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","date":"2023-06-07T00:00:00.000Z","formattedDate":"7 de junio de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/es/blog/tags/developer-documentation"}],"readingTime":1.845,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","slug":"cwtch-nightly-v.11-74","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog10_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.12","permalink":"/es/blog/cwtch-nightly-1-12"},"nextItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/es/blog/cwtch-developer-documentation"}},"content":"We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog10.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-06-05-17-36-v1.11.0-74-g0406](https://build.openprivacy.ca/files/flwtch-2023-06-05-17-36-v1.11.0-74-g0406/).\\n\\nThis version has a large number of improvements and bug fixes including:\\n\\n* A new Font Scaling setting\\n* Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.\\n* Updated UI font styles\\n* Dependency updates, including a new base of Flutter 3.10.\\n* A fix for stuck file downloading notifications on Android\\n* A fix for missing profile images in certain edge cases on Android\\n* Japanese, Swedish, and Swahili translation options\\n* A new retry peer connection button for prompting Cwtch to prioritize specific connections\\n* [Tails support](/docs/platforms/tails)\\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-developer-documentation","metadata":{"permalink":"/es/blog/cwtch-developer-documentation","source":"@site/blog/2023-04-28-developer-docs.md","title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","date":"2023-04-28T00:00:00.000Z","formattedDate":"28 de abril de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/es/blog/tags/developer-documentation"}],"readingTime":2.595,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","slug":"cwtch-developer-documentation","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/es/blog/cwtch-nightly-v.11-74"},"nextItem":{"title":"Availability Status and Profile Attributes","permalink":"/es/blog/availability-status-profile-attributes"}},"content":"One of the larger remaining goals outlined in our [Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents. \\n\\nIn this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!\\n\\nWe are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog9.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Cwtch Development Handbook\\n\\nWe have created a new documentation section, [the developers handbook](/developing/intro). This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).\\n\\n### Release and Packaging Process\\n\\nThe new handbook features a breakdown of [Cwtch release processes](/developing/release) - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.\\n\\n### Cwtch Application Development and Cwtchbot v0.1.0!\\n\\nFor the first time ever we now have [comprehensive documentation on how to build a Cwtch Application](/developing/category/building-a-cwtch-app). This section of the development handbook covers everything from [choosing a Cwtch library](/developing/building-a-cwtch-app/intro#choosing-a-cwtch-library), to [building your first application](/developing/building-a-cwtch-app/building-an-echobot).\\n\\nTogether with this new documentation we have also [released version 0.1 of the Cwtchbot framework](https://git.openprivacy.ca/sarah/cwtchbot), updating calls to use the [new Cwtch Stable API](/blog/cwtch-stable-api-design).\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-04-26-20-57-v1.11.0-33-gb4371](https://build.openprivacy.ca/files/flwtch-2023-04-26-20-57-v1.11.0-33-gb4371/).\\n\\nThis version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the [in-development Tails support](/docs/platforms/tails). \\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"availability-status-profile-attributes","metadata":{"permalink":"/es/blog/availability-status-profile-attributes","source":"@site/blog/2023-04-06-availability-and-profile-attributes.md","title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","date":"2023-04-06T00:00:00.000Z","formattedDate":"6 de abril de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"nightly","permalink":"/es/blog/tags/nightly"}],"readingTime":1.445,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","slug":"availability-status-profile-attributes","tags":["cwtch","cwtch-stable","nightly"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/es/blog/cwtch-developer-documentation"},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update"}},"content":"Two new Cwtch features are now available to test in nightly: [Availability Status](/docs/profiles/availability-status) and [Profile Information](/docs/profiles/profile-info).\\n\\nAdditionally, we have also published draft guidance on [running Cwtch on Tails](/docs/platforms/tails) that we would like volunteers to test and report back on.\\n \\nThe Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like\\nours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Availability Status\\n\\nNew in this nightly is the ability to notify your conversations that you are \\"Away\\" or \\"Busy\\".\\n\\n
\\n\\n[![](/img/profiles/status-tooltip-busy-set.png)](/img/profiles/status-tooltip-busy-set.png)\\n\\n
\\n
\\n\\nRead more: [Availability Status](/docs/profiles/availability-status)\\n\\n## Profile Attributes\\n\\nAlso new is the ability to augment your profile with a few small pieces of **public** information.\\n\\n
\\n\\n[![](/img/profiles/attributes-set.png)](/img/profiles/attributes-set.png)\\n\\n
\\n
\\n\\nRead more: [Profile Information](/docs/profiles/profile-info)\\n \\n## Downloading the Nightly\\n\\n[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-18-28-v1.11.0-7-g0290** are available below.\\n\\n* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/)\\n* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n* Mac: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/)\\n* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update","metadata":{"permalink":"/es/blog/cwtch-stable-roadmap-update","source":"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","date":"2023-03-31T00:00:00.000Z","formattedDate":"31 de marzo de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/es/blog/tags/planning"}],"readingTime":5.61,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","slug":"cwtch-stable-roadmap-update","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Availability Status and Profile Attributes","permalink":"/es/blog/availability-status-profile-attributes"},"nextItem":{"title":"Cwtch Beta 1.11","permalink":"/es/blog/cwtch-nightly-1-11"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap](/blog/path-to-cwtch-stable) we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the January Roadmap\\n\\nBack in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \u274c not started.)\\n\\n- By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). \u2705\\n- By **1st February 2023**, the Cwtch team will have [finalized a feature set that defines Cwtch Stable](/blog/cwtch-stable-api-design) and established a timeline for including these features in upcoming Cwtch Beta releases. \u2705\\n- By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:\\n - [Security and Design Documents](/security/intro) \u2705\\n - Infrastructure and [Support](/docs/getting-started/supported_platforms) \ud83d\udfe1\\n - in addition to a new development blog. \u2705\\n- By **31st March 2023**, the Cwtch team will have created:\\n - a [style guide for documentation](/docs/contribute/documentation), and \u2705\\n - have used it to ensure that all Cwtch features have consistent documentation available, \ud83d\udfe1\\n - with at least one screenshot (where applicable). \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have published: \\n - a Cwtch [Interface Specification Document](/blog/cwtch-stable-api-design) \u2705\\n - a Cwtch Release Process Document \ud83d\udfe1\\n - a Cwtch [Support Plan document](/blog/cwtch-platform-support) \u2705\\n - a Cwtch Packaging Document \ud83d\udfe1\\n - a document describing the [Reproducible Builds Process](/blog/cwtch-bindings-reproducible) \u2705\\n - These documents will be available on the newly expanded Cwtch Documentation website \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. \u2705\\n- By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \u274c\\n- By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable \u2705 (this post!)\\n\\nWhile we didn\'t hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:\\n\\n* [Cwtch Autobindings](/blog/autobindings) with [compile-time optional experiments](/blog/autobindings-ii)\\n* [Cwtch 1.11](/blog/cwtch-nightly-1-11) - with support for reproducible bindings, two new localizations (Slovak and Korean), in addition to a myriad of bug fixes and performance improvements.\\n* [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) - a tool for testing and confirming reproducible builds processes based on Qemu, and a Debian Cloud image.\\n\\n## A Timeline for Cwtch Stable\\n\\nNow for the big news, we plan on releasing a candidate Cwtch Stable release during **Summer 2023**. Here is our plan for getting there:\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document\\n - A Cwtch Packaging Document\\n - Completion of documentation of existing Cwtch features, including relevant screenshots.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries\\n - Automatically generated API documentation for libCwtch\\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593)\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms)\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-11","metadata":{"permalink":"/es/blog/cwtch-nightly-1-11","source":"@site/blog/2023-03-29-cwtch-1.11.md","title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","date":"2023-03-29T00:00:00.000Z","formattedDate":"29 de marzo de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"release","permalink":"/es/blog/tags/release"}],"readingTime":2.365,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","slug":"cwtch-nightly-1-11","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog12_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/es/blog/cwtch-stable-roadmap-update"},"nextItem":{"title":"Updates to Cwtch Documentation","permalink":"/es/blog/cwtch-documentation"}},"content":"[Cwtch 1.11 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new [reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) and [automatically generated](https://docs.cwtch.im/blog/autobindings) bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.\\n\\n![](/img/devlog12.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic.png)](/img/picnic.png)\\n\\n
A screenshot of Cwtch 1.11
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Based on new Reproducible Cwtch Stable Autobuilds** - this is the first release of cwtch based on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) in addition to our new [automatically generated](https://docs.cwtch.im/blog/autobindings)\\n - **Two New Supported Localizations**: **Slovak** and **Korean**\\n- **Bug Fixes / Improvements:**\\n - When preserving a message draft, quoted messages are now also saved\\n - Layout issues caused by pathological unicode are now prevented\\n - Improved performance of message row rendering\\n - Clickable Links: Links in replies are now selectable\\n - Clickable Links: Fixed error when highlighting certain URIs \\n - File Downloading: Fixes for file downloading and exporting on 32bit Android devices\\n - Server Hosting: Fixes for several layout issues\\n - Build pipeline now runs automated UI tests\\n - Fix issues caused by scrollbar controller overriding\\n - Initial support for the Blodeuwedd Assistant (currently compile-time disabled)\\n - Cwtch Library:\\n - [New Stable Cwtch Peer API](/blog/cwtch-stable-api-design)\\n - Ported File Downloading and Image Previews experiments into Cwtch\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Spanish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n\\n\\n## Reproducible Bindings\\n\\nCwtch 1.11 is based on libCwtch version `2023-03-16-15-07-v0.0.3-1-g50c853a`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-documentation","metadata":{"permalink":"/es/blog/cwtch-documentation","source":"@site/blog/2023-03-10-cwtch-documentation.md","title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","date":"2023-03-10T00:00:00.000Z","formattedDate":"10 de marzo de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"documentation","permalink":"/es/blog/tags/documentation"},{"label":"security-handbook","permalink":"/es/blog/tags/security-handbook"}],"readingTime":2.57,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","slug":"cwtch-documentation","tags":["cwtch","cwtch-stable","documentation","security-handbook"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.11","permalink":"/es/blog/cwtch-nightly-1-11"},"nextItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/es/blog/autobindings-ii"}},"content":"One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.\\n\\n![](/img/devlog9.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Cwtch Secure Development Handbook\\n \\nOne of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.\\n\\nWe have [now ported the the handbook to this documentation site](/security/intro), along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation. \\n\\n## Volunteer Development\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Next Steps\\n\\nWe still have more work to do on the documentation front:\\n\\n* Ensuring all pages [implement the new documentation style guide](/docs/contribute/documentation), and include appropriate screenshots and descriptions.\\n* Expanding the security handbook to provide information on [reproducible builds](/blog/cwtch-bindings-reproducible), [the new Cwtch Stable API](/blog/cwtch-stable-api-design) and upcoming improvements around fuzz testing.\\n* Creating new documentation sections on the [libCwtch autobindings API](/blog/autobindings) and building applications on top of Cwtch.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings-ii","metadata":{"permalink":"/es/blog/autobindings-ii","source":"@site/blog/2023-03-03-autobindings-optional-experiments.md","title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","date":"2023-03-03T00:00:00.000Z","formattedDate":"3 de marzo de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"autobindings","permalink":"/es/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/es/blog/tags/libcwtch"}],"readingTime":4.655,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","slug":"autobindings-ii","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Updates to Cwtch Documentation","permalink":"/es/blog/cwtch-documentation"},"nextItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/es/blog/autobindings"}},"content":"[Last time we looked at autobindings](https://docs.cwtch.im/blog/autobindings) we mentioned that one of the next steps was introducing support for **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)**. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## The Structure of an Application Experiment\\n\\nAn application-level experiment consists of:\\n\\n1. A set of top-level APIs, e.g. `CreateServer`, `LoadServer`, `DeleteServer` - these are the APIs that we want to expose to calling applications.\\n2. An encapsulating structure for the set of APIs, e.g. `ServersFunctionality` - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.\\n3. A global variable that exists at the top level of libCwtch, e.g. `var serverExperiment *servers.ServersFunctionality servers` - our single pointer to the underlying functionality.\\n4. A set of management-related APIs, e.g. `Init`, `UpdateSettings`, `OnACNEvent` - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are\\nchanged (e.g. if the server hosting experiment is disabled we need to tear down all active servers).\\n5. Management code within `_startCwtch` and `_reconnectCwtch` that calls the management APIs on the global variable.\\n\\nFrom a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead\\nof on `application` or a specific `profile`.\\n\\nMost of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.\\n\\n### New Required Management APIs\\n\\nTo achieve this weaving, we now require application-level experiments to implement an `EventHandlerInterface` interface and expose itself via an\\ninitialize constructor `Init(acn, appDir) -> EventHandlerInterface`, and `Enable(app, acn)`.\\n\\nFor now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.\\n\\nWe can then generate, and optionally include blocks of code like:\\n\\n\\t\\t = .Init(&globalACN, appDir)\\n\\t\\teventHandler.AddModule()\\n\\t\\t.Enable(application, &globalACN)\\n\\nand place them at specific points in the code. `EventHandler` has also been extended to maintain a collection of `modules` so that it can\\npass on interesting events.\\n\\n### Adding Support for Application Experiments in the Spec File\\n\\nWe have introduced a new `!` operator which can be used to gate APIs behind a configured experiment. Along with a new\\ntemplating option `exp` which will call the function on the configured experiment, and `global` to allow the setting up\\nof a global functionality within the library.\\n\\n\\t\\t# Server Hosting Experiment\\n\\t\\t!serverExperiment import \\"git.openprivacy.ca/cwtch.im/cwtch-autobindings/experiments/servers\\"\\n\\t\\t!serverExperiment global serverExperiment *servers.ServersFunctionality servers\\n\\t\\t!serverExperiment exp CreateServer application password string:description bool:autostart\\n\\t\\t!serverExperiment exp SetServerAttribute application string:handle string:key string:val\\n\\t\\t!serverExperiment exp LoadServers application acn password\\n\\t\\t!serverExperiment exp LaunchServers application acn\\n\\t\\t!serverExperiment exp LaunchServer application string:handle\\n\\t\\t!serverExperiment exp StopServer application string:handle\\n\\t\\t!serverExperiment exp StopServers application\\n\\t\\t!serverExperiment exp DestroyServers\\n\\t\\t!serverExperiment exp DeleteServer application string:handle password\\n\\n### Generation-Time Inclusion\\n\\n Without any arguments provided `generate-bindings` will not generate code for any experiments.\\n\\n In order to determine what experimental code to generate, `generate-bindings` now interprets arguments as enabled compile time experiments, e.g. `generate-bindings serverExperiment` will turn on\\n generation of server hosting code, per the spec file above.\\n\\n### Cwtch UI Integration\\n\\nThe UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. `c_LoadServers` - if it doesn\'t then the UI is safe to assume the\\nfeature is not available.\\n\\n
\\n\\n![](/img/dev9-host-disabled.png)\\n\\n
A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.
\\n
\\n\\n## Nightlies & Next Steps\\n\\nWe are now publishing [nightlies](https://build.openprivacy.ca/files/libCwtch-autobindings-v0.0.2/) of autobinding derived libCwtch-go, along with [Repliqate scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.2) for reproducibility.\\n\\nWith application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced\\nin the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.\\n\\nHowever, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:\\n\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs).\\n * **Documentation generation**: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings","metadata":{"permalink":"/es/blog/autobindings","source":"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md","title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","date":"2023-02-24T00:00:00.000Z","formattedDate":"24 de febrero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"autobindings","permalink":"/es/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/es/blog/tags/libcwtch"}],"readingTime":4.545,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","slug":"autobindings","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/es/blog/autobindings-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/es/blog/cwtch-testing-ii"}},"content":"The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of\\nwhat the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to **automatically generate** these bindings: [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings).\\n\\nThis this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the [path to Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable).\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## A Brief History of Cwtch Bindings\\n\\nPrior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by [therecipe/qt](https://github.com/therecipe/qt). However, after encountering numerous\\ncrash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.\\n\\nAs part of early prototyping efforts for Flutter we built out a first version of [libCwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go), and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.\\n\\nThis approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular [experimental features](https://docs.cwtch.im/blog/cwtch-stable-api-design#the-cwtch-experiment-landscape) - handle settings, [duplication of logic between Cwtch and libCwtch-go](https://docs.cwtch.im/blog/cwtch-stable-api-design#bindings), and [special behaviour in libCwtch-go that better belongs in the core Cwtch library](https://docs.cwtch.im/blog/cwtch-stable-api-design#appendix-a-special-behaviour-defined-by-libcwtch-go).\\n\\nAs part of a broader effort to [refine the Cwtch API in preparation for Cwtch Stable](https://docs.cwtch.im/blog/cwtch-stable-api-design) we have taken the opportunity to fix many of these problems.\\n\\n## Cwtch Autobindings\\n\\nThe current `lib.go` file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the `BlockContact` API implementation is:\\n\\n\\t//export c_BlockContact\\n\\tfunc c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {\\n\\t\\tBlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))\\n\\t}\\n\\n\\tfunc BlockContact(profileOnion string, conversationID int) {\\n\\t\\tprofile := application.GetPeer(profileOnion)\\n\\t\\tif profile != nil {\\n\\t\\t\\tprofile.BlockConversation(conversationID)\\n\\t\\t}\\n\\t}\\n\\nAll that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.\\n\\nIn the new [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings) we reduce these multiple lines to [a single one](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec#L19):\\n\\n\\tprofile BlockConversation conversation\\n\\nDefining a `profile`-level function, called `BlockConversation` which takes in a single parameter of type `conversation`.\\n\\nUsing a similar boilerplate-reduction for the reset of `lib.go` yields [5-basic function prototypes](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/README.md#spec-file-format):\\n\\n* Application-level functions e.g. `CreateProfile`\\n* Profile-level functions e.g. `BlockConversation`\\n* Profile-level functions that return data e.g. `GetMessage`\\n* Experimental Profile-level feature functions e.g. `DownloadFile`\\n* Experimental Profile-level feature functions that return data e.g. `ShareFile`\\n\\nOnce aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be [described in fewer than 50 lines, including comments](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec). Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).\\n\\n## Next Steps\\n\\nCwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:\\n\\n * **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)** (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on `cwtch-server`). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don\'t support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart-side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs)\\n * **Documentation generation**: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n * **Cwtch API**: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the [Cwtch Stable API redesign](https://docs.cwtch.im/blog/cwtch-stable-api-design). In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-ii","metadata":{"permalink":"/es/blog/cwtch-testing-ii","source":"@site/blog/2023-02-17-cwtch-testing-ii.md","title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","date":"2023-02-17T00:00:00.000Z","formattedDate":"17 de febrero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"support","permalink":"/es/blog/tags/support"},{"label":"testing","permalink":"/es/blog/tags/testing"}],"readingTime":1.75,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","slug":"cwtch-testing-ii","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog7_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/es/blog/autobindings"},"nextItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/es/blog/cwtch-android-reproducibility"}},"content":"In this development log, we investigate some text-based UI bugs encountered by [Fuzzbot](https://docs.cwtch.im/docs/contribute/testing#running-fuzzbot), add more [automated UI tests](/blog/cwtch-testing-i) to the pipeline, and announce a new release of the Cwtchbot library.\\n\\n![](/img/devlog7.png)\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Constraining Cwtch UI Fields\\n\\nFuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this\\ndoesn\'t pose a safety issue, it is unsightly.\\n\\n
\\n\\n[![](/img/dl7-before.png)](/img/dl7-before.png)\\n\\n
Screenshot demonstrating how certain strings would violate the bounds of their containers.
\\n
\\n\\nThese cases were fixed by parenting impacted elements in a `Container` with `clip: hardEdge` and `decoration:BoxDecoration()` (note that both of these are required as Container widgets in Flutter cannot set clipping logic\\nwithout an associated decoration).\\n\\n
\\n\\n[![](/img/dl7-after.png)](/img/dl7-after.png)\\n\\n
Now these clipped strings are tightly constrained to their container bounds.
\\n
\\n\\nThese fixes are available in the [latest Cwtch Nightly](/docs/contribute/testing#cwtch-nightlies), and will be officially released in Cwtch 1.11.\\n\\n## More Automated UI Tests\\n\\nWe have added two new sets of automated UI tests to our pipeline:\\n\\n- *02: Global Settings* - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. ([PR: 628](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/628))\\n- *04: Profile Management* - these tests check that creating, unlocking, and deleting a profile work as expected. ([PR: 632](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/632))\\n\\n## New Release of Cwtchbot\\n\\n[Cwtchbot](https://git.openprivacy.ca/sarah/cwtchbot) has been updated to use the latest Cwtch 0.18.10 API.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-android-reproducibility","metadata":{"permalink":"/es/blog/cwtch-android-reproducibility","source":"@site/blog/2023-02-10-android-reproducibility.md","title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","date":"2023-02-10T00:00:00.000Z","formattedDate":"10 de febrero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/es/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"repliqate","permalink":"/es/blog/tags/repliqate"}],"readingTime":2.92,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","slug":"cwtch-android-reproducibility","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog6_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/es/blog/cwtch-testing-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing","permalink":"/es/blog/cwtch-testing-i"}},"content":"In this development log, we continue our previous work on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible), uncovering the final few sources of variation between our [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!\\n\\n![](/img/devlog6.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Changes Necessary for Reproducible Android Bindings\\n\\nAfter a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:\\n\\n- **Insufficient path stripping introduced by Android NDK tools** - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 [changed the binutils and default linker](https://github.com/android/ndk/wiki/Changelog-r22) to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our [long term support plan](https://docs.cwtch.im/blog/cwtch-platform-support), we will be moving towards adopting the latest NDK in the future.\\n- **Paths in DWARF entries** - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.\\n\\n
\\n\\n[![](/img/aar-diff.png)](/img/aar-diff.png)\\n\\n
Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
\\n
\\n\\n- **Go Compiler Acquisition** - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there *was* a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.\\n\\n## Repliqate Scripts\\n\\nWith those issues now fixed, Cwtch Android bindings are **officially reproducible!** The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under [cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script) in the [Cwtch Repliqate scripts repository](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/).\\n\\nThis is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-i","metadata":{"permalink":"/es/blog/cwtch-testing-i","source":"@site/blog/2023-02-03-cwtch-testing-i.md","title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","date":"2023-02-03T00:00:00.000Z","formattedDate":"3 de febrero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"support","permalink":"/es/blog/tags/support"},{"label":"testing","permalink":"/es/blog/tags/testing"}],"readingTime":4.74,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","slug":"cwtch-testing-i","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog5_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/es/blog/cwtch-android-reproducibility"},"nextItem":{"title":"Cwtch UI Platform Support","permalink":"/es/blog/cwtch-platform-support"}},"content":"We first [introduced UI tests last January](https://openprivacy.ca/discreet-log/23-cucumber-testing/). At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.\\n\\nOne of the main threads of work that needs to be complete early in the [Cwtch Stable roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.\\n\\n![](/img/devlog5.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Current Limitations of Flutter Gherkin\\n\\nThe original [flutter_gherkin](https://pub.dev/packages/flutter_gherkin) is under semi-active development; however, the latest published versions don\'t support using it with `flutter test`.\\n\\n- **Flutter Test** was originally intended to run single widget/unit tests for a Flutter project.\\n- **Flutter Drive** was originally intended to run integration tests *on a device or an emulator*.\\n\\nHowever, in recent releases these lines have become blurred. The new [integration_test](https://docs.flutter.dev/testing/integration-tests) package that comes built into newer Flutter releases has support for both `flutter drive` and `flutter test`. This was a great change because it decreases the required overhead to run larger integration tests (`flutter drive` sets up a host-controller model that requires a dedicated control channel to be setup, whereas `flutter test` can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).\\n\\nThere is thankfully code in the `flutter_gherkin` repository that supports running tests with `flutter test`, however this code currently has a few issues:\\n\\n- The test code generation produces code that doesn\'t compile without minor changes.\\n- Certain functionality like \\"take a screenshot\\" does not work on desktop.\\n\\nAdditionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:\\n\\n- Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.\\n- Certain Flutter widgets like `DropdownButton` are not compatible with built-in steps like `tap` because they internally contain multiple copies of the same widget.\\n\\nBecause of the above issues we have chosen to [fork flutter_gherkin](https://git.openprivacy.ca/openprivacy/flutter_gherkin) to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.\\n\\n## Integrating Tests into the Pipeline\\n\\nOne of the major limitations of `flutter test` is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.\\n\\nThankfully it is possible to use [Xfvb](https://en.wikipedia.org/wiki/Xvfb) to create a virtual framebuffer, and set `DISPLAY` to render to that buffer:\\n\\n export DISPLAY=:99\\n Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &\\n\\nThis allows us to neutralize our main issue with `flutter test`, and efficiently run tests in our pipeline.\\n\\n## Catching Bugs!\\n\\nThis small amount of integration work has already caught its first bug.\\n\\nOnce we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. [02_save_load.feature](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/integration_test/features/01_general/02_save_load.feature) simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on\\ndevelopment environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.\\n\\nThe cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory `$USER_HOME/Downloads` didn\'t exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.\\n\\nAs we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!\\n\\n## Next Steps\\n\\n- **More automated tests:** We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.\\n- **More platforms:** Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across [our target platforms](https://docs.cwtch.im/docs/getting-started/supported_platforms). We expect to start this work soon; expect more news in a future Cwtch Testing update!\\n\\n- **More steps:** One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the `expect to see the message` step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. `send a file` or `set profile picture`.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-platform-support","metadata":{"permalink":"/es/blog/cwtch-platform-support","source":"@site/blog/2023-01-27-platform-support.md","title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","date":"2023-01-27T00:00:00.000Z","formattedDate":"27 de enero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"support","permalink":"/es/blog/tags/support"}],"readingTime":10.535,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","slug":"cwtch-platform-support","tags":["cwtch","cwtch-stable","support"],"image":"/img/devlog4_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing","permalink":"/es/blog/cwtch-testing-i"},"nextItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/es/blog/cwtch-bindings-reproducible"}},"content":"One of the [tenets for Cwtch Stable is **Universal Availability and Cohesive Support**](https://docs.cwtch.im/blog/path-to-cwtch-stable#tenets-of-cwtch-stable):\\n\\n> \\"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\"\\n\\nThis development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.\\n\\nThe questions we aim to answer in this post are: \\n\\n- What systems do we currently support?\\n- How do we decide what systems are supported?\\n- How do we handle new OS versions?\\n- How does application support differ from library support?\\n- What blockers exist for systems we wish to support, but currently cannot e.g ios?\\n\\n![](/img/devlog4.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Constraints on support\\n\\nFrom CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems. \\n\\nIn this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.\\n\\n### Limitations on general-purpose computing \\n\\nIn order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to *other* onion services). \\n\\nOn desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, **blocked entirely**. \\n\\nThis is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.\\n\\nWhile we expect that [Arti](https://gitlab.torproject.org/tpo/core/arti) will improve the management of onion services and connections, there is no way around the need to have an active process managing such services. \\n\\nAs Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.\\n\\nWe encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don\'t place restrictions on what you can do with your own device.\\n\\n### Constraints introduced by the Flutter SDK\\n\\nThe Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by [platforms that are supported by the Flutter SDK](https://docs.flutter.dev/development/tools/sdk/release-notes/supported-platforms).\\n\\nTo summarize, as of writing this document those platforms are:\\n\\n- Android API 16 and above (arm, arm64, and amd64)\\n- Debian-based Linux Distributions (64-bit only)\\n- macOS El Capitan (10.11) and above\\n- Windows 7 & above (64-bit only)\\n\\nTo put it plainly, without porting Cwtch UI to a different UI platform **we cannot support a 32-bit desktop version**.\\n\\n### Constraints introduced by Appstore Policy \\n\\nAs of writing, [Google is pushing applications to target API 31 or above](https://developer.android.com/google/play/requirements/target-sdk). This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.\\n\\n### CPU Architecture and Cwtch Bindings\\n\\nWe currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.\\n\\nIt is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.\\n\\n| Architecture / Platform | Windows | Linux | macOS | Android |\\n|--------------------------|---------|-----|-------| -------------|\\n| arm | \u274c | \u274c | \u274c | \u2705\ufe0f| \\n| arm64 | \u274c | \ud83d\udfe1 | \u2705 | \u2705\ufe0f | \\n| x86-64 / amd64 | \u2705 | \u2705 | \u2705\ufe0f | \u2705\ufe0f |\\n\\n\\"\ud83d\udfe1\\" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).\\n\\n### Testing and official support\\n\\nAs a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the [Cwtch Release Candidate Testers](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.\\n\\nWe officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.\\n\\n### End-of-life platforms\\n\\nOperating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. [Windows 7 fell out of support on January 14, 2020](https://www.microsoft.com/en-us/windows/end-of-support), Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.\\n\\nLikewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.\\n\\nThe same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. [Cwtch currently requires libc 2.31+](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#linux-specific-considerations).\\n\\nAndroid versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our [Cwtch Release Candidate Testers groups](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to help us understand the limitations of Android support across different API versions.\\n\\n## How we decide to officially support a platform\\n\\nTo help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:\\n\\n1. **The target platform needs to be officially supported by our development tools** - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.\\n2. **The target operating system needs to be supported by the Vendor** - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).\\n3. **The target platform must be backwards compatible with the most recent version in general use** - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch *may* run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).\\n4. **People want to use Cwtch on that platform** - We will generally only consider new platform support if people ask us about it. If Cwtch isn\'t available for a platform you want to use it on, then please get in touch and ask us about it!\\n\\n## Summary of official support\\n\\nThe table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023). \\n\\nIn many cases we are looking for testers to confirm that various functionality works. A version of this table will be [maintained as part of the Cwtch Handbook](/docs/getting-started/supported_platforms).\\n\\n**Legend:**\\n\\n- \u2705: **Officially Supported**. Cwtch should work on these platforms without issue. Regressions are treated as high priority.\\n- \ud83d\udfe1: **Best Effort Support**. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.\\n- \u274c: **Not Supported**. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.\\n\\n\\n\\n| Platform | Official Cwtch Builds | Source Support | Notes |\\n|-----------------------------|-----------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------|\\n| Windows 11 | \u2705 | \u2705 | 64-bit amd64 only. |\\n| Windows 10 |\u2705 | \u2705 | 64-bit amd64 only. Not officially supported, but official builds may work. |\\n| Windows 8 and below | \u274c | \ud83d\udfe1 | Not supported. Dedicated builds from source may work. Testing Needed. |\\n| OSX 10 and below | \u274c | \ud83d\udfe1 | 64-bit Only. Official builds have been reported to work on Catalina but not High Sierra |\\n| OSX 11 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 12 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 13 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| Debian 11 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Debian 10 | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. |\\n| Debian 9 and below | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies. |\\n| Ubuntu 22.04 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Other Ubuntu | \ud83d\udfe1 | \u2705 | 64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies. | \\n| CentOS | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Gentoo | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Arch | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Whonix | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support. ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550) |\\n| Raspian (arm64) | \ud83d\udfe1 | \u2705 | Builds from source work. |\\n| Other Linux Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Android 9 and below | \ud83d\udfe1 | \ud83d\udfe1 | Official builds may work. |\\n| Android 10 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 11 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 12 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 13 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| LineageOS | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support.](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/607) |\\n| Other Android Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-bindings-reproducible","metadata":{"permalink":"/es/blog/cwtch-bindings-reproducible","source":"@site/blog/2023-01-20-reproducible-builds-bindings.md","title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","date":"2023-01-20T00:00:00.000Z","formattedDate":"20 de enero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/es/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/es/blog/tags/bindings"},{"label":"repliqate","permalink":"/es/blog/tags/repliqate"}],"readingTime":7.915,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","slug":"cwtch-bindings-reproducible","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog3_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Platform Support","permalink":"/es/blog/cwtch-platform-support"},"nextItem":{"title":"Cwtch Stable API Design","permalink":"/es/blog/cwtch-stable-api-design"}},"content":"From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.\\n\\nBut open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.\\n\\nThe whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can **independently verify** that the binaries we release are built from the Cwtch source code.\\n\\nIn this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n\x3c!--truncate--\x3e\\n\\n## How Cwtch Bindings are Built\\n\\nSince we launched Cwtch Beta we have used Docker containers as part of our continuous build process.\\n\\nWhen a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.\\n\\nThe Cwtch Bindings build pipeline results in four compiled libraries:\\n\\n- **libcwtch.so** \u2013 For Linux Platforms, built using the [official golang:1.19.X Docker Image](https://hub.docker.com/_/golang)\\n- **libcwtch.dll** \u2013 For Windows Platforms, built using our own [mingw-go Docker Image](https://git.openprivacy.ca/openprivacy/mingw-go)\\n- **libcwtch.ld** \u2013 For OSX Platforms, built using our dedicated OSX build server (Big Sur 11.6.1)\\n- **cwtch.aar** \u2013 For Android Platforms, built using our own [Android/GoMobile Docker Image](https://git.openprivacy.ca/openprivacy/android-go-mobile)\\n\\nThese compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.\\n\\n## Making libCwtch Reproducible\\n\\nDocker containers alone aren\'t enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:\\n\\n* **Go Build ID**: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.\\n* **Build Paths and Go Environment Variables**: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary \u2013 ostensibly to aid with debugging. These can be removed using the `trimPath` option, which we now specify for all bindings builds.\\n\\n### Linux Specific Considerations\\n\\nAfter the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.\\n\\nOur Drone/Docker build environments are based on [Debian Bullseye](https://www.debian.org/releases/bullseye/) which provides [libc6-dev version 2.31](https://packages.debian.org/bullseye/i386/libc6-dev). Other development setups will likely link libc-dev 2.34+.\\n\\nlibc6-dev 2.34 is notable [because it removed dependencies on libpthread and libdl](https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread) \u2013 neither are used in libCwtch, but they are currently referenced \u2013 which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.\\n\\nThis means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on [Next Steps](#next-steps) for more information).\\n\\n### Windows Specific Considerations\\n\\nThe headers of PE files technically contain a timestamp field. In recent years an [effort has been made to use this field for other purposes](https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705), but by default `go build` will still include the timestamp of the file when producing a DLL file (at least when using CGO).\\n\\nFortunately this field can be zeroed out through passing `-Xlinker \u2013no-insert-timestamp` into the `mingw32-gcc` process.\\n\\nWith that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.\\n\\n\\n### Android Specific Considerations\\n\\nWith the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:\\n\\n* Cwtch makes use of [GoMobile](https://github.com/golang/mobile) for compiling Android libraries. We pin to a specific version `43a0384520996c8376bfb8637390f12b44773e65` in our Docker containers. Unlike `go build`, the `trimpPath` parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized `/tmp/go-build*` references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.\\n* We still use [sdk-tools](https://developer.android.com/studio/releases/sdk-tools) instead of the new [commandline-tools](https://developer.android.com/studio/command-line). The latest version of sdk-tools is `4333796` and available from: [https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip](https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip). As part of our plans for Cwtch Stable we will be updating this dependency.\\n* Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated `openjdk:8` image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency. \\n\\nAll of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.\\n\\n### OSX Specific Considerations\\n\\nPerhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.\\n\\nAs with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.\\n\\nIn order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.\\n\\nIn an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a [proprietary SDK](https://www.apple.com/legal/sla/docs/xcode.pdf). There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.\\n\\nBecause of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.\\n\\n## Introducing Repliqate!\\n\\nWith all the above changes, **Cwtch Bindings for Linux and Windows are fully reproducible!**\\n\\nThat alone is great, but we also want to make it easier for **you** to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.\\n\\nTo make this process accessible we are releasing a new tool called [repliqate](https://git.openprivacy.ca/openprivacy/repliqate).\\n\\nRepliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.\\n\\nRepliqate runs [build-scripts](https://git.openprivacy.ca/openprivacy/repliqate#writing-a-build-script) to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from [builds.openprivacy.ca](https://build.openprivacy.ca/files/).\\n\\nWe now provide [Repliqate build-scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts) for reproducible both [Linux libCwtch.so builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-linux.script), [Windows libCwtch.dll builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-windows.script)!\\n\\nWe also have a partially repeatable [Android cwtch.aar build](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-android.script) script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.\\n\\nYou can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.\\n\\n## Next Steps\\n\\nReproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.\\n\\nAs we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-api-design","metadata":{"permalink":"/es/blog/cwtch-stable-api-design","source":"@site/blog/2023-01-13-cwtch-stable-api-design.md","title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","date":"2023-01-13T00:00:00.000Z","formattedDate":"13 de enero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/es/blog/tags/planning"},{"label":"api","permalink":"/es/blog/tags/api"}],"readingTime":17.28,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","slug":"cwtch-stable-api-design","tags":["cwtch","cwtch-stable","planning","api"],"image":"/img/devlog2_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/es/blog/cwtch-bindings-reproducible"},"nextItem":{"title":"Path to Cwtch Stable","permalink":"/es/blog/path-to-cwtch-stable"}},"content":"Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications. \\n\\nAs we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.\\n\\nAs we move out of Beta and [towards Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable) it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.\\n\\nIn this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.\\n\\n![](/img/devlog2.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Clarifying Terminology\\n\\nOver the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:\\n\\n- **Cwtch** refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application. \\n- **Cwtchlib** refers to the [reference implementation of the Cwtch Protocol](https://git.openprivacy.ca/cwtch.im/cwtch) / Application framework, currently written in Go.\\n- **Bindings** refers to C/Java/Kotlin/Rust bindings (primarily [libcwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go)) that act as an interface between Cwtchlib and downstream applications.\\n- `CwtchPeer` is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).\\n- `ProtocolEngine` is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, `ProtocolEngine` is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.\\n\\n\\n### Tenets of the Cwtch API Design\\n\\nBased on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:\\n\\n- **Robustness** - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.\\n- **Completeness** - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.\\n- **Security** \u2013 experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.\\n\\n### The Cwtch Experiment Landscape\\n\\nA summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.\\n\\n- **Groups** \u2013 the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized `ProtocolEngine` functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup. \\n - **Hybrid Groups** - we have plans to upgrade the Groups experience to a more flexible \u201chybrid-groups\u201d protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.\\n- **Filesharing** \u2013 like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in `ProtocolEngine`.\\n- **Profile Images** \u2013 based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.\\n- **Server Hosting** \u2013 the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.\\n- **Message Formatting** \u2013 notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history\\n- **Search / Microblogging** \u2013 proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.\\n- **Status / Profile Metadata** \u2013 proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.\\n\\n### The Problem with Experiments\\n\\nWe have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the `SendMessages` interface that only allows callers to send messages.\\n\\nWe have also worked to package experimental functionality into so-called **Gated Functionalities** that are only available if a given experiment is turned on.\\n\\nTogether, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:\\n\\n- The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. `SendMessages` \u2013 there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).\\n- The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.\\n- This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.\\n\\n### Restricting Powerful Cwtch APIs\\n\\nTo carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:\\n\\n- Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through `Application` and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.\\n- Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a `RestrictedCwtchConversationInterface` which decorates a Cwtch Profile interface such that it can only interact with a single conversation \u2013 these can then be passed into hooks and interface functions to limit their impact.\\n- Registered Hooks at pre-specified points with restricted capabilities \u2013 to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow `CwtchPeer` to control which experiments get access to which events at a given time.\\n\\n#### Pre-Registered Hooks\\n\\nIn order to implement certain functionality actions need to take place in-between events handled by `CwtchPeer`. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).\\n\\nThis is currently only possible with invasive changes to the `CwtchPeer` interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.\\n\\nWe are introducing a new set of Cwtch APIs designed for this purpose:\\n\\n- `OnNewPeerMessage` - hooked prior to inserting the message into the database.\\n- `OnPeerMessageConfirmed` \u2013 hooked after a peer message has been inserted into the database.\\n- `OnEncryptedGroupMessage` \u2013 hooked after receiving an encrypted message from a group server.\\n- `OnGroupMessageReceived` \u2013 hooked after a successful decryption of a group message, but before inserting it into the database.\\n- `OnContactRequestValue` \u2013 hooked on request of a scoped (the permission level of the attribute e.g. `public` or `conversation` level attributes), zoned ( relating to a specific feature e.g. `filesharing` or `chat`), and keyed (the name of the attribute e.g. `name` or `manifest`) value from a contact.\\n- `OnContactReceiveValue` \u2013 hooked on receipt of a requested scoped,zoned, and keyed value from a contact.\\n\\nIncluding the following APIs for managing hooked functionality:\\n\\n- `RegisterEvents` - returns a set of events that the extension is interested processing.\\n- `RegisterExperiments` - returns a set of experiments that the extension is interested in being notified about\\n- `OnEvent` - to be called by `CwtchPeer` whenever an event registered with `RegisterEvents` is called (assuming all experiments registered through `RegisterExperiments` is active)\\n\\n#### `ProtocolEngine` Subsystems\\n\\nAs mentioned in our experiment summary, some functionality needs to be implemented directly in the `ProtocolEngine`. The `ProtocolEngine` is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).\\n\\nSome types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a `ProtocolEngine`.\\n\\nAt the moment is this done through the concept of informal \u201csubsystems\u201d, modular add-ons to `ProtocolEngine` that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider `ProtocolEngine` ecosystem. \\n\\nWe are formalizing this subsystem into an interface, similar to the hooked functionality in `CwtchPeer`:\\n\\n- `RegisterEvents` - returns a set of events that the subsystem needs to consume to operate.\\n- `OnEvent` \u2013 to be called by `ProtocolEngine` whenever an event registered with `RegisterEvents` is called (when all the experiments registered through `RegisterExperiments` are active)\\n- `RegisterContexts` - returns the set of contexts that the subsystem implements e.g. `im.cwtch.filesharing`\\n\\nThis also requires a formalization of two *engine specific* events (for use on the event bus):\\n\\n- `SendCwtchMessage` \u2013 encapsulating the existing `CwtchPeerMessage` that is used internally in `ProtocolEngine` for messages between subsystems.\\n- `CwtchMessageReceived` \u2013 encapsulating the existing `handlePeerMessage` function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.\\n\\nAnd the introduction of three **additional** `ProtocolEnine` specific events:\\n\\n- `StartEngineSubsystem` \u2013 replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.\\n- `StopEngineSubsystem` \u2013 replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.\\n- `SubsystemStatus` \u2013 a generic event that can be published by subsystems with a collection of fields useful for debugging\\n\\nThis will allow us to move the following functionality, currently part of `ProtocolEngine` itself, into generic subsystems:\\n\\n- **Attribute Lookup Handling** - this functionality is currently part of the overloaded `handlePeerMessage` function, filtered using the `Context` parameter of the `CwtchPeerMessage`. As such it can be entirely delegated to a subsystem. \\n- **Filesharing Chunk Request Handling** \u2013 this is also part of handlePeerMessage, also filtered using the `Context` parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by `handlePeerMessage`)\\n- **Filesharing Start File Share/Stop File Share** \u2013 this is currently part of the `handleEvent` behaviour of `ProtocolEngine` and can be moved into an `OnEvent` handler of the file sharing subsystem (where such events are already processed).\\n\\nThe introduction of pre-registered hooks in combination with the formalizations of `ProtocolEngine` subsystems will allow the follow functionality, currently implemented in `CwtchPeer` or libcwtch-go to be moved to standalone packages:\\n\\n- **Filesharing** makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension. \\n - Filesharing also depends on the file sharing subsystem to be enabled in a `ProtocolEngine`. This subsystem is responsible for processing chunk requests.\\n- **Profile Images** \u2013 we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)\\n- **Legacy Groups** \u2013 while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.\\n- **Status/Profile Metadata** \u2013 status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.\\n \\n#### Impact on Enabling (Powerful) New Functionality\\n\\nNone of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:\\n\\n- **Search** \u2013 a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.\\n- **Non Chat Conversation Contexts** - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.\\n\\n## Application Experiments\\n\\nOne kind of experiment we haven\u2019t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting \u2013 this allows a Cwtch desktop client to setup and manage Cwtch Servers.\\n\\nThis kind of functionality doesn\u2019t belong in Cwtchlib \u2013 as it would necessarily introduce unrelated dependencies into the core library.\\n\\nThis functionality also doesn\u2019t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.\\n\\n## Bindings\\n\\nThe last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.\\n\\nWe can split the bindings into four core areas:\\n\\n- **Application Management** - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.\\n- **Application Experiments** - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.\\n- **Core Profile Management** - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.\\n- **Experimental Profile Features** \u2013 auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.\\n\\nThe flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.\\n\\nIn an ideal future, all of these bindings could be **generated automatically** from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)\\n\\nWe can define three types of C/Java/Kotlin interface function templates:\\n\\n- `ProfileMethodName(profilehandle String, args...)` \u2013 which directly resolves the Cwtch Profile and calls the function.\\n- `ProfileExperimentalMethodName(profilehandle String, args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.\\n- `ApplicationExperimentalMethodName(args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.\\n\\nAll we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context `ProfileInterface` for the first, exported methods of the various `Functionalities` for the second, and `ApplicationExperiment` definitions for the third.\\n\\n## Timelines and Next Actions\\n\\n- **Freeze any changes to the bindings interface** - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 \u2013 until we have implemented the proposed changes into cwtchlib.\\n- As part of Cwtch 1.11 and 1.12 Release Cycles\\n - Implement the `ProtocolEngine` Subsystem Design as outlined above.\\n - Implement the Hooks API.\\n - Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib \u2013 with the exception of behaviour related to Application Experiments (i.e. Server Hosting).\\n - Move event handling from the bindings into Application.\\n - Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) \u2013 keeping the existing interface definitions.\\n- Once Automated UI Tests have been integrated into the Cwtch UI Repository:\\n - Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings **and** a dart calling convention library from cwtchlib and any configured application experiments libraries\\n - Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).\\n - At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n## Appendix A: Special Behaviour Defined by libcwtch-go\\n\\nThe following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:\\n\\n- Application Settings\\n - Including Enabling / Disabling Experiment\\n- ACN Process Management - starting/stopping/restarting/configuring Tor.\\n- Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)\\n- Logging Levels - configuring appropriate logging levels (e.g. `INFO` or `DEBUG`)\\n- Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.\\n- UI Contact Structures - aggregating contact information for the main Cwtch UI.\\n- Group Experiment Functionality\\n - Experiment Gating\\n - GetServerInfoList\\n - GetServerInfo\\n - UI Server Struct Definition\\n- Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.\\n- \\"Unencrypted\\" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated \\"unencrypted\\".\\n- Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).\\n- Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.\\n- Cwtch Profile Engine Activation - starting/stopping a `ProtocolEngine` when requested by the UI, or in response to changes in ACN state.\\n- UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.\\n- File sharing restarts \\n- UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn\'t directly embedded within the event (e.g. converting `handle` to a `conversation id`). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.\\n- Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)"},{"id":"path-to-cwtch-stable","metadata":{"permalink":"/es/blog/path-to-cwtch-stable","source":"@site/blog/2023-01-06-path-to-cwtch-stable.md","title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","date":"2023-01-06T00:00:00.000Z","formattedDate":"6 de enero de 2023","tags":[{"label":"cwtch","permalink":"/es/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/es/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/es/blog/tags/planning"}],"readingTime":9.995,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","slug":"path-to-cwtch-stable","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable API Design","permalink":"/es/blog/cwtch-stable-api-design"}},"content":"As of December 2022 we have released 10 versions of Cwtch Beta since the [initial launch, 18 months ago, in June 2021](https://openprivacy.ca/discreet-log/10-cwtch-beta-and-beyond/).\\n\\nThere is a consensus among the team that the next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable.\\n\\nThis post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.\\n\\n![](/img/devlog1.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Tenets of Cwtch Stable\\n\\nIt is important to state that Cwtch Stable **does not mean an end to Cwtch development**. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:\\n\\n1. **Consistent Interface** \u2013 each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.\\n2. **Universal Availability and Cohesive Support** \u2013 people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\n3. **Reproducible Builds** \u2013 Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.\\n4. **Proven Security** \u2013 we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.\\n\\n### Known Problems\\n\\nTo begin, let\'s outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.\\n\\n1. **Lack of a Stable API for future feature development** \u2013 while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)\\n2. **Special functionality in libCwtch-go** \u2013 our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)\\n3. **libCwtch-rs partial support** - we currently do not officially consider [libCwtch-rs](https://lib.rs/crates/libcwtch) when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)\\n4. **Lack of Reproducible Pipelines** - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)\\n5. **Lack of up to date, and translated, Security Documentation** \u2013 the [Cwtch security handbook](https://docs.openprivacy.ca/cwtch-security-handbook/) is currently isolated from the rest of our documentation and doesn\u2019t benefit from cross-linking, or translations. (Tenet 4)\\n6. **No Automated UI Tests** \u2013 we put a lot of work into [building out a testing framework for the UI](https://openprivacy.ca/discreet-log/23-cucumber-testing/), but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)\\n7. **Code Signing Provider** \u2013 our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)\\n8. **Second-class Android Support** - while we have put [a lot of effort behind Android support](https://openprivacy.ca/discreet-log/27-android-improvements/) across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)\\n9. **Lack of Fuzzing** \u2013 while [Fuzzbot](https://openprivacy.ca/discreet-log/07-fuzzbot/) sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)\\n10. **Lack of Formal Release Acceptance Process** \u2013 currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to \u201cunrelated\u201d changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)\\n11. **Inconsistent Cwtch Information Discovery** \u2013 our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)\\n12. **Incomplete Documentation** \u2013 docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)\\n\\n### Plan of Action\\n\\nOutside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:\\n\\n1. **Define, Publish, and Implement a Cwtch Interface Specification Documentation** \u2013 this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)\\n2. **Define, Publish, and Implement a Cwtch Release Process** \u2013 this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)\\n3. **Define, Publish, and Implement a Cwtch Support Document** - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)\\n4. **Define, Publish, and Implement a Cwtch Packaging Document** - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)\\n5. **Define, Publish, and Implement a Reproducible Builds Document** \u2013 this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)\\n6. **Expand the Cwtch Documentation Site** \u2013 to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)\\n7. **Expand our Automated Testing to include UI and Fuzzing** - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)\\n8. **Re-evaluate all Issues across all Cwtch related repositories** \u2013 issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don\u2019t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.\\n9. **Define a Stable Feature Set** \u2013 there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)\\n\\n### Goals and Timelines\\n\\nWith all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:\\n\\n1. By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).\\n2. By **1st February 2023**, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.\\n3. By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.\\n4. By **31st March 2023**, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).\\n5. By **31st March 2023** the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.\\n6. By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.\\n7. By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.\\n8. By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.\\n\\nAs these documents are written, and these goals met we will be posting them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, Cwtch development.\\n\\n### Help us get there!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"}]}')}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/a6f005ae.5fbb162c.js b/build-staging/es/assets/js/a6f005ae.75f47ef9.js similarity index 78% rename from build-staging/es/assets/js/a6f005ae.5fbb162c.js rename to build-staging/es/assets/js/a6f005ae.75f47ef9.js index b4bbfa85..b22a5949 100644 --- a/build-staging/es/assets/js/a6f005ae.5fbb162c.js +++ b/build-staging/es/assets/js/a6f005ae.75f47ef9.js @@ -1 +1 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3412],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var r=a(7294);function n(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function o(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,r)}return a}function i(e){for(var t=1;t=0||(n[a]=e[a]);return n}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(n[a]=e[a])}return n}var c=r.createContext({}),s=function(e){var t=r.useContext(c),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},h="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var a=e.components,n=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=s(a),d=n,m=h["".concat(c,".").concat(d)]||h[d]||u[d]||o;return a?r.createElement(m,i(i({ref:t},p),{},{components:a})):r.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var o=a.length,i=new Array(o);i[0]=d;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l[h]="string"==typeof e?e:n,i[1]=l;for(var s=2;s{a.r(t),a.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>u,frontMatter:()=>o,metadata:()=>l,toc:()=>s});var r=a(7462),n=(a(7294),a(3905));const o={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/es/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5 de julio de 2023",tags:[{label:"cwtch",permalink:"/es/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/es/blog/tags/cwtch-stable"},{label:"planning",permalink:"/es/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Cwtch UI Reproducible Builds (Linux)",permalink:"/es/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/es/blog/cwtch-nightly-1-12"}},c={authorsImageUrls:[void 0]},s=[],p={toc:s},h="wrapper";function u(e){let{components:t,...o}=e;return(0,n.kt)(h,(0,r.Z)({},p,o,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,n.kt)("strong",{parentName:"p"},"Beta")," to ",(0,n.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,n.kt)("p",null,"This post ",(0,n.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})))}u.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>r});const r=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3412],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var r=a(7294);function n(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function o(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,r)}return a}function i(e){for(var t=1;t=0||(n[a]=e[a]);return n}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(n[a]=e[a])}return n}var c=r.createContext({}),s=function(e){var t=r.useContext(c),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},h="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var a=e.components,n=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=s(a),d=n,m=h["".concat(c,".").concat(d)]||h[d]||u[d]||o;return a?r.createElement(m,i(i({ref:t},p),{},{components:a})):r.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var o=a.length,i=new Array(o);i[0]=d;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l[h]="string"==typeof e?e:n,i[1]=l;for(var s=2;s{a.r(t),a.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>u,frontMatter:()=>o,metadata:()=>l,toc:()=>s});var r=a(7462),n=(a(7294),a(3905));const o={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/es/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5 de julio de 2023",tags:[{label:"cwtch",permalink:"/es/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/es/blog/tags/cwtch-stable"},{label:"planning",permalink:"/es/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Progress Towards Reproducible UI Builds",permalink:"/es/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/es/blog/cwtch-nightly-1-12"}},c={authorsImageUrls:[void 0]},s=[],p={toc:s},h="wrapper";function u(e){let{components:t,...o}=e;return(0,n.kt)(h,(0,r.Z)({},p,o,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,n.kt)("strong",{parentName:"p"},"Beta")," to ",(0,n.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,n.kt)("p",null,"This post ",(0,n.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})))}u.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>r});const r=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/a84d2af0.01c0f65a.js b/build-staging/es/assets/js/a84d2af0.01c0f65a.js new file mode 100644 index 00000000..ecb49d49 --- /dev/null +++ b/build-staging/es/assets/js/a84d2af0.01c0f65a.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[890],{3905:(e,t,i)=>{i.d(t,{Zo:()=>d,kt:()=>m});var a=i(7294);function n(e,t,i){return t in e?Object.defineProperty(e,t,{value:i,enumerable:!0,configurable:!0,writable:!0}):e[t]=i,e}function r(e,t){var i=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),i.push.apply(i,a)}return i}function o(e){for(var t=1;t=0||(n[i]=e[i]);return n}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,i)&&(n[i]=e[i])}return n}var s=a.createContext({}),c=function(e){var t=a.useContext(s),i=t;return e&&(i="function"==typeof e?e(t):o(o({},t),e)),i},d=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var i=e.components,n=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),p=c(i),h=n,m=p["".concat(s,".").concat(h)]||p[h]||u[h]||r;return i?a.createElement(m,o(o({ref:t},d),{},{components:i})):a.createElement(m,o({ref:t},d))}));function m(e,t){var i=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var r=i.length,o=new Array(r);o[0]=h;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[p]="string"==typeof e?e:n,o[1]=l;for(var c=2;c{i.r(t),i.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var a=i(7462),n=(i(7294),i(3905));const r={title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},o=void 0,l={permalink:"/es/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Progress Towards Reproducible UI Builds",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14 de julio de 2023",tags:[{label:"cwtch",permalink:"/es/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/es/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/es/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/es/blog/tags/bindings"},{label:"repliqate",permalink:"/es/blog/tags/repliqate"}],readingTime:4.16,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/es/blog/cwtch-stable-roadmap-update-june"}},s={authorsImageUrls:[void 0]},c=[{value:"Building the Cwtch UI",id:"building-the-cwtch-ui",level:2},{value:"Changes we made for reproducible builds",id:"changes-we-made-for-reproducible-builds",level:2},{value:"Tar Archives",id:"tar-archives",level:3},{value:"Limitations and Next Steps",id:"limitations-and-next-steps",level:2},{value:"Pinned Dependencies",id:"pinned-dependencies",level:3},{value:"Stay up to date!",id:"stay-up-to-date",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],d={toc:c},p="wrapper";function u(e){let{components:t,...r}=e;return(0,n.kt)(p,(0,a.Z)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,n.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,n.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,n.kt)("p",null,(0,n.kt)("img",{src:i(9469).Z,width:"1005",height:"480"})),(0,n.kt)("h2",{id:"building-the-cwtch-ui"},"Building the Cwtch UI"),(0,n.kt)("p",null,"The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the ",(0,n.kt)("inlineCode",{parentName:"p"},"stable")," channel."),(0,n.kt)("p",null,"All builds are conducted through the ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter")," tool e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter build"),". We inject two build flags as part of the official build ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE"),":"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"}," flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\n")),(0,n.kt)("p",null,"These flags are defined to be identical to Cwtch Bindings. ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," is the latest git tag: ",(0,n.kt)("inlineCode",{parentName:"p"},"git describe --tags --abbrev=1")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE")," is the date of the latest commit on the branch ",(0,n.kt)("inlineCode",{parentName:"p"},"echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE")),(0,n.kt)("p",null,"All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in ",(0,n.kt)("inlineCode",{parentName:"p"},"LIBCWTCH-GO.version"),", and fetched via the fetch-libcwtch scripts)."),(0,n.kt)("p",null,"The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process."),(0,n.kt)("h2",{id:"changes-we-made-for-reproducible-builds"},"Changes we made for reproducible builds"),(0,n.kt)("p",null,"For reproducible linux builds we had to modify the generated ",(0,n.kt)("inlineCode",{parentName:"p"},"linux/CMakeLists.txt")," file to include the following compiler and linker flags:"),(0,n.kt)("ul",null,(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"-fno-ident")," - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries."),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--hash-style=gnu")," - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts"),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--build-id=none")," - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.")),(0,n.kt)("p",null,"We have also defined a new ",(0,n.kt)("a",{parentName:"p",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x"},"linker script")," that differs from the default by removing all ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," sections from object files. We do this because the linking process links in non-project artifacts like ",(0,n.kt)("inlineCode",{parentName:"p"},"crtbeginS.o")," which, in most systems, us compiled with a ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," section (the default linking script already removes the ",(0,n.kt)("inlineCode",{parentName:"p"},".note.gnu*")," sections."),(0,n.kt)("h3",{id:"tar-archives"},"Tar Archives"),(0,n.kt)("p",null,"Finally, following the ",(0,n.kt)("a",{parentName:"p",href:"https://reproducible-builds.org/docs/archives/"},"guide at reproducible-builds.org")," we have defined standard metadata for the generated Tar archives to make them also reproducible."),(0,n.kt)("h2",{id:"limitations-and-next-steps"},"Limitations and Next Steps"),(0,n.kt)("p",null,"The above changes mean that official linux builds of the same commit will now result in identical artifacts."),(0,n.kt)("p",null,"The next step is to roll these changes into ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate"},"repliqate")," as we have done with our bindings builds."),(0,n.kt)("p",null,"However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"crti.o")," with full branch protection enabled. On 64-bit systems this results in an ",(0,n.kt)("inlineCode",{parentName:"p"},"endcr64")," instruction being inserted at the start of the ",(0,n.kt)("inlineCode",{parentName:"p"},".init")," and ",(0,n.kt)("inlineCode",{parentName:"p"},".fini")," sections, among others."),(0,n.kt)("p",null,"In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate."),(0,n.kt)("h3",{id:"pinned-dependencies"},"Pinned Dependencies"),(0,n.kt)("p",null,"Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. "),(0,n.kt)("p",null,"The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). "),(0,n.kt)("p",null,"However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward."),(0,n.kt)("h2",{id:"stay-up-to-date"},"Stay up to date!"),(0,n.kt)("p",null,"We expect to make additional progress on this in the coming weeks and months. Subscribe to our ",(0,n.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,n.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,n.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,n.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,n.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,n.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,n.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,n.kt)("p",null,"Donations of ",(0,n.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,n.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"A Photo of Cwtch Stickers",src:i(4515).Z,width:"1024",height:"768"})))}u.isMDXComponent=!0},9469:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/a84d2af0.40e9846c.js b/build-staging/es/assets/js/a84d2af0.40e9846c.js deleted file mode 100644 index 05f91965..00000000 --- a/build-staging/es/assets/js/a84d2af0.40e9846c.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[890],{3905:(e,t,i)=>{i.d(t,{Zo:()=>d,kt:()=>m});var a=i(7294);function n(e,t,i){return t in e?Object.defineProperty(e,t,{value:i,enumerable:!0,configurable:!0,writable:!0}):e[t]=i,e}function r(e,t){var i=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),i.push.apply(i,a)}return i}function o(e){for(var t=1;t=0||(n[i]=e[i]);return n}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,i)&&(n[i]=e[i])}return n}var s=a.createContext({}),c=function(e){var t=a.useContext(s),i=t;return e&&(i="function"==typeof e?e(t):o(o({},t),e)),i},d=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var i=e.components,n=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),p=c(i),h=n,m=p["".concat(s,".").concat(h)]||p[h]||u[h]||r;return i?a.createElement(m,o(o({ref:t},d),{},{components:i})):a.createElement(m,o({ref:t},d))}));function m(e,t){var i=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var r=i.length,o=new Array(r);o[0]=h;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[p]="string"==typeof e?e:n,o[1]=l;for(var c=2;c{i.r(t),i.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var a=i(7462),n=(i(7294),i(3905));const r={title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},o=void 0,l={permalink:"/es/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Cwtch UI Reproducible Builds (Linux)",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14 de julio de 2023",tags:[{label:"cwtch",permalink:"/es/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/es/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/es/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/es/blog/tags/bindings"},{label:"repliqate",permalink:"/es/blog/tags/repliqate"}],readingTime:4.06,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/es/blog/cwtch-stable-roadmap-update-june"}},s={authorsImageUrls:[void 0]},c=[{value:"Building the Cwtch UI",id:"building-the-cwtch-ui",level:2},{value:"Changes we made for reproducible builds",id:"changes-we-made-for-reproducible-builds",level:2},{value:"Tar Archives",id:"tar-archives",level:3},{value:"Limitations and Next Steps",id:"limitations-and-next-steps",level:2},{value:"Pinned Dependencies",id:"pinned-dependencies",level:3},{value:"Help us go further!",id:"help-us-go-further",level:2},{value:"Stay up to date!",id:"stay-up-to-date",level:2}],d={toc:c},p="wrapper";function u(e){let{components:t,...r}=e;return(0,n.kt)(p,(0,a.Z)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,n.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,n.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,n.kt)("p",null,(0,n.kt)("img",{src:i(9469).Z,width:"1005",height:"480"})),(0,n.kt)("h2",{id:"building-the-cwtch-ui"},"Building the Cwtch UI"),(0,n.kt)("p",null,"The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the ",(0,n.kt)("inlineCode",{parentName:"p"},"stable")," channel."),(0,n.kt)("p",null,"All builds are conducted through the ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter")," tool e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter build"),". We inject two build flags as part of the official build ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE"),":"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"}," flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\n")),(0,n.kt)("p",null,"These flags are defined to be identical to Cwtch Bindings. ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," is the latest git tag: ",(0,n.kt)("inlineCode",{parentName:"p"},"git describe --tags --abbrev=1")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE")," is the date of the latest commit on the branch ",(0,n.kt)("inlineCode",{parentName:"p"},"echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE")),(0,n.kt)("p",null,"All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in ",(0,n.kt)("inlineCode",{parentName:"p"},"LIBCWTCH-GO.version"),", and fetched via the fetch-libcwtch scripts)."),(0,n.kt)("p",null,"The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process."),(0,n.kt)("h2",{id:"changes-we-made-for-reproducible-builds"},"Changes we made for reproducible builds"),(0,n.kt)("p",null,"For reproducible linux builds we had to modify the generated ",(0,n.kt)("inlineCode",{parentName:"p"},"linux/CMakeLists.txt")," file to include the following compiler and linker flags:"),(0,n.kt)("ul",null,(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"-fno-ident")," - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries."),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--hash-style=gnu")," - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts"),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--build-id=none")," - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.")),(0,n.kt)("p",null,"We also define a new ",(0,n.kt)("a",{parentName:"p",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x"},"link script")," that differs from the default by removing all ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," sections from object files. We do this because the linking process links in non-project artifacts like ",(0,n.kt)("inlineCode",{parentName:"p"},"crtbeginS.o")," which, in most systems, us compiled with a ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," section (the default linking script already removes the ",(0,n.kt)("inlineCode",{parentName:"p"},".note.gnu*")," sections."),(0,n.kt)("h3",{id:"tar-archives"},"Tar Archives"),(0,n.kt)("p",null,"Finally, following the ",(0,n.kt)("a",{parentName:"p",href:"https://reproducible-builds.org/docs/archives/"},"guide at https://reproducible-builds.org/docs/archives/")," we defined standard metadata for the generated Tar archives to make them also reproducible."),(0,n.kt)("h2",{id:"limitations-and-next-steps"},"Limitations and Next Steps"),(0,n.kt)("p",null,"The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script"),(0,n.kt)("p",null,"However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"crti.o")," with full branch protection enabled. On 64-bit systems this results in an ",(0,n.kt)("inlineCode",{parentName:"p"},"endcr64")," instruction being inserted at the start of the ",(0,n.kt)("inlineCode",{parentName:"p"},".init")," and ",(0,n.kt)("inlineCode",{parentName:"p"},".fini")," sections, among others."),(0,n.kt)("p",null,"In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate."),(0,n.kt)("h3",{id:"pinned-dependencies"},"Pinned Dependencies"),(0,n.kt)("p",null,"While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. "),(0,n.kt)("p",null,"The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). "),(0,n.kt)("p",null,"However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from."),(0,n.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,n.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,n.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,n.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,n.kt)("p",null,"Donations of ",(0,n.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,n.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"A Photo of Cwtch Stickers",src:i(4515).Z,width:"1024",height:"768"})),(0,n.kt)("h2",{id:"stay-up-to-date"},"Stay up to date!"),(0,n.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,n.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,n.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,n.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."))}u.isMDXComponent=!0},9469:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/d548bd8c.59ba6fe8.js b/build-staging/es/assets/js/d548bd8c.59ba6fe8.js new file mode 100644 index 00000000..d03b5f07 --- /dev/null +++ b/build-staging/es/assets/js/d548bd8c.59ba6fe8.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2006],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var a=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,a)}return r}function l(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var c=a.createContext({}),s=function(e){var t=a.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=s(e.components);return a.createElement(c.Provider,{value:t},e.children)},p="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},b=a.forwardRef((function(e,t){var r=e.components,i=e.mdxType,n=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),p=s(r),b=i,g=p["".concat(c,".").concat(b)]||p[b]||d[b]||n;return r?a.createElement(g,l(l({ref:t},u),{},{components:r})):a.createElement(g,l({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var n=r.length,l=new Array(n);l[0]=b;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o[p]="string"==typeof e?e:i,l[1]=o;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>d,frontMatter:()=>n,metadata:()=>o,toc:()=>s});var a=r(7462),i=(r(7294),r(3905));const n={title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},l=void 0,o={permalink:"/es/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Progress Towards Reproducible UI Builds",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14 de julio de 2023",tags:[{label:"cwtch",permalink:"/es/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/es/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/es/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/es/blog/tags/bindings"},{label:"repliqate",permalink:"/es/blog/tags/repliqate"}],readingTime:4.16,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/es/blog/cwtch-stable-roadmap-update-june"}},c={authorsImageUrls:[void 0]},s=[],u={toc:s},p="wrapper";function d(e){let{components:t,...n}=e;return(0,i.kt)(p,(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,i.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,i.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,i.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,i.kt)("p",null,(0,i.kt)("img",{src:r(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,r)=>{r.d(t,{Z:()=>a});const a=r.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/d548bd8c.63711a54.js b/build-staging/es/assets/js/d548bd8c.63711a54.js deleted file mode 100644 index 831a772d..00000000 --- a/build-staging/es/assets/js/d548bd8c.63711a54.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2006],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var i=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,i)}return r}function l(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);for(i=0;i=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=i.createContext({}),s=function(e){var t=i.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=s(e.components);return i.createElement(c.Provider,{value:t},e.children)},p="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return i.createElement(i.Fragment,{},t)}},b=i.forwardRef((function(e,t){var r=e.components,a=e.mdxType,n=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),p=s(r),b=a,g=p["".concat(c,".").concat(b)]||p[b]||d[b]||n;return r?i.createElement(g,l(l({ref:t},u),{},{components:r})):i.createElement(g,l({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var n=r.length,l=new Array(n);l[0]=b;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o[p]="string"==typeof e?e:a,l[1]=o;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>d,frontMatter:()=>n,metadata:()=>o,toc:()=>s});var i=r(7462),a=(r(7294),r(3905));const n={title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},l=void 0,o={permalink:"/es/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Cwtch UI Reproducible Builds (Linux)",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14 de julio de 2023",tags:[{label:"cwtch",permalink:"/es/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/es/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/es/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/es/blog/tags/bindings"},{label:"repliqate",permalink:"/es/blog/tags/repliqate"}],readingTime:4.06,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/es/blog/cwtch-stable-roadmap-update-june"}},c={authorsImageUrls:[void 0]},s=[],u={toc:s},p="wrapper";function d(e){let{components:t,...n}=e;return(0,a.kt)(p,(0,i.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,a.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,a.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,a.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,a.kt)("p",null,(0,a.kt)("img",{src:r(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,r)=>{r.d(t,{Z:()=>i});const i=r.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/es/assets/js/main.c49ce330.js b/build-staging/es/assets/js/main.cd707e0e.js similarity index 99% rename from build-staging/es/assets/js/main.c49ce330.js rename to build-staging/es/assets/js/main.cd707e0e.js index 7e9592fd..a22e290e 100644 --- a/build-staging/es/assets/js/main.c49ce330.js +++ b/build-staging/es/assets/js/main.cd707e0e.js @@ -1,2 +1,2 @@ -/*! For license information please see main.c49ce330.js.LICENSE.txt */ -(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[179],{723:(e,t,n)=>{"use strict";n.d(t,{Z:()=>f});var r=n(7294),a=n(7462),o=n(8356),i=n.n(o),s=n(6887);const l={"00242891":[()=>n.e(4667).then(n.t.bind(n,1369,19)),"~blog/default/es-blog-tags-cwtch-stable-page-2-300-list.json",1369],"01a85c17":[()=>Promise.all([n.e(532),n.e(4013)]).then(n.bind(n,1223)),"@theme/BlogTagsListPage",1223],"02d640a3":[()=>n.e(3066).then(n.t.bind(n,3156,19)),"~docs/default/category-esdocs-tutorialsidebar-category-contribuye-f7f.json",3156],"03aa1116":[()=>n.e(9587).then(n.t.bind(n,1472,19)),"~blog/default/es-blog-tags-cwtch-stable-ad5-list.json",1472],"049fd9f7":[()=>n.e(426).then(n.bind(n,1576)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/experiments/group-experiment.md",1576],"05def798":[()=>n.e(8798).then(n.bind(n,966)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/appearance/ui-columns.md",966],"062eafd9":[()=>n.e(984).then(n.t.bind(n,2700,19)),"~blog/default/es-blog-tags-autobindings-049-list.json",2700],"06622c1f":[()=>n.e(4811).then(n.bind(n,6476)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/change-name.md",6476],"0991cafe":[()=>n.e(5876).then(n.bind(n,8946)),"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",8946],"09ee442d":[()=>n.e(1319).then(n.bind(n,6886)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/intro.md",6886],"0aa99d8f":[()=>n.e(3633).then(n.bind(n,1991)),"@site/i18n/es/docusaurus-plugin-content-docs/current/servers/introduction.md",1991],"0c1afdee":[()=>n.e(6060).then(n.t.bind(n,5356,19)),"~blog/default/es-blog-tags-support-7f0.json",5356],"0c1d60b0":[()=>n.e(4174).then(n.bind(n,3514)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/cwtch/server.md",3514],"0d64c1d9":[()=>n.e(8710).then(n.bind(n,9133)),"@site/blog/2023-01-20-reproducible-builds-bindings.md",9133],"0e00d73c":[()=>n.e(836).then(n.bind(n,6384)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/unlock-profile.md",6384],"0e5857d6":[()=>n.e(5889).then(n.bind(n,1422)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/experiments/image-previews-and-profile-pictures.md",1422],"114c7a7e":[()=>n.e(2524).then(n.bind(n,5469)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/appearance/streamer-mode.md",5469],"141cdfa9":[()=>n.e(7293).then(n.bind(n,677)),"@site/blog/2023-04-06-availability-and-profile-attributes.md?truncated=true",677],"14eb3368":[()=>Promise.all([n.e(532),n.e(9817)]).then(n.bind(n,4228)),"@theme/DocCategoryGeneratedIndexPage",4228],"15cce247":[()=>n.e(4318).then(n.t.bind(n,188,19)),"~docs/default/category-esdocs-tutorialsidebar-category-groups-d71.json",188],17896441:[()=>Promise.all([n.e(532),n.e(9785),n.e(7918)]).then(n.bind(n,5154)),"@theme/DocItem",5154],"1a25c548":[()=>n.e(5732).then(n.bind(n,1202)),"@site/blog/2023-01-06-path-to-cwtch-stable.md?truncated=true",1202],"1af3d897":[()=>n.e(1443).then(n.t.bind(n,400,19)),"~blog/default/es-blog-tags-testing-182.json",400],"1be78505":[()=>Promise.all([n.e(532),n.e(9514)]).then(n.bind(n,9963)),"@theme/DocPage",9963],"1c2b746e":[()=>n.e(1539).then(n.bind(n,2465)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/delete-contact.md",2465],"1c48b4d1":[()=>n.e(8664).then(n.bind(n,4195)),"@site/i18n/es/docusaurus-plugin-content-docs/current/contribute/developing.md",4195],"1cd6f7c0":[()=>n.e(2995).then(n.t.bind(n,6448,19)),"~blog/default/es-blog-tags-cwtch-dfb-list.json",6448],"1e810a61":[()=>n.e(4533).then(n.t.bind(n,1888,19)),"~blog/default/es-blog-tags-release-5a4-list.json",1888],"1ebd8798":[()=>n.e(4788).then(n.bind(n,5558)),"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md?truncated=true",5558],"1f18ed69":[()=>n.e(8261).then(n.t.bind(n,420,19)),"~blog/default/es-blog-tags-libcwtch-52a-list.json",420],"1f984337":[()=>n.e(3769).then(n.t.bind(n,295,19)),"~blog/default/es-blog-tags-bindings-e6c.json",295],"21b6537d":[()=>n.e(2806).then(n.bind(n,4750)),"@site/i18n/es/docusaurus-plugin-content-docs/current/servers/share-key.md",4750],"23c99aae":[()=>n.e(8639).then(n.t.bind(n,867,19)),"~blog/default/es-blog-tags-planning-e48.json",867],"24c23e10":[()=>n.e(3346).then(n.bind(n,8716)),"@site/i18n/es/docusaurus-plugin-content-docs/current/contribute/documentation.md",8716],"25b9f0e4":[()=>n.e(6649).then(n.bind(n,2243)),"@site/i18n/es/docusaurus-plugin-content-docs/current/groups/accept-group-invite.md",2243],"26a00d26":[()=>n.e(6719).then(n.t.bind(n,9922,19)),"~blog/default/es-blog-page-2-325.json",9922],"270b2a86":[()=>n.e(355).then(n.bind(n,7990)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/share-address-with-friends.md",7990],"2928a17c":[()=>n.e(2054).then(n.bind(n,6244)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/introduction.md",6244],"2d2c7491":[()=>n.e(3455).then(n.bind(n,6316)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/tapir/packet_format.md",6316],"302af923":[()=>n.e(1664).then(n.t.bind(n,5960,19)),"~blog/default/es-blog-tags-bindings-e6c-list.json",5960],"31631b3e":[()=>n.e(5170).then(n.bind(n,6335)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/connectivity/intro.md",6335],"33c3c542":[()=>n.e(4733).then(n.t.bind(n,4382,19)),"~docs/default/category-esdocs-tutorialsidebar-category-configuracion-b0f.json",4382],"34545dcf":[()=>n.e(8667).then(n.bind(n,2837)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/experiments/clickable-links.md",2837],"359fb69f":[()=>n.e(4685).then(n.bind(n,4706)),"@site/i18n/es/docusaurus-plugin-content-docs/current/intro.md",4706],"3a042459":[()=>n.e(2516).then(n.t.bind(n,7132,19)),"~blog/default/es-blog-tags-cwtch-stable-ad5.json",7132],"3a109bd3":[()=>n.e(7782).then(n.bind(n,877)),"@site/blog/2023-03-10-cwtch-documentation.md?truncated=true",877],"3ace3922":[()=>n.e(8974).then(n.t.bind(n,5670,19)),"~blog/default/es-blog-tags-reproducible-builds-96c-list.json",5670],"3ca9f026":[()=>n.e(8177).then(n.bind(n,808)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/ui/overlays.md",808],"3cd9b44e":[()=>n.e(8186).then(n.t.bind(n,2332,19)),"~docs/docs-security/category-essecurity-tutorialsidebar-category-connectivity-tor-a8d.json",2332],"3db42865":[()=>n.e(7139).then(n.t.bind(n,3769,19)),"/home/sarah/PARA/projects/docs.cwtch.im/.docusaurus/docusaurus-plugin-content-docs/default/plugin-route-context-module-100.json",3769],"3ec42fa4":[()=>n.e(5583).then(n.bind(n,2947)),"@site/i18n/es/docusaurus-plugin-content-docs/current/contribute/testing.md",2947],"404e0e09":[()=>n.e(5703).then(n.bind(n,6569)),"@site/i18n/es/docusaurus-plugin-content-docs/current/groups/introduction.md",6569],"43449e47":[()=>n.e(153).then(n.t.bind(n,4936,19)),"~docs/docs-developer/category-esdeveloping-tutorialsidebar-category-building-a-cwtch-app-02b.json",4936],"43b107c1":[()=>n.e(9200).then(n.bind(n,1168)),"@site/blog/2023-02-03-cwtch-testing-i.md",1168],"474a1a11":[()=>n.e(1825).then(n.t.bind(n,7240,19)),"~blog/default/es-blog-tags-api-987-list.json",7240],"4a6801a7":[()=>n.e(4697).then(n.t.bind(n,5367,19)),"~docs/docs-security/category-essecurity-tutorialsidebar-category-tapir-032.json",5367],"4aa555c3":[()=>n.e(7797).then(n.bind(n,3449)),"@site/blog/2023-06-16-cwtch-1.12.md?truncated=true",3449],"4d27f429":[()=>n.e(788).then(n.bind(n,7362)),"@site/blog/2023-01-20-reproducible-builds-bindings.md?truncated=true",7362],"4d4c5a31":[()=>n.e(6588).then(n.bind(n,5850)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/profile-info.md",5850],"4df29f52":[()=>n.e(4273).then(n.t.bind(n,6693,19)),"~blog/default/es-blog-tags-security-handbook-129-list.json",6693],"4f68bcc6":[()=>n.e(3516).then(n.t.bind(n,4289,19)),"/home/sarah/PARA/projects/docs.cwtch.im/.docusaurus/docusaurus-plugin-content-docs/docs-security/plugin-route-context-module-100.json",4289],"511b7c07":[()=>n.e(724).then(n.bind(n,3483)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/intro.md",3483],"5181f1e2":[()=>n.e(26).then(n.bind(n,9418)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/cwtch/key_bundles.md",9418],52564945:[()=>n.e(3787).then(n.bind(n,8897)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/importing-a-profile.md",8897],"53cc4802":[()=>n.e(7594).then(n.bind(n,3109)),"@site/blog/2023-02-03-cwtch-testing-i.md?truncated=true",3109],"54611c16":[()=>n.e(8031).then(n.bind(n,6613)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/behaviour/notification-content.md",6613],"559441ca":[()=>n.e(2682).then(n.bind(n,1407)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/introduction.md",1407],"5beee875":[()=>n.e(9444).then(n.bind(n,2724)),"@site/blog/2023-06-07-new-nightly.md",2724],"5ca95110":[()=>n.e(1121).then(n.t.bind(n,4680,19)),"~blog/default/es-blog-tags-developer-documentation-c83.json",4680],"5cb298ca":[()=>n.e(2909).then(n.bind(n,4673)),"@site/blog/2023-04-28-developer-docs.md?truncated=true",4673],"5dc151e9":[()=>n.e(923).then(n.bind(n,2320)),"@site/developing/release.md",2320],"5e5faacc":[()=>n.e(8192).then(n.bind(n,9655)),"@site/blog/2023-01-27-platform-support.md",9655],"5e9f5e1a":[()=>Promise.resolve().then(n.bind(n,6809)),"@generated/docusaurus.config",6809],"5ec66a01":[()=>n.e(3441).then(n.bind(n,666)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/behaviour/block-unknown-connections.md",666],"5f8a68fd":[()=>n.e(4138).then(n.t.bind(n,2595,19)),"~docs/default/category-esdocs-tutorialsidebar-category-conversations-b1c.json",2595],"60846aee":[()=>n.e(3337).then(n.bind(n,4557)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/ui/image_previews.md",4557],"618f3057":[()=>n.e(433).then(n.bind(n,6901)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/experiments/message-formatting.md",6901],"6275ceb4":[()=>n.e(6555).then(n.bind(n,248)),"@site/blog/2023-03-10-cwtch-documentation.md",248],"64fc8eaf":[()=>n.e(2858).then(n.t.bind(n,3367,19)),"~blog/default/es-blog-tags-nightly-304.json",3367],"652ba846":[()=>n.e(4679).then(n.bind(n,8378)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/conversation-settings.md",8378],"66cb26f4":[()=>n.e(9453).then(n.bind(n,7447)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/ui/input.md",7447],"6875c492":[()=>Promise.all([n.e(532),n.e(9785),n.e(6048),n.e(8610)]).then(n.bind(n,1714)),"@theme/BlogTagsPostsPage",1714],"6a78f460":[()=>n.e(439).then(n.bind(n,2982)),"@site/blog/2023-04-06-availability-and-profile-attributes.md",2982],"6ae2b8f9":[()=>n.e(3957).then(n.bind(n,2670)),"@site/i18n/es/docusaurus-plugin-content-docs/current/groups/manage-known-servers.md",2670],"6bdc8c14":[()=>n.e(3775).then(n.bind(n,4155)),"@site/i18n/es/docusaurus-plugin-content-docs/current/contribute/translate.md",4155],"6d68d408":[()=>n.e(8330).then(n.bind(n,960)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/reply-to-message.md",960],"70a92a1e":[()=>n.e(7519).then(n.t.bind(n,8904,19)),"~blog/default/es-blog-tags-repliqate-b6c.json",8904],"72315c3e":[()=>n.e(5566).then(n.t.bind(n,7813,19)),"~blog/default/es-blog-tags-documentation-5f3.json",7813],"72ed38d2":[()=>n.e(9858).then(n.t.bind(n,2747,19)),"~docs/docs-security/category-essecurity-tutorialsidebar-category-cwtch-ui-96a.json",2747],"7a3564c1":[()=>n.e(9930).then(n.bind(n,7622)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/behaviour/notification-policy.md",7622],"7a4d337c":[()=>n.e(4170).then(n.t.bind(n,7500,19)),"~blog/default/es-blog-tags-autobindings-049.json",7500],"7ae36327":[()=>n.e(1949).then(n.bind(n,1496)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/appearance/light-dark-mode.md",1496],"7d7ca3f1":[()=>n.e(4398).then(n.bind(n,4158)),"@site/i18n/es/docusaurus-plugin-content-docs/current/servers/unlock-server.md",4158],"814f3328":[()=>n.e(2535).then(n.t.bind(n,5641,19)),"~blog/default/blog-post-list-prop-default.json",5641],"81d88b95":[()=>n.e(490).then(n.bind(n,1276)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/introduction.md",1276],"824a28c6":[()=>n.e(5905).then(n.bind(n,9347)),"@site/developing/building-a-cwtch-app/intro.md",9347],86813741:[()=>n.e(6679).then(n.t.bind(n,2750,19)),"~blog/default/es-blog-tags-cwtch-page-2-6a4.json",2750],"86aebd6f":[()=>n.e(9599).then(n.t.bind(n,1754,19)),"~blog/default/es-blog-tags-security-handbook-129.json",1754],"89f86a37":[()=>n.e(9759).then(n.bind(n,9366)),"@site/blog/2023-03-29-cwtch-1.11.md?truncated=true",9366],"8a73259a":[()=>n.e(6162).then(n.t.bind(n,5046,19)),"~docs/default/category-esdocs-tutorialsidebar-category-comportamiento-86b.json",5046],"8df6de9b":[()=>n.e(9954).then(n.t.bind(n,3222,19)),"~blog/default/es-blog-tags-tags-cef.json",3222],"8eaa4178":[()=>n.e(6179).then(n.t.bind(n,1915,19)),"~docs/default/category-esdocs-tutorialsidebar-category-perfiles-f98.json",1915],"8fd5e00a":[()=>n.e(568).then(n.t.bind(n,4510,19)),"~blog/default/es-blog-047.json",4510],"8fe7a387":[()=>n.e(5233).then(n.bind(n,9667)),"@site/blog/2023-03-03-autobindings-optional-experiments.md",9667],91341964:[()=>n.e(3214).then(n.bind(n,3915)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/references.md",3915],"935f2afb":[()=>n.e(53).then(n.t.bind(n,1109,19)),"~docs/default/version-current-metadata-prop-751.json",1109],94594657:[()=>n.e(5467).then(n.bind(n,897)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/experiments/qrcodes.md",897],"9479ba79":[()=>n.e(6433).then(n.bind(n,6320)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/risk.md",6320],"95c68178":[()=>n.e(6205).then(n.t.bind(n,3264,19)),"~blog/default/es-blog-archive-4d8.json",3264],"95f63404":[()=>n.e(7075).then(n.t.bind(n,1632,19)),"~docs/default/category-esdocs-tutorialsidebar-category-experiments-0d8.json",1632],"9af9bb9d":[()=>n.e(5841).then(n.t.bind(n,2707,19)),"~blog/default/es-blog-tags-release-5a4.json",2707],"9b12a270":[()=>n.e(9249).then(n.bind(n,9816)),"@site/blog/2023-02-10-android-reproducibility.md",9816],"9dd8190d":[()=>n.e(2688).then(n.bind(n,7561)),"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md",7561],"9e2a7473":[()=>n.e(1258).then(n.bind(n,8725)),"@site/blog/2023-01-13-cwtch-stable-api-design.md",8725],"9e4087bc":[()=>n.e(3608).then(n.bind(n,3169)),"@theme/BlogArchivePage",3169],"9ef77088":[()=>n.e(5602).then(n.t.bind(n,3308,19)),"~blog/default/es-blog-tags-planning-e48-list.json",3308],"9f1c7621":[()=>n.e(1312).then(n.bind(n,4387)),"@site/blog/2023-02-17-cwtch-testing-ii.md",4387],a02b4022:[()=>n.e(3492).then(n.bind(n,4889)),"@site/blog/2023-06-16-cwtch-1.12.md",4889],a65a3c47:[()=>n.e(7591).then(n.bind(n,5432)),"@site/blog/2023-04-28-developer-docs.md",5432],a6aa9e1f:[()=>Promise.all([n.e(532),n.e(9785),n.e(6048),n.e(3089)]).then(n.bind(n,46)),"@theme/BlogListPage",46],a6f005ae:[()=>n.e(3412).then(n.bind(n,2725)),"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md?truncated=true",2725],a79c88c2:[()=>n.e(9976).then(n.bind(n,8553)),"@site/blog/2023-01-13-cwtch-stable-api-design.md?truncated=true",8553],a84d2af0:[()=>n.e(890).then(n.bind(n,7177)),"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",7177],a8c7fdc6:[()=>n.e(1602).then(n.t.bind(n,6454,19)),"~docs/docs-security/version-current-metadata-prop-751.json",6454],ac9aaa3f:[()=>n.e(6801).then(n.bind(n,5514)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/unblock-contact.md",5514],af23c5f9:[()=>n.e(3218).then(n.bind(n,4958)),"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md",4958],af2fa732:[()=>n.e(6753).then(n.bind(n,7245)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/experiments/server-hosting.md",7245],af971761:[()=>n.e(7251).then(n.bind(n,1401)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/block-contact.md",1401],b0367817:[()=>n.e(8525).then(n.t.bind(n,429,19)),"~docs/default/category-esdocs-tutorialsidebar-category-platforms-44b.json",429],b0404c31:[()=>n.e(7860).then(n.bind(n,3478)),"@site/blog/2023-01-06-path-to-cwtch-stable.md",3478],b4165829:[()=>n.e(2033).then(n.bind(n,1646)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/accept-deny-new-conversation.md",1646],b4876842:[()=>n.e(6021).then(n.bind(n,7665)),"@site/i18n/es/docusaurus-plugin-content-docs/current/platforms/tails.md",7665],b77581fc:[()=>n.e(5004).then(n.bind(n,9267)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/delete-profile.md",9267],bb45cad0:[()=>n.e(908).then(n.bind(n,8157)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/experiments/file-sharing.md",8157],bcc84138:[()=>n.e(5103).then(n.bind(n,461)),"@site/i18n/es/docusaurus-plugin-content-docs/current/getting-started/supported_platforms.md",461],bdf5d676:[()=>n.e(5291).then(n.bind(n,6426)),"@site/i18n/es/docusaurus-plugin-content-docs/current/settings/appearance/change-language.md",6426],be9a5550:[()=>n.e(2279).then(n.bind(n,1091)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/save-conversation-history.md",1091],bf059cf9:[()=>n.e(5273).then(n.bind(n,2626)),"@site/blog/2023-02-10-android-reproducibility.md?truncated=true",2626],c14f15fd:[()=>n.e(7649).then(n.bind(n,3071)),"@site/developing/building-a-cwtch-app/core-concepts.md",3071],c21eb9f5:[()=>n.e(5910).then(n.t.bind(n,748,19)),"~blog/default/es-blog-tags-repliqate-b6c-list.json",748],c3ed911f:[()=>n.e(2091).then(n.bind(n,4977)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/tapir/authentication_protocol.md",4977],c4f5d8e4:[()=>Promise.all([n.e(532),n.e(4195)]).then(n.bind(n,3261)),"@site/src/pages/index.js",3261],c521ebb9:[()=>n.e(1084).then(n.bind(n,2575)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/ecosystem-overview.md",2575],c567d895:[()=>n.e(5986).then(n.bind(n,8082)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/cwtch/groups.md",8082],c5e058ac:[()=>n.e(2017).then(n.bind(n,1755)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/message-formatting.md",1755],c688cd93:[()=>n.e(7264).then(n.bind(n,3042)),"@site/i18n/es/docusaurus-plugin-content-docs/current/servers/delete-server.md",3042],c747432f:[()=>n.e(8835).then(n.bind(n,2090)),"@site/blog/2023-03-03-autobindings-optional-experiments.md?truncated=true",2090],c94c4dfb:[()=>n.e(9146).then(n.t.bind(n,4469,19)),"/home/sarah/PARA/projects/docs.cwtch.im/.docusaurus/docusaurus-plugin-content-blog/default/plugin-route-context-module-100.json",4469],c953ad65:[()=>n.e(413).then(n.bind(n,1668)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/change-profile-image.md",1668],c96c5262:[()=>n.e(3761).then(n.bind(n,5426)),"@site/blog/2023-03-29-cwtch-1.11.md",5426],cbbc0b0f:[()=>n.e(9334).then(n.t.bind(n,2445,19)),"~blog/default/es-blog-tags-developer-documentation-c83-list.json",2445],ccc49370:[()=>Promise.all([n.e(532),n.e(9785),n.e(6048),n.e(6103)]).then(n.bind(n,5203)),"@theme/BlogPostPage",5203],cdd10d0d:[()=>n.e(2182).then(n.bind(n,2865)),"@site/i18n/es/docusaurus-plugin-content-docs/current/groups/create-group.md",2865],ce68aa0f:[()=>n.e(9793).then(n.bind(n,9481)),"@site/i18n/es/docusaurus-plugin-content-docs/current/groups/edit-group-name.md",9481],cf7ec223:[()=>n.e(8566).then(n.t.bind(n,8145,19)),"~docs/docs-security/category-essecurity-tutorialsidebar-category-cwtch-c97.json",8145],d3029be3:[()=>n.e(6520).then(n.bind(n,9837)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/deployment.md",9837],d5055ac4:[()=>n.e(8609).then(n.t.bind(n,3429,19)),"~blog/default/es-blog-tags-cwtch-stable-page-2-300.json",3429],d548bd8c:[()=>n.e(2006).then(n.bind(n,5311)),"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md?truncated=true",5311],d5f314f9:[()=>n.e(5869).then(n.t.bind(n,9317,19)),"/home/sarah/PARA/projects/docs.cwtch.im/.docusaurus/docusaurus-plugin-content-docs/docs-developer/plugin-route-context-module-100.json",9317],d6981a76:[()=>n.e(5761).then(n.bind(n,8400)),"@site/i18n/es/docusaurus-plugin-content-docs/current/groups/leave-group.md",8400],d6f4db7a:[()=>n.e(5401).then(n.t.bind(n,1765,19)),"~blog/default/es-blog-tags-nightly-304-list.json",1765],d7127c3b:[()=>n.e(9958).then(n.t.bind(n,4839,19)),"~blog/default/es-blog-tags-support-7f0-list.json",4839],d7b9dd5a:[()=>n.e(799).then(n.t.bind(n,7884,19)),"~blog/default/es-blog-tags-cwtch-dfb.json",7884],d7c28e69:[()=>n.e(1601).then(n.bind(n,6560)),"@site/i18n/es/docusaurus-plugin-content-docs/current/servers/edit-server.md",6560],da0de98b:[()=>n.e(6774).then(n.t.bind(n,8514,19)),"~blog/default/es-blog-tags-testing-182-list.json",8514],daa83a73:[()=>n.e(5532).then(n.bind(n,8177)),"@site/i18n/es/docusaurus-plugin-content-docs/current/contribute/stickers.md",8177],dbc23903:[()=>n.e(411).then(n.bind(n,1593)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/exporting-profile.md",1593],dbda29f5:[()=>n.e(1434).then(n.bind(n,9102)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/availability-status.md",9102],dc4e6075:[()=>n.e(2023).then(n.t.bind(n,9818,19)),"~blog/default/es-blog-tags-documentation-5f3-list.json",9818],de3e8d19:[()=>n.e(3570).then(n.bind(n,3229)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/cwtch/message_formats.md",3229],e0693172:[()=>n.e(2722).then(n.t.bind(n,1006,19)),"~blog/default/es-blog-tags-reproducible-builds-96c.json",1006],e20a62ae:[()=>n.e(2815).then(n.bind(n,8202)),"@site/i18n/es/docusaurus-plugin-content-docs/current/servers/create-server.md",8202],e2f5db39:[()=>n.e(6164).then(n.t.bind(n,732,19)),"~docs/docs-security/category-essecurity-tutorialsidebar-category-cwtch-components-69a.json",732],e48e682c:[()=>n.e(322).then(n.bind(n,8021)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/change-password.md",8021],e490445a:[()=>n.e(9765).then(n.t.bind(n,1917,19)),"~docs/default/category-esdocs-tutorialsidebar-category-apariencia-040.json",1917],e5c4909f:[()=>n.e(3077).then(n.t.bind(n,2046,19)),"~blog/default/es-blog-tags-api-987.json",2046],e88d32a9:[()=>n.e(6585).then(n.t.bind(n,5745,19)),"/home/sarah/PARA/projects/docs.cwtch.im/.docusaurus/docusaurus-plugin-content-pages/default/plugin-route-context-module-100.json",5745],ea60411e:[()=>n.e(3405).then(n.bind(n,4528)),"@site/i18n/es/docusaurus-plugin-content-docs/current/profiles/create-a-profile.md",4528],ead134b2:[()=>n.e(8002).then(n.bind(n,9651)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/add-contact.md",9651],ebdc3447:[()=>n.e(283).then(n.bind(n,7736)),"@site/i18n/es/docusaurus-plugin-content-docs/current/chat/share-file.md",7736],ee1e10c4:[()=>n.e(7372).then(n.t.bind(n,6658,19)),"~blog/default/es-blog-tags-libcwtch-52a.json",6658],ef78badf:[()=>n.e(8922).then(n.bind(n,5481)),"@site/blog/2023-01-27-platform-support.md?truncated=true",5481],f041e880:[()=>n.e(5226).then(n.bind(n,3291)),"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md?truncated=true",3291],f384c30f:[()=>n.e(5760).then(n.bind(n,3627)),"@site/i18n/es/docusaurus-plugin-content-docs/current/groups/send-invite.md",3627],f53ef702:[()=>n.e(6017).then(n.t.bind(n,153,19)),"~docs/default/category-esdocs-tutorialsidebar-category-servers-853.json",153],f63f85fb:[()=>n.e(8537).then(n.bind(n,7101)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/development.md",7101],f6d09a50:[()=>n.e(8962).then(n.bind(n,4497)),"@site/i18n/es/docusaurus-plugin-content-docs-docs-security/current/components/ui/android.md",4497],f76a3b8e:[()=>n.e(2184).then(n.bind(n,3103)),"@site/blog/2023-02-17-cwtch-testing-ii.md?truncated=true",3103],f928e8d9:[()=>n.e(8786).then(n.t.bind(n,7160,19)),"~docs/docs-developer/version-current-metadata-prop-751.json",7160],fb3c1916:[()=>n.e(276).then(n.bind(n,8886)),"@site/developing/intro.md",8886],fcdd064d:[()=>n.e(8543).then(n.bind(n,4753)),"@site/i18n/es/docusaurus-plugin-content-docs/current/tor.md",4753],fd27e325:[()=>n.e(1199).then(n.bind(n,9327)),"@site/developing/building-a-cwtch-app/building-an-echobot.md",9327],fd33d4dc:[()=>n.e(1787).then(n.t.bind(n,7010,19)),"~blog/default/es-blog-tags-cwtch-page-2-6a4-list.json",7010],fdfd1857:[()=>n.e(1570).then(n.t.bind(n,9547,19)),"~docs/default/category-esdocs-tutorialsidebar-category-getting-started-e97.json",9547],fe1dd7ae:[()=>n.e(1979).then(n.bind(n,1501)),"@site/blog/2023-06-07-new-nightly.md?truncated=true",1501]};function c(e){let{error:t,retry:n,pastDelay:a}=e;return t?r.createElement("div",{style:{textAlign:"center",color:"#fff",backgroundColor:"#fa383e",borderColor:"#fa383e",borderStyle:"solid",borderRadius:"0.25rem",borderWidth:"1px",boxSizing:"border-box",display:"block",padding:"1rem",flex:"0 0 50%",marginLeft:"25%",marginRight:"25%",marginTop:"5rem",maxWidth:"50%",width:"100%"}},r.createElement("p",null,String(t)),r.createElement("div",null,r.createElement("button",{type:"button",onClick:n},"Retry"))):a?r.createElement("div",{style:{display:"flex",justifyContent:"center",alignItems:"center",height:"100vh"}},r.createElement("svg",{id:"loader",style:{width:128,height:110,position:"absolute",top:"calc(100vh - 64%)"},viewBox:"0 0 45 45",xmlns:"http://www.w3.org/2000/svg",stroke:"#61dafb"},r.createElement("g",{fill:"none",fillRule:"evenodd",transform:"translate(1 1)",strokeWidth:"2"},r.createElement("circle",{cx:"22",cy:"22",r:"6",strokeOpacity:"0"},r.createElement("animate",{attributeName:"r",begin:"1.5s",dur:"3s",values:"6;22",calcMode:"linear",repeatCount:"indefinite"}),r.createElement("animate",{attributeName:"stroke-opacity",begin:"1.5s",dur:"3s",values:"1;0",calcMode:"linear",repeatCount:"indefinite"}),r.createElement("animate",{attributeName:"stroke-width",begin:"1.5s",dur:"3s",values:"2;0",calcMode:"linear",repeatCount:"indefinite"})),r.createElement("circle",{cx:"22",cy:"22",r:"6",strokeOpacity:"0"},r.createElement("animate",{attributeName:"r",begin:"3s",dur:"3s",values:"6;22",calcMode:"linear",repeatCount:"indefinite"}),r.createElement("animate",{attributeName:"stroke-opacity",begin:"3s",dur:"3s",values:"1;0",calcMode:"linear",repeatCount:"indefinite"}),r.createElement("animate",{attributeName:"stroke-width",begin:"3s",dur:"3s",values:"2;0",calcMode:"linear",repeatCount:"indefinite"})),r.createElement("circle",{cx:"22",cy:"22",r:"8"},r.createElement("animate",{attributeName:"r",begin:"0s",dur:"1.5s",values:"6;1;2;3;4;5;6",calcMode:"linear",repeatCount:"indefinite"}))))):null}var u=n(9670),d=n(226);function p(e,t){if("*"===e)return i()({loading:c,loader:()=>n.e(4972).then(n.bind(n,4972)),modules:["@theme/NotFound"],webpack:()=>[4972],render(e,t){const n=e.default;return r.createElement(d.z,{value:{plugin:{name:"native",id:"default"}}},r.createElement(n,t))}});const o=s[`${e}-${t}`],p={},f=[],m=[],g=(0,u.Z)(o);return Object.entries(g).forEach((e=>{let[t,n]=e;const r=l[n];r&&(p[t]=r[0],f.push(r[1]),m.push(r[2]))})),i().Map({loading:c,loader:p,modules:f,webpack:()=>m,render(t,n){const i=JSON.parse(JSON.stringify(o));Object.entries(t).forEach((t=>{let[n,r]=t;const a=r.default;if(!a)throw new Error(`The page component at ${e} doesn't have a default export. This makes it impossible to render anything. Consider default-exporting a React component.`);"object"!=typeof a&&"function"!=typeof a||Object.keys(r).filter((e=>"default"!==e)).forEach((e=>{a[e]=r[e]}));let o=i;const s=n.split(".");s.slice(0,-1).forEach((e=>{o=o[e]})),o[s[s.length-1]]=a}));const s=i.__comp;delete i.__comp;const l=i.__context;return delete i.__context,r.createElement(d.z,{value:l},r.createElement(s,(0,a.Z)({},i,n)))}})}const f=[{path:"/es/blog",component:p("/es/blog","c5d"),exact:!0},{path:"/es/blog/archive",component:p("/es/blog/archive","29b"),exact:!0},{path:"/es/blog/autobindings",component:p("/es/blog/autobindings","5ab"),exact:!0},{path:"/es/blog/autobindings-ii",component:p("/es/blog/autobindings-ii","b84"),exact:!0},{path:"/es/blog/availability-status-profile-attributes",component:p("/es/blog/availability-status-profile-attributes","688"),exact:!0},{path:"/es/blog/cwtch-android-reproducibility",component:p("/es/blog/cwtch-android-reproducibility","aa8"),exact:!0},{path:"/es/blog/cwtch-bindings-reproducible",component:p("/es/blog/cwtch-bindings-reproducible","d63"),exact:!0},{path:"/es/blog/cwtch-developer-documentation",component:p("/es/blog/cwtch-developer-documentation","0f0"),exact:!0},{path:"/es/blog/cwtch-documentation",component:p("/es/blog/cwtch-documentation","1b6"),exact:!0},{path:"/es/blog/cwtch-nightly-1-11",component:p("/es/blog/cwtch-nightly-1-11","597"),exact:!0},{path:"/es/blog/cwtch-nightly-1-12",component:p("/es/blog/cwtch-nightly-1-12","f37"),exact:!0},{path:"/es/blog/cwtch-nightly-v.11-74",component:p("/es/blog/cwtch-nightly-v.11-74","302"),exact:!0},{path:"/es/blog/cwtch-platform-support",component:p("/es/blog/cwtch-platform-support","a5e"),exact:!0},{path:"/es/blog/cwtch-stable-api-design",component:p("/es/blog/cwtch-stable-api-design","98d"),exact:!0},{path:"/es/blog/cwtch-stable-roadmap-update",component:p("/es/blog/cwtch-stable-roadmap-update","d51"),exact:!0},{path:"/es/blog/cwtch-stable-roadmap-update-june",component:p("/es/blog/cwtch-stable-roadmap-update-june","e1a"),exact:!0},{path:"/es/blog/cwtch-testing-i",component:p("/es/blog/cwtch-testing-i","e6c"),exact:!0},{path:"/es/blog/cwtch-testing-ii",component:p("/es/blog/cwtch-testing-ii","c00"),exact:!0},{path:"/es/blog/cwtch-ui-reproducible-builds-linux",component:p("/es/blog/cwtch-ui-reproducible-builds-linux","b4e"),exact:!0},{path:"/es/blog/page/2",component:p("/es/blog/page/2","558"),exact:!0},{path:"/es/blog/path-to-cwtch-stable",component:p("/es/blog/path-to-cwtch-stable","1d4"),exact:!0},{path:"/es/blog/tags",component:p("/es/blog/tags","699"),exact:!0},{path:"/es/blog/tags/api",component:p("/es/blog/tags/api","dad"),exact:!0},{path:"/es/blog/tags/autobindings",component:p("/es/blog/tags/autobindings","144"),exact:!0},{path:"/es/blog/tags/bindings",component:p("/es/blog/tags/bindings","041"),exact:!0},{path:"/es/blog/tags/cwtch",component:p("/es/blog/tags/cwtch","2d4"),exact:!0},{path:"/es/blog/tags/cwtch-stable",component:p("/es/blog/tags/cwtch-stable","321"),exact:!0},{path:"/es/blog/tags/cwtch-stable/page/2",component:p("/es/blog/tags/cwtch-stable/page/2","4d0"),exact:!0},{path:"/es/blog/tags/cwtch/page/2",component:p("/es/blog/tags/cwtch/page/2","062"),exact:!0},{path:"/es/blog/tags/developer-documentation",component:p("/es/blog/tags/developer-documentation","b2d"),exact:!0},{path:"/es/blog/tags/documentation",component:p("/es/blog/tags/documentation","6fa"),exact:!0},{path:"/es/blog/tags/libcwtch",component:p("/es/blog/tags/libcwtch","b51"),exact:!0},{path:"/es/blog/tags/nightly",component:p("/es/blog/tags/nightly","da6"),exact:!0},{path:"/es/blog/tags/planning",component:p("/es/blog/tags/planning","fb6"),exact:!0},{path:"/es/blog/tags/release",component:p("/es/blog/tags/release","caf"),exact:!0},{path:"/es/blog/tags/repliqate",component:p("/es/blog/tags/repliqate","a19"),exact:!0},{path:"/es/blog/tags/reproducible-builds",component:p("/es/blog/tags/reproducible-builds","0b9"),exact:!0},{path:"/es/blog/tags/security-handbook",component:p("/es/blog/tags/security-handbook","612"),exact:!0},{path:"/es/blog/tags/support",component:p("/es/blog/tags/support","ee7"),exact:!0},{path:"/es/blog/tags/testing",component:p("/es/blog/tags/testing","712"),exact:!0},{path:"/es/developing",component:p("/es/developing","041"),routes:[{path:"/es/developing/building-a-cwtch-app/building-an-echobot",component:p("/es/developing/building-a-cwtch-app/building-an-echobot","87f"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/developing/building-a-cwtch-app/core-concepts",component:p("/es/developing/building-a-cwtch-app/core-concepts","e3b"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/developing/building-a-cwtch-app/intro",component:p("/es/developing/building-a-cwtch-app/intro","b7a"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/developing/category/building-a-cwtch-app",component:p("/es/developing/category/building-a-cwtch-app","8e8"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/developing/intro",component:p("/es/developing/intro","25a"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/developing/release",component:p("/es/developing/release","493"),exact:!0,sidebar:"tutorialSidebar"}]},{path:"/es/docs",component:p("/es/docs","9d0"),routes:[{path:"/es/docs/category/appearance",component:p("/es/docs/category/appearance","cb7"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/behaviour",component:p("/es/docs/category/behaviour","9a3"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/contribute",component:p("/es/docs/category/contribute","533"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/conversations",component:p("/es/docs/category/conversations","68a"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/experiments",component:p("/es/docs/category/experiments","ca0"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/getting-started",component:p("/es/docs/category/getting-started","0e6"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/groups",component:p("/es/docs/category/groups","b91"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/platforms",component:p("/es/docs/category/platforms","0b6"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/profiles",component:p("/es/docs/category/profiles","992"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/servers",component:p("/es/docs/category/servers","8a4"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/category/settings",component:p("/es/docs/category/settings","784"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/accept-deny-new-conversation",component:p("/es/docs/chat/accept-deny-new-conversation","845"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/add-contact",component:p("/es/docs/chat/add-contact","bc2"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/block-contact",component:p("/es/docs/chat/block-contact","838"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/conversation-settings",component:p("/es/docs/chat/conversation-settings","549"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/delete-contact",component:p("/es/docs/chat/delete-contact","303"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/introduction",component:p("/es/docs/chat/introduction","49e"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/message-formatting",component:p("/es/docs/chat/message-formatting","759"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/reply-to-message",component:p("/es/docs/chat/reply-to-message","129"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/save-conversation-history",component:p("/es/docs/chat/save-conversation-history","7fa"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/share-address-with-friends",component:p("/es/docs/chat/share-address-with-friends","123"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/share-file",component:p("/es/docs/chat/share-file","ac5"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/chat/unblock-contact",component:p("/es/docs/chat/unblock-contact","3cc"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/contribute/developing",component:p("/es/docs/contribute/developing","c8d"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/contribute/documentation",component:p("/es/docs/contribute/documentation","c96"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/contribute/stickers",component:p("/es/docs/contribute/stickers","6ac"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/contribute/testing",component:p("/es/docs/contribute/testing","e1b"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/contribute/translate",component:p("/es/docs/contribute/translate","733"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/getting-started/supported_platforms",component:p("/es/docs/getting-started/supported_platforms","108"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/groups/accept-group-invite",component:p("/es/docs/groups/accept-group-invite","477"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/groups/create-group",component:p("/es/docs/groups/create-group","026"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/groups/edit-group-name",component:p("/es/docs/groups/edit-group-name","9a8"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/groups/introduction",component:p("/es/docs/groups/introduction","260"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/groups/leave-group",component:p("/es/docs/groups/leave-group","a8e"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/groups/manage-known-servers",component:p("/es/docs/groups/manage-known-servers","065"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/groups/send-invite",component:p("/es/docs/groups/send-invite","a91"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/intro",component:p("/es/docs/intro","98b"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/platforms/tails",component:p("/es/docs/platforms/tails","3ca"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/availability-status",component:p("/es/docs/profiles/availability-status","c52"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/change-name",component:p("/es/docs/profiles/change-name","11d"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/change-password",component:p("/es/docs/profiles/change-password","53d"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/change-profile-image",component:p("/es/docs/profiles/change-profile-image","9c9"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/create-a-profile",component:p("/es/docs/profiles/create-a-profile","e83"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/delete-profile",component:p("/es/docs/profiles/delete-profile","edf"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/exporting-profile",component:p("/es/docs/profiles/exporting-profile","ce5"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/importing-a-profile",component:p("/es/docs/profiles/importing-a-profile","f0e"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/introduction",component:p("/es/docs/profiles/introduction","8da"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/profile-info",component:p("/es/docs/profiles/profile-info","99b"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/profiles/unlock-profile",component:p("/es/docs/profiles/unlock-profile","283"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/servers/create-server",component:p("/es/docs/servers/create-server","aaf"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/servers/delete-server",component:p("/es/docs/servers/delete-server","b73"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/servers/edit-server",component:p("/es/docs/servers/edit-server","69e"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/servers/introduction",component:p("/es/docs/servers/introduction","668"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/servers/share-key",component:p("/es/docs/servers/share-key","351"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/servers/unlock-server",component:p("/es/docs/servers/unlock-server","1ee"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/appearance/change-language",component:p("/es/docs/settings/appearance/change-language","646"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/appearance/light-dark-mode",component:p("/es/docs/settings/appearance/light-dark-mode","e9c"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/appearance/streamer-mode",component:p("/es/docs/settings/appearance/streamer-mode","ac2"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/appearance/ui-columns",component:p("/es/docs/settings/appearance/ui-columns","2ba"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/behaviour/block-unknown-connections",component:p("/es/docs/settings/behaviour/block-unknown-connections","8d8"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/behaviour/notification-content",component:p("/es/docs/settings/behaviour/notification-content","ad2"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/behaviour/notification-policy",component:p("/es/docs/settings/behaviour/notification-policy","e34"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/experiments/clickable-links",component:p("/es/docs/settings/experiments/clickable-links","39b"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/experiments/file-sharing",component:p("/es/docs/settings/experiments/file-sharing","fec"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/experiments/group-experiment",component:p("/es/docs/settings/experiments/group-experiment","c4f"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/experiments/image-previews-and-profile-pictures",component:p("/es/docs/settings/experiments/image-previews-and-profile-pictures","aa0"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/experiments/message-formatting",component:p("/es/docs/settings/experiments/message-formatting","8fb"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/experiments/qrcodes",component:p("/es/docs/settings/experiments/qrcodes","652"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/experiments/server-hosting",component:p("/es/docs/settings/experiments/server-hosting","7d6"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/settings/introduction",component:p("/es/docs/settings/introduction","bb6"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/docs/tor",component:p("/es/docs/tor","463"),exact:!0,sidebar:"tutorialSidebar"}]},{path:"/es/security",component:p("/es/security","204"),routes:[{path:"/es/security/category/connectivity--tor",component:p("/es/security/category/connectivity--tor","c78"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/category/cwtch",component:p("/es/security/category/cwtch","4bb"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/category/cwtch-components",component:p("/es/security/category/cwtch-components","915"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/category/cwtch-ui",component:p("/es/security/category/cwtch-ui","87f"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/category/tapir",component:p("/es/security/category/tapir","1e5"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/connectivity/intro",component:p("/es/security/components/connectivity/intro","78d"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/cwtch/groups",component:p("/es/security/components/cwtch/groups","988"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/cwtch/key_bundles",component:p("/es/security/components/cwtch/key_bundles","123"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/cwtch/message_formats",component:p("/es/security/components/cwtch/message_formats","9ff"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/cwtch/server",component:p("/es/security/components/cwtch/server","bb3"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/ecosystem-overview",component:p("/es/security/components/ecosystem-overview","4dd"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/intro",component:p("/es/security/components/intro","627"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/tapir/authentication_protocol",component:p("/es/security/components/tapir/authentication_protocol","fd8"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/tapir/packet_format",component:p("/es/security/components/tapir/packet_format","be9"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/ui/android",component:p("/es/security/components/ui/android","33f"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/ui/image_previews",component:p("/es/security/components/ui/image_previews","7b3"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/ui/input",component:p("/es/security/components/ui/input","204"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/components/ui/overlays",component:p("/es/security/components/ui/overlays","fc0"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/deployment",component:p("/es/security/deployment","9f5"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/development",component:p("/es/security/development","48b"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/intro",component:p("/es/security/intro","927"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/references",component:p("/es/security/references","8d7"),exact:!0,sidebar:"tutorialSidebar"},{path:"/es/security/risk",component:p("/es/security/risk","a35"),exact:!0,sidebar:"tutorialSidebar"}]},{path:"/es/",component:p("/es/","926"),exact:!0},{path:"*",component:p("*")}]},8934:(e,t,n)=>{"use strict";n.d(t,{_:()=>a,t:()=>o});var r=n(7294);const a=r.createContext(!1);function o(e){let{children:t}=e;const[n,o]=(0,r.useState)(!1);return(0,r.useEffect)((()=>{o(!0)}),[]),r.createElement(a.Provider,{value:n},t)}},9383:(e,t,n)=>{"use strict";var r=n(7294),a=n(3935),o=n(3727),i=n(405),s=n(412);const l=[n(2497),n(3310),n(8320),n(2295)];var c=n(723),u=n(6550),d=n(8790);function p(e){let{children:t}=e;return r.createElement(r.Fragment,null,t)}var f=n(7462),m=n(5742),g=n(2263),h=n(4996),b=n(6668),v=n(1944),y=n(4711),w=n(9727),k=n(3320),S=n(197);function E(){const{i18n:{defaultLocale:e,localeConfigs:t}}=(0,g.Z)(),n=(0,y.l)();return r.createElement(m.Z,null,Object.entries(t).map((e=>{let[t,{htmlLang:a}]=e;return r.createElement("link",{key:t,rel:"alternate",href:n.createUrl({locale:t,fullyQualified:!0}),hrefLang:a})})),r.createElement("link",{rel:"alternate",href:n.createUrl({locale:e,fullyQualified:!0}),hrefLang:"x-default"}))}function _(e){let{permalink:t}=e;const{siteConfig:{url:n}}=(0,g.Z)(),a=function(){const{siteConfig:{url:e}}=(0,g.Z)(),{pathname:t}=(0,u.TH)();return e+(0,h.Z)(t)}(),o=t?`${n}${t}`:a;return r.createElement(m.Z,null,r.createElement("meta",{property:"og:url",content:o}),r.createElement("link",{rel:"canonical",href:o}))}function x(){const{i18n:{currentLocale:e}}=(0,g.Z)(),{metadata:t,image:n}=(0,b.L)();return r.createElement(r.Fragment,null,r.createElement(m.Z,null,r.createElement("meta",{name:"twitter:card",content:"summary_large_image"}),r.createElement("body",{className:w.h})),n&&r.createElement(v.d,{image:n}),r.createElement(_,null),r.createElement(E,null),r.createElement(S.Z,{tag:k.HX,locale:e}),r.createElement(m.Z,null,t.map(((e,t)=>r.createElement("meta",(0,f.Z)({key:t},e))))))}const C=new Map;function T(e){if(C.has(e.pathname))return{...e,pathname:C.get(e.pathname)};if((0,d.f)(c.Z,e.pathname).some((e=>{let{route:t}=e;return!0===t.exact})))return C.set(e.pathname,e.pathname),e;const t=e.pathname.trim().replace(/(?:\/index)?\.html$/,"")||"/";return C.set(e.pathname,t),{...e,pathname:t}}var L=n(8934),A=n(8940);function P(e){for(var t=arguments.length,n=new Array(t>1?t-1:0),r=1;r{const r=t.default?.[e]??t[e];return r?.(...n)}));return()=>a.forEach((e=>e?.()))}const R=function(e){let{children:t,location:n,previousLocation:a}=e;return(0,r.useLayoutEffect)((()=>{a!==n&&(!function(e){let{location:t,previousLocation:n}=e;if(!n)return;const r=t.pathname===n.pathname,a=t.hash===n.hash,o=t.search===n.search;if(r&&a&&!o)return;const{hash:i}=t;if(i){const e=decodeURIComponent(i.substring(1)),t=document.getElementById(e);t?.scrollIntoView()}else window.scrollTo(0,0)}({location:n,previousLocation:a}),P("onRouteDidUpdate",{previousLocation:a,location:n}))}),[a,n]),t};function N(e){const t=Array.from(new Set([e,decodeURI(e)])).map((e=>(0,d.f)(c.Z,e))).flat();return Promise.all(t.map((e=>e.route.component.preload?.())))}class O extends r.Component{previousLocation;routeUpdateCleanupCb;constructor(e){super(e),this.previousLocation=null,this.routeUpdateCleanupCb=s.Z.canUseDOM?P("onRouteUpdate",{previousLocation:null,location:this.props.location}):()=>{},this.state={nextRouteHasLoaded:!0}}shouldComponentUpdate(e,t){if(e.location===this.props.location)return t.nextRouteHasLoaded;const n=e.location;return this.previousLocation=this.props.location,this.setState({nextRouteHasLoaded:!1}),this.routeUpdateCleanupCb=P("onRouteUpdate",{previousLocation:this.previousLocation,location:n}),N(n.pathname).then((()=>{this.routeUpdateCleanupCb(),this.setState({nextRouteHasLoaded:!0})})).catch((e=>{console.warn(e),window.location.reload()})),!1}render(){const{children:e,location:t}=this.props;return r.createElement(R,{previousLocation:this.previousLocation,location:t},r.createElement(u.AW,{location:t,render:()=>e}))}}const I=O,D="__docusaurus-base-url-issue-banner-container",M="__docusaurus-base-url-issue-banner",j="__docusaurus-base-url-issue-banner-suggestion-container",F="__DOCUSAURUS_INSERT_BASEURL_BANNER";function B(e){return`\nwindow['${F}'] = true;\n\ndocument.addEventListener('DOMContentLoaded', maybeInsertBanner);\n\nfunction maybeInsertBanner() {\n var shouldInsert = window['${F}'];\n shouldInsert && insertBanner();\n}\n\nfunction insertBanner() {\n var bannerContainer = document.getElementById('${D}');\n if (!bannerContainer) {\n return;\n }\n var bannerHtml = ${JSON.stringify(function(e){return`\n
\n

Your Docusaurus site did not load properly.

\n

A very common reason is a wrong site baseUrl configuration.

\n

Current configured baseUrl = ${e} ${"/"===e?" (default value)":""}

\n

We suggest trying baseUrl =

\n
\n`}(e)).replace(/{window[F]=!1}),[]),r.createElement(r.Fragment,null,!s.Z.canUseDOM&&r.createElement(m.Z,null,r.createElement("script",null,B(e))),r.createElement("div",{id:D}))}function U(){const{siteConfig:{baseUrl:e,baseUrlIssueBanner:t}}=(0,g.Z)(),{pathname:n}=(0,u.TH)();return t&&n===e?r.createElement(z,null):null}function $(){const{siteConfig:{favicon:e,title:t,noIndex:n},i18n:{currentLocale:a,localeConfigs:o}}=(0,g.Z)(),i=(0,h.Z)(e),{htmlLang:s,direction:l}=o[a];return r.createElement(m.Z,null,r.createElement("html",{lang:s,dir:l}),r.createElement("title",null,t),r.createElement("meta",{property:"og:title",content:t}),r.createElement("meta",{name:"viewport",content:"width=device-width, initial-scale=1.0"}),n&&r.createElement("meta",{name:"robots",content:"noindex, nofollow"}),e&&r.createElement("link",{rel:"icon",href:i}))}var q=n(4763);function G(){const e=(0,d.H)(c.Z),t=(0,u.TH)();return r.createElement(q.Z,null,r.createElement(A.M,null,r.createElement(L.t,null,r.createElement(p,null,r.createElement($,null),r.createElement(x,null),r.createElement(U,null),r.createElement(I,{location:T(t)},e)))))}var H=n(6887);const Z=function(e){try{return document.createElement("link").relList.supports(e)}catch{return!1}}("prefetch")?function(e){return new Promise(((t,n)=>{if("undefined"==typeof document)return void n();const r=document.createElement("link");r.setAttribute("rel","prefetch"),r.setAttribute("href",e),r.onload=()=>t(),r.onerror=()=>n();const a=document.getElementsByTagName("head")[0]??document.getElementsByName("script")[0]?.parentNode;a?.appendChild(r)}))}:function(e){return new Promise(((t,n)=>{const r=new XMLHttpRequest;r.open("GET",e,!0),r.withCredentials=!0,r.onload=()=>{200===r.status?t():n()},r.send(null)}))};var V=n(9670);const W=new Set,Y=new Set,K=()=>navigator.connection?.effectiveType.includes("2g")||navigator.connection?.saveData,Q={prefetch(e){if(!(e=>!K()&&!Y.has(e)&&!W.has(e))(e))return!1;W.add(e);const t=(0,d.f)(c.Z,e).flatMap((e=>{return t=e.route.path,Object.entries(H).filter((e=>{let[n]=e;return n.replace(/-[^-]+$/,"")===t})).flatMap((e=>{let[,t]=e;return Object.values((0,V.Z)(t))}));var t}));return Promise.all(t.map((e=>{const t=n.gca(e);return t&&!t.includes("undefined")?Z(t).catch((()=>{})):Promise.resolve()})))},preload:e=>!!(e=>!K()&&!Y.has(e))(e)&&(Y.add(e),N(e))},X=Object.freeze(Q);if(s.Z.canUseDOM){window.docusaurus=X;const e=a.hydrate;N(window.location.pathname).then((()=>{e(r.createElement(i.B6,null,r.createElement(o.VK,null,r.createElement(G,null))),document.getElementById("__docusaurus"))}))}},8940:(e,t,n)=>{"use strict";n.d(t,{_:()=>u,M:()=>d});var r=n(7294),a=n(6809);const o=JSON.parse('{"docusaurus-plugin-content-docs":{"docs-developer":{"path":"/es/developing","versions":[{"name":"current","label":"Next","isLast":true,"path":"/es/developing","mainDocId":"intro","docs":[{"id":"building-a-cwtch-app/building-an-echobot","path":"/es/developing/building-a-cwtch-app/building-an-echobot","sidebar":"tutorialSidebar"},{"id":"building-a-cwtch-app/core-concepts","path":"/es/developing/building-a-cwtch-app/core-concepts","sidebar":"tutorialSidebar"},{"id":"building-a-cwtch-app/intro","path":"/es/developing/building-a-cwtch-app/intro","sidebar":"tutorialSidebar"},{"id":"intro","path":"/es/developing/intro","sidebar":"tutorialSidebar"},{"id":"release","path":"/es/developing/release","sidebar":"tutorialSidebar"},{"id":"/category/building-a-cwtch-app","path":"/es/developing/category/building-a-cwtch-app","sidebar":"tutorialSidebar"}],"draftIds":[],"sidebars":{"tutorialSidebar":{"link":{"path":"/es/developing/intro","label":"intro"}}}}],"breadcrumbs":true},"docs-security":{"path":"/es/security","versions":[{"name":"current","label":"Next","isLast":true,"path":"/es/security","mainDocId":"intro","docs":[{"id":"components/connectivity/intro","path":"/es/security/components/connectivity/intro","sidebar":"tutorialSidebar"},{"id":"components/cwtch/groups","path":"/es/security/components/cwtch/groups","sidebar":"tutorialSidebar"},{"id":"components/cwtch/key_bundles","path":"/es/security/components/cwtch/key_bundles","sidebar":"tutorialSidebar"},{"id":"components/cwtch/message_formats","path":"/es/security/components/cwtch/message_formats","sidebar":"tutorialSidebar"},{"id":"components/cwtch/server","path":"/es/security/components/cwtch/server","sidebar":"tutorialSidebar"},{"id":"components/ecosystem-overview","path":"/es/security/components/ecosystem-overview","sidebar":"tutorialSidebar"},{"id":"components/intro","path":"/es/security/components/intro","sidebar":"tutorialSidebar"},{"id":"components/tapir/authentication_protocol","path":"/es/security/components/tapir/authentication_protocol","sidebar":"tutorialSidebar"},{"id":"components/tapir/packet_format","path":"/es/security/components/tapir/packet_format","sidebar":"tutorialSidebar"},{"id":"components/ui/android","path":"/es/security/components/ui/android","sidebar":"tutorialSidebar"},{"id":"components/ui/image_previews","path":"/es/security/components/ui/image_previews","sidebar":"tutorialSidebar"},{"id":"components/ui/input","path":"/es/security/components/ui/input","sidebar":"tutorialSidebar"},{"id":"components/ui/overlays","path":"/es/security/components/ui/overlays","sidebar":"tutorialSidebar"},{"id":"deployment","path":"/es/security/deployment","sidebar":"tutorialSidebar"},{"id":"development","path":"/es/security/development","sidebar":"tutorialSidebar"},{"id":"intro","path":"/es/security/intro","sidebar":"tutorialSidebar"},{"id":"references","path":"/es/security/references","sidebar":"tutorialSidebar"},{"id":"risk","path":"/es/security/risk","sidebar":"tutorialSidebar"},{"id":"/category/cwtch-components","path":"/es/security/category/cwtch-components","sidebar":"tutorialSidebar"},{"id":"/category/connectivity--tor","path":"/es/security/category/connectivity--tor","sidebar":"tutorialSidebar"},{"id":"/category/tapir","path":"/es/security/category/tapir","sidebar":"tutorialSidebar"},{"id":"/category/cwtch","path":"/es/security/category/cwtch","sidebar":"tutorialSidebar"},{"id":"/category/cwtch-ui","path":"/es/security/category/cwtch-ui","sidebar":"tutorialSidebar"}],"draftIds":[],"sidebars":{"tutorialSidebar":{"link":{"path":"/es/security/intro","label":"intro"}}}}],"breadcrumbs":true},"default":{"path":"/es/docs","versions":[{"name":"current","label":"Siguiente","isLast":true,"path":"/es/docs","mainDocId":"intro","docs":[{"id":"chat/accept-deny-new-conversation","path":"/es/docs/chat/accept-deny-new-conversation","sidebar":"tutorialSidebar"},{"id":"chat/add-contact","path":"/es/docs/chat/add-contact","sidebar":"tutorialSidebar"},{"id":"chat/block-contact","path":"/es/docs/chat/block-contact","sidebar":"tutorialSidebar"},{"id":"chat/conversation-settings","path":"/es/docs/chat/conversation-settings","sidebar":"tutorialSidebar"},{"id":"chat/delete-contact","path":"/es/docs/chat/delete-contact","sidebar":"tutorialSidebar"},{"id":"chat/introduction","path":"/es/docs/chat/introduction","sidebar":"tutorialSidebar"},{"id":"chat/message-formatting","path":"/es/docs/chat/message-formatting","sidebar":"tutorialSidebar"},{"id":"chat/reply-to-message","path":"/es/docs/chat/reply-to-message","sidebar":"tutorialSidebar"},{"id":"chat/save-conversation-history","path":"/es/docs/chat/save-conversation-history","sidebar":"tutorialSidebar"},{"id":"chat/share-address-with-friends","path":"/es/docs/chat/share-address-with-friends","sidebar":"tutorialSidebar"},{"id":"chat/share-file","path":"/es/docs/chat/share-file","sidebar":"tutorialSidebar"},{"id":"chat/unblock-contact","path":"/es/docs/chat/unblock-contact","sidebar":"tutorialSidebar"},{"id":"contribute/developing","path":"/es/docs/contribute/developing","sidebar":"tutorialSidebar"},{"id":"contribute/documentation","path":"/es/docs/contribute/documentation","sidebar":"tutorialSidebar"},{"id":"contribute/stickers","path":"/es/docs/contribute/stickers","sidebar":"tutorialSidebar"},{"id":"contribute/testing","path":"/es/docs/contribute/testing","sidebar":"tutorialSidebar"},{"id":"contribute/translate","path":"/es/docs/contribute/translate","sidebar":"tutorialSidebar"},{"id":"getting-started/supported_platforms","path":"/es/docs/getting-started/supported_platforms","sidebar":"tutorialSidebar"},{"id":"groups/accept-group-invite","path":"/es/docs/groups/accept-group-invite","sidebar":"tutorialSidebar"},{"id":"groups/create-group","path":"/es/docs/groups/create-group","sidebar":"tutorialSidebar"},{"id":"groups/edit-group-name","path":"/es/docs/groups/edit-group-name","sidebar":"tutorialSidebar"},{"id":"groups/introduction","path":"/es/docs/groups/introduction","sidebar":"tutorialSidebar"},{"id":"groups/leave-group","path":"/es/docs/groups/leave-group","sidebar":"tutorialSidebar"},{"id":"groups/manage-known-servers","path":"/es/docs/groups/manage-known-servers","sidebar":"tutorialSidebar"},{"id":"groups/send-invite","path":"/es/docs/groups/send-invite","sidebar":"tutorialSidebar"},{"id":"intro","path":"/es/docs/intro","sidebar":"tutorialSidebar"},{"id":"platforms/tails","path":"/es/docs/platforms/tails","sidebar":"tutorialSidebar"},{"id":"profiles/availability-status","path":"/es/docs/profiles/availability-status","sidebar":"tutorialSidebar"},{"id":"profiles/change-name","path":"/es/docs/profiles/change-name","sidebar":"tutorialSidebar"},{"id":"profiles/change-password","path":"/es/docs/profiles/change-password","sidebar":"tutorialSidebar"},{"id":"profiles/change-profile-image","path":"/es/docs/profiles/change-profile-image","sidebar":"tutorialSidebar"},{"id":"profiles/create-a-profile","path":"/es/docs/profiles/create-a-profile","sidebar":"tutorialSidebar"},{"id":"profiles/delete-profile","path":"/es/docs/profiles/delete-profile","sidebar":"tutorialSidebar"},{"id":"profiles/exporting-profile","path":"/es/docs/profiles/exporting-profile","sidebar":"tutorialSidebar"},{"id":"profiles/importing-a-profile","path":"/es/docs/profiles/importing-a-profile","sidebar":"tutorialSidebar"},{"id":"profiles/introduction","path":"/es/docs/profiles/introduction","sidebar":"tutorialSidebar"},{"id":"profiles/profile-info","path":"/es/docs/profiles/profile-info","sidebar":"tutorialSidebar"},{"id":"profiles/unlock-profile","path":"/es/docs/profiles/unlock-profile","sidebar":"tutorialSidebar"},{"id":"servers/create-server","path":"/es/docs/servers/create-server","sidebar":"tutorialSidebar"},{"id":"servers/delete-server","path":"/es/docs/servers/delete-server","sidebar":"tutorialSidebar"},{"id":"servers/edit-server","path":"/es/docs/servers/edit-server","sidebar":"tutorialSidebar"},{"id":"servers/introduction","path":"/es/docs/servers/introduction","sidebar":"tutorialSidebar"},{"id":"servers/share-key","path":"/es/docs/servers/share-key","sidebar":"tutorialSidebar"},{"id":"servers/unlock-server","path":"/es/docs/servers/unlock-server","sidebar":"tutorialSidebar"},{"id":"settings/appearance/change-language","path":"/es/docs/settings/appearance/change-language","sidebar":"tutorialSidebar"},{"id":"settings/appearance/light-dark-mode","path":"/es/docs/settings/appearance/light-dark-mode","sidebar":"tutorialSidebar"},{"id":"settings/appearance/streamer-mode","path":"/es/docs/settings/appearance/streamer-mode","sidebar":"tutorialSidebar"},{"id":"settings/appearance/ui-columns","path":"/es/docs/settings/appearance/ui-columns","sidebar":"tutorialSidebar"},{"id":"settings/behaviour/block-unknown-connections","path":"/es/docs/settings/behaviour/block-unknown-connections","sidebar":"tutorialSidebar"},{"id":"settings/behaviour/notification-content","path":"/es/docs/settings/behaviour/notification-content","sidebar":"tutorialSidebar"},{"id":"settings/behaviour/notification-policy","path":"/es/docs/settings/behaviour/notification-policy","sidebar":"tutorialSidebar"},{"id":"settings/experiments/clickable-links","path":"/es/docs/settings/experiments/clickable-links","sidebar":"tutorialSidebar"},{"id":"settings/experiments/file-sharing","path":"/es/docs/settings/experiments/file-sharing","sidebar":"tutorialSidebar"},{"id":"settings/experiments/group-experiment","path":"/es/docs/settings/experiments/group-experiment","sidebar":"tutorialSidebar"},{"id":"settings/experiments/image-previews-and-profile-pictures","path":"/es/docs/settings/experiments/image-previews-and-profile-pictures","sidebar":"tutorialSidebar"},{"id":"settings/experiments/message-formatting","path":"/es/docs/settings/experiments/message-formatting","sidebar":"tutorialSidebar"},{"id":"settings/experiments/qrcodes","path":"/es/docs/settings/experiments/qrcodes","sidebar":"tutorialSidebar"},{"id":"settings/experiments/server-hosting","path":"/es/docs/settings/experiments/server-hosting","sidebar":"tutorialSidebar"},{"id":"settings/introduction","path":"/es/docs/settings/introduction","sidebar":"tutorialSidebar"},{"id":"tor","path":"/es/docs/tor","sidebar":"tutorialSidebar"},{"id":"/category/getting-started","path":"/es/docs/category/getting-started","sidebar":"tutorialSidebar"},{"id":"/category/profiles","path":"/es/docs/category/profiles","sidebar":"tutorialSidebar"},{"id":"/category/conversations","path":"/es/docs/category/conversations","sidebar":"tutorialSidebar"},{"id":"/category/groups","path":"/es/docs/category/groups","sidebar":"tutorialSidebar"},{"id":"/category/servers","path":"/es/docs/category/servers","sidebar":"tutorialSidebar"},{"id":"/category/settings","path":"/es/docs/category/settings","sidebar":"tutorialSidebar"},{"id":"/category/appearance","path":"/es/docs/category/appearance","sidebar":"tutorialSidebar"},{"id":"/category/behaviour","path":"/es/docs/category/behaviour","sidebar":"tutorialSidebar"},{"id":"/category/experiments","path":"/es/docs/category/experiments","sidebar":"tutorialSidebar"},{"id":"/category/contribute","path":"/es/docs/category/contribute","sidebar":"tutorialSidebar"},{"id":"/category/platforms","path":"/es/docs/category/platforms","sidebar":"tutorialSidebar"}],"draftIds":[],"sidebars":{"tutorialSidebar":{"link":{"path":"/es/docs/intro","label":"intro"}}}}],"breadcrumbs":true}}}'),i=JSON.parse('{"defaultLocale":"en","locales":["en","es","de","it"],"path":"i18n","currentLocale":"es","localeConfigs":{"en":{"label":"English","direction":"ltr","htmlLang":"en","calendar":"gregory","path":"en"},"es":{"label":"Espa\xf1ol","direction":"ltr","htmlLang":"es","calendar":"gregory","path":"es"},"de":{"label":"Deutsch","direction":"ltr","htmlLang":"de","calendar":"gregory","path":"de"},"it":{"label":"Italiano","direction":"ltr","htmlLang":"it","calendar":"gregory","path":"it"}}}');var s=n(7529);const l=JSON.parse('{"docusaurusVersion":"2.4.1","siteVersion":"0.0.0","pluginVersions":{"docusaurus-plugin-content-docs":{"type":"package","name":"@docusaurus/plugin-content-docs","version":"2.4.1"},"docusaurus-plugin-content-blog":{"type":"package","name":"@docusaurus/plugin-content-blog","version":"2.4.1"},"docusaurus-plugin-content-pages":{"type":"package","name":"@docusaurus/plugin-content-pages","version":"2.4.1"},"docusaurus-plugin-sitemap":{"type":"package","name":"@docusaurus/plugin-sitemap","version":"2.4.1"},"docusaurus-theme-classic":{"type":"package","name":"@docusaurus/theme-classic","version":"2.4.1"}}}'),c={siteConfig:a.default,siteMetadata:l,globalData:o,i18n:i,codeTranslations:s},u=r.createContext(c);function d(e){let{children:t}=e;return r.createElement(u.Provider,{value:c},t)}},4763:(e,t,n)=>{"use strict";n.d(t,{Z:()=>p});var r=n(7294),a=n(412),o=n(5742),i=n(8780),s=n(7961);function l(e){let{error:t,tryAgain:n}=e;return r.createElement("div",{style:{display:"flex",flexDirection:"column",justifyContent:"center",alignItems:"flex-start",minHeight:"100vh",width:"100%",maxWidth:"80ch",fontSize:"20px",margin:"0 auto",padding:"1rem"}},r.createElement("h1",{style:{fontSize:"3rem"}},"This page crashed"),r.createElement("button",{type:"button",onClick:n,style:{margin:"1rem 0",fontSize:"2rem",cursor:"pointer",borderRadius:20,padding:"1rem"}},"Try again"),r.createElement(c,{error:t}))}function c(e){let{error:t}=e;const n=(0,i.getErrorCausalChain)(t).map((e=>e.message)).join("\n\nCause:\n");return r.createElement("p",{style:{whiteSpace:"pre-wrap"}},n)}function u(e){let{error:t,tryAgain:n}=e;return r.createElement(p,{fallback:()=>r.createElement(l,{error:t,tryAgain:n})},r.createElement(o.Z,null,r.createElement("title",null,"Page Error")),r.createElement(s.Z,null,r.createElement(l,{error:t,tryAgain:n})))}const d=e=>r.createElement(u,e);class p extends r.Component{constructor(e){super(e),this.state={error:null}}componentDidCatch(e){a.Z.canUseDOM&&this.setState({error:e})}render(){const{children:e}=this.props,{error:t}=this.state;if(t){const e={error:t,tryAgain:()=>this.setState({error:null})};return(this.props.fallback??d)(e)}return e??null}}},412:(e,t,n)=>{"use strict";n.d(t,{Z:()=>a});const r="undefined"!=typeof window&&"document"in window&&"createElement"in window.document,a={canUseDOM:r,canUseEventListeners:r&&("addEventListener"in window||"attachEvent"in window),canUseIntersectionObserver:r&&"IntersectionObserver"in window,canUseViewport:r&&"screen"in window}},5742:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294),a=n(405);function o(e){return r.createElement(a.ql,e)}},9960:(e,t,n)=>{"use strict";n.d(t,{Z:()=>f});var r=n(7462),a=n(7294),o=n(3727),i=n(8780),s=n(2263),l=n(3919),c=n(412);const u=a.createContext({collectLink:()=>{}});var d=n(4996);function p(e,t){let{isNavLink:n,to:p,href:f,activeClassName:m,isActive:g,"data-noBrokenLinkCheck":h,autoAddBaseUrl:b=!0,...v}=e;const{siteConfig:{trailingSlash:y,baseUrl:w}}=(0,s.Z)(),{withBaseUrl:k}=(0,d.C)(),S=(0,a.useContext)(u),E=(0,a.useRef)(null);(0,a.useImperativeHandle)(t,(()=>E.current));const _=p||f;const x=(0,l.Z)(_),C=_?.replace("pathname://","");let T=void 0!==C?(L=C,b&&(e=>e.startsWith("/"))(L)?k(L):L):void 0;var L;T&&x&&(T=(0,i.applyTrailingSlash)(T,{trailingSlash:y,baseUrl:w}));const A=(0,a.useRef)(!1),P=n?o.OL:o.rU,R=c.Z.canUseIntersectionObserver,N=(0,a.useRef)(),O=()=>{A.current||null==T||(window.docusaurus.preload(T),A.current=!0)};(0,a.useEffect)((()=>(!R&&x&&null!=T&&window.docusaurus.prefetch(T),()=>{R&&N.current&&N.current.disconnect()})),[N,T,R,x]);const I=T?.startsWith("#")??!1,D=!T||!x||I;return D||h||S.collectLink(T),D?a.createElement("a",(0,r.Z)({ref:E,href:T},_&&!x&&{target:"_blank",rel:"noopener noreferrer"},v)):a.createElement(P,(0,r.Z)({},v,{onMouseEnter:O,onTouchStart:O,innerRef:e=>{E.current=e,R&&e&&x&&(N.current=new window.IntersectionObserver((t=>{t.forEach((t=>{e===t.target&&(t.isIntersecting||t.intersectionRatio>0)&&(N.current.unobserve(e),N.current.disconnect(),null!=T&&window.docusaurus.prefetch(T))}))})),N.current.observe(e))},to:T},n&&{isActive:g,activeClassName:m}))}const f=a.forwardRef(p)},1875:(e,t,n)=>{"use strict";n.d(t,{Z:()=>r});const r=()=>null},5999:(e,t,n)=>{"use strict";n.d(t,{Z:()=>l,I:()=>s});var r=n(7294);function a(e,t){const n=e.split(/(\{\w+\})/).map(((e,n)=>{if(n%2==1){const n=t?.[e.slice(1,-1)];if(void 0!==n)return n}return e}));return n.some((e=>(0,r.isValidElement)(e)))?n.map(((e,t)=>(0,r.isValidElement)(e)?r.cloneElement(e,{key:t}):e)).filter((e=>""!==e)):n.join("")}var o=n(7529);function i(e){let{id:t,message:n}=e;if(void 0===t&&void 0===n)throw new Error("Docusaurus translation declarations must have at least a translation id or a default translation message");return o[t??n]??n??t}function s(e,t){let{message:n,id:r}=e;return a(i({message:n,id:r}),t)}function l(e){let{children:t,id:n,values:o}=e;if(t&&"string"!=typeof t)throw console.warn("Illegal children",t),new Error("The Docusaurus component only accept simple string values");const s=i({message:t,id:n});return r.createElement(r.Fragment,null,a(s,o))}},9935:(e,t,n)=>{"use strict";n.d(t,{m:()=>r});const r="default"},3919:(e,t,n)=>{"use strict";function r(e){return/^(?:\w*:|\/\/)/.test(e)}function a(e){return void 0!==e&&!r(e)}n.d(t,{Z:()=>a,b:()=>r})},4996:(e,t,n)=>{"use strict";n.d(t,{C:()=>i,Z:()=>s});var r=n(7294),a=n(2263),o=n(3919);function i(){const{siteConfig:{baseUrl:e,url:t}}=(0,a.Z)(),n=(0,r.useCallback)(((n,r)=>function(e,t,n,r){let{forcePrependBaseUrl:a=!1,absolute:i=!1}=void 0===r?{}:r;if(!n||n.startsWith("#")||(0,o.b)(n))return n;if(a)return t+n.replace(/^\//,"");if(n===t.replace(/\/$/,""))return t;const s=n.startsWith(t)?n:t+n.replace(/^\//,"");return i?e+s:s}(t,e,n,r)),[t,e]);return{withBaseUrl:n}}function s(e,t){void 0===t&&(t={});const{withBaseUrl:n}=i();return n(e,t)}},2263:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294),a=n(8940);function o(){return(0,r.useContext)(a._)}},2389:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294),a=n(8934);function o(){return(0,r.useContext)(a._)}},9670:(e,t,n)=>{"use strict";n.d(t,{Z:()=>a});const r=e=>"object"==typeof e&&!!e&&Object.keys(e).length>0;function a(e){const t={};return function e(n,a){Object.entries(n).forEach((n=>{let[o,i]=n;const s=a?`${a}.${o}`:o;r(i)?e(i,s):t[s]=i}))}(e),t}},226:(e,t,n)=>{"use strict";n.d(t,{_:()=>a,z:()=>o});var r=n(7294);const a=r.createContext(null);function o(e){let{children:t,value:n}=e;const o=r.useContext(a),i=(0,r.useMemo)((()=>function(e){let{parent:t,value:n}=e;if(!t){if(!n)throw new Error("Unexpected: no Docusaurus route context found");if(!("plugin"in n))throw new Error("Unexpected: Docusaurus topmost route context has no `plugin` attribute");return n}const r={...t.data,...n?.data};return{plugin:t.plugin,data:r}}({parent:o,value:n})),[o,n]);return r.createElement(a.Provider,{value:i},t)}},143:(e,t,n)=>{"use strict";n.d(t,{Iw:()=>g,gA:()=>p,_r:()=>u,Jo:()=>h,zh:()=>d,yW:()=>m,gB:()=>f});var r=n(6550),a=n(2263),o=n(9935);function i(e,t){void 0===t&&(t={});const n=function(){const{globalData:e}=(0,a.Z)();return e}()[e];if(!n&&t.failfast)throw new Error(`Docusaurus plugin global data not found for "${e}" plugin.`);return n}const s=e=>e.versions.find((e=>e.isLast));function l(e,t){const n=function(e,t){const n=s(e);return[...e.versions.filter((e=>e!==n)),n].find((e=>!!(0,r.LX)(t,{path:e.path,exact:!1,strict:!1})))}(e,t),a=n?.docs.find((e=>!!(0,r.LX)(t,{path:e.path,exact:!0,strict:!1})));return{activeVersion:n,activeDoc:a,alternateDocVersions:a?function(t){const n={};return e.versions.forEach((e=>{e.docs.forEach((r=>{r.id===t&&(n[e.name]=r)}))})),n}(a.id):{}}}const c={},u=()=>i("docusaurus-plugin-content-docs")??c,d=e=>function(e,t,n){void 0===t&&(t=o.m),void 0===n&&(n={});const r=i(e),a=r?.[t];if(!a&&n.failfast)throw new Error(`Docusaurus plugin global data not found for "${e}" plugin with id "${t}".`);return a}("docusaurus-plugin-content-docs",e,{failfast:!0});function p(e){void 0===e&&(e={});const t=u(),{pathname:n}=(0,r.TH)();return function(e,t,n){void 0===n&&(n={});const a=Object.entries(e).sort(((e,t)=>t[1].path.localeCompare(e[1].path))).find((e=>{let[,n]=e;return!!(0,r.LX)(t,{path:n.path,exact:!1,strict:!1})})),o=a?{pluginId:a[0],pluginData:a[1]}:void 0;if(!o&&n.failfast)throw new Error(`Can't find active docs plugin for "${t}" pathname, while it was expected to be found. Maybe you tried to use a docs feature that can only be used on a docs-related page? Existing docs plugin paths are: ${Object.values(e).map((e=>e.path)).join(", ")}`);return o}(t,n,e)}function f(e){return d(e).versions}function m(e){const t=d(e);return s(t)}function g(e){const t=d(e),{pathname:n}=(0,r.TH)();return l(t,n)}function h(e){const t=d(e),{pathname:n}=(0,r.TH)();return function(e,t){const n=s(e);return{latestDocSuggestion:l(e,t).alternateDocVersions[n.name],latestVersionSuggestion:n}}(t,n)}},8320:(e,t,n)=>{"use strict";n.r(t),n.d(t,{default:()=>o});var r=n(4865),a=n.n(r);a().configure({showSpinner:!1});const o={onRouteUpdate(e){let{location:t,previousLocation:n}=e;if(n&&t.pathname!==n.pathname){const e=window.setTimeout((()=>{a().start()}),200);return()=>window.clearTimeout(e)}},onRouteDidUpdate(){a().done()}}},3310:(e,t,n)=>{"use strict";n.r(t);var r=n(7410),a=n(6809);!function(e){const{themeConfig:{prism:t}}=a.default,{additionalLanguages:r}=t;globalThis.Prism=e,r.forEach((e=>{n(6726)(`./prism-${e}`)})),delete globalThis.Prism}(r.Z)},9471:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294);const a={iconExternalLink:"iconExternalLink_nPIU"};function o(e){let{width:t=13.5,height:n=13.5}=e;return r.createElement("svg",{width:t,height:n,"aria-hidden":"true",viewBox:"0 0 24 24",className:a.iconExternalLink},r.createElement("path",{fill:"currentColor",d:"M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"}))}},7961:(e,t,n)=>{"use strict";n.d(t,{Z:()=>dt});var r=n(7294),a=n(6010),o=n(4763),i=n(1944),s=n(7462),l=n(6550),c=n(5999),u=n(5936);const d="__docusaurus_skipToContent_fallback";function p(e){e.setAttribute("tabindex","-1"),e.focus(),e.removeAttribute("tabindex")}function f(){const e=(0,r.useRef)(null),{action:t}=(0,l.k6)(),n=(0,r.useCallback)((e=>{e.preventDefault();const t=document.querySelector("main:first-of-type")??document.getElementById(d);t&&p(t)}),[]);return(0,u.S)((n=>{let{location:r}=n;e.current&&!r.hash&&"PUSH"===t&&p(e.current)})),{containerRef:e,onClick:n}}const m=(0,c.I)({id:"theme.common.skipToMainContent",description:"The skip to content label used for accessibility, allowing to rapidly navigate to main content with keyboard tab/enter navigation",message:"Skip to main content"});function g(e){const t=e.children??m,{containerRef:n,onClick:a}=f();return r.createElement("div",{ref:n,role:"region","aria-label":m},r.createElement("a",(0,s.Z)({},e,{href:`#${d}`,onClick:a}),t))}var h=n(5281),b=n(9727);const v={skipToContent:"skipToContent_fXgn"};function y(){return r.createElement(g,{className:v.skipToContent})}var w=n(6668),k=n(9689);function S(e){let{width:t=21,height:n=21,color:a="currentColor",strokeWidth:o=1.2,className:i,...l}=e;return r.createElement("svg",(0,s.Z)({viewBox:"0 0 15 15",width:t,height:n},l),r.createElement("g",{stroke:a,strokeWidth:o},r.createElement("path",{d:"M.75.75l13.5 13.5M14.25.75L.75 14.25"})))}const E={closeButton:"closeButton_CVFx"};function _(e){return r.createElement("button",(0,s.Z)({type:"button","aria-label":(0,c.I)({id:"theme.AnnouncementBar.closeButtonAriaLabel",message:"Close",description:"The ARIA label for close button of announcement bar"})},e,{className:(0,a.Z)("clean-btn close",E.closeButton,e.className)}),r.createElement(S,{width:14,height:14,strokeWidth:3.1}))}const x={content:"content_knG7"};function C(e){const{announcementBar:t}=(0,w.L)(),{content:n}=t;return r.createElement("div",(0,s.Z)({},e,{className:(0,a.Z)(x.content,e.className),dangerouslySetInnerHTML:{__html:n}}))}const T={announcementBar:"announcementBar_mb4j",announcementBarPlaceholder:"announcementBarPlaceholder_vyr4",announcementBarClose:"announcementBarClose_gvF7",announcementBarContent:"announcementBarContent_xLdY"};function L(){const{announcementBar:e}=(0,w.L)(),{isActive:t,close:n}=(0,k.nT)();if(!t)return null;const{backgroundColor:a,textColor:o,isCloseable:i}=e;return r.createElement("div",{className:T.announcementBar,style:{backgroundColor:a,color:o},role:"banner"},i&&r.createElement("div",{className:T.announcementBarPlaceholder}),r.createElement(C,{className:T.announcementBarContent}),i&&r.createElement(_,{onClick:n,className:T.announcementBarClose}))}var A=n(2961),P=n(2466);var R=n(902),N=n(3102);const O=r.createContext(null);function I(e){let{children:t}=e;const n=function(){const e=(0,A.e)(),t=(0,N.HY)(),[n,a]=(0,r.useState)(!1),o=null!==t.component,i=(0,R.D9)(o);return(0,r.useEffect)((()=>{o&&!i&&a(!0)}),[o,i]),(0,r.useEffect)((()=>{o?e.shown||a(!0):a(!1)}),[e.shown,o]),(0,r.useMemo)((()=>[n,a]),[n])}();return r.createElement(O.Provider,{value:n},t)}function D(e){if(e.component){const t=e.component;return r.createElement(t,e.props)}}function M(){const e=(0,r.useContext)(O);if(!e)throw new R.i6("NavbarSecondaryMenuDisplayProvider");const[t,n]=e,a=(0,r.useCallback)((()=>n(!1)),[n]),o=(0,N.HY)();return(0,r.useMemo)((()=>({shown:t,hide:a,content:D(o)})),[a,o,t])}function j(e){let{header:t,primaryMenu:n,secondaryMenu:o}=e;const{shown:i}=M();return r.createElement("div",{className:"navbar-sidebar"},t,r.createElement("div",{className:(0,a.Z)("navbar-sidebar__items",{"navbar-sidebar__items--show-secondary":i})},r.createElement("div",{className:"navbar-sidebar__item menu"},n),r.createElement("div",{className:"navbar-sidebar__item menu"},o)))}var F=n(2949),B=n(2389);function z(e){return r.createElement("svg",(0,s.Z)({viewBox:"0 0 24 24",width:24,height:24},e),r.createElement("path",{fill:"currentColor",d:"M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"}))}function U(e){return r.createElement("svg",(0,s.Z)({viewBox:"0 0 24 24",width:24,height:24},e),r.createElement("path",{fill:"currentColor",d:"M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"}))}const $={toggle:"toggle_vylO",toggleButton:"toggleButton_gllP",darkToggleIcon:"darkToggleIcon_wfgR",lightToggleIcon:"lightToggleIcon_pyhR",toggleButtonDisabled:"toggleButtonDisabled_aARS"};function q(e){let{className:t,buttonClassName:n,value:o,onChange:i}=e;const s=(0,B.Z)(),l=(0,c.I)({message:"Switch between dark and light mode (currently {mode})",id:"theme.colorToggle.ariaLabel",description:"The ARIA label for the navbar color mode toggle"},{mode:"dark"===o?(0,c.I)({message:"dark mode",id:"theme.colorToggle.ariaLabel.mode.dark",description:"The name for the dark color mode"}):(0,c.I)({message:"light mode",id:"theme.colorToggle.ariaLabel.mode.light",description:"The name for the light color mode"})});return r.createElement("div",{className:(0,a.Z)($.toggle,t)},r.createElement("button",{className:(0,a.Z)("clean-btn",$.toggleButton,!s&&$.toggleButtonDisabled,n),type:"button",onClick:()=>i("dark"===o?"light":"dark"),disabled:!s,title:l,"aria-label":l,"aria-live":"polite"},r.createElement(z,{className:(0,a.Z)($.toggleIcon,$.lightToggleIcon)}),r.createElement(U,{className:(0,a.Z)($.toggleIcon,$.darkToggleIcon)})))}const G=r.memo(q),H={darkNavbarColorModeToggle:"darkNavbarColorModeToggle_X3D1"};function Z(e){let{className:t}=e;const n=(0,w.L)().navbar.style,a=(0,w.L)().colorMode.disableSwitch,{colorMode:o,setColorMode:i}=(0,F.I)();return a?null:r.createElement(G,{className:t,buttonClassName:"dark"===n?H.darkNavbarColorModeToggle:void 0,value:o,onChange:i})}var V=n(1327);function W(){return r.createElement(V.Z,{className:"navbar__brand",imageClassName:"navbar__logo",titleClassName:"navbar__title text--truncate"})}function Y(){const e=(0,A.e)();return r.createElement("button",{type:"button","aria-label":(0,c.I)({id:"theme.docs.sidebar.closeSidebarButtonAriaLabel",message:"Close navigation bar",description:"The ARIA label for close button of mobile sidebar"}),className:"clean-btn navbar-sidebar__close",onClick:()=>e.toggle()},r.createElement(S,{color:"var(--ifm-color-emphasis-600)"}))}function K(){return r.createElement("div",{className:"navbar-sidebar__brand"},r.createElement(W,null),r.createElement(Z,{className:"margin-right--md"}),r.createElement(Y,null))}var Q=n(9960),X=n(4996),J=n(3919);function ee(e,t){return void 0!==e&&void 0!==t&&new RegExp(e,"gi").test(t)}var te=n(9471);function ne(e){let{activeBasePath:t,activeBaseRegex:n,to:a,href:o,label:i,html:l,isDropdownLink:c,prependBaseUrlToHref:u,...d}=e;const p=(0,X.Z)(a),f=(0,X.Z)(t),m=(0,X.Z)(o,{forcePrependBaseUrl:!0}),g=i&&o&&!(0,J.Z)(o),h=l?{dangerouslySetInnerHTML:{__html:l}}:{children:r.createElement(r.Fragment,null,i,g&&r.createElement(te.Z,c&&{width:12,height:12}))};return o?r.createElement(Q.Z,(0,s.Z)({href:u?m:o},d,h)):r.createElement(Q.Z,(0,s.Z)({to:p,isNavLink:!0},(t||n)&&{isActive:(e,t)=>n?ee(n,t.pathname):t.pathname.startsWith(f)},d,h))}function re(e){let{className:t,isDropdownItem:n=!1,...o}=e;const i=r.createElement(ne,(0,s.Z)({className:(0,a.Z)(n?"dropdown__link":"navbar__item navbar__link",t),isDropdownLink:n},o));return n?r.createElement("li",null,i):i}function ae(e){let{className:t,isDropdownItem:n,...o}=e;return r.createElement("li",{className:"menu__list-item"},r.createElement(ne,(0,s.Z)({className:(0,a.Z)("menu__link",t)},o)))}function oe(e){let{mobile:t=!1,position:n,...a}=e;const o=t?ae:re;return r.createElement(o,(0,s.Z)({},a,{activeClassName:a.activeClassName??(t?"menu__link--active":"navbar__link--active")}))}var ie=n(6043),se=n(8596),le=n(2263);function ce(e,t){return e.some((e=>function(e,t){return!!(0,se.Mg)(e.to,t)||!!ee(e.activeBaseRegex,t)||!(!e.activeBasePath||!t.startsWith(e.activeBasePath))}(e,t)))}function ue(e){let{items:t,position:n,className:o,onClick:i,...l}=e;const c=(0,r.useRef)(null),[u,d]=(0,r.useState)(!1);return(0,r.useEffect)((()=>{const e=e=>{c.current&&!c.current.contains(e.target)&&d(!1)};return document.addEventListener("mousedown",e),document.addEventListener("touchstart",e),document.addEventListener("focusin",e),()=>{document.removeEventListener("mousedown",e),document.removeEventListener("touchstart",e),document.removeEventListener("focusin",e)}}),[c]),r.createElement("div",{ref:c,className:(0,a.Z)("navbar__item","dropdown","dropdown--hoverable",{"dropdown--right":"right"===n,"dropdown--show":u})},r.createElement(ne,(0,s.Z)({"aria-haspopup":"true","aria-expanded":u,role:"button",href:l.to?void 0:"#",className:(0,a.Z)("navbar__link",o)},l,{onClick:l.to?void 0:e=>e.preventDefault(),onKeyDown:e=>{"Enter"===e.key&&(e.preventDefault(),d(!u))}}),l.children??l.label),r.createElement("ul",{className:"dropdown__menu"},t.map(((e,t)=>r.createElement(_e,(0,s.Z)({isDropdownItem:!0,activeClassName:"dropdown__link--active"},e,{key:t}))))))}function de(e){let{items:t,className:n,position:o,onClick:i,...c}=e;const u=function(){const{siteConfig:{baseUrl:e}}=(0,le.Z)(),{pathname:t}=(0,l.TH)();return t.replace(e,"/")}(),d=ce(t,u),{collapsed:p,toggleCollapsed:f,setCollapsed:m}=(0,ie.u)({initialState:()=>!d});return(0,r.useEffect)((()=>{d&&m(!d)}),[u,d,m]),r.createElement("li",{className:(0,a.Z)("menu__list-item",{"menu__list-item--collapsed":p})},r.createElement(ne,(0,s.Z)({role:"button",className:(0,a.Z)("menu__link menu__link--sublist menu__link--sublist-caret",n)},c,{onClick:e=>{e.preventDefault(),f()}}),c.children??c.label),r.createElement(ie.z,{lazy:!0,as:"ul",className:"menu__list",collapsed:p},t.map(((e,t)=>r.createElement(_e,(0,s.Z)({mobile:!0,isDropdownItem:!0,onClick:i,activeClassName:"menu__link--active"},e,{key:t}))))))}function pe(e){let{mobile:t=!1,...n}=e;const a=t?de:ue;return r.createElement(a,n)}var fe=n(4711);function me(e){let{width:t=20,height:n=20,...a}=e;return r.createElement("svg",(0,s.Z)({viewBox:"0 0 24 24",width:t,height:n,"aria-hidden":!0},a),r.createElement("path",{fill:"currentColor",d:"M12.87 15.07l-2.54-2.51.03-.03c1.74-1.94 2.98-4.17 3.71-6.53H17V4h-7V2H8v2H1v1.99h11.17C11.5 7.92 10.44 9.75 9 11.35 8.07 10.32 7.3 9.19 6.69 8h-2c.73 1.63 1.73 3.17 2.98 4.56l-5.09 5.02L4 19l5-5 3.11 3.11.76-2.04zM18.5 10h-2L12 22h2l1.12-3h4.75L21 22h2l-4.5-12zm-2.62 7l1.62-4.33L19.12 17h-3.24z"}))}const ge="iconLanguage_nlXk";var he=n(1875);const be={searchBox:"searchBox_ZlJk"};function ve(e){let{children:t,className:n}=e;return r.createElement("div",{className:(0,a.Z)(n,be.searchBox)},t)}var ye=n(143),we=n(2802);var ke=n(373);const Se=e=>e.docs.find((t=>t.id===e.mainDocId));const Ee={default:oe,localeDropdown:function(e){let{mobile:t,dropdownItemsBefore:n,dropdownItemsAfter:a,...o}=e;const{i18n:{currentLocale:i,locales:u,localeConfigs:d}}=(0,le.Z)(),p=(0,fe.l)(),{search:f,hash:m}=(0,l.TH)(),g=[...n,...u.map((e=>{const n=`${`pathname://${p.createUrl({locale:e,fullyQualified:!1})}`}${f}${m}`;return{label:d[e].label,lang:d[e].htmlLang,to:n,target:"_self",autoAddBaseUrl:!1,className:e===i?t?"menu__link--active":"dropdown__link--active":""}})),...a],h=t?(0,c.I)({message:"Languages",id:"theme.navbar.mobileLanguageDropdown.label",description:"The label for the mobile language switcher dropdown"}):d[i].label;return r.createElement(pe,(0,s.Z)({},o,{mobile:t,label:r.createElement(r.Fragment,null,r.createElement(me,{className:ge}),h),items:g}))},search:function(e){let{mobile:t,className:n}=e;return t?null:r.createElement(ve,{className:n},r.createElement(he.Z,null))},dropdown:pe,html:function(e){let{value:t,className:n,mobile:o=!1,isDropdownItem:i=!1}=e;const s=i?"li":"div";return r.createElement(s,{className:(0,a.Z)({navbar__item:!o&&!i,"menu__list-item":o},n),dangerouslySetInnerHTML:{__html:t}})},doc:function(e){let{docId:t,label:n,docsPluginId:a,...o}=e;const{activeDoc:i}=(0,ye.Iw)(a),l=(0,we.vY)(t,a);return null===l?null:r.createElement(oe,(0,s.Z)({exact:!0},o,{isActive:()=>i?.path===l.path||!!i?.sidebar&&i.sidebar===l.sidebar,label:n??l.id,to:l.path}))},docSidebar:function(e){let{sidebarId:t,label:n,docsPluginId:a,...o}=e;const{activeDoc:i}=(0,ye.Iw)(a),l=(0,we.oz)(t,a).link;if(!l)throw new Error(`DocSidebarNavbarItem: Sidebar with ID "${t}" doesn't have anything to be linked to.`);return r.createElement(oe,(0,s.Z)({exact:!0},o,{isActive:()=>i?.sidebar===t,label:n??l.label,to:l.path}))},docsVersion:function(e){let{label:t,to:n,docsPluginId:a,...o}=e;const i=(0,we.lO)(a)[0],l=t??i.label,c=n??(e=>e.docs.find((t=>t.id===e.mainDocId)))(i).path;return r.createElement(oe,(0,s.Z)({},o,{label:l,to:c}))},docsVersionDropdown:function(e){let{mobile:t,docsPluginId:n,dropdownActiveClassDisabled:a,dropdownItemsBefore:o,dropdownItemsAfter:i,...u}=e;const{search:d,hash:p}=(0,l.TH)(),f=(0,ye.Iw)(n),m=(0,ye.gB)(n),{savePreferredVersionName:g}=(0,ke.J)(n),h=[...o,...m.map((e=>{const t=f.alternateDocVersions[e.name]??Se(e);return{label:e.label,to:`${t.path}${d}${p}`,isActive:()=>e===f.activeVersion,onClick:()=>g(e.name)}})),...i],b=(0,we.lO)(n)[0],v=t&&h.length>1?(0,c.I)({id:"theme.navbar.mobileVersionsDropdown.label",message:"Versions",description:"The label for the navbar versions dropdown on mobile view"}):b.label,y=t&&h.length>1?void 0:Se(b).path;return h.length<=1?r.createElement(oe,(0,s.Z)({},u,{mobile:t,label:v,to:y,isActive:a?()=>!1:void 0})):r.createElement(pe,(0,s.Z)({},u,{mobile:t,label:v,to:y,items:h,isActive:a?()=>!1:void 0}))}};function _e(e){let{type:t,...n}=e;const a=function(e,t){return e&&"default"!==e?e:"items"in t?"dropdown":"default"}(t,n),o=Ee[a];if(!o)throw new Error(`No NavbarItem component found for type "${t}".`);return r.createElement(o,n)}function xe(){const e=(0,A.e)(),t=(0,w.L)().navbar.items;return r.createElement("ul",{className:"menu__list"},t.map(((t,n)=>r.createElement(_e,(0,s.Z)({mobile:!0},t,{onClick:()=>e.toggle(),key:n})))))}function Ce(e){return r.createElement("button",(0,s.Z)({},e,{type:"button",className:"clean-btn navbar-sidebar__back"}),r.createElement(c.Z,{id:"theme.navbar.mobileSidebarSecondaryMenu.backButtonLabel",description:"The label of the back button to return to main menu, inside the mobile navbar sidebar secondary menu (notably used to display the docs sidebar)"},"\u2190 Back to main menu"))}function Te(){const e=0===(0,w.L)().navbar.items.length,t=M();return r.createElement(r.Fragment,null,!e&&r.createElement(Ce,{onClick:()=>t.hide()}),t.content)}function Le(){const e=(0,A.e)();var t;return void 0===(t=e.shown)&&(t=!0),(0,r.useEffect)((()=>(document.body.style.overflow=t?"hidden":"visible",()=>{document.body.style.overflow="visible"})),[t]),e.shouldRender?r.createElement(j,{header:r.createElement(K,null),primaryMenu:r.createElement(xe,null),secondaryMenu:r.createElement(Te,null)}):null}const Ae={navbarHideable:"navbarHideable_m1mJ",navbarHidden:"navbarHidden_jGov"};function Pe(e){return r.createElement("div",(0,s.Z)({role:"presentation"},e,{className:(0,a.Z)("navbar-sidebar__backdrop",e.className)}))}function Re(e){let{children:t}=e;const{navbar:{hideOnScroll:n,style:o}}=(0,w.L)(),i=(0,A.e)(),{navbarRef:s,isNavbarVisible:l}=function(e){const[t,n]=(0,r.useState)(e),a=(0,r.useRef)(!1),o=(0,r.useRef)(0),i=(0,r.useCallback)((e=>{null!==e&&(o.current=e.getBoundingClientRect().height)}),[]);return(0,P.RF)(((t,r)=>{let{scrollY:i}=t;if(!e)return;if(i=s?n(!1):i+c{if(!e)return;const r=t.location.hash;if(r?document.getElementById(r.substring(1)):void 0)return a.current=!0,void n(!1);n(!0)})),{navbarRef:i,isNavbarVisible:t}}(n);return r.createElement("nav",{ref:s,"aria-label":(0,c.I)({id:"theme.NavBar.navAriaLabel",message:"Main",description:"The ARIA label for the main navigation"}),className:(0,a.Z)("navbar","navbar--fixed-top",n&&[Ae.navbarHideable,!l&&Ae.navbarHidden],{"navbar--dark":"dark"===o,"navbar--primary":"primary"===o,"navbar-sidebar--show":i.shown})},t,r.createElement(Pe,{onClick:i.toggle}),r.createElement(Le,null))}var Ne=n(8780);const Oe={errorBoundaryError:"errorBoundaryError_a6uf"};function Ie(e){return r.createElement("button",(0,s.Z)({type:"button"},e),r.createElement(c.Z,{id:"theme.ErrorPageContent.tryAgain",description:"The label of the button to try again rendering when the React error boundary captures an error"},"Try again"))}function De(e){let{error:t}=e;const n=(0,Ne.getErrorCausalChain)(t).map((e=>e.message)).join("\n\nCause:\n");return r.createElement("p",{className:Oe.errorBoundaryError},n)}class Me extends r.Component{componentDidCatch(e,t){throw this.props.onError(e,t)}render(){return this.props.children}}const je="right";function Fe(e){let{width:t=30,height:n=30,className:a,...o}=e;return r.createElement("svg",(0,s.Z)({className:a,width:t,height:n,viewBox:"0 0 30 30","aria-hidden":"true"},o),r.createElement("path",{stroke:"currentColor",strokeLinecap:"round",strokeMiterlimit:"10",strokeWidth:"2",d:"M4 7h22M4 15h22M4 23h22"}))}function Be(){const{toggle:e,shown:t}=(0,A.e)();return r.createElement("button",{onClick:e,"aria-label":(0,c.I)({id:"theme.docs.sidebar.toggleSidebarButtonAriaLabel",message:"Toggle navigation bar",description:"The ARIA label for hamburger menu button of mobile navigation"}),"aria-expanded":t,className:"navbar__toggle clean-btn",type:"button"},r.createElement(Fe,null))}const ze={colorModeToggle:"colorModeToggle_DEke"};function Ue(e){let{items:t}=e;return r.createElement(r.Fragment,null,t.map(((e,t)=>r.createElement(Me,{key:t,onError:t=>new Error(`A theme navbar item failed to render.\nPlease double-check the following navbar item (themeConfig.navbar.items) of your Docusaurus config:\n${JSON.stringify(e,null,2)}`,{cause:t})},r.createElement(_e,e)))))}function $e(e){let{left:t,right:n}=e;return r.createElement("div",{className:"navbar__inner"},r.createElement("div",{className:"navbar__items"},t),r.createElement("div",{className:"navbar__items navbar__items--right"},n))}function qe(){const e=(0,A.e)(),t=(0,w.L)().navbar.items,[n,a]=function(e){function t(e){return"left"===(e.position??je)}return[e.filter(t),e.filter((e=>!t(e)))]}(t),o=t.find((e=>"search"===e.type));return r.createElement($e,{left:r.createElement(r.Fragment,null,!e.disabled&&r.createElement(Be,null),r.createElement(W,null),r.createElement(Ue,{items:n})),right:r.createElement(r.Fragment,null,r.createElement(Ue,{items:a}),r.createElement(Z,{className:ze.colorModeToggle}),!o&&r.createElement(ve,null,r.createElement(he.Z,null)))})}function Ge(){return r.createElement(Re,null,r.createElement(qe,null))}function He(e){let{item:t}=e;const{to:n,href:a,label:o,prependBaseUrlToHref:i,...l}=t,c=(0,X.Z)(n),u=(0,X.Z)(a,{forcePrependBaseUrl:!0});return r.createElement(Q.Z,(0,s.Z)({className:"footer__link-item"},a?{href:i?u:a}:{to:c},l),o,a&&!(0,J.Z)(a)&&r.createElement(te.Z,null))}function Ze(e){let{item:t}=e;return t.html?r.createElement("li",{className:"footer__item",dangerouslySetInnerHTML:{__html:t.html}}):r.createElement("li",{key:t.href??t.to,className:"footer__item"},r.createElement(He,{item:t}))}function Ve(e){let{column:t}=e;return r.createElement("div",{className:"col footer__col"},r.createElement("div",{className:"footer__title"},t.title),r.createElement("ul",{className:"footer__items clean-list"},t.items.map(((e,t)=>r.createElement(Ze,{key:t,item:e})))))}function We(e){let{columns:t}=e;return r.createElement("div",{className:"row footer__links"},t.map(((e,t)=>r.createElement(Ve,{key:t,column:e}))))}function Ye(){return r.createElement("span",{className:"footer__link-separator"},"\xb7")}function Ke(e){let{item:t}=e;return t.html?r.createElement("span",{className:"footer__link-item",dangerouslySetInnerHTML:{__html:t.html}}):r.createElement(He,{item:t})}function Qe(e){let{links:t}=e;return r.createElement("div",{className:"footer__links text--center"},r.createElement("div",{className:"footer__links"},t.map(((e,n)=>r.createElement(r.Fragment,{key:n},r.createElement(Ke,{item:e}),t.length!==n+1&&r.createElement(Ye,null))))))}function Xe(e){let{links:t}=e;return function(e){return"title"in e[0]}(t)?r.createElement(We,{columns:t}):r.createElement(Qe,{links:t})}var Je=n(941);const et={footerLogoLink:"footerLogoLink_BH7S"};function tt(e){let{logo:t}=e;const{withBaseUrl:n}=(0,X.C)(),o={light:n(t.src),dark:n(t.srcDark??t.src)};return r.createElement(Je.Z,{className:(0,a.Z)("footer__logo",t.className),alt:t.alt,sources:o,width:t.width,height:t.height,style:t.style})}function nt(e){let{logo:t}=e;return t.href?r.createElement(Q.Z,{href:t.href,className:et.footerLogoLink,target:t.target},r.createElement(tt,{logo:t})):r.createElement(tt,{logo:t})}function rt(e){let{copyright:t}=e;return r.createElement("div",{className:"footer__copyright",dangerouslySetInnerHTML:{__html:t}})}function at(e){let{style:t,links:n,logo:o,copyright:i}=e;return r.createElement("footer",{className:(0,a.Z)("footer",{"footer--dark":"dark"===t})},r.createElement("div",{className:"container container-fluid"},n,(o||i)&&r.createElement("div",{className:"footer__bottom text--center"},o&&r.createElement("div",{className:"margin-bottom--sm"},o),i)))}function ot(){const{footer:e}=(0,w.L)();if(!e)return null;const{copyright:t,links:n,logo:a,style:o}=e;return r.createElement(at,{style:o,links:n&&n.length>0&&r.createElement(Xe,{links:n}),logo:a&&r.createElement(nt,{logo:a}),copyright:t&&r.createElement(rt,{copyright:t})})}const it=r.memo(ot),st=(0,R.Qc)([F.S,k.pl,P.OC,ke.L5,i.VC,function(e){let{children:t}=e;return r.createElement(N.n2,null,r.createElement(A.M,null,r.createElement(I,null,t)))}]);function lt(e){let{children:t}=e;return r.createElement(st,null,t)}function ct(e){let{error:t,tryAgain:n}=e;return r.createElement("main",{className:"container margin-vert--xl"},r.createElement("div",{className:"row"},r.createElement("div",{className:"col col--6 col--offset-3"},r.createElement("h1",{className:"hero__title"},r.createElement(c.Z,{id:"theme.ErrorPageContent.title",description:"The title of the fallback page when the page crashed"},"This page crashed.")),r.createElement("div",{className:"margin-vert--lg"},r.createElement(Ie,{onClick:n,className:"button button--primary shadow--lw"})),r.createElement("hr",null),r.createElement("div",{className:"margin-vert--md"},r.createElement(De,{error:t})))))}const ut={mainWrapper:"mainWrapper_z2l0"};function dt(e){const{children:t,noFooter:n,wrapperClassName:s,title:l,description:c}=e;return(0,b.t)(),r.createElement(lt,null,r.createElement(i.d,{title:l,description:c}),r.createElement(y,null),r.createElement(L,null),r.createElement(Ge,null),r.createElement("div",{id:d,className:(0,a.Z)(h.k.wrapper.main,ut.mainWrapper,s)},r.createElement(o.Z,{fallback:e=>r.createElement(ct,e)},t)),!n&&r.createElement(it,null))}},1327:(e,t,n)=>{"use strict";n.d(t,{Z:()=>d});var r=n(7462),a=n(7294),o=n(9960),i=n(4996),s=n(2263),l=n(6668),c=n(941);function u(e){let{logo:t,alt:n,imageClassName:r}=e;const o={light:(0,i.Z)(t.src),dark:(0,i.Z)(t.srcDark||t.src)},s=a.createElement(c.Z,{className:t.className,sources:o,height:t.height,width:t.width,alt:n,style:t.style});return r?a.createElement("div",{className:r},s):s}function d(e){const{siteConfig:{title:t}}=(0,s.Z)(),{navbar:{title:n,logo:c}}=(0,l.L)(),{imageClassName:d,titleClassName:p,...f}=e,m=(0,i.Z)(c?.href||"/"),g=n?"":t,h=c?.alt??g;return a.createElement(o.Z,(0,r.Z)({to:m},f,c?.target&&{target:c.target}),c&&a.createElement(u,{logo:c,alt:h,imageClassName:d}),null!=n&&a.createElement("b",{className:p},n))}},197:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294),a=n(5742);function o(e){let{locale:t,version:n,tag:o}=e;const i=t;return r.createElement(a.Z,null,t&&r.createElement("meta",{name:"docusaurus_locale",content:t}),n&&r.createElement("meta",{name:"docusaurus_version",content:n}),o&&r.createElement("meta",{name:"docusaurus_tag",content:o}),i&&r.createElement("meta",{name:"docsearch:language",content:i}),n&&r.createElement("meta",{name:"docsearch:version",content:n}),o&&r.createElement("meta",{name:"docsearch:docusaurus_tag",content:o}))}},941:(e,t,n)=>{"use strict";n.d(t,{Z:()=>c});var r=n(7462),a=n(7294),o=n(6010),i=n(2389),s=n(2949);const l={themedImage:"themedImage_ToTc","themedImage--light":"themedImage--light_HNdA","themedImage--dark":"themedImage--dark_i4oU"};function c(e){const t=(0,i.Z)(),{colorMode:n}=(0,s.I)(),{sources:c,className:u,alt:d,...p}=e,f=t?"dark"===n?["dark"]:["light"]:["light","dark"];return a.createElement(a.Fragment,null,f.map((e=>a.createElement("img",(0,r.Z)({key:e,src:c[e],alt:d,className:(0,o.Z)(l.themedImage,l[`themedImage--${e}`],u)},p)))))}},6043:(e,t,n)=>{"use strict";n.d(t,{u:()=>l,z:()=>h});var r=n(7462),a=n(7294),o=n(412),i=n(1442);const s="ease-in-out";function l(e){let{initialState:t}=e;const[n,r]=(0,a.useState)(t??!1),o=(0,a.useCallback)((()=>{r((e=>!e))}),[]);return{collapsed:n,setCollapsed:r,toggleCollapsed:o}}const c={display:"none",overflow:"hidden",height:"0px"},u={display:"block",overflow:"visible",height:"auto"};function d(e,t){const n=t?c:u;e.style.display=n.display,e.style.overflow=n.overflow,e.style.height=n.height}function p(e){let{collapsibleRef:t,collapsed:n,animation:r}=e;const o=(0,a.useRef)(!1);(0,a.useEffect)((()=>{const e=t.current;function a(){const t=e.scrollHeight,n=r?.duration??function(e){if((0,i.n)())return 1;const t=e/36;return Math.round(10*(4+15*t**.25+t/5))}(t);return{transition:`height ${n}ms ${r?.easing??s}`,height:`${t}px`}}function l(){const t=a();e.style.transition=t.transition,e.style.height=t.height}if(!o.current)return d(e,n),void(o.current=!0);return e.style.willChange="height",function(){const t=requestAnimationFrame((()=>{n?(l(),requestAnimationFrame((()=>{e.style.height=c.height,e.style.overflow=c.overflow}))):(e.style.display="block",requestAnimationFrame((()=>{l()})))}));return()=>cancelAnimationFrame(t)}()}),[t,n,r])}function f(e){if(!o.Z.canUseDOM)return e?c:u}function m(e){let{as:t="div",collapsed:n,children:r,animation:o,onCollapseTransitionEnd:i,className:s,disableSSRStyle:l}=e;const c=(0,a.useRef)(null);return p({collapsibleRef:c,collapsed:n,animation:o}),a.createElement(t,{ref:c,style:l?void 0:f(n),onTransitionEnd:e=>{"height"===e.propertyName&&(d(c.current,n),i?.(n))},className:s},r)}function g(e){let{collapsed:t,...n}=e;const[o,i]=(0,a.useState)(!t),[s,l]=(0,a.useState)(t);return(0,a.useLayoutEffect)((()=>{t||i(!0)}),[t]),(0,a.useLayoutEffect)((()=>{o&&l(t)}),[o,t]),o?a.createElement(m,(0,r.Z)({},n,{collapsed:s})):null}function h(e){let{lazy:t,...n}=e;const r=t?g:m;return a.createElement(r,n)}},9689:(e,t,n)=>{"use strict";n.d(t,{nT:()=>m,pl:()=>f});var r=n(7294),a=n(2389),o=n(12),i=n(902),s=n(6668);const l=(0,o.WA)("docusaurus.announcement.dismiss"),c=(0,o.WA)("docusaurus.announcement.id"),u=()=>"true"===l.get(),d=e=>l.set(String(e)),p=r.createContext(null);function f(e){let{children:t}=e;const n=function(){const{announcementBar:e}=(0,s.L)(),t=(0,a.Z)(),[n,o]=(0,r.useState)((()=>!!t&&u()));(0,r.useEffect)((()=>{o(u())}),[]);const i=(0,r.useCallback)((()=>{d(!0),o(!0)}),[]);return(0,r.useEffect)((()=>{if(!e)return;const{id:t}=e;let n=c.get();"annoucement-bar"===n&&(n="announcement-bar");const r=t!==n;c.set(t),r&&d(!1),!r&&u()||o(!1)}),[e]),(0,r.useMemo)((()=>({isActive:!!e&&!n,close:i})),[e,n,i])}();return r.createElement(p.Provider,{value:n},t)}function m(){const e=(0,r.useContext)(p);if(!e)throw new i.i6("AnnouncementBarProvider");return e}},2949:(e,t,n)=>{"use strict";n.d(t,{I:()=>h,S:()=>g});var r=n(7294),a=n(412),o=n(902),i=n(12),s=n(6668);const l=r.createContext(void 0),c="theme",u=(0,i.WA)(c),d={light:"light",dark:"dark"},p=e=>e===d.dark?d.dark:d.light,f=e=>a.Z.canUseDOM?p(document.documentElement.getAttribute("data-theme")):p(e),m=e=>{u.set(p(e))};function g(e){let{children:t}=e;const n=function(){const{colorMode:{defaultMode:e,disableSwitch:t,respectPrefersColorScheme:n}}=(0,s.L)(),[a,o]=(0,r.useState)(f(e));(0,r.useEffect)((()=>{t&&u.del()}),[t]);const i=(0,r.useCallback)((function(t,r){void 0===r&&(r={});const{persist:a=!0}=r;t?(o(t),a&&m(t)):(o(n?window.matchMedia("(prefers-color-scheme: dark)").matches?d.dark:d.light:e),u.del())}),[n,e]);(0,r.useEffect)((()=>{document.documentElement.setAttribute("data-theme",p(a))}),[a]),(0,r.useEffect)((()=>{if(t)return;const e=e=>{if(e.key!==c)return;const t=u.get();null!==t&&i(p(t))};return window.addEventListener("storage",e),()=>window.removeEventListener("storage",e)}),[t,i]);const l=(0,r.useRef)(!1);return(0,r.useEffect)((()=>{if(t&&!n)return;const e=window.matchMedia("(prefers-color-scheme: dark)"),r=()=>{window.matchMedia("print").matches||l.current?l.current=window.matchMedia("print").matches:i(null)};return e.addListener(r),()=>e.removeListener(r)}),[i,t,n]),(0,r.useMemo)((()=>({colorMode:a,setColorMode:i,get isDarkTheme(){return a===d.dark},setLightTheme(){i(d.light)},setDarkTheme(){i(d.dark)}})),[a,i])}();return r.createElement(l.Provider,{value:n},t)}function h(){const e=(0,r.useContext)(l);if(null==e)throw new o.i6("ColorModeProvider","Please see https://docusaurus.io/docs/api/themes/configuration#use-color-mode.");return e}},373:(e,t,n)=>{"use strict";n.d(t,{J:()=>v,L5:()=>h});var r=n(7294),a=n(143),o=n(9935),i=n(6668),s=n(2802),l=n(902),c=n(12);const u=e=>`docs-preferred-version-${e}`,d={save:(e,t,n)=>{(0,c.WA)(u(e),{persistence:t}).set(n)},read:(e,t)=>(0,c.WA)(u(e),{persistence:t}).get(),clear:(e,t)=>{(0,c.WA)(u(e),{persistence:t}).del()}},p=e=>Object.fromEntries(e.map((e=>[e,{preferredVersionName:null}])));const f=r.createContext(null);function m(){const e=(0,a._r)(),t=(0,i.L)().docs.versionPersistence,n=(0,r.useMemo)((()=>Object.keys(e)),[e]),[o,s]=(0,r.useState)((()=>p(n)));(0,r.useEffect)((()=>{s(function(e){let{pluginIds:t,versionPersistence:n,allDocsData:r}=e;function a(e){const t=d.read(e,n);return r[e].versions.some((e=>e.name===t))?{preferredVersionName:t}:(d.clear(e,n),{preferredVersionName:null})}return Object.fromEntries(t.map((e=>[e,a(e)])))}({allDocsData:e,versionPersistence:t,pluginIds:n}))}),[e,t,n]);return[o,(0,r.useMemo)((()=>({savePreferredVersion:function(e,n){d.save(e,t,n),s((t=>({...t,[e]:{preferredVersionName:n}})))}})),[t])]}function g(e){let{children:t}=e;const n=m();return r.createElement(f.Provider,{value:n},t)}function h(e){let{children:t}=e;return s.cE?r.createElement(g,null,t):r.createElement(r.Fragment,null,t)}function b(){const e=(0,r.useContext)(f);if(!e)throw new l.i6("DocsPreferredVersionContextProvider");return e}function v(e){void 0===e&&(e=o.m);const t=(0,a.zh)(e),[n,i]=b(),{preferredVersionName:s}=n[e];return{preferredVersion:t.versions.find((e=>e.name===s))??null,savePreferredVersionName:(0,r.useCallback)((t=>{i.savePreferredVersion(e,t)}),[i,e])}}},1116:(e,t,n)=>{"use strict";n.d(t,{V:()=>l,b:()=>s});var r=n(7294),a=n(902);const o=Symbol("EmptyContext"),i=r.createContext(o);function s(e){let{children:t,name:n,items:a}=e;const o=(0,r.useMemo)((()=>n&&a?{name:n,items:a}:null),[n,a]);return r.createElement(i.Provider,{value:o},t)}function l(){const e=(0,r.useContext)(i);if(e===o)throw new a.i6("DocsSidebarProvider");return e}},4477:(e,t,n)=>{"use strict";n.d(t,{E:()=>s,q:()=>i});var r=n(7294),a=n(902);const o=r.createContext(null);function i(e){let{children:t,version:n}=e;return r.createElement(o.Provider,{value:n},t)}function s(){const e=(0,r.useContext)(o);if(null===e)throw new a.i6("DocsVersionProvider");return e}},2961:(e,t,n)=>{"use strict";n.d(t,{M:()=>p,e:()=>f});var r=n(7294),a=n(3102),o=n(7524),i=n(6550),s=(n(1688),n(902));function l(e){!function(e){const t=(0,i.k6)(),n=(0,s.zX)(e);(0,r.useEffect)((()=>t.block(((e,t)=>n(e,t)))),[t,n])}(((t,n)=>{if("POP"===n)return e(t,n)}))}var c=n(6668);const u=r.createContext(void 0);function d(){const e=function(){const e=(0,a.HY)(),{items:t}=(0,c.L)().navbar;return 0===t.length&&!e.component}(),t=(0,o.i)(),n=!e&&"mobile"===t,[i,s]=(0,r.useState)(!1);l((()=>{if(i)return s(!1),!1}));const u=(0,r.useCallback)((()=>{s((e=>!e))}),[]);return(0,r.useEffect)((()=>{"desktop"===t&&s(!1)}),[t]),(0,r.useMemo)((()=>({disabled:e,shouldRender:n,toggle:u,shown:i})),[e,n,u,i])}function p(e){let{children:t}=e;const n=d();return r.createElement(u.Provider,{value:n},t)}function f(){const e=r.useContext(u);if(void 0===e)throw new s.i6("NavbarMobileSidebarProvider");return e}},3102:(e,t,n)=>{"use strict";n.d(t,{HY:()=>s,Zo:()=>l,n2:()=>i});var r=n(7294),a=n(902);const o=r.createContext(null);function i(e){let{children:t}=e;const n=(0,r.useState)({component:null,props:null});return r.createElement(o.Provider,{value:n},t)}function s(){const e=(0,r.useContext)(o);if(!e)throw new a.i6("NavbarSecondaryMenuContentProvider");return e[0]}function l(e){let{component:t,props:n}=e;const i=(0,r.useContext)(o);if(!i)throw new a.i6("NavbarSecondaryMenuContentProvider");const[,s]=i,l=(0,a.Ql)(n);return(0,r.useEffect)((()=>{s({component:t,props:l})}),[s,t,l]),(0,r.useEffect)((()=>()=>s({component:null,props:null})),[s]),null}},9727:(e,t,n)=>{"use strict";n.d(t,{h:()=>a,t:()=>o});var r=n(7294);const a="navigation-with-keyboard";function o(){(0,r.useEffect)((()=>{function e(e){"keydown"===e.type&&"Tab"===e.key&&document.body.classList.add(a),"mousedown"===e.type&&document.body.classList.remove(a)}return document.addEventListener("keydown",e),document.addEventListener("mousedown",e),()=>{document.body.classList.remove(a),document.removeEventListener("keydown",e),document.removeEventListener("mousedown",e)}}),[])}},7524:(e,t,n)=>{"use strict";n.d(t,{i:()=>c});var r=n(7294),a=n(412);const o={desktop:"desktop",mobile:"mobile",ssr:"ssr"},i=996;function s(){return a.Z.canUseDOM?window.innerWidth>i?o.desktop:o.mobile:o.ssr}const l=!1;function c(){const[e,t]=(0,r.useState)((()=>l?"ssr":s()));return(0,r.useEffect)((()=>{function e(){t(s())}const n=l?window.setTimeout(e,1e3):void 0;return window.addEventListener("resize",e),()=>{window.removeEventListener("resize",e),clearTimeout(n)}}),[]),e}},5281:(e,t,n)=>{"use strict";n.d(t,{k:()=>r});const r={page:{blogListPage:"blog-list-page",blogPostPage:"blog-post-page",blogTagsListPage:"blog-tags-list-page",blogTagPostListPage:"blog-tags-post-list-page",docsDocPage:"docs-doc-page",docsTagsListPage:"docs-tags-list-page",docsTagDocListPage:"docs-tags-doc-list-page",mdxPage:"mdx-page"},wrapper:{main:"main-wrapper",blogPages:"blog-wrapper",docsPages:"docs-wrapper",mdxPages:"mdx-wrapper"},common:{editThisPage:"theme-edit-this-page",lastUpdated:"theme-last-updated",backToTopButton:"theme-back-to-top-button",codeBlock:"theme-code-block",admonition:"theme-admonition",admonitionType:e=>`theme-admonition-${e}`},layout:{},docs:{docVersionBanner:"theme-doc-version-banner",docVersionBadge:"theme-doc-version-badge",docBreadcrumbs:"theme-doc-breadcrumbs",docMarkdown:"theme-doc-markdown",docTocMobile:"theme-doc-toc-mobile",docTocDesktop:"theme-doc-toc-desktop",docFooter:"theme-doc-footer",docFooterTagsRow:"theme-doc-footer-tags-row",docFooterEditMetaRow:"theme-doc-footer-edit-meta-row",docSidebarContainer:"theme-doc-sidebar-container",docSidebarMenu:"theme-doc-sidebar-menu",docSidebarItemCategory:"theme-doc-sidebar-item-category",docSidebarItemLink:"theme-doc-sidebar-item-link",docSidebarItemCategoryLevel:e=>`theme-doc-sidebar-item-category-level-${e}`,docSidebarItemLinkLevel:e=>`theme-doc-sidebar-item-link-level-${e}`},blog:{}}},1442:(e,t,n)=>{"use strict";function r(){return window.matchMedia("(prefers-reduced-motion: reduce)").matches}n.d(t,{n:()=>r})},2802:(e,t,n)=>{"use strict";n.d(t,{MN:()=>x,Wl:()=>m,_F:()=>v,cE:()=>p,jA:()=>g,xz:()=>f,hI:()=>_,lO:()=>k,vY:()=>E,oz:()=>S,s1:()=>w});var r=n(7294),a=n(6550),o=n(8790),i=n(143),s=n(373),l=n(4477),c=n(1116);function u(e){return Array.from(new Set(e))}var d=n(8596);const p=!!i._r;function f(e){const t=(0,l.E)();if(!e)return;const n=t.docs[e];if(!n)throw new Error(`no version doc found by id=${e}`);return n}function m(e){if(e.href)return e.href;for(const t of e.items){if("link"===t.type)return t.href;if("category"===t.type){const e=m(t);if(e)return e}}}function g(){const{pathname:e}=(0,a.TH)(),t=(0,c.V)();if(!t)throw new Error("Unexpected: cant find current sidebar in context");const n=y({sidebarItems:t.items,pathname:e,onlyCategories:!0}).slice(-1)[0];if(!n)throw new Error(`${e} is not associated with a category. useCurrentSidebarCategory() should only be used on category index pages.`);return n}const h=(e,t)=>void 0!==e&&(0,d.Mg)(e,t),b=(e,t)=>e.some((e=>v(e,t)));function v(e,t){return"link"===e.type?h(e.href,t):"category"===e.type&&(h(e.href,t)||b(e.items,t))}function y(e){let{sidebarItems:t,pathname:n,onlyCategories:r=!1}=e;const a=[];return function e(t){for(const o of t)if("category"===o.type&&((0,d.Mg)(o.href,n)||e(o.items))||"link"===o.type&&(0,d.Mg)(o.href,n)){return r&&"category"!==o.type||a.unshift(o),!0}return!1}(t),a}function w(){const e=(0,c.V)(),{pathname:t}=(0,a.TH)(),n=(0,i.gA)()?.pluginData.breadcrumbs;return!1!==n&&e?y({sidebarItems:e.items,pathname:t}):null}function k(e){const{activeVersion:t}=(0,i.Iw)(e),{preferredVersion:n}=(0,s.J)(e),a=(0,i.yW)(e);return(0,r.useMemo)((()=>u([t,n,a].filter(Boolean))),[t,n,a])}function S(e,t){const n=k(t);return(0,r.useMemo)((()=>{const t=n.flatMap((e=>e.sidebars?Object.entries(e.sidebars):[])),r=t.find((t=>t[0]===e));if(!r)throw new Error(`Can't find any sidebar with id "${e}" in version${n.length>1?"s":""} ${n.map((e=>e.name)).join(", ")}".\nAvailable sidebar ids are:\n- ${t.map((e=>e[0])).join("\n- ")}`);return r[1]}),[e,n])}function E(e,t){const n=k(t);return(0,r.useMemo)((()=>{const t=n.flatMap((e=>e.docs)),r=t.find((t=>t.id===e));if(!r){if(n.flatMap((e=>e.draftIds)).includes(e))return null;throw new Error(`Couldn't find any doc with id "${e}" in version${n.length>1?"s":""} "${n.map((e=>e.name)).join(", ")}".\nAvailable doc ids are:\n- ${u(t.map((e=>e.id))).join("\n- ")}`)}return r}),[e,n])}function _(e){let{route:t,versionMetadata:n}=e;const r=(0,a.TH)(),i=t.routes,s=i.find((e=>(0,a.LX)(r.pathname,e)));if(!s)return null;const l=s.sidebar,c=l?n.docsSidebars[l]:void 0;return{docElement:(0,o.H)(i),sidebarName:l,sidebarItems:c}}function x(e){return e.filter((e=>"category"!==e.type||!!m(e)))}},1944:(e,t,n)=>{"use strict";n.d(t,{FG:()=>p,d:()=>u,VC:()=>f});var r=n(7294),a=n(6010),o=n(5742),i=n(226);function s(){const e=r.useContext(i._);if(!e)throw new Error("Unexpected: no Docusaurus route context found");return e}var l=n(4996),c=n(2263);function u(e){let{title:t,description:n,keywords:a,image:i,children:s}=e;const u=function(e){const{siteConfig:t}=(0,c.Z)(),{title:n,titleDelimiter:r}=t;return e?.trim().length?`${e.trim()} ${r} ${n}`:n}(t),{withBaseUrl:d}=(0,l.C)(),p=i?d(i,{absolute:!0}):void 0;return r.createElement(o.Z,null,t&&r.createElement("title",null,u),t&&r.createElement("meta",{property:"og:title",content:u}),n&&r.createElement("meta",{name:"description",content:n}),n&&r.createElement("meta",{property:"og:description",content:n}),a&&r.createElement("meta",{name:"keywords",content:Array.isArray(a)?a.join(","):a}),p&&r.createElement("meta",{property:"og:image",content:p}),p&&r.createElement("meta",{name:"twitter:image",content:p}),s)}const d=r.createContext(void 0);function p(e){let{className:t,children:n}=e;const i=r.useContext(d),s=(0,a.Z)(i,t);return r.createElement(d.Provider,{value:s},r.createElement(o.Z,null,r.createElement("html",{className:s})),n)}function f(e){let{children:t}=e;const n=s(),o=`plugin-${n.plugin.name.replace(/docusaurus-(?:plugin|theme)-(?:content-)?/gi,"")}`;const i=`plugin-id-${n.plugin.id}`;return r.createElement(p,{className:(0,a.Z)(o,i)},t)}},902:(e,t,n)=>{"use strict";n.d(t,{D9:()=>i,Qc:()=>c,Ql:()=>l,i6:()=>s,zX:()=>o});var r=n(7294);const a=n(412).Z.canUseDOM?r.useLayoutEffect:r.useEffect;function o(e){const t=(0,r.useRef)(e);return a((()=>{t.current=e}),[e]),(0,r.useCallback)((function(){return t.current(...arguments)}),[])}function i(e){const t=(0,r.useRef)();return a((()=>{t.current=e})),t.current}class s extends Error{constructor(e,t){super(),this.name="ReactContextError",this.message=`Hook ${this.stack?.split("\n")[1]?.match(/at (?:\w+\.)?(?\w+)/)?.groups.name??""} is called outside the <${e}>. ${t??""}`}}function l(e){const t=Object.entries(e);return t.sort(((e,t)=>e[0].localeCompare(t[0]))),(0,r.useMemo)((()=>e),t.flat())}function c(e){return t=>{let{children:n}=t;return r.createElement(r.Fragment,null,e.reduceRight(((e,t)=>r.createElement(t,null,e)),n))}}},8596:(e,t,n)=>{"use strict";n.d(t,{Mg:()=>i,Ns:()=>s});var r=n(7294),a=n(723),o=n(2263);function i(e,t){const n=e=>(!e||e.endsWith("/")?e:`${e}/`)?.toLowerCase();return n(e)===n(t)}function s(){const{baseUrl:e}=(0,o.Z)().siteConfig;return(0,r.useMemo)((()=>function(e){let{baseUrl:t,routes:n}=e;function r(e){return e.path===t&&!0===e.exact}function a(e){return e.path===t&&!e.exact}return function e(t){if(0===t.length)return;return t.find(r)||e(t.filter(a).flatMap((e=>e.routes??[])))}(n)}({routes:a.Z,baseUrl:e})),[e])}},2466:(e,t,n)=>{"use strict";n.d(t,{Ct:()=>p,OC:()=>l,RF:()=>d});var r=n(7294),a=n(412),o=n(2389),i=n(902);const s=r.createContext(void 0);function l(e){let{children:t}=e;const n=function(){const e=(0,r.useRef)(!0);return(0,r.useMemo)((()=>({scrollEventsEnabledRef:e,enableScrollEvents:()=>{e.current=!0},disableScrollEvents:()=>{e.current=!1}})),[])}();return r.createElement(s.Provider,{value:n},t)}function c(){const e=(0,r.useContext)(s);if(null==e)throw new i.i6("ScrollControllerProvider");return e}const u=()=>a.Z.canUseDOM?{scrollX:window.pageXOffset,scrollY:window.pageYOffset}:null;function d(e,t){void 0===t&&(t=[]);const{scrollEventsEnabledRef:n}=c(),a=(0,r.useRef)(u()),o=(0,i.zX)(e);(0,r.useEffect)((()=>{const e=()=>{if(!n.current)return;const e=u();o(e,a.current),a.current=e},t={passive:!0};return e(),window.addEventListener("scroll",e,t),()=>window.removeEventListener("scroll",e,t)}),[o,n,...t])}function p(){const e=(0,r.useRef)(null),t=(0,o.Z)()&&"smooth"===getComputedStyle(document.documentElement).scrollBehavior;return{startScroll:n=>{e.current=t?function(e){return window.scrollTo({top:e,behavior:"smooth"}),()=>{}}(n):function(e){let t=null;const n=document.documentElement.scrollTop>e;return function r(){const a=document.documentElement.scrollTop;(n&&a>e||!n&&at&&cancelAnimationFrame(t)}(n)},cancelScroll:()=>e.current?.()}}},3320:(e,t,n)=>{"use strict";n.d(t,{HX:()=>r,os:()=>a});n(2263);const r="default";function a(e,t){return`docs-${e}-${t}`}},12:(e,t,n)=>{"use strict";n.d(t,{WA:()=>l});n(7294),n(1688);const r="localStorage";function a(e){let{key:t,oldValue:n,newValue:r,storage:a}=e;if(n===r)return;const o=document.createEvent("StorageEvent");o.initStorageEvent("storage",!1,!1,t,n,r,window.location.href,a),window.dispatchEvent(o)}function o(e){if(void 0===e&&(e=r),"undefined"==typeof window)throw new Error("Browser storage is not available on Node.js/Docusaurus SSR process.");if("none"===e)return null;try{return window[e]}catch(n){return t=n,i||(console.warn("Docusaurus browser storage is not available.\nPossible reasons: running Docusaurus in an iframe, in an incognito browser session, or using too strict browser privacy settings.",t),i=!0),null}var t}let i=!1;const s={get:()=>null,set:()=>{},del:()=>{},listen:()=>()=>{}};function l(e,t){if("undefined"==typeof window)return function(e){function t(){throw new Error(`Illegal storage API usage for storage key "${e}".\nDocusaurus storage APIs are not supposed to be called on the server-rendering process.\nPlease only call storage APIs in effects and event handlers.`)}return{get:t,set:t,del:t,listen:t}}(e);const n=o(t?.persistence);return null===n?s:{get:()=>{try{return n.getItem(e)}catch(t){return console.error(`Docusaurus storage error, can't get key=${e}`,t),null}},set:t=>{try{const r=n.getItem(e);n.setItem(e,t),a({key:e,oldValue:r,newValue:t,storage:n})}catch(r){console.error(`Docusaurus storage error, can't set ${e}=${t}`,r)}},del:()=>{try{const t=n.getItem(e);n.removeItem(e),a({key:e,oldValue:t,newValue:null,storage:n})}catch(t){console.error(`Docusaurus storage error, can't delete key=${e}`,t)}},listen:t=>{try{const r=r=>{r.storageArea===n&&r.key===e&&t(r)};return window.addEventListener("storage",r),()=>window.removeEventListener("storage",r)}catch(r){return console.error(`Docusaurus storage error, can't listen for changes of key=${e}`,r),()=>{}}}}}},4711:(e,t,n)=>{"use strict";n.d(t,{l:()=>o});var r=n(2263),a=n(6550);function o(){const{siteConfig:{baseUrl:e,url:t},i18n:{defaultLocale:n,currentLocale:o}}=(0,r.Z)(),{pathname:i}=(0,a.TH)(),s=o===n?e:e.replace(`/${o}/`,"/"),l=i.replace(e,"");return{createUrl:function(e){let{locale:r,fullyQualified:a}=e;return`${a?t:""}${function(e){return e===n?`${s}`:`${s}${e}/`}(r)}${l}`}}}},5936:(e,t,n)=>{"use strict";n.d(t,{S:()=>i});var r=n(7294),a=n(6550),o=n(902);function i(e){const t=(0,a.TH)(),n=(0,o.D9)(t),i=(0,o.zX)(e);(0,r.useEffect)((()=>{n&&t!==n&&i({location:t,previousLocation:n})}),[i,t,n])}},6668:(e,t,n)=>{"use strict";n.d(t,{L:()=>a});var r=n(2263);function a(){return(0,r.Z)().siteConfig.themeConfig}},8802:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=function(e,t){const{trailingSlash:n,baseUrl:r}=t;if(e.startsWith("#"))return e;if(void 0===n)return e;const[a]=e.split(/[#?]/),o="/"===a||a===r?a:(i=a,n?function(e){return e.endsWith("/")?e:`${e}/`}(i):function(e){return e.endsWith("/")?e.slice(0,-1):e}(i));var i;return e.replace(a,o)}},4143:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.getErrorCausalChain=void 0,t.getErrorCausalChain=function e(t){return t.cause?[t,...e(t.cause)]:[t]}},8780:function(e,t,n){"use strict";var r=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.getErrorCausalChain=t.applyTrailingSlash=t.blogPostContainerID=void 0,t.blogPostContainerID="__blog-post-container";var a=n(8802);Object.defineProperty(t,"applyTrailingSlash",{enumerable:!0,get:function(){return r(a).default}});var o=n(4143);Object.defineProperty(t,"getErrorCausalChain",{enumerable:!0,get:function(){return o.getErrorCausalChain}})},6010:(e,t,n)=>{"use strict";function r(e){var t,n,a="";if("string"==typeof e||"number"==typeof e)a+=e;else if("object"==typeof e)if(Array.isArray(e))for(t=0;ta});const a=function(){for(var e,t,n=0,a="";n{"use strict";n.d(t,{lX:()=>w,q_:()=>C,ob:()=>f,PP:()=>L,Ep:()=>p});var r=n(7462);function a(e){return"/"===e.charAt(0)}function o(e,t){for(var n=t,r=n+1,a=e.length;r=0;p--){var f=i[p];"."===f?o(i,p):".."===f?(o(i,p),d++):d&&(o(i,p),d--)}if(!c)for(;d--;d)i.unshift("..");!c||""===i[0]||i[0]&&a(i[0])||i.unshift("");var m=i.join("/");return n&&"/"!==m.substr(-1)&&(m+="/"),m};var s=n(2177);function l(e){return"/"===e.charAt(0)?e:"/"+e}function c(e){return"/"===e.charAt(0)?e.substr(1):e}function u(e,t){return function(e,t){return 0===e.toLowerCase().indexOf(t.toLowerCase())&&-1!=="/?#".indexOf(e.charAt(t.length))}(e,t)?e.substr(t.length):e}function d(e){return"/"===e.charAt(e.length-1)?e.slice(0,-1):e}function p(e){var t=e.pathname,n=e.search,r=e.hash,a=t||"/";return n&&"?"!==n&&(a+="?"===n.charAt(0)?n:"?"+n),r&&"#"!==r&&(a+="#"===r.charAt(0)?r:"#"+r),a}function f(e,t,n,a){var o;"string"==typeof e?(o=function(e){var t=e||"/",n="",r="",a=t.indexOf("#");-1!==a&&(r=t.substr(a),t=t.substr(0,a));var o=t.indexOf("?");return-1!==o&&(n=t.substr(o),t=t.substr(0,o)),{pathname:t,search:"?"===n?"":n,hash:"#"===r?"":r}}(e),o.state=t):(void 0===(o=(0,r.Z)({},e)).pathname&&(o.pathname=""),o.search?"?"!==o.search.charAt(0)&&(o.search="?"+o.search):o.search="",o.hash?"#"!==o.hash.charAt(0)&&(o.hash="#"+o.hash):o.hash="",void 0!==t&&void 0===o.state&&(o.state=t));try{o.pathname=decodeURI(o.pathname)}catch(s){throw s instanceof URIError?new URIError('Pathname "'+o.pathname+'" could not be decoded. This is likely caused by an invalid percent-encoding.'):s}return n&&(o.key=n),a?o.pathname?"/"!==o.pathname.charAt(0)&&(o.pathname=i(o.pathname,a.pathname)):o.pathname=a.pathname:o.pathname||(o.pathname="/"),o}function m(){var e=null;var t=[];return{setPrompt:function(t){return e=t,function(){e===t&&(e=null)}},confirmTransitionTo:function(t,n,r,a){if(null!=e){var o="function"==typeof e?e(t,n):e;"string"==typeof o?"function"==typeof r?r(o,a):a(!0):a(!1!==o)}else a(!0)},appendListener:function(e){var n=!0;function r(){n&&e.apply(void 0,arguments)}return t.push(r),function(){n=!1,t=t.filter((function(e){return e!==r}))}},notifyListeners:function(){for(var e=arguments.length,n=new Array(e),r=0;rt?n.splice(t,n.length-t,a):n.push(a),d({action:r,location:a,index:t,entries:n})}}))},replace:function(e,t){var r="REPLACE",a=f(e,t,g(),w.location);u.confirmTransitionTo(a,r,n,(function(e){e&&(w.entries[w.index]=a,d({action:r,location:a}))}))},go:y,goBack:function(){y(-1)},goForward:function(){y(1)},canGo:function(e){var t=w.index+e;return t>=0&&t{"use strict";var r=n(9864),a={childContextTypes:!0,contextType:!0,contextTypes:!0,defaultProps:!0,displayName:!0,getDefaultProps:!0,getDerivedStateFromError:!0,getDerivedStateFromProps:!0,mixins:!0,propTypes:!0,type:!0},o={name:!0,length:!0,prototype:!0,caller:!0,callee:!0,arguments:!0,arity:!0},i={$$typeof:!0,compare:!0,defaultProps:!0,displayName:!0,propTypes:!0,type:!0},s={};function l(e){return r.isMemo(e)?i:s[e.$$typeof]||a}s[r.ForwardRef]={$$typeof:!0,render:!0,defaultProps:!0,displayName:!0,propTypes:!0},s[r.Memo]=i;var c=Object.defineProperty,u=Object.getOwnPropertyNames,d=Object.getOwnPropertySymbols,p=Object.getOwnPropertyDescriptor,f=Object.getPrototypeOf,m=Object.prototype;e.exports=function e(t,n,r){if("string"!=typeof n){if(m){var a=f(n);a&&a!==m&&e(t,a,r)}var i=u(n);d&&(i=i.concat(d(n)));for(var s=l(t),g=l(n),h=0;h{"use strict";e.exports=function(e,t,n,r,a,o,i,s){if(!e){var l;if(void 0===t)l=new Error("Minified exception occurred; use the non-minified dev environment for the full error message and additional helpful warnings.");else{var c=[n,r,a,o,i,s],u=0;(l=new Error(t.replace(/%s/g,(function(){return c[u++]})))).name="Invariant Violation"}throw l.framesToPop=1,l}}},5826:e=>{e.exports=Array.isArray||function(e){return"[object Array]"==Object.prototype.toString.call(e)}},2497:(e,t,n)=>{"use strict";n.r(t)},2295:(e,t,n)=>{"use strict";n.r(t)},4865:function(e,t,n){var r,a;r=function(){var e,t,n={version:"0.2.0"},r=n.settings={minimum:.08,easing:"ease",positionUsing:"",speed:200,trickle:!0,trickleRate:.02,trickleSpeed:800,showSpinner:!0,barSelector:'[role="bar"]',spinnerSelector:'[role="spinner"]',parent:"body",template:'
'};function a(e,t,n){return en?n:e}function o(e){return 100*(-1+e)}function i(e,t,n){var a;return(a="translate3d"===r.positionUsing?{transform:"translate3d("+o(e)+"%,0,0)"}:"translate"===r.positionUsing?{transform:"translate("+o(e)+"%,0)"}:{"margin-left":o(e)+"%"}).transition="all "+t+"ms "+n,a}n.configure=function(e){var t,n;for(t in e)void 0!==(n=e[t])&&e.hasOwnProperty(t)&&(r[t]=n);return this},n.status=null,n.set=function(e){var t=n.isStarted();e=a(e,r.minimum,1),n.status=1===e?null:e;var o=n.render(!t),c=o.querySelector(r.barSelector),u=r.speed,d=r.easing;return o.offsetWidth,s((function(t){""===r.positionUsing&&(r.positionUsing=n.getPositioningCSS()),l(c,i(e,u,d)),1===e?(l(o,{transition:"none",opacity:1}),o.offsetWidth,setTimeout((function(){l(o,{transition:"all "+u+"ms linear",opacity:0}),setTimeout((function(){n.remove(),t()}),u)}),u)):setTimeout(t,u)})),this},n.isStarted=function(){return"number"==typeof n.status},n.start=function(){n.status||n.set(0);var e=function(){setTimeout((function(){n.status&&(n.trickle(),e())}),r.trickleSpeed)};return r.trickle&&e(),this},n.done=function(e){return e||n.status?n.inc(.3+.5*Math.random()).set(1):this},n.inc=function(e){var t=n.status;return t?("number"!=typeof e&&(e=(1-t)*a(Math.random()*t,.1,.95)),t=a(t+e,0,.994),n.set(t)):n.start()},n.trickle=function(){return n.inc(Math.random()*r.trickleRate)},e=0,t=0,n.promise=function(r){return r&&"resolved"!==r.state()?(0===t&&n.start(),e++,t++,r.always((function(){0==--t?(e=0,n.done()):n.set((e-t)/e)})),this):this},n.render=function(e){if(n.isRendered())return document.getElementById("nprogress");u(document.documentElement,"nprogress-busy");var t=document.createElement("div");t.id="nprogress",t.innerHTML=r.template;var a,i=t.querySelector(r.barSelector),s=e?"-100":o(n.status||0),c=document.querySelector(r.parent);return l(i,{transition:"all 0 linear",transform:"translate3d("+s+"%,0,0)"}),r.showSpinner||(a=t.querySelector(r.spinnerSelector))&&f(a),c!=document.body&&u(c,"nprogress-custom-parent"),c.appendChild(t),t},n.remove=function(){d(document.documentElement,"nprogress-busy"),d(document.querySelector(r.parent),"nprogress-custom-parent");var e=document.getElementById("nprogress");e&&f(e)},n.isRendered=function(){return!!document.getElementById("nprogress")},n.getPositioningCSS=function(){var e=document.body.style,t="WebkitTransform"in e?"Webkit":"MozTransform"in e?"Moz":"msTransform"in e?"ms":"OTransform"in e?"O":"";return t+"Perspective"in e?"translate3d":t+"Transform"in e?"translate":"margin"};var s=function(){var e=[];function t(){var n=e.shift();n&&n(t)}return function(n){e.push(n),1==e.length&&t()}}(),l=function(){var e=["Webkit","O","Moz","ms"],t={};function n(e){return e.replace(/^-ms-/,"ms-").replace(/-([\da-z])/gi,(function(e,t){return t.toUpperCase()}))}function r(t){var n=document.body.style;if(t in n)return t;for(var r,a=e.length,o=t.charAt(0).toUpperCase()+t.slice(1);a--;)if((r=e[a]+o)in n)return r;return t}function a(e){return e=n(e),t[e]||(t[e]=r(e))}function o(e,t,n){t=a(t),e.style[t]=n}return function(e,t){var n,r,a=arguments;if(2==a.length)for(n in t)void 0!==(r=t[n])&&t.hasOwnProperty(n)&&o(e,n,r);else o(e,a[1],a[2])}}();function c(e,t){return("string"==typeof e?e:p(e)).indexOf(" "+t+" ")>=0}function u(e,t){var n=p(e),r=n+t;c(n,t)||(e.className=r.substring(1))}function d(e,t){var n,r=p(e);c(e,t)&&(n=r.replace(" "+t+" "," "),e.className=n.substring(1,n.length-1))}function p(e){return(" "+(e.className||"")+" ").replace(/\s+/gi," ")}function f(e){e&&e.parentNode&&e.parentNode.removeChild(e)}return n},void 0===(a="function"==typeof r?r.call(t,n,t,e):r)||(e.exports=a)},7418:e=>{"use strict";var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,r=Object.prototype.propertyIsEnumerable;e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map((function(e){return t[e]})).join(""))return!1;var r={};return"abcdefghijklmnopqrst".split("").forEach((function(e){r[e]=e})),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},r)).join("")}catch(a){return!1}}()?Object.assign:function(e,a){for(var o,i,s=function(e){if(null==e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}(e),l=1;l{var r=n(5826);e.exports=f,e.exports.parse=o,e.exports.compile=function(e,t){return s(o(e,t),t)},e.exports.tokensToFunction=s,e.exports.tokensToRegExp=p;var a=new RegExp(["(\\\\.)","([\\/.])?(?:(?:\\:(\\w+)(?:\\(((?:\\\\.|[^\\\\()])+)\\))?|\\(((?:\\\\.|[^\\\\()])+)\\))([+*?])?|(\\*))"].join("|"),"g");function o(e,t){for(var n,r=[],o=0,i=0,s="",u=t&&t.delimiter||"/";null!=(n=a.exec(e));){var d=n[0],p=n[1],f=n.index;if(s+=e.slice(i,f),i=f+d.length,p)s+=p[1];else{var m=e[i],g=n[2],h=n[3],b=n[4],v=n[5],y=n[6],w=n[7];s&&(r.push(s),s="");var k=null!=g&&null!=m&&m!==g,S="+"===y||"*"===y,E="?"===y||"*"===y,_=n[2]||u,x=b||v;r.push({name:h||o++,prefix:g||"",delimiter:_,optional:E,repeat:S,partial:k,asterisk:!!w,pattern:x?c(x):w?".*":"[^"+l(_)+"]+?"})}}return i{"use strict";n.d(t,{Z:()=>o});var r=function(){var e=/(?:^|\s)lang(?:uage)?-([\w-]+)(?=\s|$)/i,t=0,n={},r={util:{encode:function e(t){return t instanceof a?new a(t.type,e(t.content),t.alias):Array.isArray(t)?t.map(e):t.replace(/&/g,"&").replace(/=d.reach);E+=S.value.length,S=S.next){var _=S.value;if(t.length>e.length)return;if(!(_ instanceof a)){var x,C=1;if(v){if(!(x=o(k,E,e,b))||x.index>=e.length)break;var T=x.index,L=x.index+x[0].length,A=E;for(A+=S.value.length;T>=A;)A+=(S=S.next).value.length;if(E=A-=S.value.length,S.value instanceof a)continue;for(var P=S;P!==t.tail&&(Ad.reach&&(d.reach=I);var D=S.prev;if(N&&(D=l(t,D,N),E+=N.length),c(t,D,C),S=l(t,D,new a(p,h?r.tokenize(R,h):R,y,R)),O&&l(t,S,O),C>1){var M={cause:p+","+m,reach:I};i(e,t,n,S.prev,E,M),d&&M.reach>d.reach&&(d.reach=M.reach)}}}}}}function s(){var e={value:null,prev:null,next:null},t={value:null,prev:e,next:null};e.next=t,this.head=e,this.tail=t,this.length=0}function l(e,t,n){var r=t.next,a={value:n,prev:t,next:r};return t.next=a,r.prev=a,e.length++,a}function c(e,t,n){for(var r=t.next,a=0;a"+o.content+""},r}(),a=r;r.default=r,a.languages.markup={comment:{pattern://,greedy:!0},prolog:{pattern:/<\?[\s\S]+?\?>/,greedy:!0},doctype:{pattern:/"'[\]]|"[^"]*"|'[^']*')+(?:\[(?:[^<"'\]]|"[^"]*"|'[^']*'|<(?!!--)|)*\]\s*)?>/i,greedy:!0,inside:{"internal-subset":{pattern:/(^[^\[]*\[)[\s\S]+(?=\]>$)/,lookbehind:!0,greedy:!0,inside:null},string:{pattern:/"[^"]*"|'[^']*'/,greedy:!0},punctuation:/^$|[[\]]/,"doctype-tag":/^DOCTYPE/i,name:/[^\s<>'"]+/}},cdata:{pattern://i,greedy:!0},tag:{pattern:/<\/?(?!\d)[^\s>\/=$<%]+(?:\s(?:\s*[^\s>\/=]+(?:\s*=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+(?=[\s>]))|(?=[\s/>])))+)?\s*\/?>/,greedy:!0,inside:{tag:{pattern:/^<\/?[^\s>\/]+/,inside:{punctuation:/^<\/?/,namespace:/^[^\s>\/:]+:/}},"special-attr":[],"attr-value":{pattern:/=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+)/,inside:{punctuation:[{pattern:/^=/,alias:"attr-equals"},/"|'/]}},punctuation:/\/?>/,"attr-name":{pattern:/[^\s>\/]+/,inside:{namespace:/^[^\s>\/:]+:/}}}},entity:[{pattern:/&[\da-z]{1,8};/i,alias:"named-entity"},/&#x?[\da-f]{1,8};/i]},a.languages.markup.tag.inside["attr-value"].inside.entity=a.languages.markup.entity,a.languages.markup.doctype.inside["internal-subset"].inside=a.languages.markup,a.hooks.add("wrap",(function(e){"entity"===e.type&&(e.attributes.title=e.content.replace(/&/,"&"))})),Object.defineProperty(a.languages.markup.tag,"addInlined",{value:function(e,t){var n={};n["language-"+t]={pattern:/(^$)/i,lookbehind:!0,inside:a.languages[t]},n.cdata=/^$/i;var r={"included-cdata":{pattern://i,inside:n}};r["language-"+t]={pattern:/[\s\S]+/,inside:a.languages[t]};var o={};o[e]={pattern:RegExp(/(<__[^>]*>)(?:))*\]\]>|(?!)/.source.replace(/__/g,(function(){return e})),"i"),lookbehind:!0,greedy:!0,inside:r},a.languages.insertBefore("markup","cdata",o)}}),Object.defineProperty(a.languages.markup.tag,"addAttribute",{value:function(e,t){a.languages.markup.tag.inside["special-attr"].push({pattern:RegExp(/(^|["'\s])/.source+"(?:"+e+")"+/\s*=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+(?=[\s>]))/.source,"i"),lookbehind:!0,inside:{"attr-name":/^[^\s=]+/,"attr-value":{pattern:/=[\s\S]+/,inside:{value:{pattern:/(^=\s*(["']|(?!["'])))\S[\s\S]*(?=\2$)/,lookbehind:!0,alias:[t,"language-"+t],inside:a.languages[t]},punctuation:[{pattern:/^=/,alias:"attr-equals"},/"|'/]}}}})}}),a.languages.html=a.languages.markup,a.languages.mathml=a.languages.markup,a.languages.svg=a.languages.markup,a.languages.xml=a.languages.extend("markup",{}),a.languages.ssml=a.languages.xml,a.languages.atom=a.languages.xml,a.languages.rss=a.languages.xml,function(e){var t="\\b(?:BASH|BASHOPTS|BASH_ALIASES|BASH_ARGC|BASH_ARGV|BASH_CMDS|BASH_COMPLETION_COMPAT_DIR|BASH_LINENO|BASH_REMATCH|BASH_SOURCE|BASH_VERSINFO|BASH_VERSION|COLORTERM|COLUMNS|COMP_WORDBREAKS|DBUS_SESSION_BUS_ADDRESS|DEFAULTS_PATH|DESKTOP_SESSION|DIRSTACK|DISPLAY|EUID|GDMSESSION|GDM_LANG|GNOME_KEYRING_CONTROL|GNOME_KEYRING_PID|GPG_AGENT_INFO|GROUPS|HISTCONTROL|HISTFILE|HISTFILESIZE|HISTSIZE|HOME|HOSTNAME|HOSTTYPE|IFS|INSTANCE|JOB|LANG|LANGUAGE|LC_ADDRESS|LC_ALL|LC_IDENTIFICATION|LC_MEASUREMENT|LC_MONETARY|LC_NAME|LC_NUMERIC|LC_PAPER|LC_TELEPHONE|LC_TIME|LESSCLOSE|LESSOPEN|LINES|LOGNAME|LS_COLORS|MACHTYPE|MAILCHECK|MANDATORY_PATH|NO_AT_BRIDGE|OLDPWD|OPTERR|OPTIND|ORBIT_SOCKETDIR|OSTYPE|PAPERSIZE|PATH|PIPESTATUS|PPID|PS1|PS2|PS3|PS4|PWD|RANDOM|REPLY|SECONDS|SELINUX_INIT|SESSION|SESSIONTYPE|SESSION_MANAGER|SHELL|SHELLOPTS|SHLVL|SSH_AUTH_SOCK|TERM|UID|UPSTART_EVENTS|UPSTART_INSTANCE|UPSTART_JOB|UPSTART_SESSION|USER|WINDOWID|XAUTHORITY|XDG_CONFIG_DIRS|XDG_CURRENT_DESKTOP|XDG_DATA_DIRS|XDG_GREETER_DATA_DIR|XDG_MENU_PREFIX|XDG_RUNTIME_DIR|XDG_SEAT|XDG_SEAT_PATH|XDG_SESSION_DESKTOP|XDG_SESSION_ID|XDG_SESSION_PATH|XDG_SESSION_TYPE|XDG_VTNR|XMODIFIERS)\\b",n={pattern:/(^(["']?)\w+\2)[ \t]+\S.*/,lookbehind:!0,alias:"punctuation",inside:null},r={bash:n,environment:{pattern:RegExp("\\$"+t),alias:"constant"},variable:[{pattern:/\$?\(\([\s\S]+?\)\)/,greedy:!0,inside:{variable:[{pattern:/(^\$\(\([\s\S]+)\)\)/,lookbehind:!0},/^\$\(\(/],number:/\b0x[\dA-Fa-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:[Ee]-?\d+)?/,operator:/--|\+\+|\*\*=?|<<=?|>>=?|&&|\|\||[=!+\-*/%<>^&|]=?|[?~:]/,punctuation:/\(\(?|\)\)?|,|;/}},{pattern:/\$\((?:\([^)]+\)|[^()])+\)|`[^`]+`/,greedy:!0,inside:{variable:/^\$\(|^`|\)$|`$/}},{pattern:/\$\{[^}]+\}/,greedy:!0,inside:{operator:/:[-=?+]?|[!\/]|##?|%%?|\^\^?|,,?/,punctuation:/[\[\]]/,environment:{pattern:RegExp("(\\{)"+t),lookbehind:!0,alias:"constant"}}},/\$(?:\w+|[#?*!@$])/],entity:/\\(?:[abceEfnrtv\\"]|O?[0-7]{1,3}|U[0-9a-fA-F]{8}|u[0-9a-fA-F]{4}|x[0-9a-fA-F]{1,2})/};e.languages.bash={shebang:{pattern:/^#!\s*\/.*/,alias:"important"},comment:{pattern:/(^|[^"{\\$])#.*/,lookbehind:!0},"function-name":[{pattern:/(\bfunction\s+)[\w-]+(?=(?:\s*\(?:\s*\))?\s*\{)/,lookbehind:!0,alias:"function"},{pattern:/\b[\w-]+(?=\s*\(\s*\)\s*\{)/,alias:"function"}],"for-or-select":{pattern:/(\b(?:for|select)\s+)\w+(?=\s+in\s)/,alias:"variable",lookbehind:!0},"assign-left":{pattern:/(^|[\s;|&]|[<>]\()\w+(?=\+?=)/,inside:{environment:{pattern:RegExp("(^|[\\s;|&]|[<>]\\()"+t),lookbehind:!0,alias:"constant"}},alias:"variable",lookbehind:!0},string:[{pattern:/((?:^|[^<])<<-?\s*)(\w+)\s[\s\S]*?(?:\r?\n|\r)\2/,lookbehind:!0,greedy:!0,inside:r},{pattern:/((?:^|[^<])<<-?\s*)(["'])(\w+)\2\s[\s\S]*?(?:\r?\n|\r)\3/,lookbehind:!0,greedy:!0,inside:{bash:n}},{pattern:/(^|[^\\](?:\\\\)*)"(?:\\[\s\S]|\$\([^)]+\)|\$(?!\()|`[^`]+`|[^"\\`$])*"/,lookbehind:!0,greedy:!0,inside:r},{pattern:/(^|[^$\\])'[^']*'/,lookbehind:!0,greedy:!0},{pattern:/\$'(?:[^'\\]|\\[\s\S])*'/,greedy:!0,inside:{entity:r.entity}}],environment:{pattern:RegExp("\\$?"+t),alias:"constant"},variable:r.variable,function:{pattern:/(^|[\s;|&]|[<>]\()(?:add|apropos|apt|apt-cache|apt-get|aptitude|aspell|automysqlbackup|awk|basename|bash|bc|bconsole|bg|bzip2|cal|cat|cfdisk|chgrp|chkconfig|chmod|chown|chroot|cksum|clear|cmp|column|comm|composer|cp|cron|crontab|csplit|curl|cut|date|dc|dd|ddrescue|debootstrap|df|diff|diff3|dig|dir|dircolors|dirname|dirs|dmesg|docker|docker-compose|du|egrep|eject|env|ethtool|expand|expect|expr|fdformat|fdisk|fg|fgrep|file|find|fmt|fold|format|free|fsck|ftp|fuser|gawk|git|gparted|grep|groupadd|groupdel|groupmod|groups|grub-mkconfig|gzip|halt|head|hg|history|host|hostname|htop|iconv|id|ifconfig|ifdown|ifup|import|install|ip|jobs|join|kill|killall|less|link|ln|locate|logname|logrotate|look|lpc|lpr|lprint|lprintd|lprintq|lprm|ls|lsof|lynx|make|man|mc|mdadm|mkconfig|mkdir|mke2fs|mkfifo|mkfs|mkisofs|mknod|mkswap|mmv|more|most|mount|mtools|mtr|mutt|mv|nano|nc|netstat|nice|nl|node|nohup|notify-send|npm|nslookup|op|open|parted|passwd|paste|pathchk|ping|pkill|pnpm|podman|podman-compose|popd|pr|printcap|printenv|ps|pushd|pv|quota|quotacheck|quotactl|ram|rar|rcp|reboot|remsync|rename|renice|rev|rm|rmdir|rpm|rsync|scp|screen|sdiff|sed|sendmail|seq|service|sftp|sh|shellcheck|shuf|shutdown|sleep|slocate|sort|split|ssh|stat|strace|su|sudo|sum|suspend|swapon|sync|tac|tail|tar|tee|time|timeout|top|touch|tr|traceroute|tsort|tty|umount|uname|unexpand|uniq|units|unrar|unshar|unzip|update-grub|uptime|useradd|userdel|usermod|users|uudecode|uuencode|v|vcpkg|vdir|vi|vim|virsh|vmstat|wait|watch|wc|wget|whereis|which|who|whoami|write|xargs|xdg-open|yarn|yes|zenity|zip|zsh|zypper)(?=$|[)\s;|&])/,lookbehind:!0},keyword:{pattern:/(^|[\s;|&]|[<>]\()(?:case|do|done|elif|else|esac|fi|for|function|if|in|select|then|until|while)(?=$|[)\s;|&])/,lookbehind:!0},builtin:{pattern:/(^|[\s;|&]|[<>]\()(?:\.|:|alias|bind|break|builtin|caller|cd|command|continue|declare|echo|enable|eval|exec|exit|export|getopts|hash|help|let|local|logout|mapfile|printf|pwd|read|readarray|readonly|return|set|shift|shopt|source|test|times|trap|type|typeset|ulimit|umask|unalias|unset)(?=$|[)\s;|&])/,lookbehind:!0,alias:"class-name"},boolean:{pattern:/(^|[\s;|&]|[<>]\()(?:false|true)(?=$|[)\s;|&])/,lookbehind:!0},"file-descriptor":{pattern:/\B&\d\b/,alias:"important"},operator:{pattern:/\d?<>|>\||\+=|=[=~]?|!=?|<<[<-]?|[&\d]?>>|\d[<>]&?|[<>][&=]?|&[>&]?|\|[&|]?/,inside:{"file-descriptor":{pattern:/^\d/,alias:"important"}}},punctuation:/\$?\(\(?|\)\)?|\.\.|[{}[\];\\]/,number:{pattern:/(^|\s)(?:[1-9]\d*|0)(?:[.,]\d+)?\b/,lookbehind:!0}},n.inside=e.languages.bash;for(var a=["comment","function-name","for-or-select","assign-left","string","environment","function","keyword","builtin","boolean","file-descriptor","operator","punctuation","number"],o=r.variable[1].inside,i=0;i]=?|[!=]=?=?|--?|\+\+?|&&?|\|\|?|[?*/~^%]/,punctuation:/[{}[\];(),.:]/},a.languages.c=a.languages.extend("clike",{comment:{pattern:/\/\/(?:[^\r\n\\]|\\(?:\r\n?|\n|(?![\r\n])))*|\/\*[\s\S]*?(?:\*\/|$)/,greedy:!0},string:{pattern:/"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"/,greedy:!0},"class-name":{pattern:/(\b(?:enum|struct)\s+(?:__attribute__\s*\(\([\s\S]*?\)\)\s*)?)\w+|\b[a-z]\w*_t\b/,lookbehind:!0},keyword:/\b(?:_Alignas|_Alignof|_Atomic|_Bool|_Complex|_Generic|_Imaginary|_Noreturn|_Static_assert|_Thread_local|__attribute__|asm|auto|break|case|char|const|continue|default|do|double|else|enum|extern|float|for|goto|if|inline|int|long|register|return|short|signed|sizeof|static|struct|switch|typedef|typeof|union|unsigned|void|volatile|while)\b/,function:/\b[a-z_]\w*(?=\s*\()/i,number:/(?:\b0x(?:[\da-f]+(?:\.[\da-f]*)?|\.[\da-f]+)(?:p[+-]?\d+)?|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:e[+-]?\d+)?)[ful]{0,4}/i,operator:/>>=?|<<=?|->|([-+&|:])\1|[?:~]|[-+*/%&|^!=<>]=?/}),a.languages.insertBefore("c","string",{char:{pattern:/'(?:\\(?:\r\n|[\s\S])|[^'\\\r\n]){0,32}'/,greedy:!0}}),a.languages.insertBefore("c","string",{macro:{pattern:/(^[\t ]*)#\s*[a-z](?:[^\r\n\\/]|\/(?!\*)|\/\*(?:[^*]|\*(?!\/))*\*\/|\\(?:\r\n|[\s\S]))*/im,lookbehind:!0,greedy:!0,alias:"property",inside:{string:[{pattern:/^(#\s*include\s*)<[^>]+>/,lookbehind:!0},a.languages.c.string],char:a.languages.c.char,comment:a.languages.c.comment,"macro-name":[{pattern:/(^#\s*define\s+)\w+\b(?!\()/i,lookbehind:!0},{pattern:/(^#\s*define\s+)\w+\b(?=\()/i,lookbehind:!0,alias:"function"}],directive:{pattern:/^(#\s*)[a-z]+/,lookbehind:!0,alias:"keyword"},"directive-hash":/^#/,punctuation:/##|\\(?=[\r\n])/,expression:{pattern:/\S[\s\S]*/,inside:a.languages.c}}}}),a.languages.insertBefore("c","function",{constant:/\b(?:EOF|NULL|SEEK_CUR|SEEK_END|SEEK_SET|__DATE__|__FILE__|__LINE__|__TIMESTAMP__|__TIME__|__func__|stderr|stdin|stdout)\b/}),delete a.languages.c.boolean,function(e){var t=/\b(?:alignas|alignof|asm|auto|bool|break|case|catch|char|char16_t|char32_t|char8_t|class|co_await|co_return|co_yield|compl|concept|const|const_cast|consteval|constexpr|constinit|continue|decltype|default|delete|do|double|dynamic_cast|else|enum|explicit|export|extern|final|float|for|friend|goto|if|import|inline|int|int16_t|int32_t|int64_t|int8_t|long|module|mutable|namespace|new|noexcept|nullptr|operator|override|private|protected|public|register|reinterpret_cast|requires|return|short|signed|sizeof|static|static_assert|static_cast|struct|switch|template|this|thread_local|throw|try|typedef|typeid|typename|uint16_t|uint32_t|uint64_t|uint8_t|union|unsigned|using|virtual|void|volatile|wchar_t|while)\b/,n=/\b(?!)\w+(?:\s*\.\s*\w+)*\b/.source.replace(//g,(function(){return t.source}));e.languages.cpp=e.languages.extend("c",{"class-name":[{pattern:RegExp(/(\b(?:class|concept|enum|struct|typename)\s+)(?!)\w+/.source.replace(//g,(function(){return t.source}))),lookbehind:!0},/\b[A-Z]\w*(?=\s*::\s*\w+\s*\()/,/\b[A-Z_]\w*(?=\s*::\s*~\w+\s*\()/i,/\b\w+(?=\s*<(?:[^<>]|<(?:[^<>]|<[^<>]*>)*>)*>\s*::\s*\w+\s*\()/],keyword:t,number:{pattern:/(?:\b0b[01']+|\b0x(?:[\da-f']+(?:\.[\da-f']*)?|\.[\da-f']+)(?:p[+-]?[\d']+)?|(?:\b[\d']+(?:\.[\d']*)?|\B\.[\d']+)(?:e[+-]?[\d']+)?)[ful]{0,4}/i,greedy:!0},operator:/>>=?|<<=?|->|--|\+\+|&&|\|\||[?:~]|<=>|[-+*/%&|^!=<>]=?|\b(?:and|and_eq|bitand|bitor|not|not_eq|or|or_eq|xor|xor_eq)\b/,boolean:/\b(?:false|true)\b/}),e.languages.insertBefore("cpp","string",{module:{pattern:RegExp(/(\b(?:import|module)\s+)/.source+"(?:"+/"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"|<[^<>\r\n]*>/.source+"|"+/(?:\s*:\s*)?|:\s*/.source.replace(//g,(function(){return n}))+")"),lookbehind:!0,greedy:!0,inside:{string:/^[<"][\s\S]+/,operator:/:/,punctuation:/\./}},"raw-string":{pattern:/R"([^()\\ ]{0,16})\([\s\S]*?\)\1"/,alias:"string",greedy:!0}}),e.languages.insertBefore("cpp","keyword",{"generic-function":{pattern:/\b(?!operator\b)[a-z_]\w*\s*<(?:[^<>]|<[^<>]*>)*>(?=\s*\()/i,inside:{function:/^\w+/,generic:{pattern:/<[\s\S]+/,alias:"class-name",inside:e.languages.cpp}}}}),e.languages.insertBefore("cpp","operator",{"double-colon":{pattern:/::/,alias:"punctuation"}}),e.languages.insertBefore("cpp","class-name",{"base-clause":{pattern:/(\b(?:class|struct)\s+\w+\s*:\s*)[^;{}"'\s]+(?:\s+[^;{}"'\s]+)*(?=\s*[;{])/,lookbehind:!0,greedy:!0,inside:e.languages.extend("cpp",{})}}),e.languages.insertBefore("inside","double-colon",{"class-name":/\b[a-z_]\w*\b(?!\s*::)/i},e.languages.cpp["base-clause"])}(a),function(e){var t=/(?:"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"|'(?:\\(?:\r\n|[\s\S])|[^'\\\r\n])*')/;e.languages.css={comment:/\/\*[\s\S]*?\*\//,atrule:{pattern:/@[\w-](?:[^;{\s]|\s+(?![\s{]))*(?:;|(?=\s*\{))/,inside:{rule:/^@[\w-]+/,"selector-function-argument":{pattern:/(\bselector\s*\(\s*(?![\s)]))(?:[^()\s]|\s+(?![\s)])|\((?:[^()]|\([^()]*\))*\))+(?=\s*\))/,lookbehind:!0,alias:"selector"},keyword:{pattern:/(^|[^\w-])(?:and|not|only|or)(?![\w-])/,lookbehind:!0}}},url:{pattern:RegExp("\\burl\\((?:"+t.source+"|"+/(?:[^\\\r\n()"']|\\[\s\S])*/.source+")\\)","i"),greedy:!0,inside:{function:/^url/i,punctuation:/^\(|\)$/,string:{pattern:RegExp("^"+t.source+"$"),alias:"url"}}},selector:{pattern:RegExp("(^|[{}\\s])[^{}\\s](?:[^{};\"'\\s]|\\s+(?![\\s{])|"+t.source+")*(?=\\s*\\{)"),lookbehind:!0},string:{pattern:t,greedy:!0},property:{pattern:/(^|[^-\w\xA0-\uFFFF])(?!\s)[-_a-z\xA0-\uFFFF](?:(?!\s)[-\w\xA0-\uFFFF])*(?=\s*:)/i,lookbehind:!0},important:/!important\b/i,function:{pattern:/(^|[^-a-z0-9])[-a-z0-9]+(?=\()/i,lookbehind:!0},punctuation:/[(){};:,]/},e.languages.css.atrule.inside.rest=e.languages.css;var n=e.languages.markup;n&&(n.tag.addInlined("style","css"),n.tag.addAttribute("style","css"))}(a),function(e){var t,n=/("|')(?:\\(?:\r\n|[\s\S])|(?!\1)[^\\\r\n])*\1/;e.languages.css.selector={pattern:e.languages.css.selector.pattern,lookbehind:!0,inside:t={"pseudo-element":/:(?:after|before|first-letter|first-line|selection)|::[-\w]+/,"pseudo-class":/:[-\w]+/,class:/\.[-\w]+/,id:/#[-\w]+/,attribute:{pattern:RegExp("\\[(?:[^[\\]\"']|"+n.source+")*\\]"),greedy:!0,inside:{punctuation:/^\[|\]$/,"case-sensitivity":{pattern:/(\s)[si]$/i,lookbehind:!0,alias:"keyword"},namespace:{pattern:/^(\s*)(?:(?!\s)[-*\w\xA0-\uFFFF])*\|(?!=)/,lookbehind:!0,inside:{punctuation:/\|$/}},"attr-name":{pattern:/^(\s*)(?:(?!\s)[-\w\xA0-\uFFFF])+/,lookbehind:!0},"attr-value":[n,{pattern:/(=\s*)(?:(?!\s)[-\w\xA0-\uFFFF])+(?=\s*$)/,lookbehind:!0}],operator:/[|~*^$]?=/}},"n-th":[{pattern:/(\(\s*)[+-]?\d*[\dn](?:\s*[+-]\s*\d+)?(?=\s*\))/,lookbehind:!0,inside:{number:/[\dn]+/,operator:/[+-]/}},{pattern:/(\(\s*)(?:even|odd)(?=\s*\))/i,lookbehind:!0}],combinator:/>|\+|~|\|\|/,punctuation:/[(),]/}},e.languages.css.atrule.inside["selector-function-argument"].inside=t,e.languages.insertBefore("css","property",{variable:{pattern:/(^|[^-\w\xA0-\uFFFF])--(?!\s)[-_a-z\xA0-\uFFFF](?:(?!\s)[-\w\xA0-\uFFFF])*/i,lookbehind:!0}});var r={pattern:/(\b\d+)(?:%|[a-z]+(?![\w-]))/,lookbehind:!0},a={pattern:/(^|[^\w.-])-?(?:\d+(?:\.\d+)?|\.\d+)/,lookbehind:!0};e.languages.insertBefore("css","function",{operator:{pattern:/(\s)[+\-*\/](?=\s)/,lookbehind:!0},hexcode:{pattern:/\B#[\da-f]{3,8}\b/i,alias:"color"},color:[{pattern:/(^|[^\w-])(?:AliceBlue|AntiqueWhite|Aqua|Aquamarine|Azure|Beige|Bisque|Black|BlanchedAlmond|Blue|BlueViolet|Brown|BurlyWood|CadetBlue|Chartreuse|Chocolate|Coral|CornflowerBlue|Cornsilk|Crimson|Cyan|DarkBlue|DarkCyan|DarkGoldenRod|DarkGr[ae]y|DarkGreen|DarkKhaki|DarkMagenta|DarkOliveGreen|DarkOrange|DarkOrchid|DarkRed|DarkSalmon|DarkSeaGreen|DarkSlateBlue|DarkSlateGr[ae]y|DarkTurquoise|DarkViolet|DeepPink|DeepSkyBlue|DimGr[ae]y|DodgerBlue|FireBrick|FloralWhite|ForestGreen|Fuchsia|Gainsboro|GhostWhite|Gold|GoldenRod|Gr[ae]y|Green|GreenYellow|HoneyDew|HotPink|IndianRed|Indigo|Ivory|Khaki|Lavender|LavenderBlush|LawnGreen|LemonChiffon|LightBlue|LightCoral|LightCyan|LightGoldenRodYellow|LightGr[ae]y|LightGreen|LightPink|LightSalmon|LightSeaGreen|LightSkyBlue|LightSlateGr[ae]y|LightSteelBlue|LightYellow|Lime|LimeGreen|Linen|Magenta|Maroon|MediumAquaMarine|MediumBlue|MediumOrchid|MediumPurple|MediumSeaGreen|MediumSlateBlue|MediumSpringGreen|MediumTurquoise|MediumVioletRed|MidnightBlue|MintCream|MistyRose|Moccasin|NavajoWhite|Navy|OldLace|Olive|OliveDrab|Orange|OrangeRed|Orchid|PaleGoldenRod|PaleGreen|PaleTurquoise|PaleVioletRed|PapayaWhip|PeachPuff|Peru|Pink|Plum|PowderBlue|Purple|Red|RosyBrown|RoyalBlue|SaddleBrown|Salmon|SandyBrown|SeaGreen|SeaShell|Sienna|Silver|SkyBlue|SlateBlue|SlateGr[ae]y|Snow|SpringGreen|SteelBlue|Tan|Teal|Thistle|Tomato|Transparent|Turquoise|Violet|Wheat|White|WhiteSmoke|Yellow|YellowGreen)(?![\w-])/i,lookbehind:!0},{pattern:/\b(?:hsl|rgb)\(\s*\d{1,3}\s*,\s*\d{1,3}%?\s*,\s*\d{1,3}%?\s*\)\B|\b(?:hsl|rgb)a\(\s*\d{1,3}\s*,\s*\d{1,3}%?\s*,\s*\d{1,3}%?\s*,\s*(?:0|0?\.\d+|1)\s*\)\B/i,inside:{unit:r,number:a,function:/[\w-]+(?=\()/,punctuation:/[(),]/}}],entity:/\\[\da-f]{1,8}/i,unit:r,number:a})}(a),a.languages.javascript=a.languages.extend("clike",{"class-name":[a.languages.clike["class-name"],{pattern:/(^|[^$\w\xA0-\uFFFF])(?!\s)[_$A-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\.(?:constructor|prototype))/,lookbehind:!0}],keyword:[{pattern:/((?:^|\})\s*)catch\b/,lookbehind:!0},{pattern:/(^|[^.]|\.\.\.\s*)\b(?:as|assert(?=\s*\{)|async(?=\s*(?:function\b|\(|[$\w\xA0-\uFFFF]|$))|await|break|case|class|const|continue|debugger|default|delete|do|else|enum|export|extends|finally(?=\s*(?:\{|$))|for|from(?=\s*(?:['"]|$))|function|(?:get|set)(?=\s*(?:[#\[$\w\xA0-\uFFFF]|$))|if|implements|import|in|instanceof|interface|let|new|null|of|package|private|protected|public|return|static|super|switch|this|throw|try|typeof|undefined|var|void|while|with|yield)\b/,lookbehind:!0}],function:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*(?:\.\s*(?:apply|bind|call)\s*)?\()/,number:{pattern:RegExp(/(^|[^\w$])/.source+"(?:"+/NaN|Infinity/.source+"|"+/0[bB][01]+(?:_[01]+)*n?/.source+"|"+/0[oO][0-7]+(?:_[0-7]+)*n?/.source+"|"+/0[xX][\dA-Fa-f]+(?:_[\dA-Fa-f]+)*n?/.source+"|"+/\d+(?:_\d+)*n/.source+"|"+/(?:\d+(?:_\d+)*(?:\.(?:\d+(?:_\d+)*)?)?|\.\d+(?:_\d+)*)(?:[Ee][+-]?\d+(?:_\d+)*)?/.source+")"+/(?![\w$])/.source),lookbehind:!0},operator:/--|\+\+|\*\*=?|=>|&&=?|\|\|=?|[!=]==|<<=?|>>>?=?|[-+*/%&|^!=<>]=?|\.{3}|\?\?=?|\?\.?|[~:]/}),a.languages.javascript["class-name"][0].pattern=/(\b(?:class|extends|implements|instanceof|interface|new)\s+)[\w.\\]+/,a.languages.insertBefore("javascript","keyword",{regex:{pattern:/((?:^|[^$\w\xA0-\uFFFF."'\])\s]|\b(?:return|yield))\s*)\/(?:\[(?:[^\]\\\r\n]|\\.)*\]|\\.|[^/\\\[\r\n])+\/[dgimyus]{0,7}(?=(?:\s|\/\*(?:[^*]|\*(?!\/))*\*\/)*(?:$|[\r\n,.;:})\]]|\/\/))/,lookbehind:!0,greedy:!0,inside:{"regex-source":{pattern:/^(\/)[\s\S]+(?=\/[a-z]*$)/,lookbehind:!0,alias:"language-regex",inside:a.languages.regex},"regex-delimiter":/^\/|\/$/,"regex-flags":/^[a-z]+$/}},"function-variable":{pattern:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*[=:]\s*(?:async\s*)?(?:\bfunction\b|(?:\((?:[^()]|\([^()]*\))*\)|(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*)\s*=>))/,alias:"function"},parameter:[{pattern:/(function(?:\s+(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*)?\s*\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\))/,lookbehind:!0,inside:a.languages.javascript},{pattern:/(^|[^$\w\xA0-\uFFFF])(?!\s)[_$a-z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*=>)/i,lookbehind:!0,inside:a.languages.javascript},{pattern:/(\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\)\s*=>)/,lookbehind:!0,inside:a.languages.javascript},{pattern:/((?:\b|\s|^)(?!(?:as|async|await|break|case|catch|class|const|continue|debugger|default|delete|do|else|enum|export|extends|finally|for|from|function|get|if|implements|import|in|instanceof|interface|let|new|null|of|package|private|protected|public|return|set|static|super|switch|this|throw|try|typeof|undefined|var|void|while|with|yield)(?![$\w\xA0-\uFFFF]))(?:(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*\s*)\(\s*|\]\s*\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\)\s*\{)/,lookbehind:!0,inside:a.languages.javascript}],constant:/\b[A-Z](?:[A-Z_]|\dx?)*\b/}),a.languages.insertBefore("javascript","string",{hashbang:{pattern:/^#!.*/,greedy:!0,alias:"comment"},"template-string":{pattern:/`(?:\\[\s\S]|\$\{(?:[^{}]|\{(?:[^{}]|\{[^}]*\})*\})+\}|(?!\$\{)[^\\`])*`/,greedy:!0,inside:{"template-punctuation":{pattern:/^`|`$/,alias:"string"},interpolation:{pattern:/((?:^|[^\\])(?:\\{2})*)\$\{(?:[^{}]|\{(?:[^{}]|\{[^}]*\})*\})+\}/,lookbehind:!0,inside:{"interpolation-punctuation":{pattern:/^\$\{|\}$/,alias:"punctuation"},rest:a.languages.javascript}},string:/[\s\S]+/}},"string-property":{pattern:/((?:^|[,{])[ \t]*)(["'])(?:\\(?:\r\n|[\s\S])|(?!\2)[^\\\r\n])*\2(?=\s*:)/m,lookbehind:!0,greedy:!0,alias:"property"}}),a.languages.insertBefore("javascript","operator",{"literal-property":{pattern:/((?:^|[,{])[ \t]*)(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*:)/m,lookbehind:!0,alias:"property"}}),a.languages.markup&&(a.languages.markup.tag.addInlined("script","javascript"),a.languages.markup.tag.addAttribute(/on(?:abort|blur|change|click|composition(?:end|start|update)|dblclick|error|focus(?:in|out)?|key(?:down|up)|load|mouse(?:down|enter|leave|move|out|over|up)|reset|resize|scroll|select|slotchange|submit|unload|wheel)/.source,"javascript")),a.languages.js=a.languages.javascript,function(e){var t=/#(?!\{).+/,n={pattern:/#\{[^}]+\}/,alias:"variable"};e.languages.coffeescript=e.languages.extend("javascript",{comment:t,string:[{pattern:/'(?:\\[\s\S]|[^\\'])*'/,greedy:!0},{pattern:/"(?:\\[\s\S]|[^\\"])*"/,greedy:!0,inside:{interpolation:n}}],keyword:/\b(?:and|break|by|catch|class|continue|debugger|delete|do|each|else|extend|extends|false|finally|for|if|in|instanceof|is|isnt|let|loop|namespace|new|no|not|null|of|off|on|or|own|return|super|switch|then|this|throw|true|try|typeof|undefined|unless|until|when|while|window|with|yes|yield)\b/,"class-member":{pattern:/@(?!\d)\w+/,alias:"variable"}}),e.languages.insertBefore("coffeescript","comment",{"multiline-comment":{pattern:/###[\s\S]+?###/,alias:"comment"},"block-regex":{pattern:/\/{3}[\s\S]*?\/{3}/,alias:"regex",inside:{comment:t,interpolation:n}}}),e.languages.insertBefore("coffeescript","string",{"inline-javascript":{pattern:/`(?:\\[\s\S]|[^\\`])*`/,inside:{delimiter:{pattern:/^`|`$/,alias:"punctuation"},script:{pattern:/[\s\S]+/,alias:"language-javascript",inside:e.languages.javascript}}},"multiline-string":[{pattern:/'''[\s\S]*?'''/,greedy:!0,alias:"string"},{pattern:/"""[\s\S]*?"""/,greedy:!0,alias:"string",inside:{interpolation:n}}]}),e.languages.insertBefore("coffeescript","keyword",{property:/(?!\d)\w+(?=\s*:(?!:))/}),delete e.languages.coffeescript["template-string"],e.languages.coffee=e.languages.coffeescript}(a),function(e){var t=/[*&][^\s[\]{},]+/,n=/!(?:<[\w\-%#;/?:@&=+$,.!~*'()[\]]+>|(?:[a-zA-Z\d-]*!)?[\w\-%#;/?:@&=+$.~*'()]+)?/,r="(?:"+n.source+"(?:[ \t]+"+t.source+")?|"+t.source+"(?:[ \t]+"+n.source+")?)",a=/(?:[^\s\x00-\x08\x0e-\x1f!"#%&'*,\-:>?@[\]`{|}\x7f-\x84\x86-\x9f\ud800-\udfff\ufffe\uffff]|[?:-])(?:[ \t]*(?:(?![#:])|:))*/.source.replace(//g,(function(){return/[^\s\x00-\x08\x0e-\x1f,[\]{}\x7f-\x84\x86-\x9f\ud800-\udfff\ufffe\uffff]/.source})),o=/"(?:[^"\\\r\n]|\\.)*"|'(?:[^'\\\r\n]|\\.)*'/.source;function i(e,t){t=(t||"").replace(/m/g,"")+"m";var n=/([:\-,[{]\s*(?:\s<>[ \t]+)?)(?:<>)(?=[ \t]*(?:$|,|\]|\}|(?:[\r\n]\s*)?#))/.source.replace(/<>/g,(function(){return r})).replace(/<>/g,(function(){return e}));return RegExp(n,t)}e.languages.yaml={scalar:{pattern:RegExp(/([\-:]\s*(?:\s<>[ \t]+)?[|>])[ \t]*(?:((?:\r?\n|\r)[ \t]+)\S[^\r\n]*(?:\2[^\r\n]+)*)/.source.replace(/<>/g,(function(){return r}))),lookbehind:!0,alias:"string"},comment:/#.*/,key:{pattern:RegExp(/((?:^|[:\-,[{\r\n?])[ \t]*(?:<>[ \t]+)?)<>(?=\s*:\s)/.source.replace(/<>/g,(function(){return r})).replace(/<>/g,(function(){return"(?:"+a+"|"+o+")"}))),lookbehind:!0,greedy:!0,alias:"atrule"},directive:{pattern:/(^[ \t]*)%.+/m,lookbehind:!0,alias:"important"},datetime:{pattern:i(/\d{4}-\d\d?-\d\d?(?:[tT]|[ \t]+)\d\d?:\d{2}:\d{2}(?:\.\d*)?(?:[ \t]*(?:Z|[-+]\d\d?(?::\d{2})?))?|\d{4}-\d{2}-\d{2}|\d\d?:\d{2}(?::\d{2}(?:\.\d*)?)?/.source),lookbehind:!0,alias:"number"},boolean:{pattern:i(/false|true/.source,"i"),lookbehind:!0,alias:"important"},null:{pattern:i(/null|~/.source,"i"),lookbehind:!0,alias:"important"},string:{pattern:i(o),lookbehind:!0,greedy:!0},number:{pattern:i(/[+-]?(?:0x[\da-f]+|0o[0-7]+|(?:\d+(?:\.\d*)?|\.\d+)(?:e[+-]?\d+)?|\.inf|\.nan)/.source,"i"),lookbehind:!0},tag:n,important:t,punctuation:/---|[:[\]{}\-,|>?]|\.\.\./},e.languages.yml=e.languages.yaml}(a),function(e){var t=/(?:\\.|[^\\\n\r]|(?:\n|\r\n?)(?![\r\n]))/.source;function n(e){return e=e.replace(//g,(function(){return t})),RegExp(/((?:^|[^\\])(?:\\{2})*)/.source+"(?:"+e+")")}var r=/(?:\\.|``(?:[^`\r\n]|`(?!`))+``|`[^`\r\n]+`|[^\\|\r\n`])+/.source,a=/\|?__(?:\|__)+\|?(?:(?:\n|\r\n?)|(?![\s\S]))/.source.replace(/__/g,(function(){return r})),o=/\|?[ \t]*:?-{3,}:?[ \t]*(?:\|[ \t]*:?-{3,}:?[ \t]*)+\|?(?:\n|\r\n?)/.source;e.languages.markdown=e.languages.extend("markup",{}),e.languages.insertBefore("markdown","prolog",{"front-matter-block":{pattern:/(^(?:\s*[\r\n])?)---(?!.)[\s\S]*?[\r\n]---(?!.)/,lookbehind:!0,greedy:!0,inside:{punctuation:/^---|---$/,"front-matter":{pattern:/\S+(?:\s+\S+)*/,alias:["yaml","language-yaml"],inside:e.languages.yaml}}},blockquote:{pattern:/^>(?:[\t ]*>)*/m,alias:"punctuation"},table:{pattern:RegExp("^"+a+o+"(?:"+a+")*","m"),inside:{"table-data-rows":{pattern:RegExp("^("+a+o+")(?:"+a+")*$"),lookbehind:!0,inside:{"table-data":{pattern:RegExp(r),inside:e.languages.markdown},punctuation:/\|/}},"table-line":{pattern:RegExp("^("+a+")"+o+"$"),lookbehind:!0,inside:{punctuation:/\||:?-{3,}:?/}},"table-header-row":{pattern:RegExp("^"+a+"$"),inside:{"table-header":{pattern:RegExp(r),alias:"important",inside:e.languages.markdown},punctuation:/\|/}}}},code:[{pattern:/((?:^|\n)[ \t]*\n|(?:^|\r\n?)[ \t]*\r\n?)(?: {4}|\t).+(?:(?:\n|\r\n?)(?: {4}|\t).+)*/,lookbehind:!0,alias:"keyword"},{pattern:/^```[\s\S]*?^```$/m,greedy:!0,inside:{"code-block":{pattern:/^(```.*(?:\n|\r\n?))[\s\S]+?(?=(?:\n|\r\n?)^```$)/m,lookbehind:!0},"code-language":{pattern:/^(```).+/,lookbehind:!0},punctuation:/```/}}],title:[{pattern:/\S.*(?:\n|\r\n?)(?:==+|--+)(?=[ \t]*$)/m,alias:"important",inside:{punctuation:/==+$|--+$/}},{pattern:/(^\s*)#.+/m,lookbehind:!0,alias:"important",inside:{punctuation:/^#+|#+$/}}],hr:{pattern:/(^\s*)([*-])(?:[\t ]*\2){2,}(?=\s*$)/m,lookbehind:!0,alias:"punctuation"},list:{pattern:/(^\s*)(?:[*+-]|\d+\.)(?=[\t ].)/m,lookbehind:!0,alias:"punctuation"},"url-reference":{pattern:/!?\[[^\]]+\]:[\t ]+(?:\S+|<(?:\\.|[^>\\])+>)(?:[\t ]+(?:"(?:\\.|[^"\\])*"|'(?:\\.|[^'\\])*'|\((?:\\.|[^)\\])*\)))?/,inside:{variable:{pattern:/^(!?\[)[^\]]+/,lookbehind:!0},string:/(?:"(?:\\.|[^"\\])*"|'(?:\\.|[^'\\])*'|\((?:\\.|[^)\\])*\))$/,punctuation:/^[\[\]!:]|[<>]/},alias:"url"},bold:{pattern:n(/\b__(?:(?!_)|_(?:(?!_))+_)+__\b|\*\*(?:(?!\*)|\*(?:(?!\*))+\*)+\*\*/.source),lookbehind:!0,greedy:!0,inside:{content:{pattern:/(^..)[\s\S]+(?=..$)/,lookbehind:!0,inside:{}},punctuation:/\*\*|__/}},italic:{pattern:n(/\b_(?:(?!_)|__(?:(?!_))+__)+_\b|\*(?:(?!\*)|\*\*(?:(?!\*))+\*\*)+\*/.source),lookbehind:!0,greedy:!0,inside:{content:{pattern:/(^.)[\s\S]+(?=.$)/,lookbehind:!0,inside:{}},punctuation:/[*_]/}},strike:{pattern:n(/(~~?)(?:(?!~))+\2/.source),lookbehind:!0,greedy:!0,inside:{content:{pattern:/(^~~?)[\s\S]+(?=\1$)/,lookbehind:!0,inside:{}},punctuation:/~~?/}},"code-snippet":{pattern:/(^|[^\\`])(?:``[^`\r\n]+(?:`[^`\r\n]+)*``(?!`)|`[^`\r\n]+`(?!`))/,lookbehind:!0,greedy:!0,alias:["code","keyword"]},url:{pattern:n(/!?\[(?:(?!\]))+\](?:\([^\s)]+(?:[\t ]+"(?:\\.|[^"\\])*")?\)|[ \t]?\[(?:(?!\]))+\])/.source),lookbehind:!0,greedy:!0,inside:{operator:/^!/,content:{pattern:/(^\[)[^\]]+(?=\])/,lookbehind:!0,inside:{}},variable:{pattern:/(^\][ \t]?\[)[^\]]+(?=\]$)/,lookbehind:!0},url:{pattern:/(^\]\()[^\s)]+/,lookbehind:!0},string:{pattern:/(^[ \t]+)"(?:\\.|[^"\\])*"(?=\)$)/,lookbehind:!0}}}}),["url","bold","italic","strike"].forEach((function(t){["url","bold","italic","strike","code-snippet"].forEach((function(n){t!==n&&(e.languages.markdown[t].inside.content.inside[n]=e.languages.markdown[n])}))})),e.hooks.add("after-tokenize",(function(e){"markdown"!==e.language&&"md"!==e.language||function e(t){if(t&&"string"!=typeof t)for(var n=0,r=t.length;n",quot:'"'},l=String.fromCodePoint||String.fromCharCode;e.languages.md=e.languages.markdown}(a),a.languages.graphql={comment:/#.*/,description:{pattern:/(?:"""(?:[^"]|(?!""")")*"""|"(?:\\.|[^\\"\r\n])*")(?=\s*[a-z_])/i,greedy:!0,alias:"string",inside:{"language-markdown":{pattern:/(^"(?:"")?)(?!\1)[\s\S]+(?=\1$)/,lookbehind:!0,inside:a.languages.markdown}}},string:{pattern:/"""(?:[^"]|(?!""")")*"""|"(?:\\.|[^\\"\r\n])*"/,greedy:!0},number:/(?:\B-|\b)\d+(?:\.\d+)?(?:e[+-]?\d+)?\b/i,boolean:/\b(?:false|true)\b/,variable:/\$[a-z_]\w*/i,directive:{pattern:/@[a-z_]\w*/i,alias:"function"},"attr-name":{pattern:/\b[a-z_]\w*(?=\s*(?:\((?:[^()"]|"(?:\\.|[^\\"\r\n])*")*\))?:)/i,greedy:!0},"atom-input":{pattern:/\b[A-Z]\w*Input\b/,alias:"class-name"},scalar:/\b(?:Boolean|Float|ID|Int|String)\b/,constant:/\b[A-Z][A-Z_\d]*\b/,"class-name":{pattern:/(\b(?:enum|implements|interface|on|scalar|type|union)\s+|&\s*|:\s*|\[)[A-Z_]\w*/,lookbehind:!0},fragment:{pattern:/(\bfragment\s+|\.{3}\s*(?!on\b))[a-zA-Z_]\w*/,lookbehind:!0,alias:"function"},"definition-mutation":{pattern:/(\bmutation\s+)[a-zA-Z_]\w*/,lookbehind:!0,alias:"function"},"definition-query":{pattern:/(\bquery\s+)[a-zA-Z_]\w*/,lookbehind:!0,alias:"function"},keyword:/\b(?:directive|enum|extend|fragment|implements|input|interface|mutation|on|query|repeatable|scalar|schema|subscription|type|union)\b/,operator:/[!=|&]|\.{3}/,"property-query":/\w+(?=\s*\()/,object:/\w+(?=\s*\{)/,punctuation:/[!(){}\[\]:=,]/,property:/\w+/},a.hooks.add("after-tokenize",(function(e){if("graphql"===e.language)for(var t=e.tokens.filter((function(e){return"string"!=typeof e&&"comment"!==e.type&&"scalar"!==e.type})),n=0;n0)){var s=p(/^\{$/,/^\}$/);if(-1===s)continue;for(var l=n;l=0&&f(c,"variable-input")}}}}function u(e){return t[n+e]}function d(e,t){t=t||0;for(var n=0;n?|<|>)?|>[>=]?|\b(?:AND|BETWEEN|DIV|ILIKE|IN|IS|LIKE|NOT|OR|REGEXP|RLIKE|SOUNDS LIKE|XOR)\b/i,punctuation:/[;[\]()`,.]/},function(e){var t=e.languages.javascript["template-string"],n=t.pattern.source,r=t.inside.interpolation,a=r.inside["interpolation-punctuation"],o=r.pattern.source;function i(t,r){if(e.languages[t])return{pattern:RegExp("((?:"+r+")\\s*)"+n),lookbehind:!0,greedy:!0,inside:{"template-punctuation":{pattern:/^`|`$/,alias:"string"},"embedded-code":{pattern:/[\s\S]+/,alias:t}}}}function s(e,t){return"___"+t.toUpperCase()+"_"+e+"___"}function l(t,n,r){var a={code:t,grammar:n,language:r};return e.hooks.run("before-tokenize",a),a.tokens=e.tokenize(a.code,a.grammar),e.hooks.run("after-tokenize",a),a.tokens}function c(t){var n={};n["interpolation-punctuation"]=a;var o=e.tokenize(t,n);if(3===o.length){var i=[1,1];i.push.apply(i,l(o[1],e.languages.javascript,"javascript")),o.splice.apply(o,i)}return new e.Token("interpolation",o,r.alias,t)}function u(t,n,r){var a=e.tokenize(t,{interpolation:{pattern:RegExp(o),lookbehind:!0}}),i=0,u={},d=l(a.map((function(e){if("string"==typeof e)return e;for(var n,a=e.content;-1!==t.indexOf(n=s(i++,r)););return u[n]=a,n})).join(""),n,r),p=Object.keys(u);return i=0,function e(t){for(var n=0;n=p.length)return;var r=t[n];if("string"==typeof r||"string"==typeof r.content){var a=p[i],o="string"==typeof r?r:r.content,s=o.indexOf(a);if(-1!==s){++i;var l=o.substring(0,s),d=c(u[a]),f=o.substring(s+a.length),m=[];if(l&&m.push(l),m.push(d),f){var g=[f];e(g),m.push.apply(m,g)}"string"==typeof r?(t.splice.apply(t,[n,1].concat(m)),n+=m.length-1):r.content=m}}else{var h=r.content;Array.isArray(h)?e(h):e([h])}}}(d),new e.Token(r,d,"language-"+r,t)}e.languages.javascript["template-string"]=[i("css",/\b(?:styled(?:\([^)]*\))?(?:\s*\.\s*\w+(?:\([^)]*\))*)*|css(?:\s*\.\s*(?:global|resolve))?|createGlobalStyle|keyframes)/.source),i("html",/\bhtml|\.\s*(?:inner|outer)HTML\s*\+?=/.source),i("svg",/\bsvg/.source),i("markdown",/\b(?:markdown|md)/.source),i("graphql",/\b(?:gql|graphql(?:\s*\.\s*experimental)?)/.source),i("sql",/\bsql/.source),t].filter(Boolean);var d={javascript:!0,js:!0,typescript:!0,ts:!0,jsx:!0,tsx:!0};function p(e){return"string"==typeof e?e:Array.isArray(e)?e.map(p).join(""):p(e.content)}e.hooks.add("after-tokenize",(function(t){t.language in d&&function t(n){for(var r=0,a=n.length;r]|<(?:[^<>]|<[^<>]*>)*>)*>)?/,lookbehind:!0,greedy:!0,inside:null},builtin:/\b(?:Array|Function|Promise|any|boolean|console|never|number|string|symbol|unknown)\b/}),e.languages.typescript.keyword.push(/\b(?:abstract|declare|is|keyof|readonly|require)\b/,/\b(?:asserts|infer|interface|module|namespace|type)\b(?=\s*(?:[{_$a-zA-Z\xA0-\uFFFF]|$))/,/\btype\b(?=\s*(?:[\{*]|$))/),delete e.languages.typescript.parameter,delete e.languages.typescript["literal-property"];var t=e.languages.extend("typescript",{});delete t["class-name"],e.languages.typescript["class-name"].inside=t,e.languages.insertBefore("typescript","function",{decorator:{pattern:/@[$\w\xA0-\uFFFF]+/,inside:{at:{pattern:/^@/,alias:"operator"},function:/^[\s\S]+/}},"generic-function":{pattern:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*\s*<(?:[^<>]|<(?:[^<>]|<[^<>]*>)*>)*>(?=\s*\()/,greedy:!0,inside:{function:/^#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*/,generic:{pattern:/<[\s\S]+/,alias:"class-name",inside:t}}}}),e.languages.ts=e.languages.typescript}(a),function(e){function t(e,t){return RegExp(e.replace(//g,(function(){return/(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*/.source})),t)}e.languages.insertBefore("javascript","function-variable",{"method-variable":{pattern:RegExp("(\\.\\s*)"+e.languages.javascript["function-variable"].pattern.source),lookbehind:!0,alias:["function-variable","method","function","property-access"]}}),e.languages.insertBefore("javascript","function",{method:{pattern:RegExp("(\\.\\s*)"+e.languages.javascript.function.source),lookbehind:!0,alias:["function","property-access"]}}),e.languages.insertBefore("javascript","constant",{"known-class-name":[{pattern:/\b(?:(?:Float(?:32|64)|(?:Int|Uint)(?:8|16|32)|Uint8Clamped)?Array|ArrayBuffer|BigInt|Boolean|DataView|Date|Error|Function|Intl|JSON|(?:Weak)?(?:Map|Set)|Math|Number|Object|Promise|Proxy|Reflect|RegExp|String|Symbol|WebAssembly)\b/,alias:"class-name"},{pattern:/\b(?:[A-Z]\w*)Error\b/,alias:"class-name"}]}),e.languages.insertBefore("javascript","keyword",{imports:{pattern:t(/(\bimport\b\s*)(?:(?:\s*,\s*(?:\*\s*as\s+|\{[^{}]*\}))?|\*\s*as\s+|\{[^{}]*\})(?=\s*\bfrom\b)/.source),lookbehind:!0,inside:e.languages.javascript},exports:{pattern:t(/(\bexport\b\s*)(?:\*(?:\s*as\s+)?(?=\s*\bfrom\b)|\{[^{}]*\})/.source),lookbehind:!0,inside:e.languages.javascript}}),e.languages.javascript.keyword.unshift({pattern:/\b(?:as|default|export|from|import)\b/,alias:"module"},{pattern:/\b(?:await|break|catch|continue|do|else|finally|for|if|return|switch|throw|try|while|yield)\b/,alias:"control-flow"},{pattern:/\bnull\b/,alias:["null","nil"]},{pattern:/\bundefined\b/,alias:"nil"}),e.languages.insertBefore("javascript","operator",{spread:{pattern:/\.{3}/,alias:"operator"},arrow:{pattern:/=>/,alias:"operator"}}),e.languages.insertBefore("javascript","punctuation",{"property-access":{pattern:t(/(\.\s*)#?/.source),lookbehind:!0},"maybe-class-name":{pattern:/(^|[^$\w\xA0-\uFFFF])[A-Z][$\w\xA0-\uFFFF]+/,lookbehind:!0},dom:{pattern:/\b(?:document|(?:local|session)Storage|location|navigator|performance|window)\b/,alias:"variable"},console:{pattern:/\bconsole(?=\s*\.)/,alias:"class-name"}});for(var n=["function","function-variable","method","method-variable","property-access"],r=0;r*\.{3}(?:[^{}]|)*\})/.source;function o(e,t){return e=e.replace(//g,(function(){return n})).replace(//g,(function(){return r})).replace(//g,(function(){return a})),RegExp(e,t)}a=o(a).source,e.languages.jsx=e.languages.extend("markup",t),e.languages.jsx.tag.pattern=o(/<\/?(?:[\w.:-]+(?:+(?:[\w.:$-]+(?:=(?:"(?:\\[\s\S]|[^\\"])*"|'(?:\\[\s\S]|[^\\'])*'|[^\s{'"/>=]+|))?|))**\/?)?>/.source),e.languages.jsx.tag.inside.tag.pattern=/^<\/?[^\s>\/]*/,e.languages.jsx.tag.inside["attr-value"].pattern=/=(?!\{)(?:"(?:\\[\s\S]|[^\\"])*"|'(?:\\[\s\S]|[^\\'])*'|[^\s'">]+)/,e.languages.jsx.tag.inside.tag.inside["class-name"]=/^[A-Z]\w*(?:\.[A-Z]\w*)*$/,e.languages.jsx.tag.inside.comment=t.comment,e.languages.insertBefore("inside","attr-name",{spread:{pattern:o(//.source),inside:e.languages.jsx}},e.languages.jsx.tag),e.languages.insertBefore("inside","special-attr",{script:{pattern:o(/=/.source),alias:"language-javascript",inside:{"script-punctuation":{pattern:/^=(?=\{)/,alias:"punctuation"},rest:e.languages.jsx}}},e.languages.jsx.tag);var i=function(e){return e?"string"==typeof e?e:"string"==typeof e.content?e.content:e.content.map(i).join(""):""},s=function(t){for(var n=[],r=0;r0&&n[n.length-1].tagName===i(a.content[0].content[1])&&n.pop():"/>"===a.content[a.content.length-1].content||n.push({tagName:i(a.content[0].content[1]),openedBraces:0}):n.length>0&&"punctuation"===a.type&&"{"===a.content?n[n.length-1].openedBraces++:n.length>0&&n[n.length-1].openedBraces>0&&"punctuation"===a.type&&"}"===a.content?n[n.length-1].openedBraces--:o=!0),(o||"string"==typeof a)&&n.length>0&&0===n[n.length-1].openedBraces){var l=i(a);r0&&("string"==typeof t[r-1]||"plain-text"===t[r-1].type)&&(l=i(t[r-1])+l,t.splice(r-1,1),r--),t[r]=new e.Token("plain-text",l,null,l)}a.content&&"string"!=typeof a.content&&s(a.content)}};e.hooks.add("after-tokenize",(function(e){"jsx"!==e.language&&"tsx"!==e.language||s(e.tokens)}))}(a),function(e){e.languages.diff={coord:[/^(?:\*{3}|-{3}|\+{3}).*$/m,/^@@.*@@$/m,/^\d.*$/m]};var t={"deleted-sign":"-","deleted-arrow":"<","inserted-sign":"+","inserted-arrow":">",unchanged:" ",diff:"!"};Object.keys(t).forEach((function(n){var r=t[n],a=[];/^\w+$/.test(n)||a.push(/\w+/.exec(n)[0]),"diff"===n&&a.push("bold"),e.languages.diff[n]={pattern:RegExp("^(?:["+r+"].*(?:\r\n?|\n|(?![\\s\\S])))+","m"),alias:a,inside:{line:{pattern:/(.)(?=[\s\S]).*(?:\r\n?|\n)?/,lookbehind:!0},prefix:{pattern:/[\s\S]/,alias:/\w+/.exec(n)[0]}}}})),Object.defineProperty(e.languages.diff,"PREFIXES",{value:t})}(a),a.languages.git={comment:/^#.*/m,deleted:/^[-\u2013].*/m,inserted:/^\+.*/m,string:/("|')(?:\\.|(?!\1)[^\\\r\n])*\1/,command:{pattern:/^.*\$ git .*$/m,inside:{parameter:/\s--?\w+/}},coord:/^@@.*@@$/m,"commit-sha1":/^commit \w{40}$/m},a.languages.go=a.languages.extend("clike",{string:{pattern:/(^|[^\\])"(?:\\.|[^"\\\r\n])*"|`[^`]*`/,lookbehind:!0,greedy:!0},keyword:/\b(?:break|case|chan|const|continue|default|defer|else|fallthrough|for|func|go(?:to)?|if|import|interface|map|package|range|return|select|struct|switch|type|var)\b/,boolean:/\b(?:_|false|iota|nil|true)\b/,number:[/\b0(?:b[01_]+|o[0-7_]+)i?\b/i,/\b0x(?:[a-f\d_]+(?:\.[a-f\d_]*)?|\.[a-f\d_]+)(?:p[+-]?\d+(?:_\d+)*)?i?(?!\w)/i,/(?:\b\d[\d_]*(?:\.[\d_]*)?|\B\.\d[\d_]*)(?:e[+-]?[\d_]+)?i?(?!\w)/i],operator:/[*\/%^!=]=?|\+[=+]?|-[=-]?|\|[=|]?|&(?:=|&|\^=?)?|>(?:>=?|=)?|<(?:<=?|=|-)?|:=|\.\.\./,builtin:/\b(?:append|bool|byte|cap|close|complex|complex(?:64|128)|copy|delete|error|float(?:32|64)|u?int(?:8|16|32|64)?|imag|len|make|new|panic|print(?:ln)?|real|recover|rune|string|uintptr)\b/}),a.languages.insertBefore("go","string",{char:{pattern:/'(?:\\.|[^'\\\r\n]){0,10}'/,greedy:!0}}),delete a.languages.go["class-name"],function(e){function t(e,t){return"___"+e.toUpperCase()+t+"___"}Object.defineProperties(e.languages["markup-templating"]={},{buildPlaceholders:{value:function(n,r,a,o){if(n.language===r){var i=n.tokenStack=[];n.code=n.code.replace(a,(function(e){if("function"==typeof o&&!o(e))return e;for(var a,s=i.length;-1!==n.code.indexOf(a=t(r,s));)++s;return i[s]=e,a})),n.grammar=e.languages.markup}}},tokenizePlaceholders:{value:function(n,r){if(n.language===r&&n.tokenStack){n.grammar=e.languages[r];var a=0,o=Object.keys(n.tokenStack);!function i(s){for(var l=0;l=o.length);l++){var c=s[l];if("string"==typeof c||c.content&&"string"==typeof c.content){var u=o[a],d=n.tokenStack[u],p="string"==typeof c?c:c.content,f=t(r,u),m=p.indexOf(f);if(m>-1){++a;var g=p.substring(0,m),h=new e.Token(r,e.tokenize(d,n.grammar),"language-"+r,d),b=p.substring(m+f.length),v=[];g&&v.push.apply(v,i([g])),v.push(h),b&&v.push.apply(v,i([b])),"string"==typeof c?s.splice.apply(s,[l,1].concat(v)):c.content=v}}else c.content&&i(c.content)}return s}(n.tokens)}}}})}(a),function(e){e.languages.handlebars={comment:/\{\{![\s\S]*?\}\}/,delimiter:{pattern:/^\{\{\{?|\}\}\}?$/,alias:"punctuation"},string:/(["'])(?:\\.|(?!\1)[^\\\r\n])*\1/,number:/\b0x[\dA-Fa-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:[Ee][+-]?\d+)?/,boolean:/\b(?:false|true)\b/,block:{pattern:/^(\s*(?:~\s*)?)[#\/]\S+?(?=\s*(?:~\s*)?$|\s)/,lookbehind:!0,alias:"keyword"},brackets:{pattern:/\[[^\]]+\]/,inside:{punctuation:/\[|\]/,variable:/[\s\S]+/}},punctuation:/[!"#%&':()*+,.\/;<=>@\[\\\]^`{|}~]/,variable:/[^!"#%&'()*+,\/;<=>@\[\\\]^`{|}~\s]+/},e.hooks.add("before-tokenize",(function(t){e.languages["markup-templating"].buildPlaceholders(t,"handlebars",/\{\{\{[\s\S]+?\}\}\}|\{\{[\s\S]+?\}\}/g)})),e.hooks.add("after-tokenize",(function(t){e.languages["markup-templating"].tokenizePlaceholders(t,"handlebars")})),e.languages.hbs=e.languages.handlebars}(a),a.languages.json={property:{pattern:/(^|[^\\])"(?:\\.|[^\\"\r\n])*"(?=\s*:)/,lookbehind:!0,greedy:!0},string:{pattern:/(^|[^\\])"(?:\\.|[^\\"\r\n])*"(?!\s*:)/,lookbehind:!0,greedy:!0},comment:{pattern:/\/\/.*|\/\*[\s\S]*?(?:\*\/|$)/,greedy:!0},number:/-?\b\d+(?:\.\d+)?(?:e[+-]?\d+)?\b/i,punctuation:/[{}[\],]/,operator:/:/,boolean:/\b(?:false|true)\b/,null:{pattern:/\bnull\b/,alias:"keyword"}},a.languages.webmanifest=a.languages.json,a.languages.less=a.languages.extend("css",{comment:[/\/\*[\s\S]*?\*\//,{pattern:/(^|[^\\])\/\/.*/,lookbehind:!0}],atrule:{pattern:/@[\w-](?:\((?:[^(){}]|\([^(){}]*\))*\)|[^(){};\s]|\s+(?!\s))*?(?=\s*\{)/,inside:{punctuation:/[:()]/}},selector:{pattern:/(?:@\{[\w-]+\}|[^{};\s@])(?:@\{[\w-]+\}|\((?:[^(){}]|\([^(){}]*\))*\)|[^(){};@\s]|\s+(?!\s))*?(?=\s*\{)/,inside:{variable:/@+[\w-]+/}},property:/(?:@\{[\w-]+\}|[\w-])+(?:\+_?)?(?=\s*:)/,operator:/[+\-*\/]/}),a.languages.insertBefore("less","property",{variable:[{pattern:/@[\w-]+\s*:/,inside:{punctuation:/:/}},/@@?[\w-]+/],"mixin-usage":{pattern:/([{;]\s*)[.#](?!\d)[\w-].*?(?=[(;])/,lookbehind:!0,alias:"function"}}),a.languages.makefile={comment:{pattern:/(^|[^\\])#(?:\\(?:\r\n|[\s\S])|[^\\\r\n])*/,lookbehind:!0},string:{pattern:/(["'])(?:\\(?:\r\n|[\s\S])|(?!\1)[^\\\r\n])*\1/,greedy:!0},"builtin-target":{pattern:/\.[A-Z][^:#=\s]+(?=\s*:(?!=))/,alias:"builtin"},target:{pattern:/^(?:[^:=\s]|[ \t]+(?![\s:]))+(?=\s*:(?!=))/m,alias:"symbol",inside:{variable:/\$+(?:(?!\$)[^(){}:#=\s]+|(?=[({]))/}},variable:/\$+(?:(?!\$)[^(){}:#=\s]+|\([@*%<^+?][DF]\)|(?=[({]))/,keyword:/-include\b|\b(?:define|else|endef|endif|export|ifn?def|ifn?eq|include|override|private|sinclude|undefine|unexport|vpath)\b/,function:{pattern:/(\()(?:abspath|addsuffix|and|basename|call|dir|error|eval|file|filter(?:-out)?|findstring|firstword|flavor|foreach|guile|if|info|join|lastword|load|notdir|or|origin|patsubst|realpath|shell|sort|strip|subst|suffix|value|warning|wildcard|word(?:list|s)?)(?=[ \t])/,lookbehind:!0},operator:/(?:::|[?:+!])?=|[|@]/,punctuation:/[:;(){}]/},a.languages.objectivec=a.languages.extend("c",{string:{pattern:/@?"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"/,greedy:!0},keyword:/\b(?:asm|auto|break|case|char|const|continue|default|do|double|else|enum|extern|float|for|goto|if|in|inline|int|long|register|return|self|short|signed|sizeof|static|struct|super|switch|typedef|typeof|union|unsigned|void|volatile|while)\b|(?:@interface|@end|@implementation|@protocol|@class|@public|@protected|@private|@property|@try|@catch|@finally|@throw|@synthesize|@dynamic|@selector)\b/,operator:/-[->]?|\+\+?|!=?|<>?=?|==?|&&?|\|\|?|[~^%?*\/@]/}),delete a.languages.objectivec["class-name"],a.languages.objc=a.languages.objectivec,a.languages.ocaml={comment:{pattern:/\(\*[\s\S]*?\*\)/,greedy:!0},char:{pattern:/'(?:[^\\\r\n']|\\(?:.|[ox]?[0-9a-f]{1,3}))'/i,greedy:!0},string:[{pattern:/"(?:\\(?:[\s\S]|\r\n)|[^\\\r\n"])*"/,greedy:!0},{pattern:/\{([a-z_]*)\|[\s\S]*?\|\1\}/,greedy:!0}],number:[/\b(?:0b[01][01_]*|0o[0-7][0-7_]*)\b/i,/\b0x[a-f0-9][a-f0-9_]*(?:\.[a-f0-9_]*)?(?:p[+-]?\d[\d_]*)?(?!\w)/i,/\b\d[\d_]*(?:\.[\d_]*)?(?:e[+-]?\d[\d_]*)?(?!\w)/i],directive:{pattern:/\B#\w+/,alias:"property"},label:{pattern:/\B~\w+/,alias:"property"},"type-variable":{pattern:/\B'\w+/,alias:"function"},variant:{pattern:/`\w+/,alias:"symbol"},keyword:/\b(?:as|assert|begin|class|constraint|do|done|downto|else|end|exception|external|for|fun|function|functor|if|in|include|inherit|initializer|lazy|let|match|method|module|mutable|new|nonrec|object|of|open|private|rec|sig|struct|then|to|try|type|val|value|virtual|when|where|while|with)\b/,boolean:/\b(?:false|true)\b/,"operator-like-punctuation":{pattern:/\[[<>|]|[>|]\]|\{<|>\}/,alias:"punctuation"},operator:/\.[.~]|:[=>]|[=<>@^|&+\-*\/$%!?~][!$%&*+\-.\/:<=>?@^|~]*|\b(?:and|asr|land|lor|lsl|lsr|lxor|mod|or)\b/,punctuation:/;;|::|[(){}\[\].,:;#]|\b_\b/},a.languages.python={comment:{pattern:/(^|[^\\])#.*/,lookbehind:!0,greedy:!0},"string-interpolation":{pattern:/(?:f|fr|rf)(?:("""|''')[\s\S]*?\1|("|')(?:\\.|(?!\2)[^\\\r\n])*\2)/i,greedy:!0,inside:{interpolation:{pattern:/((?:^|[^{])(?:\{\{)*)\{(?!\{)(?:[^{}]|\{(?!\{)(?:[^{}]|\{(?!\{)(?:[^{}])+\})+\})+\}/,lookbehind:!0,inside:{"format-spec":{pattern:/(:)[^:(){}]+(?=\}$)/,lookbehind:!0},"conversion-option":{pattern:/![sra](?=[:}]$)/,alias:"punctuation"},rest:null}},string:/[\s\S]+/}},"triple-quoted-string":{pattern:/(?:[rub]|br|rb)?("""|''')[\s\S]*?\1/i,greedy:!0,alias:"string"},string:{pattern:/(?:[rub]|br|rb)?("|')(?:\\.|(?!\1)[^\\\r\n])*\1/i,greedy:!0},function:{pattern:/((?:^|\s)def[ \t]+)[a-zA-Z_]\w*(?=\s*\()/g,lookbehind:!0},"class-name":{pattern:/(\bclass\s+)\w+/i,lookbehind:!0},decorator:{pattern:/(^[\t ]*)@\w+(?:\.\w+)*/m,lookbehind:!0,alias:["annotation","punctuation"],inside:{punctuation:/\./}},keyword:/\b(?:_(?=\s*:)|and|as|assert|async|await|break|case|class|continue|def|del|elif|else|except|exec|finally|for|from|global|if|import|in|is|lambda|match|nonlocal|not|or|pass|print|raise|return|try|while|with|yield)\b/,builtin:/\b(?:__import__|abs|all|any|apply|ascii|basestring|bin|bool|buffer|bytearray|bytes|callable|chr|classmethod|cmp|coerce|compile|complex|delattr|dict|dir|divmod|enumerate|eval|execfile|file|filter|float|format|frozenset|getattr|globals|hasattr|hash|help|hex|id|input|int|intern|isinstance|issubclass|iter|len|list|locals|long|map|max|memoryview|min|next|object|oct|open|ord|pow|property|range|raw_input|reduce|reload|repr|reversed|round|set|setattr|slice|sorted|staticmethod|str|sum|super|tuple|type|unichr|unicode|vars|xrange|zip)\b/,boolean:/\b(?:False|None|True)\b/,number:/\b0(?:b(?:_?[01])+|o(?:_?[0-7])+|x(?:_?[a-f0-9])+)\b|(?:\b\d+(?:_\d+)*(?:\.(?:\d+(?:_\d+)*)?)?|\B\.\d+(?:_\d+)*)(?:e[+-]?\d+(?:_\d+)*)?j?(?!\w)/i,operator:/[-+%=]=?|!=|:=|\*\*?=?|\/\/?=?|<[<=>]?|>[=>]?|[&|^~]/,punctuation:/[{}[\];(),.:]/},a.languages.python["string-interpolation"].inside.interpolation.inside.rest=a.languages.python,a.languages.py=a.languages.python,a.languages.reason=a.languages.extend("clike",{string:{pattern:/"(?:\\(?:\r\n|[\s\S])|[^\\\r\n"])*"/,greedy:!0},"class-name":/\b[A-Z]\w*/,keyword:/\b(?:and|as|assert|begin|class|constraint|do|done|downto|else|end|exception|external|for|fun|function|functor|if|in|include|inherit|initializer|lazy|let|method|module|mutable|new|nonrec|object|of|open|or|private|rec|sig|struct|switch|then|to|try|type|val|virtual|when|while|with)\b/,operator:/\.{3}|:[:=]|\|>|->|=(?:==?|>)?|<=?|>=?|[|^?'#!~`]|[+\-*\/]\.?|\b(?:asr|land|lor|lsl|lsr|lxor|mod)\b/}),a.languages.insertBefore("reason","class-name",{char:{pattern:/'(?:\\x[\da-f]{2}|\\o[0-3][0-7][0-7]|\\\d{3}|\\.|[^'\\\r\n])'/,greedy:!0},constructor:/\b[A-Z]\w*\b(?!\s*\.)/,label:{pattern:/\b[a-z]\w*(?=::)/,alias:"symbol"}}),delete a.languages.reason.function,function(e){e.languages.sass=e.languages.extend("css",{comment:{pattern:/^([ \t]*)\/[\/*].*(?:(?:\r?\n|\r)\1[ \t].+)*/m,lookbehind:!0,greedy:!0}}),e.languages.insertBefore("sass","atrule",{"atrule-line":{pattern:/^(?:[ \t]*)[@+=].+/m,greedy:!0,inside:{atrule:/(?:@[\w-]+|[+=])/}}}),delete e.languages.sass.atrule;var t=/\$[-\w]+|#\{\$[-\w]+\}/,n=[/[+*\/%]|[=!]=|<=?|>=?|\b(?:and|not|or)\b/,{pattern:/(\s)-(?=\s)/,lookbehind:!0}];e.languages.insertBefore("sass","property",{"variable-line":{pattern:/^[ \t]*\$.+/m,greedy:!0,inside:{punctuation:/:/,variable:t,operator:n}},"property-line":{pattern:/^[ \t]*(?:[^:\s]+ *:.*|:[^:\s].*)/m,greedy:!0,inside:{property:[/[^:\s]+(?=\s*:)/,{pattern:/(:)[^:\s]+/,lookbehind:!0}],punctuation:/:/,variable:t,operator:n,important:e.languages.sass.important}}}),delete e.languages.sass.property,delete e.languages.sass.important,e.languages.insertBefore("sass","punctuation",{selector:{pattern:/^([ \t]*)\S(?:,[^,\r\n]+|[^,\r\n]*)(?:,[^,\r\n]+)*(?:,(?:\r?\n|\r)\1[ \t]+\S(?:,[^,\r\n]+|[^,\r\n]*)(?:,[^,\r\n]+)*)*/m,lookbehind:!0,greedy:!0}})}(a),a.languages.scss=a.languages.extend("css",{comment:{pattern:/(^|[^\\])(?:\/\*[\s\S]*?\*\/|\/\/.*)/,lookbehind:!0},atrule:{pattern:/@[\w-](?:\([^()]+\)|[^()\s]|\s+(?!\s))*?(?=\s+[{;])/,inside:{rule:/@[\w-]+/}},url:/(?:[-a-z]+-)?url(?=\()/i,selector:{pattern:/(?=\S)[^@;{}()]?(?:[^@;{}()\s]|\s+(?!\s)|#\{\$[-\w]+\})+(?=\s*\{(?:\}|\s|[^}][^:{}]*[:{][^}]))/,inside:{parent:{pattern:/&/,alias:"important"},placeholder:/%[-\w]+/,variable:/\$[-\w]+|#\{\$[-\w]+\}/}},property:{pattern:/(?:[-\w]|\$[-\w]|#\{\$[-\w]+\})+(?=\s*:)/,inside:{variable:/\$[-\w]+|#\{\$[-\w]+\}/}}}),a.languages.insertBefore("scss","atrule",{keyword:[/@(?:content|debug|each|else(?: if)?|extend|for|forward|function|if|import|include|mixin|return|use|warn|while)\b/i,{pattern:/( )(?:from|through)(?= )/,lookbehind:!0}]}),a.languages.insertBefore("scss","important",{variable:/\$[-\w]+|#\{\$[-\w]+\}/}),a.languages.insertBefore("scss","function",{"module-modifier":{pattern:/\b(?:as|hide|show|with)\b/i,alias:"keyword"},placeholder:{pattern:/%[-\w]+/,alias:"selector"},statement:{pattern:/\B!(?:default|optional)\b/i,alias:"keyword"},boolean:/\b(?:false|true)\b/,null:{pattern:/\bnull\b/,alias:"keyword"},operator:{pattern:/(\s)(?:[-+*\/%]|[=!]=|<=?|>=?|and|not|or)(?=\s)/,lookbehind:!0}}),a.languages.scss.atrule.inside.rest=a.languages.scss,function(e){var t={pattern:/(\b\d+)(?:%|[a-z]+)/,lookbehind:!0},n={pattern:/(^|[^\w.-])-?(?:\d+(?:\.\d+)?|\.\d+)/,lookbehind:!0},r={comment:{pattern:/(^|[^\\])(?:\/\*[\s\S]*?\*\/|\/\/.*)/,lookbehind:!0},url:{pattern:/\burl\((["']?).*?\1\)/i,greedy:!0},string:{pattern:/("|')(?:(?!\1)[^\\\r\n]|\\(?:\r\n|[\s\S]))*\1/,greedy:!0},interpolation:null,func:null,important:/\B!(?:important|optional)\b/i,keyword:{pattern:/(^|\s+)(?:(?:else|for|if|return|unless)(?=\s|$)|@[\w-]+)/,lookbehind:!0},hexcode:/#[\da-f]{3,6}/i,color:[/\b(?:AliceBlue|AntiqueWhite|Aqua|Aquamarine|Azure|Beige|Bisque|Black|BlanchedAlmond|Blue|BlueViolet|Brown|BurlyWood|CadetBlue|Chartreuse|Chocolate|Coral|CornflowerBlue|Cornsilk|Crimson|Cyan|DarkBlue|DarkCyan|DarkGoldenRod|DarkGr[ae]y|DarkGreen|DarkKhaki|DarkMagenta|DarkOliveGreen|DarkOrange|DarkOrchid|DarkRed|DarkSalmon|DarkSeaGreen|DarkSlateBlue|DarkSlateGr[ae]y|DarkTurquoise|DarkViolet|DeepPink|DeepSkyBlue|DimGr[ae]y|DodgerBlue|FireBrick|FloralWhite|ForestGreen|Fuchsia|Gainsboro|GhostWhite|Gold|GoldenRod|Gr[ae]y|Green|GreenYellow|HoneyDew|HotPink|IndianRed|Indigo|Ivory|Khaki|Lavender|LavenderBlush|LawnGreen|LemonChiffon|LightBlue|LightCoral|LightCyan|LightGoldenRodYellow|LightGr[ae]y|LightGreen|LightPink|LightSalmon|LightSeaGreen|LightSkyBlue|LightSlateGr[ae]y|LightSteelBlue|LightYellow|Lime|LimeGreen|Linen|Magenta|Maroon|MediumAquaMarine|MediumBlue|MediumOrchid|MediumPurple|MediumSeaGreen|MediumSlateBlue|MediumSpringGreen|MediumTurquoise|MediumVioletRed|MidnightBlue|MintCream|MistyRose|Moccasin|NavajoWhite|Navy|OldLace|Olive|OliveDrab|Orange|OrangeRed|Orchid|PaleGoldenRod|PaleGreen|PaleTurquoise|PaleVioletRed|PapayaWhip|PeachPuff|Peru|Pink|Plum|PowderBlue|Purple|Red|RosyBrown|RoyalBlue|SaddleBrown|Salmon|SandyBrown|SeaGreen|SeaShell|Sienna|Silver|SkyBlue|SlateBlue|SlateGr[ae]y|Snow|SpringGreen|SteelBlue|Tan|Teal|Thistle|Tomato|Transparent|Turquoise|Violet|Wheat|White|WhiteSmoke|Yellow|YellowGreen)\b/i,{pattern:/\b(?:hsl|rgb)\(\s*\d{1,3}\s*,\s*\d{1,3}%?\s*,\s*\d{1,3}%?\s*\)\B|\b(?:hsl|rgb)a\(\s*\d{1,3}\s*,\s*\d{1,3}%?\s*,\s*\d{1,3}%?\s*,\s*(?:0|0?\.\d+|1)\s*\)\B/i,inside:{unit:t,number:n,function:/[\w-]+(?=\()/,punctuation:/[(),]/}}],entity:/\\[\da-f]{1,8}/i,unit:t,boolean:/\b(?:false|true)\b/,operator:[/~|[+!\/%<>?=]=?|[-:]=|\*[*=]?|\.{2,3}|&&|\|\||\B-\B|\b(?:and|in|is(?: a| defined| not|nt)?|not|or)\b/],number:n,punctuation:/[{}()\[\];:,]/};r.interpolation={pattern:/\{[^\r\n}:]+\}/,alias:"variable",inside:{delimiter:{pattern:/^\{|\}$/,alias:"punctuation"},rest:r}},r.func={pattern:/[\w-]+\([^)]*\).*/,inside:{function:/^[^(]+/,rest:r}},e.languages.stylus={"atrule-declaration":{pattern:/(^[ \t]*)@.+/m,lookbehind:!0,inside:{atrule:/^@[\w-]+/,rest:r}},"variable-declaration":{pattern:/(^[ \t]*)[\w$-]+\s*.?=[ \t]*(?:\{[^{}]*\}|\S.*|$)/m,lookbehind:!0,inside:{variable:/^\S+/,rest:r}},statement:{pattern:/(^[ \t]*)(?:else|for|if|return|unless)[ \t].+/m,lookbehind:!0,inside:{keyword:/^\S+/,rest:r}},"property-declaration":{pattern:/((?:^|\{)([ \t]*))(?:[\w-]|\{[^}\r\n]+\})+(?:\s*:\s*|[ \t]+)(?!\s)[^{\r\n]*(?:;|[^{\r\n,]$(?!(?:\r?\n|\r)(?:\{|\2[ \t])))/m,lookbehind:!0,inside:{property:{pattern:/^[^\s:]+/,inside:{interpolation:r.interpolation}},rest:r}},selector:{pattern:/(^[ \t]*)(?:(?=\S)(?:[^{}\r\n:()]|::?[\w-]+(?:\([^)\r\n]*\)|(?![\w-]))|\{[^}\r\n]+\})+)(?:(?:\r?\n|\r)(?:\1(?:(?=\S)(?:[^{}\r\n:()]|::?[\w-]+(?:\([^)\r\n]*\)|(?![\w-]))|\{[^}\r\n]+\})+)))*(?:,$|\{|(?=(?:\r?\n|\r)(?:\{|\1[ \t])))/m,lookbehind:!0,inside:{interpolation:r.interpolation,comment:r.comment,punctuation:/[{},]/}},func:r.func,string:r.string,comment:{pattern:/(^|[^\\])(?:\/\*[\s\S]*?\*\/|\/\/.*)/,lookbehind:!0,greedy:!0},interpolation:r.interpolation,punctuation:/[{}()\[\];:.]/}}(a),function(e){var t=e.util.clone(e.languages.typescript);e.languages.tsx=e.languages.extend("jsx",t),delete e.languages.tsx.parameter,delete e.languages.tsx["literal-property"];var n=e.languages.tsx.tag;n.pattern=RegExp(/(^|[^\w$]|(?=<\/))/.source+"(?:"+n.pattern.source+")",n.pattern.flags),n.lookbehind=!0}(a),a.languages.wasm={comment:[/\(;[\s\S]*?;\)/,{pattern:/;;.*/,greedy:!0}],string:{pattern:/"(?:\\[\s\S]|[^"\\])*"/,greedy:!0},keyword:[{pattern:/\b(?:align|offset)=/,inside:{operator:/=/}},{pattern:/\b(?:(?:f32|f64|i32|i64)(?:\.(?:abs|add|and|ceil|clz|const|convert_[su]\/i(?:32|64)|copysign|ctz|demote\/f64|div(?:_[su])?|eqz?|extend_[su]\/i32|floor|ge(?:_[su])?|gt(?:_[su])?|le(?:_[su])?|load(?:(?:8|16|32)_[su])?|lt(?:_[su])?|max|min|mul|neg?|nearest|or|popcnt|promote\/f32|reinterpret\/[fi](?:32|64)|rem_[su]|rot[lr]|shl|shr_[su]|sqrt|store(?:8|16|32)?|sub|trunc(?:_[su]\/f(?:32|64))?|wrap\/i64|xor))?|memory\.(?:grow|size))\b/,inside:{punctuation:/\./}},/\b(?:anyfunc|block|br(?:_if|_table)?|call(?:_indirect)?|data|drop|elem|else|end|export|func|get_(?:global|local)|global|if|import|local|loop|memory|module|mut|nop|offset|param|result|return|select|set_(?:global|local)|start|table|tee_local|then|type|unreachable)\b/],variable:/\$[\w!#$%&'*+\-./:<=>?@\\^`|~]+/,number:/[+-]?\b(?:\d(?:_?\d)*(?:\.\d(?:_?\d)*)?(?:[eE][+-]?\d(?:_?\d)*)?|0x[\da-fA-F](?:_?[\da-fA-F])*(?:\.[\da-fA-F](?:_?[\da-fA-D])*)?(?:[pP][+-]?\d(?:_?\d)*)?)\b|\binf\b|\bnan(?::0x[\da-fA-F](?:_?[\da-fA-D])*)?\b/,punctuation:/[()]/};const o=a},9901:e=>{e.exports&&(e.exports={core:{meta:{path:"components/prism-core.js",option:"mandatory"},core:"Core"},themes:{meta:{path:"themes/{id}.css",link:"index.html?theme={id}",exclusive:!0},prism:{title:"Default",option:"default"},"prism-dark":"Dark","prism-funky":"Funky","prism-okaidia":{title:"Okaidia",owner:"ocodia"},"prism-twilight":{title:"Twilight",owner:"remybach"},"prism-coy":{title:"Coy",owner:"tshedor"},"prism-solarizedlight":{title:"Solarized Light",owner:"hectormatos2011 "},"prism-tomorrow":{title:"Tomorrow Night",owner:"Rosey"}},languages:{meta:{path:"components/prism-{id}",noCSS:!0,examplesPath:"examples/prism-{id}",addCheckAll:!0},markup:{title:"Markup",alias:["html","xml","svg","mathml","ssml","atom","rss"],aliasTitles:{html:"HTML",xml:"XML",svg:"SVG",mathml:"MathML",ssml:"SSML",atom:"Atom",rss:"RSS"},option:"default"},css:{title:"CSS",option:"default",modify:"markup"},clike:{title:"C-like",option:"default"},javascript:{title:"JavaScript",require:"clike",modify:"markup",optional:"regex",alias:"js",option:"default"},abap:{title:"ABAP",owner:"dellagustin"},abnf:{title:"ABNF",owner:"RunDevelopment"},actionscript:{title:"ActionScript",require:"javascript",modify:"markup",owner:"Golmote"},ada:{title:"Ada",owner:"Lucretia"},agda:{title:"Agda",owner:"xy-ren"},al:{title:"AL",owner:"RunDevelopment"},antlr4:{title:"ANTLR4",alias:"g4",owner:"RunDevelopment"},apacheconf:{title:"Apache Configuration",owner:"GuiTeK"},apex:{title:"Apex",require:["clike","sql"],owner:"RunDevelopment"},apl:{title:"APL",owner:"ngn"},applescript:{title:"AppleScript",owner:"Golmote"},aql:{title:"AQL",owner:"RunDevelopment"},arduino:{title:"Arduino",require:"cpp",alias:"ino",owner:"dkern"},arff:{title:"ARFF",owner:"Golmote"},armasm:{title:"ARM Assembly",alias:"arm-asm",owner:"RunDevelopment"},arturo:{title:"Arturo",alias:"art",optional:["bash","css","javascript","markup","markdown","sql"],owner:"drkameleon"},asciidoc:{alias:"adoc",title:"AsciiDoc",owner:"Golmote"},aspnet:{title:"ASP.NET (C#)",require:["markup","csharp"],owner:"nauzilus"},asm6502:{title:"6502 Assembly",owner:"kzurawel"},asmatmel:{title:"Atmel AVR Assembly",owner:"cerkit"},autohotkey:{title:"AutoHotkey",owner:"aviaryan"},autoit:{title:"AutoIt",owner:"Golmote"},avisynth:{title:"AviSynth",alias:"avs",owner:"Zinfidel"},"avro-idl":{title:"Avro IDL",alias:"avdl",owner:"RunDevelopment"},awk:{title:"AWK",alias:"gawk",aliasTitles:{gawk:"GAWK"},owner:"RunDevelopment"},bash:{title:"Bash",alias:["sh","shell"],aliasTitles:{sh:"Shell",shell:"Shell"},owner:"zeitgeist87"},basic:{title:"BASIC",owner:"Golmote"},batch:{title:"Batch",owner:"Golmote"},bbcode:{title:"BBcode",alias:"shortcode",aliasTitles:{shortcode:"Shortcode"},owner:"RunDevelopment"},bbj:{title:"BBj",owner:"hyyan"},bicep:{title:"Bicep",owner:"johnnyreilly"},birb:{title:"Birb",require:"clike",owner:"Calamity210"},bison:{title:"Bison",require:"c",owner:"Golmote"},bnf:{title:"BNF",alias:"rbnf",aliasTitles:{rbnf:"RBNF"},owner:"RunDevelopment"},bqn:{title:"BQN",owner:"yewscion"},brainfuck:{title:"Brainfuck",owner:"Golmote"},brightscript:{title:"BrightScript",owner:"RunDevelopment"},bro:{title:"Bro",owner:"wayward710"},bsl:{title:"BSL (1C:Enterprise)",alias:"oscript",aliasTitles:{oscript:"OneScript"},owner:"Diversus23"},c:{title:"C",require:"clike",owner:"zeitgeist87"},csharp:{title:"C#",require:"clike",alias:["cs","dotnet"],owner:"mvalipour"},cpp:{title:"C++",require:"c",owner:"zeitgeist87"},cfscript:{title:"CFScript",require:"clike",alias:"cfc",owner:"mjclemente"},chaiscript:{title:"ChaiScript",require:["clike","cpp"],owner:"RunDevelopment"},cil:{title:"CIL",owner:"sbrl"},cilkc:{title:"Cilk/C",require:"c",alias:"cilk-c",owner:"OpenCilk"},cilkcpp:{title:"Cilk/C++",require:"cpp",alias:["cilk-cpp","cilk"],owner:"OpenCilk"},clojure:{title:"Clojure",owner:"troglotit"},cmake:{title:"CMake",owner:"mjrogozinski"},cobol:{title:"COBOL",owner:"RunDevelopment"},coffeescript:{title:"CoffeeScript",require:"javascript",alias:"coffee",owner:"R-osey"},concurnas:{title:"Concurnas",alias:"conc",owner:"jasontatton"},csp:{title:"Content-Security-Policy",owner:"ScottHelme"},cooklang:{title:"Cooklang",owner:"ahue"},coq:{title:"Coq",owner:"RunDevelopment"},crystal:{title:"Crystal",require:"ruby",owner:"MakeNowJust"},"css-extras":{title:"CSS Extras",require:"css",modify:"css",owner:"milesj"},csv:{title:"CSV",owner:"RunDevelopment"},cue:{title:"CUE",owner:"RunDevelopment"},cypher:{title:"Cypher",owner:"RunDevelopment"},d:{title:"D",require:"clike",owner:"Golmote"},dart:{title:"Dart",require:"clike",owner:"Golmote"},dataweave:{title:"DataWeave",owner:"machaval"},dax:{title:"DAX",owner:"peterbud"},dhall:{title:"Dhall",owner:"RunDevelopment"},diff:{title:"Diff",owner:"uranusjr"},django:{title:"Django/Jinja2",require:"markup-templating",alias:"jinja2",owner:"romanvm"},"dns-zone-file":{title:"DNS zone file",owner:"RunDevelopment",alias:"dns-zone"},docker:{title:"Docker",alias:"dockerfile",owner:"JustinBeckwith"},dot:{title:"DOT (Graphviz)",alias:"gv",optional:"markup",owner:"RunDevelopment"},ebnf:{title:"EBNF",owner:"RunDevelopment"},editorconfig:{title:"EditorConfig",owner:"osipxd"},eiffel:{title:"Eiffel",owner:"Conaclos"},ejs:{title:"EJS",require:["javascript","markup-templating"],owner:"RunDevelopment",alias:"eta",aliasTitles:{eta:"Eta"}},elixir:{title:"Elixir",owner:"Golmote"},elm:{title:"Elm",owner:"zwilias"},etlua:{title:"Embedded Lua templating",require:["lua","markup-templating"],owner:"RunDevelopment"},erb:{title:"ERB",require:["ruby","markup-templating"],owner:"Golmote"},erlang:{title:"Erlang",owner:"Golmote"},"excel-formula":{title:"Excel Formula",alias:["xlsx","xls"],owner:"RunDevelopment"},fsharp:{title:"F#",require:"clike",owner:"simonreynolds7"},factor:{title:"Factor",owner:"catb0t"},false:{title:"False",owner:"edukisto"},"firestore-security-rules":{title:"Firestore security rules",require:"clike",owner:"RunDevelopment"},flow:{title:"Flow",require:"javascript",owner:"Golmote"},fortran:{title:"Fortran",owner:"Golmote"},ftl:{title:"FreeMarker Template Language",require:"markup-templating",owner:"RunDevelopment"},gml:{title:"GameMaker Language",alias:"gamemakerlanguage",require:"clike",owner:"LiarOnce"},gap:{title:"GAP (CAS)",owner:"RunDevelopment"},gcode:{title:"G-code",owner:"RunDevelopment"},gdscript:{title:"GDScript",owner:"RunDevelopment"},gedcom:{title:"GEDCOM",owner:"Golmote"},gettext:{title:"gettext",alias:"po",owner:"RunDevelopment"},gherkin:{title:"Gherkin",owner:"hason"},git:{title:"Git",owner:"lgiraudel"},glsl:{title:"GLSL",require:"c",owner:"Golmote"},gn:{title:"GN",alias:"gni",owner:"RunDevelopment"},"linker-script":{title:"GNU Linker Script",alias:"ld",owner:"RunDevelopment"},go:{title:"Go",require:"clike",owner:"arnehormann"},"go-module":{title:"Go module",alias:"go-mod",owner:"RunDevelopment"},gradle:{title:"Gradle",require:"clike",owner:"zeabdelkhalek-badido18"},graphql:{title:"GraphQL",optional:"markdown",owner:"Golmote"},groovy:{title:"Groovy",require:"clike",owner:"robfletcher"},haml:{title:"Haml",require:"ruby",optional:["css","css-extras","coffeescript","erb","javascript","less","markdown","scss","textile"],owner:"Golmote"},handlebars:{title:"Handlebars",require:"markup-templating",alias:["hbs","mustache"],aliasTitles:{mustache:"Mustache"},owner:"Golmote"},haskell:{title:"Haskell",alias:"hs",owner:"bholst"},haxe:{title:"Haxe",require:"clike",optional:"regex",owner:"Golmote"},hcl:{title:"HCL",owner:"outsideris"},hlsl:{title:"HLSL",require:"c",owner:"RunDevelopment"},hoon:{title:"Hoon",owner:"matildepark"},http:{title:"HTTP",optional:["csp","css","hpkp","hsts","javascript","json","markup","uri"],owner:"danielgtaylor"},hpkp:{title:"HTTP Public-Key-Pins",owner:"ScottHelme"},hsts:{title:"HTTP Strict-Transport-Security",owner:"ScottHelme"},ichigojam:{title:"IchigoJam",owner:"BlueCocoa"},icon:{title:"Icon",owner:"Golmote"},"icu-message-format":{title:"ICU Message Format",owner:"RunDevelopment"},idris:{title:"Idris",alias:"idr",owner:"KeenS",require:"haskell"},ignore:{title:".ignore",owner:"osipxd",alias:["gitignore","hgignore","npmignore"],aliasTitles:{gitignore:".gitignore",hgignore:".hgignore",npmignore:".npmignore"}},inform7:{title:"Inform 7",owner:"Golmote"},ini:{title:"Ini",owner:"aviaryan"},io:{title:"Io",owner:"AlesTsurko"},j:{title:"J",owner:"Golmote"},java:{title:"Java",require:"clike",owner:"sherblot"},javadoc:{title:"JavaDoc",require:["markup","java","javadoclike"],modify:"java",optional:"scala",owner:"RunDevelopment"},javadoclike:{title:"JavaDoc-like",modify:["java","javascript","php"],owner:"RunDevelopment"},javastacktrace:{title:"Java stack trace",owner:"RunDevelopment"},jexl:{title:"Jexl",owner:"czosel"},jolie:{title:"Jolie",require:"clike",owner:"thesave"},jq:{title:"JQ",owner:"RunDevelopment"},jsdoc:{title:"JSDoc",require:["javascript","javadoclike","typescript"],modify:"javascript",optional:["actionscript","coffeescript"],owner:"RunDevelopment"},"js-extras":{title:"JS Extras",require:"javascript",modify:"javascript",optional:["actionscript","coffeescript","flow","n4js","typescript"],owner:"RunDevelopment"},json:{title:"JSON",alias:"webmanifest",aliasTitles:{webmanifest:"Web App Manifest"},owner:"CupOfTea696"},json5:{title:"JSON5",require:"json",owner:"RunDevelopment"},jsonp:{title:"JSONP",require:"json",owner:"RunDevelopment"},jsstacktrace:{title:"JS stack trace",owner:"sbrl"},"js-templates":{title:"JS Templates",require:"javascript",modify:"javascript",optional:["css","css-extras","graphql","markdown","markup","sql"],owner:"RunDevelopment"},julia:{title:"Julia",owner:"cdagnino"},keepalived:{title:"Keepalived Configure",owner:"dev-itsheng"},keyman:{title:"Keyman",owner:"mcdurdin"},kotlin:{title:"Kotlin",alias:["kt","kts"],aliasTitles:{kts:"Kotlin Script"},require:"clike",owner:"Golmote"},kumir:{title:"KuMir (\u041a\u0443\u041c\u0438\u0440)",alias:"kum",owner:"edukisto"},kusto:{title:"Kusto",owner:"RunDevelopment"},latex:{title:"LaTeX",alias:["tex","context"],aliasTitles:{tex:"TeX",context:"ConTeXt"},owner:"japborst"},latte:{title:"Latte",require:["clike","markup-templating","php"],owner:"nette"},less:{title:"Less",require:"css",optional:"css-extras",owner:"Golmote"},lilypond:{title:"LilyPond",require:"scheme",alias:"ly",owner:"RunDevelopment"},liquid:{title:"Liquid",require:"markup-templating",owner:"cinhtau"},lisp:{title:"Lisp",alias:["emacs","elisp","emacs-lisp"],owner:"JuanCaicedo"},livescript:{title:"LiveScript",owner:"Golmote"},llvm:{title:"LLVM IR",owner:"porglezomp"},log:{title:"Log file",optional:"javastacktrace",owner:"RunDevelopment"},lolcode:{title:"LOLCODE",owner:"Golmote"},lua:{title:"Lua",owner:"Golmote"},magma:{title:"Magma (CAS)",owner:"RunDevelopment"},makefile:{title:"Makefile",owner:"Golmote"},markdown:{title:"Markdown",require:"markup",optional:"yaml",alias:"md",owner:"Golmote"},"markup-templating":{title:"Markup templating",require:"markup",owner:"Golmote"},mata:{title:"Mata",owner:"RunDevelopment"},matlab:{title:"MATLAB",owner:"Golmote"},maxscript:{title:"MAXScript",owner:"RunDevelopment"},mel:{title:"MEL",owner:"Golmote"},mermaid:{title:"Mermaid",owner:"RunDevelopment"},metafont:{title:"METAFONT",owner:"LaeriExNihilo"},mizar:{title:"Mizar",owner:"Golmote"},mongodb:{title:"MongoDB",owner:"airs0urce",require:"javascript"},monkey:{title:"Monkey",owner:"Golmote"},moonscript:{title:"MoonScript",alias:"moon",owner:"RunDevelopment"},n1ql:{title:"N1QL",owner:"TMWilds"},n4js:{title:"N4JS",require:"javascript",optional:"jsdoc",alias:"n4jsd",owner:"bsmith-n4"},"nand2tetris-hdl":{title:"Nand To Tetris HDL",owner:"stephanmax"},naniscript:{title:"Naninovel Script",owner:"Elringus",alias:"nani"},nasm:{title:"NASM",owner:"rbmj"},neon:{title:"NEON",owner:"nette"},nevod:{title:"Nevod",owner:"nezaboodka"},nginx:{title:"nginx",owner:"volado"},nim:{title:"Nim",owner:"Golmote"},nix:{title:"Nix",owner:"Golmote"},nsis:{title:"NSIS",owner:"idleberg"},objectivec:{title:"Objective-C",require:"c",alias:"objc",owner:"uranusjr"},ocaml:{title:"OCaml",owner:"Golmote"},odin:{title:"Odin",owner:"edukisto"},opencl:{title:"OpenCL",require:"c",modify:["c","cpp"],owner:"Milania1"},openqasm:{title:"OpenQasm",alias:"qasm",owner:"RunDevelopment"},oz:{title:"Oz",owner:"Golmote"},parigp:{title:"PARI/GP",owner:"Golmote"},parser:{title:"Parser",require:"markup",owner:"Golmote"},pascal:{title:"Pascal",alias:"objectpascal",aliasTitles:{objectpascal:"Object Pascal"},owner:"Golmote"},pascaligo:{title:"Pascaligo",owner:"DefinitelyNotAGoat"},psl:{title:"PATROL Scripting Language",owner:"bertysentry"},pcaxis:{title:"PC-Axis",alias:"px",owner:"RunDevelopment"},peoplecode:{title:"PeopleCode",alias:"pcode",owner:"RunDevelopment"},perl:{title:"Perl",owner:"Golmote"},php:{title:"PHP",require:"markup-templating",owner:"milesj"},phpdoc:{title:"PHPDoc",require:["php","javadoclike"],modify:"php",owner:"RunDevelopment"},"php-extras":{title:"PHP Extras",require:"php",modify:"php",owner:"milesj"},"plant-uml":{title:"PlantUML",alias:"plantuml",owner:"RunDevelopment"},plsql:{title:"PL/SQL",require:"sql",owner:"Golmote"},powerquery:{title:"PowerQuery",alias:["pq","mscript"],owner:"peterbud"},powershell:{title:"PowerShell",owner:"nauzilus"},processing:{title:"Processing",require:"clike",owner:"Golmote"},prolog:{title:"Prolog",owner:"Golmote"},promql:{title:"PromQL",owner:"arendjr"},properties:{title:".properties",owner:"Golmote"},protobuf:{title:"Protocol Buffers",require:"clike",owner:"just-boris"},pug:{title:"Pug",require:["markup","javascript"],optional:["coffeescript","ejs","handlebars","less","livescript","markdown","scss","stylus","twig"],owner:"Golmote"},puppet:{title:"Puppet",owner:"Golmote"},pure:{title:"Pure",optional:["c","cpp","fortran"],owner:"Golmote"},purebasic:{title:"PureBasic",require:"clike",alias:"pbfasm",owner:"HeX0R101"},purescript:{title:"PureScript",require:"haskell",alias:"purs",owner:"sriharshachilakapati"},python:{title:"Python",alias:"py",owner:"multipetros"},qsharp:{title:"Q#",require:"clike",alias:"qs",owner:"fedonman"},q:{title:"Q (kdb+ database)",owner:"Golmote"},qml:{title:"QML",require:"javascript",owner:"RunDevelopment"},qore:{title:"Qore",require:"clike",owner:"temnroegg"},r:{title:"R",owner:"Golmote"},racket:{title:"Racket",require:"scheme",alias:"rkt",owner:"RunDevelopment"},cshtml:{title:"Razor C#",alias:"razor",require:["markup","csharp"],optional:["css","css-extras","javascript","js-extras"],owner:"RunDevelopment"},jsx:{title:"React JSX",require:["markup","javascript"],optional:["jsdoc","js-extras","js-templates"],owner:"vkbansal"},tsx:{title:"React TSX",require:["jsx","typescript"]},reason:{title:"Reason",require:"clike",owner:"Golmote"},regex:{title:"Regex",owner:"RunDevelopment"},rego:{title:"Rego",owner:"JordanSh"},renpy:{title:"Ren'py",alias:"rpy",owner:"HyuchiaDiego"},rescript:{title:"ReScript",alias:"res",owner:"vmarcosp"},rest:{title:"reST (reStructuredText)",owner:"Golmote"},rip:{title:"Rip",owner:"ravinggenius"},roboconf:{title:"Roboconf",owner:"Golmote"},robotframework:{title:"Robot Framework",alias:"robot",owner:"RunDevelopment"},ruby:{title:"Ruby",require:"clike",alias:"rb",owner:"samflores"},rust:{title:"Rust",owner:"Golmote"},sas:{title:"SAS",optional:["groovy","lua","sql"],owner:"Golmote"},sass:{title:"Sass (Sass)",require:"css",optional:"css-extras",owner:"Golmote"},scss:{title:"Sass (SCSS)",require:"css",optional:"css-extras",owner:"MoOx"},scala:{title:"Scala",require:"java",owner:"jozic"},scheme:{title:"Scheme",owner:"bacchus123"},"shell-session":{title:"Shell session",require:"bash",alias:["sh-session","shellsession"],owner:"RunDevelopment"},smali:{title:"Smali",owner:"RunDevelopment"},smalltalk:{title:"Smalltalk",owner:"Golmote"},smarty:{title:"Smarty",require:"markup-templating",optional:"php",owner:"Golmote"},sml:{title:"SML",alias:"smlnj",aliasTitles:{smlnj:"SML/NJ"},owner:"RunDevelopment"},solidity:{title:"Solidity (Ethereum)",alias:"sol",require:"clike",owner:"glachaud"},"solution-file":{title:"Solution file",alias:"sln",owner:"RunDevelopment"},soy:{title:"Soy (Closure Template)",require:"markup-templating",owner:"Golmote"},sparql:{title:"SPARQL",require:"turtle",owner:"Triply-Dev",alias:"rq"},"splunk-spl":{title:"Splunk SPL",owner:"RunDevelopment"},sqf:{title:"SQF: Status Quo Function (Arma 3)",require:"clike",owner:"RunDevelopment"},sql:{title:"SQL",owner:"multipetros"},squirrel:{title:"Squirrel",require:"clike",owner:"RunDevelopment"},stan:{title:"Stan",owner:"RunDevelopment"},stata:{title:"Stata Ado",require:["mata","java","python"],owner:"RunDevelopment"},iecst:{title:"Structured Text (IEC 61131-3)",owner:"serhioromano"},stylus:{title:"Stylus",owner:"vkbansal"},supercollider:{title:"SuperCollider",alias:"sclang",owner:"RunDevelopment"},swift:{title:"Swift",owner:"chrischares"},systemd:{title:"Systemd configuration file",owner:"RunDevelopment"},"t4-templating":{title:"T4 templating",owner:"RunDevelopment"},"t4-cs":{title:"T4 Text Templates (C#)",require:["t4-templating","csharp"],alias:"t4",owner:"RunDevelopment"},"t4-vb":{title:"T4 Text Templates (VB)",require:["t4-templating","vbnet"],owner:"RunDevelopment"},tap:{title:"TAP",owner:"isaacs",require:"yaml"},tcl:{title:"Tcl",owner:"PeterChaplin"},tt2:{title:"Template Toolkit 2",require:["clike","markup-templating"],owner:"gflohr"},textile:{title:"Textile",require:"markup",optional:"css",owner:"Golmote"},toml:{title:"TOML",owner:"RunDevelopment"},tremor:{title:"Tremor",alias:["trickle","troy"],owner:"darach",aliasTitles:{trickle:"trickle",troy:"troy"}},turtle:{title:"Turtle",alias:"trig",aliasTitles:{trig:"TriG"},owner:"jakubklimek"},twig:{title:"Twig",require:"markup-templating",owner:"brandonkelly"},typescript:{title:"TypeScript",require:"javascript",optional:"js-templates",alias:"ts",owner:"vkbansal"},typoscript:{title:"TypoScript",alias:"tsconfig",aliasTitles:{tsconfig:"TSConfig"},owner:"dkern"},unrealscript:{title:"UnrealScript",alias:["uscript","uc"],owner:"RunDevelopment"},uorazor:{title:"UO Razor Script",owner:"jaseowns"},uri:{title:"URI",alias:"url",aliasTitles:{url:"URL"},owner:"RunDevelopment"},v:{title:"V",require:"clike",owner:"taggon"},vala:{title:"Vala",require:"clike",optional:"regex",owner:"TemplarVolk"},vbnet:{title:"VB.Net",require:"basic",owner:"Bigsby"},velocity:{title:"Velocity",require:"markup",owner:"Golmote"},verilog:{title:"Verilog",owner:"a-rey"},vhdl:{title:"VHDL",owner:"a-rey"},vim:{title:"vim",owner:"westonganger"},"visual-basic":{title:"Visual Basic",alias:["vb","vba"],aliasTitles:{vba:"VBA"},owner:"Golmote"},warpscript:{title:"WarpScript",owner:"RunDevelopment"},wasm:{title:"WebAssembly",owner:"Golmote"},"web-idl":{title:"Web IDL",alias:"webidl",owner:"RunDevelopment"},wgsl:{title:"WGSL",owner:"Dr4gonthree"},wiki:{title:"Wiki markup",require:"markup",owner:"Golmote"},wolfram:{title:"Wolfram language",alias:["mathematica","nb","wl"],aliasTitles:{mathematica:"Mathematica",nb:"Mathematica Notebook"},owner:"msollami"},wren:{title:"Wren",owner:"clsource"},xeora:{title:"Xeora",require:"markup",alias:"xeoracube",aliasTitles:{xeoracube:"XeoraCube"},owner:"freakmaxi"},"xml-doc":{title:"XML doc (.net)",require:"markup",modify:["csharp","fsharp","vbnet"],owner:"RunDevelopment"},xojo:{title:"Xojo (REALbasic)",owner:"Golmote"},xquery:{title:"XQuery",require:"markup",owner:"Golmote"},yaml:{title:"YAML",alias:"yml",owner:"hason"},yang:{title:"YANG",owner:"RunDevelopment"},zig:{title:"Zig",owner:"RunDevelopment"}},plugins:{meta:{path:"plugins/{id}/prism-{id}",link:"plugins/{id}/"},"line-highlight":{title:"Line Highlight",description:"Highlights specific lines and/or line ranges."},"line-numbers":{title:"Line Numbers",description:"Line number at the beginning of code lines.",owner:"kuba-kubula"},"show-invisibles":{title:"Show Invisibles",description:"Show hidden characters such as tabs and line breaks.",optional:["autolinker","data-uri-highlight"]},autolinker:{title:"Autolinker",description:"Converts URLs and emails in code to clickable links. Parses Markdown links in comments."},wpd:{title:"WebPlatform Docs",description:'Makes tokens link to WebPlatform.org documentation. The links open in a new tab.'},"custom-class":{title:"Custom Class",description:"This plugin allows you to prefix Prism's default classes (.comment can become .namespace--comment) or replace them with your defined ones (like .editor__comment). You can even add new classes.",owner:"dvkndn",noCSS:!0},"file-highlight":{title:"File Highlight",description:"Fetch external files and highlight them with Prism. Used on the Prism website itself.",noCSS:!0},"show-language":{title:"Show Language",description:"Display the highlighted language in code blocks (inline code does not show the label).",owner:"nauzilus",noCSS:!0,require:"toolbar"},"jsonp-highlight":{title:"JSONP Highlight",description:"Fetch content with JSONP and highlight some interesting content (e.g. GitHub/Gists or Bitbucket API).",noCSS:!0,owner:"nauzilus"},"highlight-keywords":{title:"Highlight Keywords",description:"Adds special CSS classes for each keyword for fine-grained highlighting.",owner:"vkbansal",noCSS:!0},"remove-initial-line-feed":{title:"Remove initial line feed",description:"Removes the initial line feed in code blocks.",owner:"Golmote",noCSS:!0},"inline-color":{title:"Inline color",description:"Adds a small inline preview for colors in style sheets.",require:"css-extras",owner:"RunDevelopment"},previewers:{title:"Previewers",description:"Previewers for angles, colors, gradients, easing and time.",require:"css-extras",owner:"Golmote"},autoloader:{title:"Autoloader",description:"Automatically loads the needed languages to highlight the code blocks.",owner:"Golmote",noCSS:!0},"keep-markup":{title:"Keep Markup",description:"Prevents custom markup from being dropped out during highlighting.",owner:"Golmote",optional:"normalize-whitespace",noCSS:!0},"command-line":{title:"Command Line",description:"Display a command line with a prompt and, optionally, the output/response from the commands.",owner:"chriswells0"},"unescaped-markup":{title:"Unescaped Markup",description:"Write markup without having to escape anything."},"normalize-whitespace":{title:"Normalize Whitespace",description:"Supports multiple operations to normalize whitespace in code blocks.",owner:"zeitgeist87",optional:"unescaped-markup",noCSS:!0},"data-uri-highlight":{title:"Data-URI Highlight",description:"Highlights data-URI contents.",owner:"Golmote",noCSS:!0},toolbar:{title:"Toolbar",description:"Attach a toolbar for plugins to easily register buttons on the top of a code block.",owner:"mAAdhaTTah"},"copy-to-clipboard":{title:"Copy to Clipboard Button",description:"Add a button that copies the code block to the clipboard when clicked.",owner:"mAAdhaTTah",require:"toolbar",noCSS:!0},"download-button":{title:"Download Button",description:"A button in the toolbar of a code block adding a convenient way to download a code file.",owner:"Golmote",require:"toolbar",noCSS:!0},"match-braces":{title:"Match braces",description:"Highlights matching braces.",owner:"RunDevelopment"},"diff-highlight":{title:"Diff Highlight",description:"Highlights the code inside diff blocks.",owner:"RunDevelopment",require:"diff"},"filter-highlight-all":{title:"Filter highlightAll",description:"Filters the elements the highlightAll and highlightAllUnder methods actually highlight.",owner:"RunDevelopment",noCSS:!0},treeview:{title:"Treeview",description:"A language with special styles to highlight file system tree structures.",owner:"Golmote"}}})},2885:(e,t,n)=>{const r=n(9901),a=n(9642),o=new Set;function i(e){void 0===e?e=Object.keys(r.languages).filter((e=>"meta"!=e)):Array.isArray(e)||(e=[e]);const t=[...o,...Object.keys(Prism.languages)];a(r,e,t).load((e=>{if(!(e in r.languages))return void(i.silent||console.warn("Language does not exist: "+e));const t="./prism-"+e;delete n.c[n(6500).resolve(t)],delete Prism.languages[e],n(6500)(t),o.add(e)}))}i.silent=!1,e.exports=i},6726:(e,t,n)=>{var r={"./":2885};function a(e){var t=o(e);return n(t)}function o(e){if(!n.o(r,e)){var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t}return r[e]}a.keys=function(){return Object.keys(r)},a.resolve=o,e.exports=a,a.id=6726},6500:(e,t,n)=>{var r={"./":2885};function a(e){var t=o(e);return n(t)}function o(e){if(!n.o(r,e)){var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t}return r[e]}a.keys=function(){return Object.keys(r)},a.resolve=o,e.exports=a,a.id=6500},9642:e=>{"use strict";var t=function(){var e=function(){};function t(e,t){Array.isArray(e)?e.forEach(t):null!=e&&t(e,0)}function n(e){for(var t={},n=0,r=e.length;n "));var s={},l=e[r];if(l){function c(t){if(!(t in e))throw new Error(r+" depends on an unknown component "+t);if(!(t in s))for(var i in a(t,o),s[t]=!0,n[t])s[i]=!0}t(l.require,c),t(l.optional,c),t(l.modify,c)}n[r]=s,o.pop()}}return function(e){var t=n[e];return t||(a(e,r),t=n[e]),t}}function a(e){for(var t in e)return!0;return!1}return function(o,i,s){var l=function(e){var t={};for(var n in e){var r=e[n];for(var a in r)if("meta"!=a){var o=r[a];t[a]="string"==typeof o?{title:o}:o}}return t}(o),c=function(e){var n;return function(r){if(r in e)return r;if(!n)for(var a in n={},e){var o=e[a];t(o&&o.alias,(function(t){if(t in n)throw new Error(t+" cannot be alias for both "+a+" and "+n[t]);if(t in e)throw new Error(t+" cannot be alias of "+a+" because it is a component.");n[t]=a}))}return n[r]||r}}(l);i=i.map(c),s=(s||[]).map(c);var u=n(i),d=n(s);i.forEach((function e(n){var r=l[n];t(r&&r.require,(function(t){t in d||(u[t]=!0,e(t))}))}));for(var p,f=r(l),m=u;a(m);){for(var g in p={},m){var h=l[g];t(h&&h.modify,(function(e){e in d&&(p[e]=!0)}))}for(var b in d)if(!(b in u))for(var v in f(b))if(v in u){p[b]=!0;break}for(var y in m=p)u[y]=!0}var w={getIds:function(){var e=[];return w.load((function(t){e.push(t)})),e},load:function(t,n){return function(t,n,r,a){var o=a?a.series:void 0,i=a?a.parallel:e,s={},l={};function c(e){if(e in s)return s[e];l[e]=!0;var a,u=[];for(var d in t(e))d in n&&u.push(d);if(0===u.length)a=r(e);else{var p=i(u.map((function(e){var t=c(e);return delete l[e],t})));o?a=o(p,(function(){return r(e)})):r(e)}return s[e]=a}for(var u in n)c(u);var d=[];for(var p in l)d.push(s[p]);return i(d)}(f,u,t,n)}};return w}}();e.exports=t},2703:(e,t,n)=>{"use strict";var r=n(414);function a(){}function o(){}o.resetWarningCache=a,e.exports=function(){function e(e,t,n,a,o,i){if(i!==r){var s=new Error("Calling PropTypes validators directly is not supported by the `prop-types` package. Use PropTypes.checkPropTypes() to call them. Read more at http://fb.me/use-check-prop-types");throw s.name="Invariant Violation",s}}function t(){return e}e.isRequired=e;var n={array:e,bigint:e,bool:e,func:e,number:e,object:e,string:e,symbol:e,any:e,arrayOf:t,element:e,elementType:e,instanceOf:t,node:e,objectOf:t,oneOf:t,oneOfType:t,shape:t,exact:t,checkPropTypes:o,resetWarningCache:a};return n.PropTypes=n,n}},5697:(e,t,n)=>{e.exports=n(2703)()},414:e=>{"use strict";e.exports="SECRET_DO_NOT_PASS_THIS_OR_YOU_WILL_BE_FIRED"},4448:(e,t,n)=>{"use strict";var r=n(7294),a=n(7418),o=n(3840);function i(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,n=1;n
+ + \ No newline at end of file diff --git a/build-staging/es/blog/atom.xml b/build-staging/es/blog/atom.xml index f0cc9bc8..2dd250bb 100644 --- a/build-staging/es/blog/atom.xml +++ b/build-staging/es/blog/atom.xml @@ -9,11 +9,11 @@ https://docs.cwtch.im/es/img/favicon.png Copyright © ${new Date().getFullYear()} Open Privacy Research Society - <![CDATA[Cwtch UI Reproducible Builds (Linux)]]> + <![CDATA[Progress Towards Reproducible UI Builds]]> https://docs.cwtch.im/es/blog/cwtch-ui-reproducible-builds-linux 2023-07-14T00:00:00.000Z - Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

]]> + Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

]]> Sarah Jamie Lewis diff --git a/build-staging/es/blog/autobindings-ii/index.html b/build-staging/es/blog/autobindings-ii/index.html index 9d3de763..790167c9 100644 --- a/build-staging/es/blog/autobindings-ii/index.html +++ b/build-staging/es/blog/autobindings-ii/index.html @@ -12,12 +12,12 @@ - - + +
-

Compile-time Optional Application Experiments (Autobindings)

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

The Structure of an Application Experiment

An application-level experiment consists of:

  1. A set of top-level APIs, e.g. CreateServer, LoadServer, DeleteServer - these are the APIs that we want to expose to calling applications.
  2. An encapsulating structure for the set of APIs, e.g. ServersFunctionality - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.
  3. A global variable that exists at the top level of libCwtch, e.g. var serverExperiment *servers.ServersFunctionality servers - our single pointer to the underlying functionality.
  4. A set of management-related APIs, e.g. Init, UpdateSettings, OnACNEvent - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are +

    Compile-time Optional Application Experiments (Autobindings)

    · Lectura de 5 minutos
    Sarah Jamie Lewis

    Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

    The Structure of an Application Experiment

    An application-level experiment consists of:

    1. A set of top-level APIs, e.g. CreateServer, LoadServer, DeleteServer - these are the APIs that we want to expose to calling applications.
    2. An encapsulating structure for the set of APIs, e.g. ServersFunctionality - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.
    3. A global variable that exists at the top level of libCwtch, e.g. var serverExperiment *servers.ServersFunctionality servers - our single pointer to the underlying functionality.
    4. A set of management-related APIs, e.g. Init, UpdateSettings, OnACNEvent - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are changed (e.g. if the server hosting experiment is disabled we need to tear down all active servers).
    5. Management code within _startCwtch and _reconnectCwtch that calls the management APIs on the global variable.

    From a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead of on application or a specific profile.

    Most of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.

    New Required Management APIs

    To achieve this weaving, we now require application-level experiments to implement an EventHandlerInterface interface and expose itself via an initialize constructor Init(acn, appDir) -> EventHandlerInterface, and Enable(app, acn).

    For now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.

    We can then generate, and optionally include blocks of code like:

        <experimentGlobal> = <experimentPackage>.Init(&globalACN, appDir)
        eventHandler.AddModule(<experimentGlobal>)
        <experimentGlobal>.Enable(application, &globalACN)

    and place them at specific points in the code. EventHandler has also been extended to maintain a collection of modules so that it can @@ -27,7 +27,7 @@ of a global functionality within the library.

    Cwtch UI Integration

    The UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. c_LoadServers - if it doesn't then the UI is safe to assume the feature is not available.

    A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.

    Nightlies & Next Steps

    We are now publishing nightlies of autobinding derived libCwtch-go, along with Repliqate scripts for reproducibility.

    With application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced in the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.

    However, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:

    • Dart Library generation: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the Dart side of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. libcwtch-rs.
    • Documentation generation: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with docs.cwtch.im.

    Help us go further!

    We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

    If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

    Donations of $5 or more can opt to receive stickers as a thank-you gift!

    For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

    A Photo of Cwtch Stickers

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/autobindings/index.html b/build-staging/es/blog/autobindings/index.html index 8a442133..03bc44ea 100644 --- a/build-staging/es/blog/autobindings/index.html +++ b/build-staging/es/blog/autobindings/index.html @@ -12,15 +12,15 @@ - - + +
-

Autogenerating Cwtch Bindings

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

Autogenerating Cwtch Bindings

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

A Brief History of Cwtch Bindings

Prior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by therecipe/qt. However, after encountering numerous crash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.

As part of early prototyping efforts for Flutter we built out a first version of libCwtch-go, and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.

This approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular experimental features - handle settings, duplication of logic between Cwtch and libCwtch-go, and special behaviour in libCwtch-go that better belongs in the core Cwtch library.

As part of a broader effort to refine the Cwtch API in preparation for Cwtch Stable we have taken the opportunity to fix many of these problems.

Cwtch Autobindings

The current lib.go file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the BlockContact API implementation is:

//export c_BlockContact
func c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {
    BlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))
}

func BlockContact(profileOnion string, conversationID int) {
    profile := application.GetPeer(profileOnion)
    if profile != nil {
        profile.BlockConversation(conversationID)
    }
}

All that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.

In the new cwtch-autobindings we reduce these multiple lines to a single one:

profile BlockConversation conversation

Defining a profile-level function, called BlockConversation which takes in a single parameter of type conversation.

Using a similar boilerplate-reduction for the reset of lib.go yields 5-basic function prototypes:

  • Application-level functions e.g. CreateProfile
  • Profile-level functions e.g. BlockConversation
  • Profile-level functions that return data e.g. GetMessage
  • Experimental Profile-level feature functions e.g. DownloadFile
  • Experimental Profile-level feature functions that return data e.g. ShareFile

Once aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be described in fewer than 50 lines, including comments. Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).

Next Steps

Cwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:

  • Application-level experiments (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on cwtch-server). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don't support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.
  • Dart Library generation: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the Dart-side of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. libcwtch-rs
  • Documentation generation: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with docs.cwtch.im.
  • Cwtch API: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the Cwtch Stable API redesign. In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/availability-status-profile-attributes/index.html b/build-staging/es/blog/availability-status-profile-attributes/index.html index 42c1416c..6d4ab0b1 100644 --- a/build-staging/es/blog/availability-status-profile-attributes/index.html +++ b/build-staging/es/blog/availability-status-profile-attributes/index.html @@ -12,14 +12,14 @@ - - + +
-

Availability Status and Profile Attributes

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

Availability Status and Profile Attributes

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Availability Status

New in this nightly is the ability to notify your conversations that you are "Away" or "Busy".

Read more: Availability Status

Profile Attributes

Also new is the ability to augment your profile with a few small pieces of public information.

Read more: Profile Information

Downloading the Nightly

Nightly builds are available from our build server. Download links for 2023-04-05-18-28-v1.11.0-7-g0290 are available below.

Please see the contribution documentation for advice on submitting feedback

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-android-reproducibility/index.html b/build-staging/es/blog/cwtch-android-reproducibility/index.html index 201ae726..04dc14d1 100644 --- a/build-staging/es/blog/cwtch-android-reproducibility/index.html +++ b/build-staging/es/blog/cwtch-android-reproducibility/index.html @@ -12,13 +12,13 @@ - - + +
-

Making Cwtch Android Bindings Reproducible

· Lectura de 3 minutos
Sarah Jamie Lewis

In this development log, we continue our previous work on reproducible Cwtch bindings, uncovering the final few sources of variation between our Repliqate scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!

Changes Necessary for Reproducible Android Bindings

After a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:

  • Insufficient path stripping introduced by Android NDK tools - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 changed the binutils and default linker to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our long term support plan, we will be moving towards adopting the latest NDK in the future.
  • Paths in DWARF entries - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.

Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
  • Go Compiler Acquisition - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there was a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.

Repliqate Scripts

With those issues now fixed, Cwtch Android bindings are officially reproducible! The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script in the Cwtch Repliqate scripts repository.

This is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Making Cwtch Android Bindings Reproducible

· Lectura de 3 minutos
Sarah Jamie Lewis

In this development log, we continue our previous work on reproducible Cwtch bindings, uncovering the final few sources of variation between our Repliqate scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!

Changes Necessary for Reproducible Android Bindings

After a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:

  • Insufficient path stripping introduced by Android NDK tools - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 changed the binutils and default linker to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our long term support plan, we will be moving towards adopting the latest NDK in the future.
  • Paths in DWARF entries - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.

Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
  • Go Compiler Acquisition - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there was a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.

Repliqate Scripts

With those issues now fixed, Cwtch Android bindings are officially reproducible! The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script in the Cwtch Repliqate scripts repository.

This is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-bindings-reproducible/index.html b/build-staging/es/blog/cwtch-bindings-reproducible/index.html index 49a8545f..67f9e60c 100644 --- a/build-staging/es/blog/cwtch-bindings-reproducible/index.html +++ b/build-staging/es/blog/cwtch-bindings-reproducible/index.html @@ -12,13 +12,13 @@ - - + +
-

Making Cwtch Bindings Reproducible

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

How Cwtch Bindings are Built

Since we launched Cwtch Beta we have used Docker containers as part of our continuous build process.

When a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.

The Cwtch Bindings build pipeline results in four compiled libraries:

These compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.

Making libCwtch Reproducible

Docker containers alone aren't enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:

  • Go Build ID: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.
  • Build Paths and Go Environment Variables: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary – ostensibly to aid with debugging. These can be removed using the trimPath option, which we now specify for all bindings builds.

Linux Specific Considerations

After the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.

Our Drone/Docker build environments are based on Debian Bullseye which provides libc6-dev version 2.31. Other development setups will likely link libc-dev 2.34+.

libc6-dev 2.34 is notable because it removed dependencies on libpthread and libdl – neither are used in libCwtch, but they are currently referenced – which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.

This means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on Next Steps for more information).

Windows Specific Considerations

The headers of PE files technically contain a timestamp field. In recent years an effort has been made to use this field for other purposes, but by default go build will still include the timestamp of the file when producing a DLL file (at least when using CGO).

Fortunately this field can be zeroed out through passing -Xlinker –no-insert-timestamp into the mingw32-gcc process.

With that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.

Android Specific Considerations

With the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:

  • Cwtch makes use of GoMobile for compiling Android libraries. We pin to a specific version 43a0384520996c8376bfb8637390f12b44773e65 in our Docker containers. Unlike go build, the trimpPath parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized /tmp/go-build* references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.
  • We still use sdk-tools instead of the new commandline-tools. The latest version of sdk-tools is 4333796 and available from: https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip. As part of our plans for Cwtch Stable we will be updating this dependency.
  • Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated openjdk:8 image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency.

All of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.

OSX Specific Considerations

Perhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.

As with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.

In order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.

In an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a proprietary SDK. There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.

Because of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.

Introducing Repliqate!

With all the above changes, Cwtch Bindings for Linux and Windows are fully reproducible!

That alone is great, but we also want to make it easier for you to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.

To make this process accessible we are releasing a new tool called repliqate.

Repliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.

Repliqate runs build-scripts to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from builds.openprivacy.ca.

We now provide Repliqate build-scripts for reproducible both Linux libCwtch.so builds, Windows libCwtch.dll builds!

We also have a partially repeatable Android cwtch.aar build script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.

You can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.

Next Steps

Reproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.

As we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Making Cwtch Bindings Reproducible

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

How Cwtch Bindings are Built

Since we launched Cwtch Beta we have used Docker containers as part of our continuous build process.

When a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.

The Cwtch Bindings build pipeline results in four compiled libraries:

These compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.

Making libCwtch Reproducible

Docker containers alone aren't enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:

  • Go Build ID: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.
  • Build Paths and Go Environment Variables: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary – ostensibly to aid with debugging. These can be removed using the trimPath option, which we now specify for all bindings builds.

Linux Specific Considerations

After the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.

Our Drone/Docker build environments are based on Debian Bullseye which provides libc6-dev version 2.31. Other development setups will likely link libc-dev 2.34+.

libc6-dev 2.34 is notable because it removed dependencies on libpthread and libdl – neither are used in libCwtch, but they are currently referenced – which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.

This means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on Next Steps for more information).

Windows Specific Considerations

The headers of PE files technically contain a timestamp field. In recent years an effort has been made to use this field for other purposes, but by default go build will still include the timestamp of the file when producing a DLL file (at least when using CGO).

Fortunately this field can be zeroed out through passing -Xlinker –no-insert-timestamp into the mingw32-gcc process.

With that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.

Android Specific Considerations

With the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:

  • Cwtch makes use of GoMobile for compiling Android libraries. We pin to a specific version 43a0384520996c8376bfb8637390f12b44773e65 in our Docker containers. Unlike go build, the trimpPath parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized /tmp/go-build* references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.
  • We still use sdk-tools instead of the new commandline-tools. The latest version of sdk-tools is 4333796 and available from: https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip. As part of our plans for Cwtch Stable we will be updating this dependency.
  • Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated openjdk:8 image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency.

All of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.

OSX Specific Considerations

Perhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.

As with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.

In order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.

In an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a proprietary SDK. There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.

Because of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.

Introducing Repliqate!

With all the above changes, Cwtch Bindings for Linux and Windows are fully reproducible!

That alone is great, but we also want to make it easier for you to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.

To make this process accessible we are releasing a new tool called repliqate.

Repliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.

Repliqate runs build-scripts to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from builds.openprivacy.ca.

We now provide Repliqate build-scripts for reproducible both Linux libCwtch.so builds, Windows libCwtch.dll builds!

We also have a partially repeatable Android cwtch.aar build script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.

You can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.

Next Steps

Reproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.

As we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-developer-documentation/index.html b/build-staging/es/blog/cwtch-developer-documentation/index.html index 141068e5..a7015734 100644 --- a/build-staging/es/blog/cwtch-developer-documentation/index.html +++ b/build-staging/es/blog/cwtch-developer-documentation/index.html @@ -12,13 +12,13 @@ - - + +
-

Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Cwtch Development Handbook

We have created a new documentation section, the developers handbook. This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).

Release and Packaging Process

The new handbook features a breakdown of Cwtch release processes - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.

Cwtch Application Development and Cwtchbot v0.1.0!

For the first time ever we now have comprehensive documentation on how to build a Cwtch Application. This section of the development handbook covers everything from choosing a Cwtch library, to building your first application.

Together with this new documentation we have also released version 0.1 of the Cwtchbot framework, updating calls to use the new Cwtch Stable API.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-04-26-20-57-v1.11.0-33-gb4371.

This version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the in-development Tails support.

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Cwtch Development Handbook

We have created a new documentation section, the developers handbook. This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).

Release and Packaging Process

The new handbook features a breakdown of Cwtch release processes - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.

Cwtch Application Development and Cwtchbot v0.1.0!

For the first time ever we now have comprehensive documentation on how to build a Cwtch Application. This section of the development handbook covers everything from choosing a Cwtch library, to building your first application.

Together with this new documentation we have also released version 0.1 of the Cwtchbot framework, updating calls to use the new Cwtch Stable API.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-04-26-20-57-v1.11.0-33-gb4371.

This version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the in-development Tails support.

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-documentation/index.html b/build-staging/es/blog/cwtch-documentation/index.html index 6e14adcd..860fd99d 100644 --- a/build-staging/es/blog/cwtch-documentation/index.html +++ b/build-staging/es/blog/cwtch-documentation/index.html @@ -12,13 +12,13 @@ - - + +
-

Updates to Cwtch Documentation

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.

Cwtch Secure Development Handbook

One of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.

We have now ported the the handbook to this documentation site, along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation.

Volunteer Development

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Next Steps

We still have more work to do on the documentation front:

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Updates to Cwtch Documentation

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.

Cwtch Secure Development Handbook

One of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.

We have now ported the the handbook to this documentation site, along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation.

Volunteer Development

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Next Steps

We still have more work to do on the documentation front:

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-nightly-1-11/index.html b/build-staging/es/blog/cwtch-nightly-1-11/index.html index 64331593..ae6524ac 100644 --- a/build-staging/es/blog/cwtch-nightly-1-11/index.html +++ b/build-staging/es/blog/cwtch-nightly-1-11/index.html @@ -12,13 +12,13 @@ - - + +
-

Cwtch Beta 1.11

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

In This Release

A screenshot of Cwtch 1.11

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
  • Bug Fixes / Improvements:
    • When preserving a message draft, quoted messages are now also saved
    • Layout issues caused by pathological unicode are now prevented
    • Improved performance of message row rendering
    • Clickable Links: Links in replies are now selectable
    • Clickable Links: Fixed error when highlighting certain URIs
    • File Downloading: Fixes for file downloading and exporting on 32bit Android devices
    • Server Hosting: Fixes for several layout issues
    • Build pipeline now runs automated UI tests
    • Fix issues caused by scrollbar controller overriding
    • Initial support for the Blodeuwedd Assistant (currently compile-time disabled)
    • Cwtch Library:
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Spanish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.11 is based on libCwtch version 2023-03-16-15-07-v0.0.3-1-g50c853a. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Cwtch Beta 1.11

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

In This Release

A screenshot of Cwtch 1.11

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
  • Bug Fixes / Improvements:
    • When preserving a message draft, quoted messages are now also saved
    • Layout issues caused by pathological unicode are now prevented
    • Improved performance of message row rendering
    • Clickable Links: Links in replies are now selectable
    • Clickable Links: Fixed error when highlighting certain URIs
    • File Downloading: Fixes for file downloading and exporting on 32bit Android devices
    • Server Hosting: Fixes for several layout issues
    • Build pipeline now runs automated UI tests
    • Fix issues caused by scrollbar controller overriding
    • Initial support for the Blodeuwedd Assistant (currently compile-time disabled)
    • Cwtch Library:
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Spanish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.11 is based on libCwtch version 2023-03-16-15-07-v0.0.3-1-g50c853a. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-nightly-1-12/index.html b/build-staging/es/blog/cwtch-nightly-1-12/index.html index 17c621e7..228958f1 100644 --- a/build-staging/es/blog/cwtch-nightly-1-12/index.html +++ b/build-staging/es/blog/cwtch-nightly-1-12/index.html @@ -12,13 +12,13 @@ - - + +
-

Cwtch Beta 1.12

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

In This Release

A screenshot of Cwtch 1.12

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
    • Profile Attributes - profiles can now be augmented with additional public information
    • Availability Status - you can now notify contacts that you are away or busy
    • Five New Supported Localizations: Japanese, Korean, Slovak, Swahili and Swedish
    • Support for Tails - adds an OnionGrater configuration and a new CWTCH_TAILS environment variable that enables special Tor behaviour.
  • Bug Fixes / Improvements:
    • Based on Flutter 3.10
    • Inter is now the main UI font
    • New Font Scaling setting
    • New Network Management code to better manage Tor on unstable networks
    • File Sharing Experiment Fixes
      • Fix performance issues for file bubble
      • Allow restarting of file shares that have timed out
      • Fix NPE in FileBubble caused by deleting the underlying file
      • Move from RetVal to UpdateConversationAttributes to minimze UI thread issues
    • Updates to Linux install scripts to support more distributions
    • Add a Retry Peer connection to prioritize connection attempts for certain conversations
    • Updates to _FlDartProject to allow custom setting of Flutter asset paths
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Slovak, Spanish, Swahili, Swedish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Japanese (29%), Korean (23%), Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.12 is based on libCwtch version libCwtch-autobindings-2023-06-13-10-50-v0.0.5. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Cwtch Beta 1.12

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

In This Release

A screenshot of Cwtch 1.12

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
    • Profile Attributes - profiles can now be augmented with additional public information
    • Availability Status - you can now notify contacts that you are away or busy
    • Five New Supported Localizations: Japanese, Korean, Slovak, Swahili and Swedish
    • Support for Tails - adds an OnionGrater configuration and a new CWTCH_TAILS environment variable that enables special Tor behaviour.
  • Bug Fixes / Improvements:
    • Based on Flutter 3.10
    • Inter is now the main UI font
    • New Font Scaling setting
    • New Network Management code to better manage Tor on unstable networks
    • File Sharing Experiment Fixes
      • Fix performance issues for file bubble
      • Allow restarting of file shares that have timed out
      • Fix NPE in FileBubble caused by deleting the underlying file
      • Move from RetVal to UpdateConversationAttributes to minimze UI thread issues
    • Updates to Linux install scripts to support more distributions
    • Add a Retry Peer connection to prioritize connection attempts for certain conversations
    • Updates to _FlDartProject to allow custom setting of Flutter asset paths
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Slovak, Spanish, Swahili, Swedish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Japanese (29%), Korean (23%), Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.12 is based on libCwtch version libCwtch-autobindings-2023-06-13-10-50-v0.0.5. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-nightly-v.11-74/index.html b/build-staging/es/blog/cwtch-nightly-v.11-74/index.html index 19f0ea69..066d33ae 100644 --- a/build-staging/es/blog/cwtch-nightly-v.11-74/index.html +++ b/build-staging/es/blog/cwtch-nightly-v.11-74/index.html @@ -12,13 +12,13 @@ - - + +
-

New Cwtch Nightly (v1.11.0-74-g0406)

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-06-05-17-36-v1.11.0-74-g0406.

This version has a large number of improvements and bug fixes including:

  • A new Font Scaling setting
  • Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.
  • Updated UI font styles
  • Dependency updates, including a new base of Flutter 3.10.
  • A fix for stuck file downloading notifications on Android
  • A fix for missing profile images in certain edge cases on Android
  • Japanese, Swedish, and Swahili translation options
  • A new retry peer connection button for prompting Cwtch to prioritize specific connections
  • Tails support

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

New Cwtch Nightly (v1.11.0-74-g0406)

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-06-05-17-36-v1.11.0-74-g0406.

This version has a large number of improvements and bug fixes including:

  • A new Font Scaling setting
  • Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.
  • Updated UI font styles
  • Dependency updates, including a new base of Flutter 3.10.
  • A fix for stuck file downloading notifications on Android
  • A fix for missing profile images in certain edge cases on Android
  • Japanese, Swedish, and Swahili translation options
  • A new retry peer connection button for prompting Cwtch to prioritize specific connections
  • Tails support

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-platform-support/index.html b/build-staging/es/blog/cwtch-platform-support/index.html index 43a45808..fff92676 100644 --- a/build-staging/es/blog/cwtch-platform-support/index.html +++ b/build-staging/es/blog/cwtch-platform-support/index.html @@ -12,13 +12,13 @@ - - + +
-

Cwtch UI Platform Support

· Lectura de 11 minutos
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

Constraints on support

From CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems.

In this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.

Limitations on general-purpose computing

In order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to other onion services).

On desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, blocked entirely.

This is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.

While we expect that Arti will improve the management of onion services and connections, there is no way around the need to have an active process managing such services.

As Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.

We encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don't place restrictions on what you can do with your own device.

Constraints introduced by the Flutter SDK

The Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by platforms that are supported by the Flutter SDK.

To summarize, as of writing this document those platforms are:

  • Android API 16 and above (arm, arm64, and amd64)
  • Debian-based Linux Distributions (64-bit only)
  • macOS El Capitan (10.11) and above
  • Windows 7 & above (64-bit only)

To put it plainly, without porting Cwtch UI to a different UI platform we cannot support a 32-bit desktop version.

Constraints introduced by Appstore Policy

As of writing, Google is pushing applications to target API 31 or above. This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.

CPU Architecture and Cwtch Bindings

We currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.

It is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.

Architecture / PlatformWindowsLinuxmacOSAndroid
arm✅️
arm64🟡✅️
x86-64 / amd64✅️✅️

"🟡" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).

Testing and official support

As a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the Cwtch Release Candidate Testers to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.

We officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.

End-of-life platforms

Operating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. Windows 7 fell out of support on January 14, 2020, Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.

Likewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.

The same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. Cwtch currently requires libc 2.31+.

Android versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our Cwtch Release Candidate Testers groups to help us understand the limitations of Android support across different API versions.

How we decide to officially support a platform

To help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:

  1. The target platform needs to be officially supported by our development tools - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.
  2. The target operating system needs to be supported by the Vendor - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).
  3. The target platform must be backwards compatible with the most recent version in general use - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch may run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).
  4. People want to use Cwtch on that platform - We will generally only consider new platform support if people ask us about it. If Cwtch isn't available for a platform you want to use it on, then please get in touch and ask us about it!

Summary of official support

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. A version of this table will be maintained as part of the Cwtch Handbook.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOS🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Other Android Distributions🟡🟡Testing Needed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Cwtch UI Platform Support

· Lectura de 11 minutos
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

Constraints on support

From CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems.

In this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.

Limitations on general-purpose computing

In order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to other onion services).

On desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, blocked entirely.

This is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.

While we expect that Arti will improve the management of onion services and connections, there is no way around the need to have an active process managing such services.

As Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.

We encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don't place restrictions on what you can do with your own device.

Constraints introduced by the Flutter SDK

The Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by platforms that are supported by the Flutter SDK.

To summarize, as of writing this document those platforms are:

  • Android API 16 and above (arm, arm64, and amd64)
  • Debian-based Linux Distributions (64-bit only)
  • macOS El Capitan (10.11) and above
  • Windows 7 & above (64-bit only)

To put it plainly, without porting Cwtch UI to a different UI platform we cannot support a 32-bit desktop version.

Constraints introduced by Appstore Policy

As of writing, Google is pushing applications to target API 31 or above. This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.

CPU Architecture and Cwtch Bindings

We currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.

It is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.

Architecture / PlatformWindowsLinuxmacOSAndroid
arm✅️
arm64🟡✅️
x86-64 / amd64✅️✅️

"🟡" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).

Testing and official support

As a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the Cwtch Release Candidate Testers to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.

We officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.

End-of-life platforms

Operating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. Windows 7 fell out of support on January 14, 2020, Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.

Likewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.

The same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. Cwtch currently requires libc 2.31+.

Android versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our Cwtch Release Candidate Testers groups to help us understand the limitations of Android support across different API versions.

How we decide to officially support a platform

To help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:

  1. The target platform needs to be officially supported by our development tools - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.
  2. The target operating system needs to be supported by the Vendor - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).
  3. The target platform must be backwards compatible with the most recent version in general use - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch may run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).
  4. People want to use Cwtch on that platform - We will generally only consider new platform support if people ask us about it. If Cwtch isn't available for a platform you want to use it on, then please get in touch and ask us about it!

Summary of official support

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. A version of this table will be maintained as part of the Cwtch Handbook.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOS🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Other Android Distributions🟡🟡Testing Needed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-stable-api-design/index.html b/build-staging/es/blog/cwtch-stable-api-design/index.html index e4fa2176..a9599850 100644 --- a/build-staging/es/blog/cwtch-stable-api-design/index.html +++ b/build-staging/es/blog/cwtch-stable-api-design/index.html @@ -12,13 +12,13 @@ - - + +
-

Cwtch Stable API Design

· Lectura de 18 minutos
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

Clarifying Terminology

Over the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:

  • Cwtch refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application.
  • Cwtchlib refers to the reference implementation of the Cwtch Protocol / Application framework, currently written in Go.
  • Bindings refers to C/Java/Kotlin/Rust bindings (primarily libcwtch-go) that act as an interface between Cwtchlib and downstream applications.
  • CwtchPeer is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).
  • ProtocolEngine is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, ProtocolEngine is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.

Tenets of the Cwtch API Design

Based on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:

  • Robustness - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.
  • Completeness - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.
  • Security – experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.

The Cwtch Experiment Landscape

A summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.

  • Groups – the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized ProtocolEngine functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup.
    • Hybrid Groups - we have plans to upgrade the Groups experience to a more flexible “hybrid-groups” protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.
  • Filesharing – like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in ProtocolEngine.
  • Profile Images – based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.
  • Server Hosting – the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.
  • Message Formatting – notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history
  • Search / Microblogging – proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.
  • Status / Profile Metadata – proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.

The Problem with Experiments

We have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the SendMessages interface that only allows callers to send messages.

We have also worked to package experimental functionality into so-called Gated Functionalities that are only available if a given experiment is turned on.

Together, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:

  • The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. SendMessages – there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).
  • The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.
  • This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.

Restricting Powerful Cwtch APIs

To carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:

  • Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through Application and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.
  • Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a RestrictedCwtchConversationInterface which decorates a Cwtch Profile interface such that it can only interact with a single conversation – these can then be passed into hooks and interface functions to limit their impact.
  • Registered Hooks at pre-specified points with restricted capabilities – to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow CwtchPeer to control which experiments get access to which events at a given time.

Pre-Registered Hooks

In order to implement certain functionality actions need to take place in-between events handled by CwtchPeer. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).

This is currently only possible with invasive changes to the CwtchPeer interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.

We are introducing a new set of Cwtch APIs designed for this purpose:

  • OnNewPeerMessage - hooked prior to inserting the message into the database.
  • OnPeerMessageConfirmed – hooked after a peer message has been inserted into the database.
  • OnEncryptedGroupMessage – hooked after receiving an encrypted message from a group server.
  • OnGroupMessageReceived – hooked after a successful decryption of a group message, but before inserting it into the database.
  • OnContactRequestValue – hooked on request of a scoped (the permission level of the attribute e.g. public or conversation level attributes), zoned ( relating to a specific feature e.g. filesharing or chat), and keyed (the name of the attribute e.g. name or manifest) value from a contact.
  • OnContactReceiveValue – hooked on receipt of a requested scoped,zoned, and keyed value from a contact.

Including the following APIs for managing hooked functionality:

  • RegisterEvents - returns a set of events that the extension is interested processing.
  • RegisterExperiments - returns a set of experiments that the extension is interested in being notified about
  • OnEvent - to be called by CwtchPeer whenever an event registered with RegisterEvents is called (assuming all experiments registered through RegisterExperiments is active)

ProtocolEngine Subsystems

As mentioned in our experiment summary, some functionality needs to be implemented directly in the ProtocolEngine. The ProtocolEngine is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).

Some types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a ProtocolEngine.

At the moment is this done through the concept of informal “subsystems”, modular add-ons to ProtocolEngine that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider ProtocolEngine ecosystem.

We are formalizing this subsystem into an interface, similar to the hooked functionality in CwtchPeer:

  • RegisterEvents - returns a set of events that the subsystem needs to consume to operate.
  • OnEvent – to be called by ProtocolEngine whenever an event registered with RegisterEvents is called (when all the experiments registered through RegisterExperiments are active)
  • RegisterContexts - returns the set of contexts that the subsystem implements e.g. im.cwtch.filesharing

This also requires a formalization of two engine specific events (for use on the event bus):

  • SendCwtchMessage – encapsulating the existing CwtchPeerMessage that is used internally in ProtocolEngine for messages between subsystems.
  • CwtchMessageReceived – encapsulating the existing handlePeerMessage function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.

And the introduction of three additional ProtocolEnine specific events:

  • StartEngineSubsystem – replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.
  • StopEngineSubsystem – replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.
  • SubsystemStatus – a generic event that can be published by subsystems with a collection of fields useful for debugging

This will allow us to move the following functionality, currently part of ProtocolEngine itself, into generic subsystems:

  • Attribute Lookup Handling - this functionality is currently part of the overloaded handlePeerMessage function, filtered using the Context parameter of the CwtchPeerMessage. As such it can be entirely delegated to a subsystem.
  • Filesharing Chunk Request Handling – this is also part of handlePeerMessage, also filtered using the Context parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by handlePeerMessage)
  • Filesharing Start File Share/Stop File Share – this is currently part of the handleEvent behaviour of ProtocolEngine and can be moved into an OnEvent handler of the file sharing subsystem (where such events are already processed).

The introduction of pre-registered hooks in combination with the formalizations of ProtocolEngine subsystems will allow the follow functionality, currently implemented in CwtchPeer or libcwtch-go to be moved to standalone packages:

  • Filesharing makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension.
    • Filesharing also depends on the file sharing subsystem to be enabled in a ProtocolEngine. This subsystem is responsible for processing chunk requests.
  • Profile Images – we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)
  • Legacy Groups – while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.
  • Status/Profile Metadata – status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.

Impact on Enabling (Powerful) New Functionality

None of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:

  • Search – a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.
  • Non Chat Conversation Contexts - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.

Application Experiments

One kind of experiment we haven’t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting – this allows a Cwtch desktop client to setup and manage Cwtch Servers.

This kind of functionality doesn’t belong in Cwtchlib – as it would necessarily introduce unrelated dependencies into the core library.

This functionality also doesn’t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.

Bindings

The last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.

We can split the bindings into four core areas:

  • Application Management - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.
  • Application Experiments - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.
  • Core Profile Management - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.
  • Experimental Profile Features – auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.

The flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.

In an ideal future, all of these bindings could be generated automatically from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)

We can define three types of C/Java/Kotlin interface function templates:

  • ProfileMethodName(profilehandle String, args...) – which directly resolves the Cwtch Profile and calls the function.
  • ProfileExperimentalMethodName(profilehandle String, args...) – which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.
  • ApplicationExperimentalMethodName(args...) – which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.

All we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context ProfileInterface for the first, exported methods of the various Functionalities for the second, and ApplicationExperiment definitions for the third.

Timelines and Next Actions

  • Freeze any changes to the bindings interface - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 – until we have implemented the proposed changes into cwtchlib.
  • As part of Cwtch 1.11 and 1.12 Release Cycles
    • Implement the ProtocolEngine Subsystem Design as outlined above.
    • Implement the Hooks API.
    • Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib – with the exception of behaviour related to Application Experiments (i.e. Server Hosting).
    • Move event handling from the bindings into Application.
    • Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) – keeping the existing interface definitions.
  • Once Automated UI Tests have been integrated into the Cwtch UI Repository:
    • Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings and a dart calling convention library from cwtchlib and any configured application experiments libraries
    • Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).
    • At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Appendix A: Special Behaviour Defined by libcwtch-go

The following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:

  • Application Settings
    • Including Enabling / Disabling Experiment
  • ACN Process Management - starting/stopping/restarting/configuring Tor.
  • Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)
  • Logging Levels - configuring appropriate logging levels (e.g. INFO or DEBUG)
  • Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.
  • UI Contact Structures - aggregating contact information for the main Cwtch UI.
  • Group Experiment Functionality
    • Experiment Gating
    • GetServerInfoList
    • GetServerInfo
    • UI Server Struct Definition
  • Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.
  • "Unencrypted" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated "unencrypted".
  • Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).
  • Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.
  • Cwtch Profile Engine Activation - starting/stopping a ProtocolEngine when requested by the UI, or in response to changes in ACN state.
  • UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.
  • File sharing restarts
  • UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn't directly embedded within the event (e.g. converting handle to a conversation id). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.
  • Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)
- - +

Cwtch Stable API Design

· Lectura de 18 minutos
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

Clarifying Terminology

Over the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:

  • Cwtch refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application.
  • Cwtchlib refers to the reference implementation of the Cwtch Protocol / Application framework, currently written in Go.
  • Bindings refers to C/Java/Kotlin/Rust bindings (primarily libcwtch-go) that act as an interface between Cwtchlib and downstream applications.
  • CwtchPeer is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).
  • ProtocolEngine is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, ProtocolEngine is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.

Tenets of the Cwtch API Design

Based on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:

  • Robustness - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.
  • Completeness - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.
  • Security – experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.

The Cwtch Experiment Landscape

A summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.

  • Groups – the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized ProtocolEngine functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup.
    • Hybrid Groups - we have plans to upgrade the Groups experience to a more flexible “hybrid-groups” protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.
  • Filesharing – like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in ProtocolEngine.
  • Profile Images – based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.
  • Server Hosting – the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.
  • Message Formatting – notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history
  • Search / Microblogging – proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.
  • Status / Profile Metadata – proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.

The Problem with Experiments

We have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the SendMessages interface that only allows callers to send messages.

We have also worked to package experimental functionality into so-called Gated Functionalities that are only available if a given experiment is turned on.

Together, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:

  • The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. SendMessages – there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).
  • The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.
  • This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.

Restricting Powerful Cwtch APIs

To carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:

  • Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through Application and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.
  • Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a RestrictedCwtchConversationInterface which decorates a Cwtch Profile interface such that it can only interact with a single conversation – these can then be passed into hooks and interface functions to limit their impact.
  • Registered Hooks at pre-specified points with restricted capabilities – to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow CwtchPeer to control which experiments get access to which events at a given time.

Pre-Registered Hooks

In order to implement certain functionality actions need to take place in-between events handled by CwtchPeer. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).

This is currently only possible with invasive changes to the CwtchPeer interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.

We are introducing a new set of Cwtch APIs designed for this purpose:

  • OnNewPeerMessage - hooked prior to inserting the message into the database.
  • OnPeerMessageConfirmed – hooked after a peer message has been inserted into the database.
  • OnEncryptedGroupMessage – hooked after receiving an encrypted message from a group server.
  • OnGroupMessageReceived – hooked after a successful decryption of a group message, but before inserting it into the database.
  • OnContactRequestValue – hooked on request of a scoped (the permission level of the attribute e.g. public or conversation level attributes), zoned ( relating to a specific feature e.g. filesharing or chat), and keyed (the name of the attribute e.g. name or manifest) value from a contact.
  • OnContactReceiveValue – hooked on receipt of a requested scoped,zoned, and keyed value from a contact.

Including the following APIs for managing hooked functionality:

  • RegisterEvents - returns a set of events that the extension is interested processing.
  • RegisterExperiments - returns a set of experiments that the extension is interested in being notified about
  • OnEvent - to be called by CwtchPeer whenever an event registered with RegisterEvents is called (assuming all experiments registered through RegisterExperiments is active)

ProtocolEngine Subsystems

As mentioned in our experiment summary, some functionality needs to be implemented directly in the ProtocolEngine. The ProtocolEngine is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).

Some types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a ProtocolEngine.

At the moment is this done through the concept of informal “subsystems”, modular add-ons to ProtocolEngine that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider ProtocolEngine ecosystem.

We are formalizing this subsystem into an interface, similar to the hooked functionality in CwtchPeer:

  • RegisterEvents - returns a set of events that the subsystem needs to consume to operate.
  • OnEvent – to be called by ProtocolEngine whenever an event registered with RegisterEvents is called (when all the experiments registered through RegisterExperiments are active)
  • RegisterContexts - returns the set of contexts that the subsystem implements e.g. im.cwtch.filesharing

This also requires a formalization of two engine specific events (for use on the event bus):

  • SendCwtchMessage – encapsulating the existing CwtchPeerMessage that is used internally in ProtocolEngine for messages between subsystems.
  • CwtchMessageReceived – encapsulating the existing handlePeerMessage function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.

And the introduction of three additional ProtocolEnine specific events:

  • StartEngineSubsystem – replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.
  • StopEngineSubsystem – replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.
  • SubsystemStatus – a generic event that can be published by subsystems with a collection of fields useful for debugging

This will allow us to move the following functionality, currently part of ProtocolEngine itself, into generic subsystems:

  • Attribute Lookup Handling - this functionality is currently part of the overloaded handlePeerMessage function, filtered using the Context parameter of the CwtchPeerMessage. As such it can be entirely delegated to a subsystem.
  • Filesharing Chunk Request Handling – this is also part of handlePeerMessage, also filtered using the Context parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by handlePeerMessage)
  • Filesharing Start File Share/Stop File Share – this is currently part of the handleEvent behaviour of ProtocolEngine and can be moved into an OnEvent handler of the file sharing subsystem (where such events are already processed).

The introduction of pre-registered hooks in combination with the formalizations of ProtocolEngine subsystems will allow the follow functionality, currently implemented in CwtchPeer or libcwtch-go to be moved to standalone packages:

  • Filesharing makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension.
    • Filesharing also depends on the file sharing subsystem to be enabled in a ProtocolEngine. This subsystem is responsible for processing chunk requests.
  • Profile Images – we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)
  • Legacy Groups – while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.
  • Status/Profile Metadata – status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.

Impact on Enabling (Powerful) New Functionality

None of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:

  • Search – a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.
  • Non Chat Conversation Contexts - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.

Application Experiments

One kind of experiment we haven’t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting – this allows a Cwtch desktop client to setup and manage Cwtch Servers.

This kind of functionality doesn’t belong in Cwtchlib – as it would necessarily introduce unrelated dependencies into the core library.

This functionality also doesn’t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.

Bindings

The last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.

We can split the bindings into four core areas:

  • Application Management - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.
  • Application Experiments - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.
  • Core Profile Management - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.
  • Experimental Profile Features – auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.

The flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.

In an ideal future, all of these bindings could be generated automatically from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)

We can define three types of C/Java/Kotlin interface function templates:

  • ProfileMethodName(profilehandle String, args...) – which directly resolves the Cwtch Profile and calls the function.
  • ProfileExperimentalMethodName(profilehandle String, args...) – which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.
  • ApplicationExperimentalMethodName(args...) – which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.

All we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context ProfileInterface for the first, exported methods of the various Functionalities for the second, and ApplicationExperiment definitions for the third.

Timelines and Next Actions

  • Freeze any changes to the bindings interface - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 – until we have implemented the proposed changes into cwtchlib.
  • As part of Cwtch 1.11 and 1.12 Release Cycles
    • Implement the ProtocolEngine Subsystem Design as outlined above.
    • Implement the Hooks API.
    • Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib – with the exception of behaviour related to Application Experiments (i.e. Server Hosting).
    • Move event handling from the bindings into Application.
    • Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) – keeping the existing interface definitions.
  • Once Automated UI Tests have been integrated into the Cwtch UI Repository:
    • Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings and a dart calling convention library from cwtchlib and any configured application experiments libraries
    • Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).
    • At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Appendix A: Special Behaviour Defined by libcwtch-go

The following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:

  • Application Settings
    • Including Enabling / Disabling Experiment
  • ACN Process Management - starting/stopping/restarting/configuring Tor.
  • Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)
  • Logging Levels - configuring appropriate logging levels (e.g. INFO or DEBUG)
  • Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.
  • UI Contact Structures - aggregating contact information for the main Cwtch UI.
  • Group Experiment Functionality
    • Experiment Gating
    • GetServerInfoList
    • GetServerInfo
    • UI Server Struct Definition
  • Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.
  • "Unencrypted" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated "unencrypted".
  • Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).
  • Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.
  • Cwtch Profile Engine Activation - starting/stopping a ProtocolEngine when requested by the UI, or in response to changes in ACN state.
  • UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.
  • File sharing restarts
  • UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn't directly embedded within the event (e.g. converting handle to a conversation id). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.
  • Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)
+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-stable-roadmap-update-june/index.html b/build-staging/es/blog/cwtch-stable-roadmap-update-june/index.html index 6de885ad..4b4e7af8 100644 --- a/build-staging/es/blog/cwtch-stable-roadmap-update-june/index.html +++ b/build-staging/es/blog/cwtch-stable-roadmap-update-june/index.html @@ -12,13 +12,13 @@ - - + +
-

Cwtch Stable Roadmap Update

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the Cwtch Stable Roadmap

Back in March we extended and updated several goals from our January roadmap that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.

(✅ means complete, 🟡 means in-progress, 🕒 reprioritized)

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document ✅ - Release Process
    • A Cwtch Packaging Document ✅ - Packaging Documentation
    • Completion of documentation of existing Cwtch features, including relevant screenshots. 🟡 - new features are documented to the standards outlined in new documentation style guide, and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries ✅ - Building a Cwtch App
    • Automatically generated API documentation for libCwtch 🕒 - this effort has been delayed pending other higher priority work.
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. 🟡 - we have recently made a few updates to Repliqate to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team 🕒 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems 🟡 - we have already launched an environment for testing Tails. Other platforms are underway.
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

Next Steps, Refinements, Additional Work

As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments.

Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.

However, Cwtch Beta 1.12 featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.

The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.

We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Cwtch Stable Roadmap Update

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the Cwtch Stable Roadmap

Back in March we extended and updated several goals from our January roadmap that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.

(✅ means complete, 🟡 means in-progress, 🕒 reprioritized)

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document ✅ - Release Process
    • A Cwtch Packaging Document ✅ - Packaging Documentation
    • Completion of documentation of existing Cwtch features, including relevant screenshots. 🟡 - new features are documented to the standards outlined in new documentation style guide, and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries ✅ - Building a Cwtch App
    • Automatically generated API documentation for libCwtch 🕒 - this effort has been delayed pending other higher priority work.
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. 🟡 - we have recently made a few updates to Repliqate to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team 🕒 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems 🟡 - we have already launched an environment for testing Tails. Other platforms are underway.
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

Next Steps, Refinements, Additional Work

As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments.

Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.

However, Cwtch Beta 1.12 featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.

The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.

We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-stable-roadmap-update/index.html b/build-staging/es/blog/cwtch-stable-roadmap-update/index.html index 42dd1023..6b43bd15 100644 --- a/build-staging/es/blog/cwtch-stable-roadmap-update/index.html +++ b/build-staging/es/blog/cwtch-stable-roadmap-update/index.html @@ -12,13 +12,13 @@ - - + +
-

Cwtch Stable Roadmap Update

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the January Roadmap

Back in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:

(✅ means complete, 🟡 means in-progress, ❌ not started.)

  • By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). ✅
  • By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases. ✅
  • By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:
  • By 31st March 2023, the Cwtch team will have created:
    • a style guide for documentation, and ✅
    • have used it to ensure that all Cwtch features have consistent documentation available, 🟡
    • with at least one screenshot (where applicable). 🟡
  • By 31st March 2023 the Cwtch team will have published:
  • By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. ✅
  • By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team ❌
  • By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable ✅ (this post!)

While we didn't hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:

A Timeline for Cwtch Stable

Now for the big news, we plan on releasing a candidate Cwtch Stable release during Summer 2023. Here is our plan for getting there:

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document
    • A Cwtch Packaging Document
    • Completion of documentation of existing Cwtch features, including relevant screenshots.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries
    • Automatically generated API documentation for libCwtch
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Cwtch Stable Roadmap Update

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the January Roadmap

Back in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:

(✅ means complete, 🟡 means in-progress, ❌ not started.)

  • By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). ✅
  • By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases. ✅
  • By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:
  • By 31st March 2023, the Cwtch team will have created:
    • a style guide for documentation, and ✅
    • have used it to ensure that all Cwtch features have consistent documentation available, 🟡
    • with at least one screenshot (where applicable). 🟡
  • By 31st March 2023 the Cwtch team will have published:
  • By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. ✅
  • By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team ❌
  • By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable ✅ (this post!)

While we didn't hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:

A Timeline for Cwtch Stable

Now for the big news, we plan on releasing a candidate Cwtch Stable release during Summer 2023. Here is our plan for getting there:

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document
    • A Cwtch Packaging Document
    • Completion of documentation of existing Cwtch features, including relevant screenshots.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries
    • Automatically generated API documentation for libCwtch
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-testing-i/index.html b/build-staging/es/blog/cwtch-testing-i/index.html index d0c3bed5..186096e9 100644 --- a/build-staging/es/blog/cwtch-testing-i/index.html +++ b/build-staging/es/blog/cwtch-testing-i/index.html @@ -12,14 +12,14 @@ - - + +
-

Notes on Cwtch UI Testing

· Lectura de 5 minutos
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

Current Limitations of Flutter Gherkin

The original flutter_gherkin is under semi-active development; however, the latest published versions don't support using it with flutter test.

  • Flutter Test was originally intended to run single widget/unit tests for a Flutter project.
  • Flutter Drive was originally intended to run integration tests on a device or an emulator.

However, in recent releases these lines have become blurred. The new integration_test package that comes built into newer Flutter releases has support for both flutter drive and flutter test. This was a great change because it decreases the required overhead to run larger integration tests (flutter drive sets up a host-controller model that requires a dedicated control channel to be setup, whereas flutter test can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).

There is thankfully code in the flutter_gherkin repository that supports running tests with flutter test, however this code currently has a few issues:

  • The test code generation produces code that doesn't compile without minor changes.
  • Certain functionality like "take a screenshot" does not work on desktop.

Additionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:

  • Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.
  • Certain Flutter widgets like DropdownButton are not compatible with built-in steps like tap because they internally contain multiple copies of the same widget.

Because of the above issues we have chosen to fork flutter_gherkin to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.

Integrating Tests into the Pipeline

One of the major limitations of flutter test is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.

Thankfully it is possible to use Xfvb to create a virtual framebuffer, and set DISPLAY to render to that buffer:

export DISPLAY=:99
Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &

This allows us to neutralize our main issue with flutter test, and efficiently run tests in our pipeline.

Catching Bugs!

This small amount of integration work has already caught its first bug.

Once we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. 02_save_load.feature simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on +

Notes on Cwtch UI Testing

· Lectura de 5 minutos
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

Current Limitations of Flutter Gherkin

The original flutter_gherkin is under semi-active development; however, the latest published versions don't support using it with flutter test.

  • Flutter Test was originally intended to run single widget/unit tests for a Flutter project.
  • Flutter Drive was originally intended to run integration tests on a device or an emulator.

However, in recent releases these lines have become blurred. The new integration_test package that comes built into newer Flutter releases has support for both flutter drive and flutter test. This was a great change because it decreases the required overhead to run larger integration tests (flutter drive sets up a host-controller model that requires a dedicated control channel to be setup, whereas flutter test can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).

There is thankfully code in the flutter_gherkin repository that supports running tests with flutter test, however this code currently has a few issues:

  • The test code generation produces code that doesn't compile without minor changes.
  • Certain functionality like "take a screenshot" does not work on desktop.

Additionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:

  • Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.
  • Certain Flutter widgets like DropdownButton are not compatible with built-in steps like tap because they internally contain multiple copies of the same widget.

Because of the above issues we have chosen to fork flutter_gherkin to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.

Integrating Tests into the Pipeline

One of the major limitations of flutter test is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.

Thankfully it is possible to use Xfvb to create a virtual framebuffer, and set DISPLAY to render to that buffer:

export DISPLAY=:99
Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &

This allows us to neutralize our main issue with flutter test, and efficiently run tests in our pipeline.

Catching Bugs!

This small amount of integration work has already caught its first bug.

Once we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. 02_save_load.feature simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on development environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.

The cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory $USER_HOME/Downloads didn't exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.

As we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!

Next Steps

  • More automated tests: We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.

  • More platforms: Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across our target platforms. We expect to start this work soon; expect more news in a future Cwtch Testing update!

  • More steps: One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the expect to see the message step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. send a file or set profile picture.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-testing-ii/index.html b/build-staging/es/blog/cwtch-testing-ii/index.html index 5470f7b6..f6bac484 100644 --- a/build-staging/es/blog/cwtch-testing-ii/index.html +++ b/build-staging/es/blog/cwtch-testing-ii/index.html @@ -12,15 +12,15 @@ - - + +
-

Notes on Cwtch UI Testing (II)

· Lectura de 2 minutos
Sarah Jamie Lewis

In this development log, we investigate some text-based UI bugs encountered by Fuzzbot, add more automated UI tests to the pipeline, and announce a new release of the Cwtchbot library.

Constraining Cwtch UI Fields

Fuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this +

Notes on Cwtch UI Testing (II)

· Lectura de 2 minutos
Sarah Jamie Lewis

In this development log, we investigate some text-based UI bugs encountered by Fuzzbot, add more automated UI tests to the pipeline, and announce a new release of the Cwtchbot library.

Constraining Cwtch UI Fields

Fuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this doesn't pose a safety issue, it is unsightly.

Screenshot demonstrating how certain strings would violate the bounds of their containers.

These cases were fixed by parenting impacted elements in a Container with clip: hardEdge and decoration:BoxDecoration() (note that both of these are required as Container widgets in Flutter cannot set clipping logic without an associated decoration).

Now these clipped strings are tightly constrained to their container bounds.

These fixes are available in the latest Cwtch Nightly, and will be officially released in Cwtch 1.11.

More Automated UI Tests

We have added two new sets of automated UI tests to our pipeline:

  • 02: Global Settings - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. (PR: 628)
  • 04: Profile Management - these tests check that creating, unlocking, and deleting a profile work as expected. (PR: 632)

New Release of Cwtchbot

Cwtchbot has been updated to use the latest Cwtch 0.18.10 API.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/cwtch-ui-reproducible-builds-linux/index.html b/build-staging/es/blog/cwtch-ui-reproducible-builds-linux/index.html index 369243cd..5f16c301 100644 --- a/build-staging/es/blog/cwtch-ui-reproducible-builds-linux/index.html +++ b/build-staging/es/blog/cwtch-ui-reproducible-builds-linux/index.html @@ -3,7 +3,7 @@ -Cwtch UI Reproducible Builds (Linux) | The Cwtch Handbook +Progress Towards Reproducible UI Builds | The Cwtch Handbook @@ -12,13 +12,13 @@ - - + +
-

Cwtch UI Reproducible Builds (Linux)

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

- - +

Progress Towards Reproducible UI Builds

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/feed.json b/build-staging/es/blog/feed.json index 3a5a199a..e55881a6 100644 --- a/build-staging/es/blog/feed.json +++ b/build-staging/es/blog/feed.json @@ -6,9 +6,9 @@ "items": [ { "id": "https://docs.cwtch.im/es/blog/cwtch-ui-reproducible-builds-linux", - "content_html": "

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

\"A

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

", + "content_html": "

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

\"A

", "url": "https://docs.cwtch.im/es/blog/cwtch-ui-reproducible-builds-linux", - "title": "Cwtch UI Reproducible Builds (Linux)", + "title": "Progress Towards Reproducible UI Builds", "date_modified": "2023-07-14T00:00:00.000Z", "author": { "name": "Sarah Jamie Lewis" diff --git a/build-staging/es/blog/index.html b/build-staging/es/blog/index.html index b80a69c5..5d92f5fe 100644 --- a/build-staging/es/blog/index.html +++ b/build-staging/es/blog/index.html @@ -12,14 +12,14 @@ - - + +
-

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/page/2/index.html b/build-staging/es/blog/page/2/index.html index f61204d9..98dcd20e 100644 --- a/build-staging/es/blog/page/2/index.html +++ b/build-staging/es/blog/page/2/index.html @@ -12,14 +12,14 @@ - - + +
-

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· Lectura de 5 minutos
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· Lectura de 11 minutos
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 18 minutos
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· Lectura de 10 minutos
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/path-to-cwtch-stable/index.html b/build-staging/es/blog/path-to-cwtch-stable/index.html index 7ec3b023..7265514c 100644 --- a/build-staging/es/blog/path-to-cwtch-stable/index.html +++ b/build-staging/es/blog/path-to-cwtch-stable/index.html @@ -12,13 +12,13 @@ - - + +
-

Path to Cwtch Stable

· Lectura de 10 minutos
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

Tenets of Cwtch Stable

It is important to state that Cwtch Stable does not mean an end to Cwtch development. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:

  1. Consistent Interface – each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.
  2. Universal Availability and Cohesive Support – people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.
  3. Reproducible Builds – Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.
  4. Proven Security – we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.

Known Problems

To begin, let's outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.

  1. Lack of a Stable API for future feature development – while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)
  2. Special functionality in libCwtch-go – our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)
  3. libCwtch-rs partial support - we currently do not officially consider libCwtch-rs when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)
  4. Lack of Reproducible Pipelines - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)
  5. Lack of up to date, and translated, Security Documentation – the Cwtch security handbook is currently isolated from the rest of our documentation and doesn’t benefit from cross-linking, or translations. (Tenet 4)
  6. No Automated UI Tests – we put a lot of work into building out a testing framework for the UI, but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)
  7. Code Signing Provider – our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)
  8. Second-class Android Support - while we have put a lot of effort behind Android support across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)
  9. Lack of Fuzzing – while Fuzzbot sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)
  10. Lack of Formal Release Acceptance Process – currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to “unrelated” changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)
  11. Inconsistent Cwtch Information Discovery – our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)
  12. Incomplete Documentation – docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)

Plan of Action

Outside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:

  1. Define, Publish, and Implement a Cwtch Interface Specification Documentation – this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)
  2. Define, Publish, and Implement a Cwtch Release Process – this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)
  3. Define, Publish, and Implement a Cwtch Support Document - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)
  4. Define, Publish, and Implement a Cwtch Packaging Document - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)
  5. Define, Publish, and Implement a Reproducible Builds Document – this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)
  6. Expand the Cwtch Documentation Site – to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)
  7. Expand our Automated Testing to include UI and Fuzzing - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)
  8. Re-evaluate all Issues across all Cwtch related repositories – issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don’t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.
  9. Define a Stable Feature Set – there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)

Goals and Timelines

With all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:

  1. By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).
  2. By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.
  3. By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.
  4. By 31st March 2023, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).
  5. By 31st March 2023 the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.
  6. By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.
  7. By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.
  8. By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.

As these documents are written, and these goals met we will be posting them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, Cwtch development.

Help us get there!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- - +

Path to Cwtch Stable

· Lectura de 10 minutos
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

Tenets of Cwtch Stable

It is important to state that Cwtch Stable does not mean an end to Cwtch development. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:

  1. Consistent Interface – each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.
  2. Universal Availability and Cohesive Support – people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.
  3. Reproducible Builds – Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.
  4. Proven Security – we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.

Known Problems

To begin, let's outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.

  1. Lack of a Stable API for future feature development – while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)
  2. Special functionality in libCwtch-go – our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)
  3. libCwtch-rs partial support - we currently do not officially consider libCwtch-rs when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)
  4. Lack of Reproducible Pipelines - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)
  5. Lack of up to date, and translated, Security Documentation – the Cwtch security handbook is currently isolated from the rest of our documentation and doesn’t benefit from cross-linking, or translations. (Tenet 4)
  6. No Automated UI Tests – we put a lot of work into building out a testing framework for the UI, but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)
  7. Code Signing Provider – our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)
  8. Second-class Android Support - while we have put a lot of effort behind Android support across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)
  9. Lack of Fuzzing – while Fuzzbot sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)
  10. Lack of Formal Release Acceptance Process – currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to “unrelated” changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)
  11. Inconsistent Cwtch Information Discovery – our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)
  12. Incomplete Documentation – docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)

Plan of Action

Outside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:

  1. Define, Publish, and Implement a Cwtch Interface Specification Documentation – this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)
  2. Define, Publish, and Implement a Cwtch Release Process – this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)
  3. Define, Publish, and Implement a Cwtch Support Document - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)
  4. Define, Publish, and Implement a Cwtch Packaging Document - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)
  5. Define, Publish, and Implement a Reproducible Builds Document – this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)
  6. Expand the Cwtch Documentation Site – to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)
  7. Expand our Automated Testing to include UI and Fuzzing - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)
  8. Re-evaluate all Issues across all Cwtch related repositories – issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don’t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.
  9. Define a Stable Feature Set – there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)

Goals and Timelines

With all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:

  1. By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).
  2. By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.
  3. By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.
  4. By 31st March 2023, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).
  5. By 31st March 2023 the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.
  6. By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.
  7. By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.
  8. By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.

As these documents are written, and these goals met we will be posting them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, Cwtch development.

Help us get there!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ + \ No newline at end of file diff --git a/build-staging/es/blog/rss.xml b/build-staging/es/blog/rss.xml index 32e93356..22613e29 100644 --- a/build-staging/es/blog/rss.xml +++ b/build-staging/es/blog/rss.xml @@ -10,11 +10,11 @@ es Copyright © ${new Date().getFullYear()} Open Privacy Research Society - <![CDATA[Cwtch UI Reproducible Builds (Linux)]]> + <![CDATA[Progress Towards Reproducible UI Builds]]> https://docs.cwtch.im/es/blog/cwtch-ui-reproducible-builds-linux https://docs.cwtch.im/es/blog/cwtch-ui-reproducible-builds-linux Fri, 14 Jul 2023 00:00:00 GMT - Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

]]> + Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

]]> cwtch cwtch-stable reproducible-builds diff --git a/build-staging/es/blog/tags/api/index.html b/build-staging/es/blog/tags/api/index.html index 172e01cd..eae90577 100644 --- a/build-staging/es/blog/tags/api/index.html +++ b/build-staging/es/blog/tags/api/index.html @@ -12,13 +12,13 @@ - - + +
-

Un artículo etiquetados con "api"

Ver Todas Las Etiquetas

· Lectura de 18 minutos
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

- - +

Un artículo etiquetados con "api"

Ver Todas Las Etiquetas

· Lectura de 18 minutos
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/autobindings/index.html b/build-staging/es/blog/tags/autobindings/index.html index c128713c..4fd8cb82 100644 --- a/build-staging/es/blog/tags/autobindings/index.html +++ b/build-staging/es/blog/tags/autobindings/index.html @@ -12,14 +12,14 @@ - - + +
-

2 artículos etiquetados con "autobindings"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

2 artículos etiquetados con "autobindings"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/tags/bindings/index.html b/build-staging/es/blog/tags/bindings/index.html index 5c2d209c..ac2b2750 100644 --- a/build-staging/es/blog/tags/bindings/index.html +++ b/build-staging/es/blog/tags/bindings/index.html @@ -12,14 +12,14 @@ - - + +
-

5 artículos etiquetados con "bindings"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

5 artículos etiquetados con "bindings"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/tags/cwtch-stable/index.html b/build-staging/es/blog/tags/cwtch-stable/index.html index 8b4d540b..83a1fb8a 100644 --- a/build-staging/es/blog/tags/cwtch-stable/index.html +++ b/build-staging/es/blog/tags/cwtch-stable/index.html @@ -12,14 +12,14 @@ - - + +
-

18 artículos etiquetados con "cwtch-stable"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

18 artículos etiquetados con "cwtch-stable"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/tags/cwtch-stable/page/2/index.html b/build-staging/es/blog/tags/cwtch-stable/page/2/index.html index 9b00f37a..088723d2 100644 --- a/build-staging/es/blog/tags/cwtch-stable/page/2/index.html +++ b/build-staging/es/blog/tags/cwtch-stable/page/2/index.html @@ -12,14 +12,14 @@ - - + +
-

18 artículos etiquetados con "cwtch-stable"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

18 artículos etiquetados con "cwtch-stable"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· Lectura de 5 minutos
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· Lectura de 11 minutos
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 18 minutos
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· Lectura de 10 minutos
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/tags/cwtch/index.html b/build-staging/es/blog/tags/cwtch/index.html index 9de7bc02..4e2fa0c7 100644 --- a/build-staging/es/blog/tags/cwtch/index.html +++ b/build-staging/es/blog/tags/cwtch/index.html @@ -12,14 +12,14 @@ - - + +
-

18 artículos etiquetados con "cwtch"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

18 artículos etiquetados con "cwtch"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/tags/cwtch/page/2/index.html b/build-staging/es/blog/tags/cwtch/page/2/index.html index a4187832..eda3ba95 100644 --- a/build-staging/es/blog/tags/cwtch/page/2/index.html +++ b/build-staging/es/blog/tags/cwtch/page/2/index.html @@ -12,14 +12,14 @@ - - + +
-

18 artículos etiquetados con "cwtch"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

18 artículos etiquetados con "cwtch"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· Lectura de 5 minutos
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· Lectura de 11 minutos
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 18 minutos
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· Lectura de 10 minutos
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/tags/developer-documentation/index.html b/build-staging/es/blog/tags/developer-documentation/index.html index 96fb7728..956cd0a9 100644 --- a/build-staging/es/blog/tags/developer-documentation/index.html +++ b/build-staging/es/blog/tags/developer-documentation/index.html @@ -12,13 +12,13 @@ - - + +
-

2 artículos etiquetados con "developer-documentation"

Ver Todas Las Etiquetas

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

- - +

2 artículos etiquetados con "developer-documentation"

Ver Todas Las Etiquetas

· Lectura de 2 minutos
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· Lectura de 3 minutos
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/documentation/index.html b/build-staging/es/blog/tags/documentation/index.html index 6816315b..94979952 100644 --- a/build-staging/es/blog/tags/documentation/index.html +++ b/build-staging/es/blog/tags/documentation/index.html @@ -12,13 +12,13 @@ - - + +
-

Un artículo etiquetados con "documentation"

Ver Todas Las Etiquetas
- - +

Un artículo etiquetados con "documentation"

Ver Todas Las Etiquetas
+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/index.html b/build-staging/es/blog/tags/index.html index a9e34c93..7d4bdd28 100644 --- a/build-staging/es/blog/tags/index.html +++ b/build-staging/es/blog/tags/index.html @@ -12,13 +12,13 @@ - - + +
-

Tags

- - +

Tags

+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/libcwtch/index.html b/build-staging/es/blog/tags/libcwtch/index.html index 6c16438c..3f7cfb11 100644 --- a/build-staging/es/blog/tags/libcwtch/index.html +++ b/build-staging/es/blog/tags/libcwtch/index.html @@ -12,14 +12,14 @@ - - + +
-

2 artículos etiquetados con "libcwtch"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

2 artículos etiquetados con "libcwtch"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· Lectura de 5 minutos
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/tags/nightly/index.html b/build-staging/es/blog/tags/nightly/index.html index 12776c56..ec58a37c 100644 --- a/build-staging/es/blog/tags/nightly/index.html +++ b/build-staging/es/blog/tags/nightly/index.html @@ -12,14 +12,14 @@ - - + +
-

Un artículo etiquetados con "nightly"

Ver Todas Las Etiquetas

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

Un artículo etiquetados con "nightly"

Ver Todas Las Etiquetas

· Lectura de 2 minutos
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

- - + + \ No newline at end of file diff --git a/build-staging/es/blog/tags/planning/index.html b/build-staging/es/blog/tags/planning/index.html index b2288960..e50d5f9f 100644 --- a/build-staging/es/blog/tags/planning/index.html +++ b/build-staging/es/blog/tags/planning/index.html @@ -12,13 +12,13 @@ - - + +
-

4 artículos etiquetados con "planning"

Ver Todas Las Etiquetas

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 18 minutos
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· Lectura de 10 minutos
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- - +

4 artículos etiquetados con "planning"

Ver Todas Las Etiquetas

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 6 minutos
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· Lectura de 18 minutos
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· Lectura de 10 minutos
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/release/index.html b/build-staging/es/blog/tags/release/index.html index 988fe013..46b1ca08 100644 --- a/build-staging/es/blog/tags/release/index.html +++ b/build-staging/es/blog/tags/release/index.html @@ -12,13 +12,13 @@ - - + +
-

2 artículos etiquetados con "release"

Ver Todas Las Etiquetas

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

- - +

2 artículos etiquetados con "release"

Ver Todas Las Etiquetas

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· Lectura de 3 minutos
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/repliqate/index.html b/build-staging/es/blog/tags/repliqate/index.html index 9369f74f..7fa0979c 100644 --- a/build-staging/es/blog/tags/repliqate/index.html +++ b/build-staging/es/blog/tags/repliqate/index.html @@ -12,13 +12,13 @@ - - + +
-

3 artículos etiquetados con "repliqate"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- - +

3 artículos etiquetados con "repliqate"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/reproducible-builds/index.html b/build-staging/es/blog/tags/reproducible-builds/index.html index 81e9e72b..cc3bc371 100644 --- a/build-staging/es/blog/tags/reproducible-builds/index.html +++ b/build-staging/es/blog/tags/reproducible-builds/index.html @@ -12,13 +12,13 @@ - - + +
-

3 artículos etiquetados con "reproducible-builds"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- - +

3 artículos etiquetados con "reproducible-builds"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· Lectura de 8 minutos
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/security-handbook/index.html b/build-staging/es/blog/tags/security-handbook/index.html index 8089bef2..151296a9 100644 --- a/build-staging/es/blog/tags/security-handbook/index.html +++ b/build-staging/es/blog/tags/security-handbook/index.html @@ -12,13 +12,13 @@ - - + +
-

Un artículo etiquetados con "security-handbook"

Ver Todas Las Etiquetas
- - +

Un artículo etiquetados con "security-handbook"

Ver Todas Las Etiquetas
+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/support/index.html b/build-staging/es/blog/tags/support/index.html index 1387df09..cbdb2e03 100644 --- a/build-staging/es/blog/tags/support/index.html +++ b/build-staging/es/blog/tags/support/index.html @@ -12,13 +12,13 @@ - - + +
-

3 artículos etiquetados con "support"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· Lectura de 11 minutos
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

- - +

3 artículos etiquetados con "support"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· Lectura de 11 minutos
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

+ + \ No newline at end of file diff --git a/build-staging/es/blog/tags/testing/index.html b/build-staging/es/blog/tags/testing/index.html index 2ca08313..0131e6c6 100644 --- a/build-staging/es/blog/tags/testing/index.html +++ b/build-staging/es/blog/tags/testing/index.html @@ -12,13 +12,13 @@ - - + +
-

2 artículos etiquetados con "testing"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

- - +

2 artículos etiquetados con "testing"

Ver Todas Las Etiquetas

· Lectura de 5 minutos
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

+ + \ No newline at end of file diff --git a/build-staging/es/developing/building-a-cwtch-app/building-an-echobot/index.html b/build-staging/es/developing/building-a-cwtch-app/building-an-echobot/index.html index b667fd97..65c8b5b1 100644 --- a/build-staging/es/developing/building-a-cwtch-app/building-an-echobot/index.html +++ b/build-staging/es/developing/building-a-cwtch-app/building-an-echobot/index.html @@ -12,14 +12,14 @@ - - + +

Building a Cwtch Echobot

In this tutorial we will walk through building a simple Cwtch Echobot. A bot that, when messaged, simply responds with the message it was sent.

For completeness, we will build an Echobot in multiple difference Cwtch frameworks to get a feel for the different levels of functionality offered by each library or framework.

Using CwtchBot (Go)

CwtchBot Framework

This tutorial uses the CwtchBot framework.

Start by creating a new Go project, and a file main.go. In the main function:

package main

import (
    "cwtch.im/cwtch/event"
    "cwtch.im/cwtch/model"
    "cwtch.im/cwtch/model/attr"
    "cwtch.im/cwtch/model/constants"
    "fmt"
    "git.openprivacy.ca/sarah/cwtchbot"
    _ "github.com/mutecomm/go-sqlcipher/v4"
    "os/user"
    "path"
)

func main() {
    user, _ := user.Current()
    cwtchbot := bot.NewCwtchBot(path.Join(user.HomeDir, "/.echobot/"), "echobot")
    cwtchbot.Launch()

    // Set Some Profile Information
    cwtchbot.Peer.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name, "echobot2")
    cwtchbot.Peer.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.ProfileAttribute1, "A Cwtchbot Echobot")

    fmt.Printf("echobot address: %v\n", cwtchbot.Peer.GetOnion())

    for {
        message := cwtchbot.Queue.Next()
        cid, _ := cwtchbot.Peer.FetchConversationInfo(message.Data[event.RemotePeer])
        switch message.EventType {
        case event.NewMessageFromPeer:
            msg := cwtchbot.UnpackMessage(message.Data[event.Data])
            fmt.Printf("Message: %v\n", msg)
            reply := string(cwtchbot.PackMessage(msg.Overlay, msg.Data))
            cwtchbot.Peer.SendMessage(cid.ID, reply)
        case event.ContactCreated:
            fmt.Printf("Auto approving stranger %v %v\n", cid, message.Data[event.RemotePeer])
            // accept the stranger as a new contact
            cwtchbot.Peer.AcceptConversation(cid.ID)
            // Send Hello...
            reply := string(cwtchbot.PackMessage(model.OverlayChat, "Hello!"))
            cwtchbot.Peer.SendMessage(cid.ID, reply)
        }
    }
}

Using Imp (Rust)

Imp (Rust) Bot Framework

This tutorial uses the Imp Cwtch Bot framework (Rust). This framework is currently a work-in-progress and the API design is subject to change. IMP is also based on libcwtch-rs which is currently based on an older pre-stable API version of Cwtch. We are planning in updating libcwtch-rs in Summer 2023.

use std::borrow::BorrowMut;
use std::thread;
use chrono::{DateTime, FixedOffset};
use libcwtch;
use libcwtch::CwtchLib;
use libcwtch::structs::*;
use libcwtch::event::*;
use cwtch_imp::imp;
use cwtch_imp::behaviour::*;
use cwtch_imp::imp::Imp;

const BOT_HOME: &str = "~/.cwtch/bots/echobot";
const BOT_NAME: &str = "echobot";

struct Echobot {}

fn main() {
    let behaviour: Behaviour = BehaviourBuilder::new().name(BOT_NAME.to_string()).new_contact_policy(NewContactPolicy::Accept).build();
    let event_loop_handle = thread::spawn(move || {
        let mut echobot = Echobot {};
        let mut bot = Imp::spawn(behaviour,String::new(), BOT_HOME.to_string());
        bot.event_loop::<Echobot>(echobot.borrow_mut());
    });
    event_loop_handle.join().expect("Error running event loop");
}

impl imp::EventHandler for Echobot {
    fn on_new_message_from_contact(&self, cwtch: &dyn libcwtch::CwtchLib, profile: &Profile, conversation_id: ConversationID, handle: String, timestamp_received: DateTime<FixedOffset>, message: Message) {
        let response = Message {
            o: MessageType::TextMessage,
            d: message.d,
        };
        cwtch.send_message(&profile.profile_id, conversation_id, &response);
    }

    fn handle(&mut self, cwtch: &dyn CwtchLib, profile_opt: Option<&Profile>, event: &Event) {
        match event {
            Event::NewPeer { profile_id, tag, created, name, default_picture, picture, online, profile_data } => {
                println!(
                    "\n***** {} at {} *****\n",
                    name, profile_id.as_str()
                );
            }
            _ => (),
        };
    }
}
- - + + \ No newline at end of file diff --git a/build-staging/es/developing/building-a-cwtch-app/core-concepts/index.html b/build-staging/es/developing/building-a-cwtch-app/core-concepts/index.html index 854bd81d..c5c0b137 100644 --- a/build-staging/es/developing/building-a-cwtch-app/core-concepts/index.html +++ b/build-staging/es/developing/building-a-cwtch-app/core-concepts/index.html @@ -12,13 +12,13 @@ - - + +

Core Concepts

This page documents the core concepts that you, as a Cwtch App Developer, will encounter fairly frequently.

Cwtch Home Directory

Often referred to as $CWTCH_HOME, the Cwtch application home directory is the location where Cwtch stores all information from a Cwtch application.

Profiles

Cwtch profiles are saved as encrypted sqlite3 databases. You will rarely/never have to interact directly with the database. Instead each library provides a set of interfaces to interact with the Cwtch App, create profiles, manage profiles, and engage in conversations.

The Event Bus

Regardless of which library you end up choosing, the one constant interface you will have to get used to is the EventBus. Cwtch handles all asynchronous tasks (e.g. receiving a message from a peer) automatically, eventually placing a message on the EventBus. Application can subscribe to certain kinds of messages e.g. NewMessageFromPeer and setup an event handler to run code in response to such a message.

For an example see the Echo Bot tutorial.

Settings

Most Cwtch settings (with the exception of experiments) are designed for downstream graphical user interfaces e.g. themes / column layouts - in particular the Cwtch UI. As such these settings are not used at all by Cwtch libraries, and are only intended as a convenient storage place for UI configuration.

Experiments

Certain Cwtch features are gated behind experiments. These experiments need to be enabled before functionality related to them will activate. Different libraries may expose different experiments, and some libraries may not support certain experiments at all.

- - + + \ No newline at end of file diff --git a/build-staging/es/developing/building-a-cwtch-app/intro/index.html b/build-staging/es/developing/building-a-cwtch-app/intro/index.html index aac77c67..17d5f026 100644 --- a/build-staging/es/developing/building-a-cwtch-app/intro/index.html +++ b/build-staging/es/developing/building-a-cwtch-app/intro/index.html @@ -12,13 +12,13 @@ - - + +

Getting Started

Choosing A Cwtch Library

Cwtch Go Lib

The official Cwtch library is written in Go and can be found at https://git.openprivacy.ca/cwtch.im/cwtch. This library allows access to all Cwtch functionality.

CwtchBot

We also provide a specialized Cwtch Bot framework in Go that provides a more lightweight and tailored approach to building chat bots. For an introduction to building chatbots with the CwtchBot framework check out the building an echobot tutorial.

Autobindings (C-bindings)

The official c-bindings for Cwtch are automatically generated from the Cwtch Go Library. The API is limited compared to accessing the Cwtch Go Library directly, and is explicitly tailored towards building the Cwtch UI.

libCwtch-rs (Rust)

An experimental rust-fied version of Cwtch Autobindings is available in libCwtch-rs. While we have plans to officially adopt rust bindings in the future, right now Rust support lags behind the rest of the Cwtch ecosystem.

- - + + \ No newline at end of file diff --git a/build-staging/es/developing/category/building-a-cwtch-app/index.html b/build-staging/es/developing/category/building-a-cwtch-app/index.html index dce76516..a465ff05 100644 --- a/build-staging/es/developing/category/building-a-cwtch-app/index.html +++ b/build-staging/es/developing/category/building-a-cwtch-app/index.html @@ -12,13 +12,13 @@ - - + +

Building a Cwtch App

- - + + \ No newline at end of file diff --git a/build-staging/es/developing/intro/index.html b/build-staging/es/developing/intro/index.html index 70e97a66..ca186e47 100644 --- a/build-staging/es/developing/intro/index.html +++ b/build-staging/es/developing/intro/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/developing/release/index.html b/build-staging/es/developing/release/index.html index 7182e808..f7a780f4 100644 --- a/build-staging/es/developing/release/index.html +++ b/build-staging/es/developing/release/index.html @@ -12,13 +12,13 @@ - - + +

Release and Packaging Process

Cwtch builds are automatically constructed via Drone. In order to be built the tasks must be approved by a project team member.

Automated Testing

Drone carries out a suite of automated tests at various stages of the release pipeline.

Test SuiteRepositoryNotes
Integration Testcwtch.im/cwtchA full exercise of peer-to-peer and group messaging
File Sharing Testcwtch.im/cwtchTests that file sharing and image downloading work as expected
Automated Download Testcwtch.im/cwtchTests that automated image downloading (e.g. profile pictures) work as expected
UI Integration Testcwtch.im/cwtch-uiA suite of Gherkin tests to exercise various UI flows like Creating / Deleting profiles and changing settings

Cwtch Autobindings

Drone produces the following build artifacts for all Cwtch autobindings builds.

Build ArtifactPlatformNotes
android/cwtch-sources.jarAndroidgomobile derived source code for the Android Cwtch library
android/cwtch.aarAndroidAndroid Cwtch library. Supports arm, arm64, and amd64.
linux/libCwtch.hLinuxC header file
linux/libCwtch.soLinuxx64 shared library
windows/libCwtch.hWindowsC header file
windows/libCwtch.dllWindowsx64 bit shared library
macos/libCwtch.arm64.dylibMacOSArm64 shared library
macos/libCwtch.x64.dylibMacOSx64 shared library

UI Nightly Builds

We make unreleased versions of Cwtch available for testing as Cwtch Nightlies.

Each nightly build folder contains a collection of build artifacts e.g. (APK files for Android, installer executables for Android) in single convenient folder. A full list of build artifacts currently produced is as follows:

Build ArtifactPlatformNotes
cwtch-VERSION.apkAndroidSupports arm, arm64, and amd64. Can be sideloaded.
cwtch-VERSION.aabAndroidAndroid App Bundle for publishing to appstores
Cwtch-VERSION.dmgMacOS
cwtch-VERSION.tar.gzLinuxContains the code, libs, and assets in addition to install scripts for various devices
cwtch-VERSION.zipWindows
cwtch-installer-VERSION.exeWindowsNSIS powered installation wizard

Nightly builds are regularly purged from the system

Official Releases

The Cwtch Team meets on a regular basis and reaches consensus based on nightly testing feedback and project roadmaps.

When the decision is made to cut a release build, a nightly version is built with a new git tag reflecting the release version e.g. v.1.12.0. The build artifacts are then copied to the Cwtch release website to a dedicated versioned folder.

Reproducible Builds

We use repliqate to provide reproducible build scripts for Cwtch.

We update the repliqate-scripts repository with scripts for all official releases. Currently only Cwtch bindings are reproducible

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/appearance/index.html b/build-staging/es/docs/category/appearance/index.html index f6732d35..c17176fd 100644 --- a/build-staging/es/docs/category/appearance/index.html +++ b/build-staging/es/docs/category/appearance/index.html @@ -12,13 +12,13 @@ - - + +

Apariencia

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/behaviour/index.html b/build-staging/es/docs/category/behaviour/index.html index f96ddb2f..d4340b7e 100644 --- a/build-staging/es/docs/category/behaviour/index.html +++ b/build-staging/es/docs/category/behaviour/index.html @@ -12,13 +12,13 @@ - - + +

Comportamiento

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/contribute/index.html b/build-staging/es/docs/category/contribute/index.html index 3e53b832..1608caed 100644 --- a/build-staging/es/docs/category/contribute/index.html +++ b/build-staging/es/docs/category/contribute/index.html @@ -12,13 +12,13 @@ - - + +

Contribuye

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/conversations/index.html b/build-staging/es/docs/category/conversations/index.html index 5ecfe8e6..f9460740 100644 --- a/build-staging/es/docs/category/conversations/index.html +++ b/build-staging/es/docs/category/conversations/index.html @@ -12,13 +12,13 @@ - - + +

Conversations

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/experiments/index.html b/build-staging/es/docs/category/experiments/index.html index a11588ae..0e90aa4c 100644 --- a/build-staging/es/docs/category/experiments/index.html +++ b/build-staging/es/docs/category/experiments/index.html @@ -12,13 +12,13 @@ - - + +

Experiments

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/getting-started/index.html b/build-staging/es/docs/category/getting-started/index.html index d8b84ac3..39ffd498 100644 --- a/build-staging/es/docs/category/getting-started/index.html +++ b/build-staging/es/docs/category/getting-started/index.html @@ -12,13 +12,13 @@ - - + +

Getting started

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/groups/index.html b/build-staging/es/docs/category/groups/index.html index 2683d385..a97b8e0b 100644 --- a/build-staging/es/docs/category/groups/index.html +++ b/build-staging/es/docs/category/groups/index.html @@ -12,13 +12,13 @@ - - + +

Groups

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/platforms/index.html b/build-staging/es/docs/category/platforms/index.html index 8413a5fb..949f17dd 100644 --- a/build-staging/es/docs/category/platforms/index.html +++ b/build-staging/es/docs/category/platforms/index.html @@ -12,13 +12,13 @@ - - + +

Platforms

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/profiles/index.html b/build-staging/es/docs/category/profiles/index.html index c139c964..7223b4c5 100644 --- a/build-staging/es/docs/category/profiles/index.html +++ b/build-staging/es/docs/category/profiles/index.html @@ -12,13 +12,13 @@ - - + +

Perfiles

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/servers/index.html b/build-staging/es/docs/category/servers/index.html index 36e3706e..13e85074 100644 --- a/build-staging/es/docs/category/servers/index.html +++ b/build-staging/es/docs/category/servers/index.html @@ -12,13 +12,13 @@ - - + +

Servers

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/category/settings/index.html b/build-staging/es/docs/category/settings/index.html index 22f292fc..d4e83219 100644 --- a/build-staging/es/docs/category/settings/index.html +++ b/build-staging/es/docs/category/settings/index.html @@ -12,13 +12,13 @@ - - + +

Configuración

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/accept-deny-new-conversation/index.html b/build-staging/es/docs/chat/accept-deny-new-conversation/index.html index 7f47a59d..794534cf 100644 --- a/build-staging/es/docs/chat/accept-deny-new-conversation/index.html +++ b/build-staging/es/docs/chat/accept-deny-new-conversation/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/add-contact/index.html b/build-staging/es/docs/chat/add-contact/index.html index c40dc184..212af95a 100644 --- a/build-staging/es/docs/chat/add-contact/index.html +++ b/build-staging/es/docs/chat/add-contact/index.html @@ -12,13 +12,13 @@ - - + +

Starting a New Conversation

  1. Selecciona un perfil
  2. Haz clic en el botón Añadir
  3. Selecciona 'Agregar contacto'
  4. Pega una dirección de Cwtch
  5. El contacto se añadirá a tu lista de contactos
info

This documentation page is a stub. You can help by expanding it.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/block-contact/index.html b/build-staging/es/docs/chat/block-contact/index.html index 35834143..268c7086 100644 --- a/build-staging/es/docs/chat/block-contact/index.html +++ b/build-staging/es/docs/chat/block-contact/index.html @@ -12,13 +12,13 @@ - - + +

Bloquear un contacto

  1. En una ventana de conversación
  2. Ir a la Configuración
  3. Desplázate hacia abajo hasta bloquear contacto
  4. Mueve el interruptor para bloquear un contacto
info

This documentation page is a stub. You can help by expanding it.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/conversation-settings/index.html b/build-staging/es/docs/chat/conversation-settings/index.html index 7037c53b..86ca50e5 100644 --- a/build-staging/es/docs/chat/conversation-settings/index.html +++ b/build-staging/es/docs/chat/conversation-settings/index.html @@ -12,13 +12,13 @@ - - + +

Accessing Conversation Settings

In a conversation window, click on the Settings icon in the top bar.

This action will open up a new screen where you can view and manage the contact.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/delete-contact/index.html b/build-staging/es/docs/chat/delete-contact/index.html index a69c13fa..fff72696 100644 --- a/build-staging/es/docs/chat/delete-contact/index.html +++ b/build-staging/es/docs/chat/delete-contact/index.html @@ -12,13 +12,13 @@ - - + +

Removing a Conversation

danger

This feature will result in irreversible deletion. This cannot be undone.

  • In a chat with a contact, go to the conversation settings on the top right
  • Scroll to the leave this conversation button, and press it.
  • You will be prompted to confirm if you want to leave the conversation. This action cannot be undone.
info

This documentation page is a stub. You can help by expanding it.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/introduction/index.html b/build-staging/es/docs/chat/introduction/index.html index 0a8788f2..b81a241f 100644 --- a/build-staging/es/docs/chat/introduction/index.html +++ b/build-staging/es/docs/chat/introduction/index.html @@ -12,13 +12,13 @@ - - + +

Una Introducción al Chat P2P de Cwtch

Cwtch usa los servicios Onion de Tor v3 para establecer conexiones anónimas, peer-to-peer entre Perfiles.

Cómo funciona el chat P2P

Para poder chatear con tus amigos en una conversación peer-to-peer, ambos deben estar en línea.

Después de una conexión exitosa, ambas partes participan en un protocolo de autenticación que:

  • Verifica que cada parte tenga acceso a la clave privada asociada a su identidad pública.
  • Genera una clave de sesión efímera usada para cifrar toda comunicación durante la sesión.

Este intercambio (documentado con más detalle en protocolo de autenticación) es negable fuera de línea i.e. es posible que cualquier parte forje transcripciones de este intercambio de protocolo después del hecho, y como tal - después del hecho - es imposible demostrar definitivamente que el intercambio ha ocurrido en absoluto.

Una vez que el proceso de autenticación haya tenido éxito, tanto tu como tu contacto pueden comunicarse con la certeza de que nadie más puede aprender nada sobre el contenido o los metadatos de su conversación.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/message-formatting/index.html b/build-staging/es/docs/chat/message-formatting/index.html index d3536a6f..7c1de889 100644 --- a/build-staging/es/docs/chat/message-formatting/index.html +++ b/build-staging/es/docs/chat/message-formatting/index.html @@ -12,13 +12,13 @@ - - + +

Formato de mensajes

Experiments Required

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

Opcionalmente, puedes habilitar Enlaces Cliqueables para hacer URLs en mensajes cliqueables en Cwtch.

Actualmente Cwtch soporta el siguiente marcado de formato para los mensajes:

  • **negrita** que renderizará negrita
  • *cursiva* que renderizará cursiva
  • código que renderizará código
  • ^superscript^ que renderizará superíndice
  • _subscript_ que renderizará subíndice
  • ~~strikthroughh~~ que renderizará strikethrough
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/reply-to-message/index.html b/build-staging/es/docs/chat/reply-to-message/index.html index a943495e..c066497a 100644 --- a/build-staging/es/docs/chat/reply-to-message/index.html +++ b/build-staging/es/docs/chat/reply-to-message/index.html @@ -12,13 +12,13 @@ - - + +

Contestar a un mensaje

  1. Selecciona un mensaje al que deseas responder
  2. Desliza un mensaje hacia la derecha
  3. Escribe una respuesta al mensaje citado
  4. Pulsar enviar
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/save-conversation-history/index.html b/build-staging/es/docs/chat/save-conversation-history/index.html index 189b90a4..9ee05f49 100644 --- a/build-staging/es/docs/chat/save-conversation-history/index.html +++ b/build-staging/es/docs/chat/save-conversation-history/index.html @@ -12,13 +12,13 @@ - - + +

Guardar el historial de conversaciones

Por defecto, por privacidad, Cwtch no conserva el historial de conversaciones entre sesiones.

Para habilitar el historial de una conversación específica:

  1. En una ventana de conversación ve a Ajustes
  2. Ve a Guardar Historial
  3. Pulsa el menú desplegable
  4. Elege Guardar el Historial
  5. Ahora tu historial se guardará

El historial de conversaciones puede desactivarse en cualquier momento seleccionando "Borrar Historial" en el menú desplegable.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/share-address-with-friends/index.html b/build-staging/es/docs/chat/share-address-with-friends/index.html index 537dd861..c1bfc3eb 100644 --- a/build-staging/es/docs/chat/share-address-with-friends/index.html +++ b/build-staging/es/docs/chat/share-address-with-friends/index.html @@ -12,13 +12,13 @@ - - + +

Sharing Cwtch Addresses

There are many ways to share a Cwtch address.

Sharing Your Cwtch Address

  1. Ve a tu perfil
  2. Haz clic en el icono de copiar dirección

Ahora puedes compartir esta dirección. Las personas con esta dirección podrán añadirte como un contacto de Cwtch.

Para obtener información sobre cómo bloquear conexiones de personas que no conoces, por favor consulta Configuración: Bloquear Conexiones Desconocidas

Sharing A Friends Cwtch Address

Inside of Cwtch there is another mechanism for exchanging Cwtch addresses.

info

This documentation page is a stub. You can help by expanding it.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/share-file/index.html b/build-staging/es/docs/chat/share-file/index.html index 2f377065..2a865fe1 100644 --- a/build-staging/es/docs/chat/share-file/index.html +++ b/build-staging/es/docs/chat/share-file/index.html @@ -12,13 +12,13 @@ - - + +

Compartir un archivo

Experiments Required

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

Optionally, you can enable Image Previews and Profile Pictures to see display shared image previews in the conversation window.

En una conversación,

  1. Haz clic en el icono de adjuntar archivo
  2. Encuentra el archivo que quieres enviar
  3. Confirma que quieres enviarlo

¿Cómo funciona compartir archivos con grupos? ¿Mis archivos se almacenan en algún servidor?

Los archivos se envían a través de conexiones Cwtch Onion a Onion directamente de la persona que ofrece el archivo a la persona que lo recibe. La oferta inicial de enviar un archivo se publica como un mensaje estándar de Cwtch de conversación/superposición. Para grupos, esto significa que la oferta inicial (que contiene el nombre del archivo, el tamaño, el hash y un nonce) se publica en el servidor de grupos, pero entonces cada destinatario se conecta a usted individualmente para recibir el contenido real del archivo.

¿Significa esto que tengo que estar en linea para enviar un archivo?

Sí. Si la persona que ofrece el archivo se desconecta, tendrás que esperar a que se conecte para reanudar la transferencia de archivos. El protocolo subyacente divide los archivos en fragmentos individuales y verificables, para que en una versión futura puedas "rehost" un archivo publicado en un grupo, e incluso descargar desde múltiples hosts a la vez (como bittorrent).

¿Por qué aparecen contactos nuevos en mi lista?

Esto se debe a la forma en que Cwtch maneja actualmente conexiones desde direcciones desconocidas. Puesto que publicar un archivo en un grupo resulta en que los miembros del grupo se conecten directamente contigo, algunos de esos miembros pueden no estar en tu lista de contactos y por lo tanto su conexión de descarga contigo aparecerá en tu lista como una solicitud de contacto.

¿Qué es "SHA512"?

SHA512 es una Función hash criptográfica que puede utilizarse para verificar que el archivo que descargaste es una copia correcta del archivo que se ofreció. Cwtch realiza esta verificación por ti automáticamente, ¡pero eres bienvenido a probarlo tú mismo! Ten en cuenta que incluimos una nonce aleatoria con invitacions de archivos, así que un contacto no puede pedirte cualquier hash aleatorio que tengas o archivos de conversaciones de las que no formen parte.

¿Hay un límite de tamaño de archivo?

El límite actual es de 10 gigabytes por archivo.

¿Qué son los archivos .manifest?

Los archivos .manifest se utilizan al descargar el archivo para verificar que los fragmentos individuales se reciben correctamente, y reanudar transferencias interrumpidas. También contienen la información de la oferta original de archivos. Puedes borrarlos sin problemas una vez que la descarga haya finalizado. En Android, los manifiestos se almacenan en la caché de la aplicación, y se pueden borrar a través de la configuración del sistema.

¿Qué pasa con los metadatos de archivos?

Enviamos el nombre del archivo como sugerencia y le ayudamos a distinguirlo de otras invitaciones de archivos. El camino completo se despoja antes de enviar el archivo. Debes tener cuidado con los metadatos ocultos que pueden almacenarse en el archivo en sí, que varía dependiendo del formato del archivo. Por ejemplo, las imágenes pueden contener información sobre geolocalización e información sobre la cámara que las tomó. Los archivos PDF son notorios por contener información oculta como el nombre del autor o la máquina en la que fueron creados. En general, sólo deberías enviar y recibir archivos de personas en las que confíes.

¿Puedo descargar archivos automáticamente?

If the Image Previews and Profile Pictures experiment is enabled then Cwtch will automatically download images from accepted conversations

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/chat/unblock-contact/index.html b/build-staging/es/docs/chat/unblock-contact/index.html index b666bec9..ae1cd3bc 100644 --- a/build-staging/es/docs/chat/unblock-contact/index.html +++ b/build-staging/es/docs/chat/unblock-contact/index.html @@ -12,13 +12,13 @@ - - + +

Desbloquear un contacto

  1. Selecciona el contacto en tu lista de conversaciónes. Los contactos bloqueados se mueven al final de la lista.
  2. Ve a la configuración de conversación
  3. Desplázate hacia abajo para bloquear contacto
  4. Mueve el interruptor para desbloquear contacto
info

This documentation page is a stub. You can help by expanding it.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/contribute/developing/index.html b/build-staging/es/docs/contribute/developing/index.html index 3d5e8965..900f8999 100644 --- a/build-staging/es/docs/contribute/developing/index.html +++ b/build-staging/es/docs/contribute/developing/index.html @@ -12,13 +12,13 @@ - - + +

Developing Cwtch

This section documents some ways to get started with Cwtch Development.

Cwtch Issues Tracking Process

All Cwtch issues are tracked from the cwtch-ui git repository, even if the bug/feature originates in an upstream library. This allows us to keep everything in one place.

Issues are generally divided into 4 distinct categories:

  • Unprocessed - These are new issues that have not been discussed by the Cwtch team.
  • Scheduled - These issues have been planned for an upcoming release. They are usually tagged with the release they are expected to be fixed in e.g. cwtch-1.11. A core Cwtch team member is likely working on the issue, or is expecting to work on the issue in the coming weeks.
  • Desired - These are issues that we would like to fix but for some reason we are unable to schedule. This might be because the feature is large and requires a lot of effort, or because there is some blocker (e.g. a missing feature in Flutter or some other library) that prevents work on the feature.
  • Help Wanted - These are generally small issues that we would like to fix but that have been designated low priority. These are ideal first issues for volunteers.

If you would like to work on an open bug/feature, please comment on the issue and a member of the Cwtch team will follow up with advice on where to go from there. This helps us keep track of who is working on what problems, and reduces the amount of duplicate work. We aim to answer most queries within 24 hours, feel free to "bump" an issue if it takes longer than that.

note

Due to an issue with our email provider, we are currently unable to consistently send email from our gitea instance. Please regularly check open issues / pull-requests for updates (or subscribe to the repository's RSS feeds)

Cwtch Pull-Request Process

All pull-requests must be reviewed and approved by a core Cwtch team member prior to merging. Sarah reviews all new and active pull requests multiple times a week.

Build Bot

All Cwtch projects are set up with automated builds and testing. Every pull request is expected to be able to pass through these pipelines prior to being merged. If buildbot reports a failure then Sarah will work with you to determine the issue, and any necessary fixes.

Buildbot can fail for reasons beyond your control e.g. many of our integration tests rely setting up Tor connections, these can be brittle on occasion and result in timeouts and failures. Always confirm the root cause of a test failure before deciding what to do next.

Useful Resources

note

All contributions are eligible for stickers

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/contribute/documentation/index.html b/build-staging/es/docs/contribute/documentation/index.html index 27d73240..0541c235 100644 --- a/build-staging/es/docs/contribute/documentation/index.html +++ b/build-staging/es/docs/contribute/documentation/index.html @@ -12,13 +12,13 @@ - - + +

Documentation Style Guide

This section documents the expected structure and quality of Cwtch documentation.

Screenshots and Cast of Characters

Most Cwtch documentation should feature at least one screenshot or animated image. Screenshots of the Cwtch application should be focused on the feature being described by the documentation.

To ensure consistency between screenshots we suggest that the profile involved should serve particular, constant, roles.

  • Alice - used to represent the primary profile.
  • Bob - the primary contact, useful when demonstrating peer-to-peer features
  • Carol - a secondary contact, useful when demonstrating group features
  • Mallory - representing a malicious peer (to be used when demonstrating blocking functionality)

Dialogue and Content

Where screenshots and demonstrations show dialogue, conversations, and/or images please keep the conversations short, on a casual topic. Examples include:

  • Organizing a picnic
  • Sharing photos from a vacation
  • Sending a document for review

Experiments

All features that rely on an experiment being enabled should all this out prominently at the top of the page e.g.:

Experiments Required

This feature requires Experiments Enabled and the Example Experiment turned on.

Risks

If a feature might result in destruction of key material or permanent deletion of state, then these should also be called out at the top of the documentation e.g.:

danger

This feature will result in irreversible deletion of key material. This cannot be undone.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/contribute/stickers/index.html b/build-staging/es/docs/contribute/stickers/index.html index 5705cf8a..5031fb79 100644 --- a/build-staging/es/docs/contribute/stickers/index.html +++ b/build-staging/es/docs/contribute/stickers/index.html @@ -12,13 +12,13 @@ - - + +

Stickers

All contributions are eligible for stickers. If you are contributing to bug, feature, testing, or language, or have contributed significantly in the past then please email erinn@openprivacy.ca with details and an address for us to mail stickers to.

A Photo of Cwtch Stickers

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/contribute/testing/index.html b/build-staging/es/docs/contribute/testing/index.html index f7e65a50..0c8dfe57 100644 --- a/build-staging/es/docs/contribute/testing/index.html +++ b/build-staging/es/docs/contribute/testing/index.html @@ -12,13 +12,13 @@ - - + +

Pruebas de Cwtch

Esta sección documenta algunas formas de comenzar con la prueba de Cwtch.

Ejecutar Fuzzbot

FuzzBot es nuestro bot de pruebas de desarrollo. Puede añadir FuzzBot como contacto: cwtch:4y2hxlxqzautabituedksnh2ulcgm2coqbure6wvfpg4gi2ci25ta5ad.

Ayuda de FuzzBot

Enviar a FuzzBot un mensaje de help lo activará para enviar una respuesta con todos los comandos de prueba disponibles actualmente.

Para más información sobre FuzzBot consulta nuestro Blog de desarrollo.

Únete al Grupo de Pruebas de Candidatos de Lanzamientos de Cwtch

Enviar a Fuzzbot el comando de testgroup-invite hará que FuzzBot te invite al Grupo de Testeadores de Cwtch! Ahí puedes hacer preguntas, publicar informes de errores y ofrecer comentarios.

Cwtch Nightlies

Las construcciones de Cwtch Nightly son construcciones de desarrollo que contienen nuevas características que están listas para probar.

Las versiones más recientes de desarrollo de Cwtch están disponibles en nuestro servidor de compilación.

Nosotros no recomendamos que los testers se actualicen siempre a los últimos Nightlies. En su lugar publicaremos un mensaje en el Grupo de Pruebas de Candidatos de Lanzamientos de Cwtch cuando un Nightlie significativo se encuentre disponible. Un Nightly se considera significativo si contiene una nueva característica o una corrección importante de errores.

note

All contributions are eligible for stickers

Submitting Feedback

There are three main ways of submitting testing feedback to the team:

  • Via Cwtch: Either via the Release Candidate Testers Group or directly to a Cwtch team member.
  • Via Gitea: Please open an issue in https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues - please do not worry about duplicate issues, we will de-duplicate as part of our triage process.
  • Via Email: Email team@cwtch.im with the bug report and one of our team will look into it.
note

Due to an issue with our email provider, we are currently unable to consistently send email from our gitea instance. Please regularly check open issues / pull-requests for updates (or subscribe to the repository's RSS feeds)

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/contribute/translate/index.html b/build-staging/es/docs/contribute/translate/index.html index 03e6ed1d..f1acb8cb 100644 --- a/build-staging/es/docs/contribute/translate/index.html +++ b/build-staging/es/docs/contribute/translate/index.html @@ -12,13 +12,13 @@ - - + +

Translating Cwtch

Si quieres contribuir a la traducción de Cwtch o de este manual puedes aprender cómo aquí

Contributing Translations to the Cwtch Application

There are two ways to contribute to Cwtch applications.

Join our Lokalise Team

We use Lokalise for managing translations for the Cwtch application.

  1. Sign up for a Lokalise account
  2. Email team@cwtch.im with the language you are interested in translating and an email we can use to invite you to our Lokalise team.

Directly via Git

For new translations, you can make a copy of https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/l10n/intl_en.arb and begin translating - you can then either submit pull requests or directly send updates to us (team@cwtch.im) and we will merge them in.

For adding to existing translations you can make pull requests directly on any file in https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/l10n/ and we will review and merge them in.

Manual del usuario de Cwtch

This handbook is translated through Crowdin.

To join our Crowdin project:

  1. Sign up for an account on Crowdin.
  2. Join the cwtch-users-handbook project.

We bundle up changes to the documentation in batches and sync them with the Crowdin project on a regular basis.

note

All contributions are eligible for stickers

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/getting-started/supported_platforms/index.html b/build-staging/es/docs/getting-started/supported_platforms/index.html index df5f92f0..16286216 100644 --- a/build-staging/es/docs/getting-started/supported_platforms/index.html +++ b/build-staging/es/docs/getting-started/supported_platforms/index.html @@ -12,13 +12,13 @@ - - + +

Supported Platforms

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. If you are interested in testing Cwtch on a specific platform, or want to volunteer to help us official support a platform not listed here, then check out Contibuting to Cwtch.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOSOfficial SDK supprts arm, arm64, and amd64 architectures.
Other Android Distributions🟡🟡Testing Needed.
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/groups/accept-group-invite/index.html b/build-staging/es/docs/groups/accept-group-invite/index.html index 3fcb1a86..61061668 100644 --- a/build-staging/es/docs/groups/accept-group-invite/index.html +++ b/build-staging/es/docs/groups/accept-group-invite/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/groups/create-group/index.html b/build-staging/es/docs/groups/create-group/index.html index 9d8032b5..dfc6a565 100644 --- a/build-staging/es/docs/groups/create-group/index.html +++ b/build-staging/es/docs/groups/create-group/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/groups/edit-group-name/index.html b/build-staging/es/docs/groups/edit-group-name/index.html index c3c4b84d..bd3fef80 100644 --- a/build-staging/es/docs/groups/edit-group-name/index.html +++ b/build-staging/es/docs/groups/edit-group-name/index.html @@ -12,13 +12,13 @@ - - + +

Editar Nombre de un Grupo

Experimentos Requeridos

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

Los nombres de grupo son privados para ti, no serán compartidos, es tu nombre local para el grupo.

  1. En el panel de chat ir a la configuración
  2. Cambia el nombre del grupo
  3. Pulsa el botón guardar
  4. Ahora tu grupo tiene un nuevo nombre
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/groups/introduction/index.html b/build-staging/es/docs/groups/introduction/index.html index 1208efb0..b3844ec7 100644 --- a/build-staging/es/docs/groups/introduction/index.html +++ b/build-staging/es/docs/groups/introduction/index.html @@ -12,13 +12,13 @@ - - + +

Una Introducción a los Grupos de Cwtch

Experimentos Requeridos

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

Nota: la Comunicación de Grupos Resistentes a los Metadatos sigue siendo un área de investigación activa y lo que se documenta aquí probablemente cambie en el futuro.

De forma predeterminada, Cwtch sólo soporta chat de persona a persona. Para soportar conversaciones de varias personas y entrega offline, se requiere un tercero (no confiable). Llamamos a estas entidades "servidores"

Estos servidores pueden ser configurados por cualquiera y están pensados para estar siempre en línea. Lo más importante es que toda la comunicación con un servidor está diseñada de tal manera que el servidor aprenda la menor información posible sobre los contenidos o metadatos.

En muchos sentidos, la comunicación con un servidor es idéntica a la comunicación con un contacto regular de Cwtch. Se toman todos los mismos pasos, sin embargo el servidor siempre actúa como el par entrante, y el par saliente siempre utiliza par de claves efímeras - para que cada sesión del servidor esté desconectada.

Como tal, las conversaciones entre pares y servidores solo difieren en los tipos de mensajes que se envían entre las dos partes, con el servidor guardando todos los mensajes que recibe y permitiendo así que cualquier cliente busque mensajes antiguos.

The risk model associated with servers is more complicated that peer-to-peer communication, as such we currently require people who want to use servers within Cwtch to opt-in to the Group Chat experiment in order to add, manage and create groups on untrusted servers.

Cómo funcionan los Grupos en profundidad

Cuando una persona quiere iniciar una conversación grupal, primero genera aleatoriamente una clave grupal secreta. Todas las comunicaciones del grupo serán cifradas usando esta clave.

Junto con la clave de grupo, el creador del grupo también decide elServidor de Cwtch para usar como anfitrión del grupo. Para más información sobre cómo los servidores se autentican ver paquetes de claves.

Un Identificador de grupo se genera usando la clave de grupo y el servidor de grupo. Estos tres elementos se empaquetan en una invitación que puede ser enviada a los miembros potenciales del grupo (i.e a travez de las conexiones peer-to-peer existentes).

Para enviar un mensaje al grupo, un perfil se conecta al servidor que aloja al grupo (ver abajo), y encripta su mensaje usando la Clave de Grupo y genera una firma criptográfica a través de la Identificación de grupo, Servidor de Grupo y el mensaje descifrado (Ve: Formatos wire para más información).

Para recibir mensajes del grupo, un perfil debe estar conectado al servidor que aloja el grupo y descarga todos los mensajes (desde su conexión anterior). Los perfiles intentan descifrar cada mensaje usando la Clave de Grupo si logran verificar la firma (ve servidores de Cwtch, Grupos de Cwtch para una visión general de los ataques y mitigaciones).

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/groups/leave-group/index.html b/build-staging/es/docs/groups/leave-group/index.html index 19fd126e..586d65d4 100644 --- a/build-staging/es/docs/groups/leave-group/index.html +++ b/build-staging/es/docs/groups/leave-group/index.html @@ -12,13 +12,13 @@ - - + +

Cómo abandonar un grupo

Experimentos Requeridos

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

:::advertencia

Esta función resultará en la eliminación irreversible de material clave. Esto no se puede deshacer.

:::

  1. En el panel de chat ir a la configuración
  2. Desplázate hacia abajo en el panel de ajustes
  3. Pulsa abandonar la conversación
  4. Confirma que quieres salir
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/groups/manage-known-servers/index.html b/build-staging/es/docs/groups/manage-known-servers/index.html index 482dbd7e..cd51e0b6 100644 --- a/build-staging/es/docs/groups/manage-known-servers/index.html +++ b/build-staging/es/docs/groups/manage-known-servers/index.html @@ -12,13 +12,13 @@ - - + +

Administrar servidores

Experimentos Requeridos

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

Los grupos de Cwtch están alojados en servidores no confiables. Si quieres ver los servidores que conoces, su estado y los grupos alojados en ellos:

  1. En el panel de contactos
  2. Ve al icono de administrar servidores

Importar servidor alojado localmente

  1. Para importar un servidor alojado localmente haz clic en seleccionar el servidor local
  2. Selecciona el servidor que quieras
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/groups/send-invite/index.html b/build-staging/es/docs/groups/send-invite/index.html index 3a1c46d3..2a85b291 100644 --- a/build-staging/es/docs/groups/send-invite/index.html +++ b/build-staging/es/docs/groups/send-invite/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/intro/index.html b/build-staging/es/docs/intro/index.html index 3df5ee97..40852b4e 100644 --- a/build-staging/es/docs/intro/index.html +++ b/build-staging/es/docs/intro/index.html @@ -12,13 +12,13 @@ - - + +

¿Qué es Cwtch?

Cwtch (/kʊtʃ/ - Una palabra galesa más o menos traducida a “un abrazo que crea un lugar seguro”) es una aplicación de mensajería descentralizada, que preserva la privacidad.

  • Descentralizado y Abierto: No hay "Servicio de Cwtch" o "Red de Cwtch". Los participantes en Cwtch pueden albergar sus propios espacios seguros o prestar su infraestructura a otros que buscan un espacio seguro. El protocolo Cwtch es abierto, y cualquiera es libre de construir bots, servicios e interfaces de usuario e integrar e interactuar con Cwtch.
  • Preservación de la privacidad: Toda la comunicación en Cwtch está cifrada de extremo a extremo y tiene lugar en los servicios de Onion Tor v3.
  • Resistente a los metadatos: Cwtch ha sido diseñada de tal manera que no hay información intercambiada o disponible para nadie sin su consentimiento explícito, incluyendo mensajes on-the-wire y metadatos de protocolo.

Seguridad y cifrado

Para ver en profundidad la tecnología de seguridad, privacidad y cifrado subyacente utilizada en Cwtch, por favor consulte nuestro Manual de seguridad

Primeros pasos

Puedes descargar la última versión de Cwtch desde https://cwtch.im/download/

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/platforms/tails/index.html b/build-staging/es/docs/platforms/tails/index.html index 7cd14e04..6bb86d70 100644 --- a/build-staging/es/docs/platforms/tails/index.html +++ b/build-staging/es/docs/platforms/tails/index.html @@ -12,13 +12,13 @@ - - + +

Running Cwtch on Tails

New Feature

New in Cwtch 1.12

This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.

The following steps require that Tails has been launched with an Administration Password.

Tails uses Onion Grater to guard access to the control port. We have packaged an oniongrater configuration cwtch-tails.yml and setup script (install-tails.sh) with Cwtch on Linux.

The tails-specific part of the script is reproduced below:

    # Tails needs to be have been setup up with an Administration account
    # 
    # Make Auth Cookie Readable
    sudo chmod o+r /var/run/tor/control.authcookie
    # Copy Onion Grater Config
    sudo cp cwtch.yml /etc/onion-grater.d/cwtch.yml
    # Restart Onion Grater so the Config Takes effect
    sudo systemctl restart onion-grater.service

When launching, Cwtch on Tails should be passed the CWTCH_TAILS=true environment variable to automatically configure Cwtch for running in a Tails-like environment:

exec env CWTCH_TAILS=true LD_LIBRARY_PATH=~/.local/lib/cwtch/:~/.local/lib/cwtch/Tor ~/.local/lib/cwtch/cwtch

Install Location

The above command, and the below onion grater configuration assume that Cwtch was installed in ~/.local/lib/cwtch/cwtch - if Cwtch was installed somewhere else (or if you are running directly from the download folder) then you will need to adjust the commands.

Onion Grater Configuration

The oniongrater configuration cwtch-tails.yml is reproduced below. As noted this configuration is can likely be restricted much further. 

    ---
    # TODO: This can likely be restricted even further, especially in regards to the ADD_ONION pattern

    - apparmor-profiles:
        - '/home/amnesia/.local/lib/cwtch/cwtch'
      users:

        - 'amnesia'
      commands:
        AUTHCHALLENGE:

          - 'SAFECOOKIE .*'
        SETEVENTS:

          - 'CIRC WARN ERR'
          - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
        GETINFO:

          - '.*'
        GETCONF:

          - 'DisableNetwork'
        SETCONF:

          - 'DisableNetwork.*'
        ADD_ONION:

          - '.*'
        DEL_ONION:

          - '.+'
        HSFETCH:

          - '.+'
      events:
        CIRC:
          suppress: true
        ORCONN:
          suppress: true
        INFO:
          suppress: true
        NOTICE:
          suppress: true
        WARN:
          suppress: true
        ERR:
          suppress: true
        HS_DESC:
          response:

        - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
          replacement: '650 HS_DESC CREATED {} {} {} redacted {}'

        - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
          replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'

        - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
          replacement: '650 HS_DESC UPLOADED {} {} redacted'

        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH'
          replacement: '650 HS_DESC REQUESTED {} NO_AUTH'

        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
          replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'

        - pattern:     '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
          replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'

        - pattern:     '.*'
          replacement: ''
        HS_DESC_CONTENT:
          suppress: true

Persistence

By default, Cwtch creates $HOME/.cwtch and saves all encrypted profiles and settings files there. In order to save any profiles/conversations in Cwtch on Tails you will have to backup this folder to a non-volatile home.

See the Tails documentation for setting up persistent storage

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/availability-status/index.html b/build-staging/es/docs/profiles/availability-status/index.html index 1afa3420..5eca9f6c 100644 --- a/build-staging/es/docs/profiles/availability-status/index.html +++ b/build-staging/es/docs/profiles/availability-status/index.html @@ -12,13 +12,13 @@ - - + +

Setting Availability Status

New Feature

New in Cwtch 1.12

This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.

On the conversations pane click the Status icon next to your profile picture.

A drop-down menu will appear with various options e.g. Available, Away, and Busy

When you select Away or Busy as a status the border of your profile picture will change to reflect the status

Contacts will see this change reflected in their conversations pane.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/change-name/index.html b/build-staging/es/docs/profiles/change-name/index.html index e602ff8c..16ef7529 100644 --- a/build-staging/es/docs/profiles/change-name/index.html +++ b/build-staging/es/docs/profiles/change-name/index.html @@ -12,13 +12,13 @@ - - + +

Cambiar tu nombre para mostrar

  1. En la vista Administrar Perfiles, pulsa el lápiz junto al perfil que deseas editar
  2. Cambia tu nombre
  3. Haz clic en guardar perfil
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/change-password/index.html b/build-staging/es/docs/profiles/change-password/index.html index 48bee49d..7bc3ee12 100644 --- a/build-staging/es/docs/profiles/change-password/index.html +++ b/build-staging/es/docs/profiles/change-password/index.html @@ -12,13 +12,13 @@ - - + +

Cambiar tu contraseña

  1. Pulsa el lápiz junto al perfil que quieres editar
  2. Ve a la contraseña actual e introduce tu contraseña actual
  3. Ve a la nueva contraseña e introduce tu nueva contraseña
  4. Re introduce tu contraseña
  5. Haz clic en Guardar perfil
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/change-profile-image/index.html b/build-staging/es/docs/profiles/change-profile-image/index.html index b1fff97a..de585ff0 100644 --- a/build-staging/es/docs/profiles/change-profile-image/index.html +++ b/build-staging/es/docs/profiles/change-profile-image/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/create-a-profile/index.html b/build-staging/es/docs/profiles/create-a-profile/index.html index 2dbeddeb..f1c64cfd 100644 --- a/build-staging/es/docs/profiles/create-a-profile/index.html +++ b/build-staging/es/docs/profiles/create-a-profile/index.html @@ -12,13 +12,13 @@ - - + +

Crear un nuevo perfil

  1. Pulsa el botón + en la esquina inferior derecha y selecciona "Nuevo perfil"
  2. Elije un nombre para mostrar
  3. Selecciona si deseas proteger este perfil de forma local con cifrado fuerte:
    • Contraseña: tu cuenta está protegida de otras personas que pueden usar este dispositivo
    • Sin contraseña: cualquiera que tenga acceso a este dispositivo puede acceder a este perfil
  4. Introduce tu contraseña y vuelve a introducirla
  5. Haz clic en añadir un nuevo perfil

Una nota sobre los perfiles protegidos por contraseña (cifrado)

Los perfiles se almacenan localmente en el disco y se cifran usando una clave derivada de la contraseña conocida por el usuario (a través de pbkdf2).

Note that, once encrypted and stored on disk, the only way to recover a profile is by rederiving the key from the password - as such it isn't possible to provide a full list of profiles a user might have access to until they enter a password.

Consultar: Manual de seguridad de Cwtch.: Encriptación del perfil & Almacenamiento

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/delete-profile/index.html b/build-staging/es/docs/profiles/delete-profile/index.html index bd09e2e3..acff14ae 100644 --- a/build-staging/es/docs/profiles/delete-profile/index.html +++ b/build-staging/es/docs/profiles/delete-profile/index.html @@ -12,13 +12,13 @@ - - + +

Eliminar un perfil

danger

Esta función resultará en la eliminación irreversible de material clave. Esto no se puede deshacer.

  1. Pulsa el lápiz junto al perfil que quieres editar
  2. Desplázate hacia abajo hasta la parte inferior de la pantalla
  3. Pulsa eliminar
  4. Pulsa realmente eliminar perfil
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/exporting-profile/index.html b/build-staging/es/docs/profiles/exporting-profile/index.html index da225dde..3859d6ea 100644 --- a/build-staging/es/docs/profiles/exporting-profile/index.html +++ b/build-staging/es/docs/profiles/exporting-profile/index.html @@ -12,13 +12,13 @@ - - + +

Copia de seguridad o Exportación de un perfil

En la pantalla de administración de perfiles:

  1. Pulsa el lápiz junto al perfil que quieres editar
  2. Desplázate hacia abajo hasta la parte inferior de la pantalla
  3. Selecciona "Exportar perfil"
  4. Elige una ubicación y un nombre de archivo
  5. Confirma

Una vez confirmado, Cwtch hará una copia del perfil en la ubicación dada. Este archivo está cifrado al mismo nivel que el perfil. Consulta Una nota sobre Perfiles protegidos con contraseña (cifrados) para obtener más información sobre perfiles cifrados.

Este archivo puede ser importado en otra instancia de Cwtch en cualquier dispositivo.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/importing-a-profile/index.html b/build-staging/es/docs/profiles/importing-a-profile/index.html index 9e8ebdb9..296f1842 100644 --- a/build-staging/es/docs/profiles/importing-a-profile/index.html +++ b/build-staging/es/docs/profiles/importing-a-profile/index.html @@ -12,13 +12,13 @@ - - + +

Importar un perfil

  1. Pulsa el botón + en la esquina inferior derecha y selecciona "Importar perfil"
  2. Selecciona un archivo de perfil exportado de Cwtch para importar
  3. Introduce la contraseña asociada con el perfil y confirma.

Una vez confirmado, Cwtch intentará descifrar el archivo proporcionado usando una clave derivada de la contraseña dada. Si es exitoso el perfil aparecerá en la pantalla de Administración de Perfiles y estará listo para usar.

note

Aunque un perfil puede ser importado en varios dispositivos, actualmente sólo una versión de un perfil puede estar en uso en todos los dispositivos a la vez.

Los intentos de usar el mismo perfil en varios dispositivos puede resultar en problemas de disponibilidad y fallos de mensajería.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/introduction/index.html b/build-staging/es/docs/profiles/introduction/index.html index ac06cdf3..6ce6dcfa 100644 --- a/build-staging/es/docs/profiles/introduction/index.html +++ b/build-staging/es/docs/profiles/introduction/index.html @@ -12,13 +12,13 @@ - - + +

Una Introducción a los Perfiles de Cwtch

Con Cwtch puedes crear uno o más Perfiles. Cada perfil genera un par de claves aleatorias ed25519 compatibles con la Red Tor.

Este es el identificador que puedes dar a tus contactos y que pueden usar para contactarte a través de Cwtch.

Cwtch te permite crear y administrar perfiles múltiples y separados. Cada perfil está asociado con un par de claves diferente que lanza un servicio de Onion diferente.

Administrar Perfiles

Al iniciarse Cwtch lanzará la pantalla Administrar Perfiles. Desde esta pantalla puedes:

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/profile-info/index.html b/build-staging/es/docs/profiles/profile-info/index.html index 136b1ff0..f083a050 100644 --- a/build-staging/es/docs/profiles/profile-info/index.html +++ b/build-staging/es/docs/profiles/profile-info/index.html @@ -12,13 +12,13 @@ - - + +

Setting Profile Attributes

New Feature

New in Cwtch 1.12

This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.

On the profile management pane there are three free-form text fields below your profile picture.

You can fill these fields with any information your would like potential contacts to know. This information is public - do not put any information in here that you do not want to share with everyone.

Contacts will be able to see this information in conversation settings

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/profiles/unlock-profile/index.html b/build-staging/es/docs/profiles/unlock-profile/index.html index 3434706f..f89c6086 100644 --- a/build-staging/es/docs/profiles/unlock-profile/index.html +++ b/build-staging/es/docs/profiles/unlock-profile/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/servers/create-server/index.html b/build-staging/es/docs/servers/create-server/index.html index bfe6cb76..30d3e7be 100644 --- a/build-staging/es/docs/servers/create-server/index.html +++ b/build-staging/es/docs/servers/create-server/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/servers/delete-server/index.html b/build-staging/es/docs/servers/delete-server/index.html index c4df7dcd..e1bb5246 100644 --- a/build-staging/es/docs/servers/delete-server/index.html +++ b/build-staging/es/docs/servers/delete-server/index.html @@ -12,13 +12,13 @@ - - + +

Cómo eliminar un servidor

Experimentos Requeridos

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

  1. Ve al icono del servidor
  2. Selecciona el servidor que quieres eliminar
  3. Pulsa el icono de lápiz
  4. Desplázate hacia abajo e introduce tu contraseña
  5. Pulsa borrar
  6. Pulsar eliminar realmente
  7. Tu servidor ha sido eliminado
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/servers/edit-server/index.html b/build-staging/es/docs/servers/edit-server/index.html index 374fd42c..59578fb9 100644 --- a/build-staging/es/docs/servers/edit-server/index.html +++ b/build-staging/es/docs/servers/edit-server/index.html @@ -12,13 +12,13 @@ - - + +

Cómo editar un servidor

Experimentos Requeridos

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

  1. Ve al icono del servidor
  2. Selecciona el servidor que quieres editar
  3. Pulsa el icono de lápiz
  4. Cambia la descripción/ o activa o desactiva el servidor
  5. Haz clic en guardar el servidor
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/servers/introduction/index.html b/build-staging/es/docs/servers/introduction/index.html index 9006b718..d3a5c27f 100644 --- a/build-staging/es/docs/servers/introduction/index.html +++ b/build-staging/es/docs/servers/introduction/index.html @@ -12,13 +12,13 @@ - - + +

Introducción a Servidores

Experimentos Requeridos

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

El chat de Cwtch entre dos usuarios es completamente par a par (peer-to-peer), lo que significa que si un usuario está desconectado no puedes chatear con él, y no hay un mecanismo para que múltiples personas puedan chatear.

Para dar soporte al chat de grupo (y a la entrega sin conexión) hemos creado servidores no confiables que pueden albergar mensajes para un grupo. Los mensajes se cifran con la clave del grupo, y se obtienen a través de Onions efímeros, por lo que el servidor no tiene forma de saber qué mensajes podría tener para qué grupos, o quién está accediendo a él.

Los servidores que se ejecutan actualmente en la aplicación Cwtc sólo son compatibles con la versión de Escritorio ya que la conexión a Internet de los dispositivos móviles y el entorno móvil es demasiado inestable e inadecuado para ejecutar un servidor.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/servers/share-key/index.html b/build-staging/es/docs/servers/share-key/index.html index 1ec43305..cdae03cd 100644 --- a/build-staging/es/docs/servers/share-key/index.html +++ b/build-staging/es/docs/servers/share-key/index.html @@ -12,13 +12,13 @@ - - + +

Cómo compartir tu Paquete de Claves del Servidor

Experimentos Requeridos

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

El Paquete de Claves del Servidor es el paquete de datos que una aplicación Cwtch necesita para poder usar un servidor. Si sólo quieres hacer que otros usuarios de Cwtch tengan conocimiento de tu servidor, puedes compartir ésto con ellos. Entonces tendrán la habilidad de crear sus propios grupos en el servidor.

  1. Ve al icono del servidor
  2. Selecciona el servidor que quieras
  3. Usa el icono de copiar la dirección para copiar las claves del servidor
  4. No compartas las claves con gente en la que no confías
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/servers/unlock-server/index.html b/build-staging/es/docs/servers/unlock-server/index.html index 4c211cf1..3162c930 100644 --- a/build-staging/es/docs/servers/unlock-server/index.html +++ b/build-staging/es/docs/servers/unlock-server/index.html @@ -12,13 +12,13 @@ - - + +

Cómo desbloquear un servidor

Experimentos Requeridos

Esta función requiere Experimentos habilitados y el Experimento de Grupos activado.

Si protegiste tu servidor con una contraseña, tendrá que ser desbloqueado cada vez que reinicies la aplicación.

  1. Ve al icono del servidor
  2. Pulsa el icono de desbloqueo rosa
  3. Introduce la contraseña de tu servidor
  4. Pulsa Desbloquear
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/appearance/change-language/index.html b/build-staging/es/docs/settings/appearance/change-language/index.html index b9294f39..709fc4ac 100644 --- a/build-staging/es/docs/settings/appearance/change-language/index.html +++ b/build-staging/es/docs/settings/appearance/change-language/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/appearance/light-dark-mode/index.html b/build-staging/es/docs/settings/appearance/light-dark-mode/index.html index b9523dfb..ecdb5e54 100644 --- a/build-staging/es/docs/settings/appearance/light-dark-mode/index.html +++ b/build-staging/es/docs/settings/appearance/light-dark-mode/index.html @@ -12,13 +12,13 @@ - - + +

Explicación de temas Claros/Oscuros

  1. Pulsa el icono de configuración
  2. Puedes elegir tema claro u oscuro activando el interruptor de "usar temas claros"
  3. Usando el menú desplegable "temas de color", elige un tema que te guste
    1. Cwtch: tonos morados
    2. Fantasma: Tonos grises
    3. Sirena: Tonos turquesa y morados
    4. Medianoche: Tonos negros y grises
    5. Neón 1: Tonos morados y rosados
    6. Neón 2: Tonos morados y turquesa
    7. Calabaza: Tonos morados y naranjas
    8. Bruja: Tonos verdes y rosas
    9. Vampiro: Tonos morados y rojos
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/appearance/streamer-mode/index.html b/build-staging/es/docs/settings/appearance/streamer-mode/index.html index 13fb2d62..44c9c3e1 100644 --- a/build-staging/es/docs/settings/appearance/streamer-mode/index.html +++ b/build-staging/es/docs/settings/appearance/streamer-mode/index.html @@ -12,13 +12,13 @@ - - + +

Modo de streaming/presentación

El modo de streaming / presentación hace la aplicación más visualmente privada. In this mode, Cwtch will not display auxiliary information like Cwtch addresses and other sensitive information on the main screens.

Esto es útil cuando se toman capturas de pantalla o cuando se muestra Cwtch de una manera más pública.

  1. Pulsa el icono de configuración
  2. Activar "Modo Streamer"
  3. Comprueba que funciona mirando tu perfil o tu lista de contactos
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/appearance/ui-columns/index.html b/build-staging/es/docs/settings/appearance/ui-columns/index.html index d516e2c8..89464919 100644 --- a/build-staging/es/docs/settings/appearance/ui-columns/index.html +++ b/build-staging/es/docs/settings/appearance/ui-columns/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/behaviour/block-unknown-connections/index.html b/build-staging/es/docs/settings/behaviour/block-unknown-connections/index.html index 5fa3a1ff..4d135f8f 100644 --- a/build-staging/es/docs/settings/behaviour/block-unknown-connections/index.html +++ b/build-staging/es/docs/settings/behaviour/block-unknown-connections/index.html @@ -12,13 +12,13 @@ - - + +

Bloquear Conexiones Desconocidas

By default, Cwtch interprets connections from unknown Cwtch addresses as Contact Requests. Puede cambiar este comportamiento a través de la configuración de Bloquear Conexiones Desconocidas.

Si está activado, Cwtch cerrará automáticamente todas las conexiones de las direcciones de Cwtch que no has añadido a tu lista de contactos. This will prevent people who have your Cwtch address from contacting you unless you also add them.

Para habilitar:

  1. Ve a la Configuración
  2. Habilita Bloquear Contactos Desconocidos
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/behaviour/notification-content/index.html b/build-staging/es/docs/settings/behaviour/notification-content/index.html index 5d597159..88231e86 100644 --- a/build-staging/es/docs/settings/behaviour/notification-content/index.html +++ b/build-staging/es/docs/settings/behaviour/notification-content/index.html @@ -12,13 +12,13 @@ - - + +

Contenido de notificaciones

  1. Ir a la configuración
  2. Desplazar a comportamiento
  3. El contenido de las notificaciones controla el contenido de las notificaciones
    1. Evento simple: "Nuevo mensaje" solamente
    2. Información de la conversación: "Nuevo mensaje de XXXXX"
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/behaviour/notification-policy/index.html b/build-staging/es/docs/settings/behaviour/notification-policy/index.html index cfd7e454..6d6ee675 100644 --- a/build-staging/es/docs/settings/behaviour/notification-policy/index.html +++ b/build-staging/es/docs/settings/behaviour/notification-policy/index.html @@ -12,13 +12,13 @@ - - + +

Política de notificaciones

  1. Ir a la configuración
  2. Desplazar al comportamiento
  3. La política de notificación controla el comportamiento de las notificaciones
  4. Haz clic en Predeterminado para cambiar el comportamiento para optar o silenciar todas las notificaciones
  5. Elige tu política de notificación preferida
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/experiments/clickable-links/index.html b/build-staging/es/docs/settings/experiments/clickable-links/index.html index 22aa7dfb..ad622632 100644 --- a/build-staging/es/docs/settings/experiments/clickable-links/index.html +++ b/build-staging/es/docs/settings/experiments/clickable-links/index.html @@ -12,13 +12,13 @@ - - + +

Experimento de Enlaces Cliqueables

danger

Esta función, si está activada, presenta un riesgo de desanonimización.

no abras las URLs de personas en las que no confías. Los enlaces enviados a través de Cwtch se abren a través del navegador predeterminado en el sistema. La mayoría de los navegadores web no pueden proporcionar anonimato.

Activa el Experimento de Enlaces Cliqueables

Los enlaces cliqueables no están habilitados por defecto. Para permitir a Cwtch abrir enlaces en mensajes:

  1. Ir a Configuración
  2. Habilitar Experimentos
  3. Activa el Experimento de Enlaces Cliqueables

Riesgos

Los enlaces cliqueables en los mensajes son una característica muy útil, sin embargo, hay riesgos que debes tener en cuenta si decides activar esta función.

Para prevenir la activación accidental, después de hacer clic en un enlace en un mensaje, Cwtch abrirá primero un aviso adicional con dos opciones:

  1. Copia la URL al portapapeles
  2. Abre la URL en el navegador web predeterminado

Puedes usar el botón de retroceso de tu dispositivo o hacer clic lejos de este aviso para evitar seleccionar cualquiera de las dos opciones.

Cwtch No puede protegerte si abres enlaces maliciosos.

La URL se abre en el navegador web predeterminado el cual es probable, como mínimo, que exponga tu dirección IP al servidor que aloja la URL. Las páginas web también pueden usar otras vulnerabilidades del navegador para obtener información adicional, o aprovecharse aún más de tu equipo.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/experiments/file-sharing/index.html b/build-staging/es/docs/settings/experiments/file-sharing/index.html index 59a7aa04..011c5a26 100644 --- a/build-staging/es/docs/settings/experiments/file-sharing/index.html +++ b/build-staging/es/docs/settings/experiments/file-sharing/index.html @@ -12,13 +12,13 @@ - - + +

Compartir Archivos

These setting enables Cwtch filesharing functionality. This reveals the "Share File" option in the conversation pane, and allows you to download files from conversations.

Optionally, you can enable Image Previews and Profile Pictures to download image files automatically, view image previews in the conversation window, and enable the Profile Pictures feature;

info

This documentation page is a stub. You can help by expanding it.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/experiments/group-experiment/index.html b/build-staging/es/docs/settings/experiments/group-experiment/index.html index 4d628cac..aefecdcc 100644 --- a/build-staging/es/docs/settings/experiments/group-experiment/index.html +++ b/build-staging/es/docs/settings/experiments/group-experiment/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/experiments/image-previews-and-profile-pictures/index.html b/build-staging/es/docs/settings/experiments/image-previews-and-profile-pictures/index.html index f3083c32..5214bda6 100644 --- a/build-staging/es/docs/settings/experiments/image-previews-and-profile-pictures/index.html +++ b/build-staging/es/docs/settings/experiments/image-previews-and-profile-pictures/index.html @@ -12,13 +12,13 @@ - - + +

Vista previa de imágenes y fotos de perfil

caution

This experiment requires the File Sharing experiment enabled.

When enabled, Cwtch will download image files automatically, display image previews in the conversation window, and enable the Profile Pictures feature;

On Desktop, enabling this experiment will allow access to an additional setting "Download Folder` which can be changed to tell Cwtch where to (automatically) download pictures.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/experiments/message-formatting/index.html b/build-staging/es/docs/settings/experiments/message-formatting/index.html index 99a18d94..e215f28f 100644 --- a/build-staging/es/docs/settings/experiments/message-formatting/index.html +++ b/build-staging/es/docs/settings/experiments/message-formatting/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/experiments/qrcodes/index.html b/build-staging/es/docs/settings/experiments/qrcodes/index.html index 77bf2c28..c389f21e 100644 --- a/build-staging/es/docs/settings/experiments/qrcodes/index.html +++ b/build-staging/es/docs/settings/experiments/qrcodes/index.html @@ -12,13 +12,13 @@ - - + +
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/experiments/server-hosting/index.html b/build-staging/es/docs/settings/experiments/server-hosting/index.html index 2afa3f87..de31cda5 100644 --- a/build-staging/es/docs/settings/experiments/server-hosting/index.html +++ b/build-staging/es/docs/settings/experiments/server-hosting/index.html @@ -12,13 +12,13 @@ - - + +

Alojamiento de servidor

El alojamiento del servidor es actualmente una característica experimental en Cwtch, no está habilitado por defecto.

  1. Ir a Configuración
  2. Habilitar Experimentos
  3. Habilitar el experimento de Alojamiento de servidor
  4. Probablemente también querrás activar el experimento de Grupos si quieres participar en un grupo alojado en tu servidor
- - + + \ No newline at end of file diff --git a/build-staging/es/docs/settings/introduction/index.html b/build-staging/es/docs/settings/introduction/index.html index 57146815..b4296e10 100644 --- a/build-staging/es/docs/settings/introduction/index.html +++ b/build-staging/es/docs/settings/introduction/index.html @@ -12,13 +12,13 @@ - - + +

Una Introducción a la configuración de Cwtch

Apariencia

These are settings which effect how Cwtch looks, including themes and localization.

Comportamiento

These settings impact how Cwtch responds to certain events e.g. notifications for new messages, or requests from unknown public addresses.

Experimentos

Hay muchas características en Cwtch que a los usuarios les gustaría tener pero cuya implementación requiere metadatos adicionales, o riesgo, más allá del mínimo que Cwtch requiere para operaciones básicas.

Como tal en Experimentos encontrarás un número de ajustes opcionales que, cuando se activan, proporcionan características adicionales como chat de grupo, intercambio de archivos o formato de mensaje.

Deberías pensar detenidamente al habilitar estas características sobre los nuevos riesgos que podrían implicar, y si estás cómodo optando por esos riesgos. Para muchos, los beneficios de compartir archivos, las previsualizaciones de imágenes y el chat de grupo superan con creces los daños potenciales - pero para otros requerimos que los usuarios opten por usar estas características.

Puede optar por no hacerlo en cualquier momento, todas las características se implementan localmente dentro de la aplicación Cwtch.

- - + + \ No newline at end of file diff --git a/build-staging/es/docs/tor/index.html b/build-staging/es/docs/tor/index.html index 827ebd41..79e4921b 100644 --- a/build-staging/es/docs/tor/index.html +++ b/build-staging/es/docs/tor/index.html @@ -12,13 +12,13 @@ - - + +

Tor

Cwtch utiliza Tor para proporcionar enrutamiento y conexiones. Usar servicios ocultos de Tor para albergar perfiles y conexiones "efímeras" proporciona fuertes garantías de anonimato a los usuarios de Cwtch a la hora de hacer conexiones.

Panel de Tor

Dado que estamos añadiendo una capa de red adicional a Cwtch, proporcionamos un panel para ver el estado de la red Tor y hacer cambios. Para acceder a él

  1. Desde el panel de lista de perfiles, haz clic en el icono de Tor icono de tor
  2. Ver el estado de la red tor
Estado de Tor: en línea
Versión Tor: 0.4.6.9

Reiniciar Tor

La red Tor puede ocasionalmente tener conexiones obsoletas que no son detectadas inmediatamente por Tor o por Cwtch (siempre estamos intentando mejorar esto). A veces un usuario puede encontrar contactos o grupos que aparecen fuera de línea que deberían estar en línea. Si quieres reiniciar todas las conexiones de red en Cwtch, proporcionamos un mecanismo para reiniciar tor desde el app. El botón Reiniciar reiniciará Tor desde la aplicación de Cwtch.

Consenso de Caché de Tor

Por defecto iniciamos un proceso nuevo de Tor cada vez que arranca la aplicación, y requiere descargar un estado de red de Tor antes de poder comenzar. Este proceso no es instantáneo. Si quieres acelerar el arranque de Cwtch, puedes habilitar Caché de Conflictos de Tor para acelerar futuros arranques. Si te encuentras con un problema de arranque en el que los datos son obsoletos o corruptos y el reporte de Cwtch no puede arrancar Tor, desactiva esta función y reinicia tor de nuevo, y debería funcionar.

Configuración avanzada de Tor

Ofrecemos la posibilidad de proporcionar avanzadamente la opción de configuración de Tor en esta sección permitiéndote

  • Especificar un puerto SOCKS personalizado para conectarse a una conexión Tor existente
  • Especifique un puerto de control personalizado para conectarse a una conexión Tor existente
  • y especificar opciones adicionales introduciendo opciones torrc personalizadas
- - + + \ No newline at end of file diff --git a/build-staging/es/index.html b/build-staging/es/index.html index 5c63faa8..55def1ed 100644 --- a/build-staging/es/index.html +++ b/build-staging/es/index.html @@ -12,13 +12,13 @@ - - + +

The Cwtch Handbook

Your Guide to setting up, and using, Surveillance Resistant Infrastructure

Get Started With Cwtch
- - + + \ No newline at end of file diff --git a/build-staging/es/security/category/connectivity--tor/index.html b/build-staging/es/security/category/connectivity--tor/index.html index 858d75ff..cc2815a3 100644 --- a/build-staging/es/security/category/connectivity--tor/index.html +++ b/build-staging/es/security/category/connectivity--tor/index.html @@ -12,13 +12,13 @@ - - + +

Connectivity & Tor

- - + + \ No newline at end of file diff --git a/build-staging/es/security/category/cwtch-components/index.html b/build-staging/es/security/category/cwtch-components/index.html index c8a1cbcc..6232b388 100644 --- a/build-staging/es/security/category/cwtch-components/index.html +++ b/build-staging/es/security/category/cwtch-components/index.html @@ -12,13 +12,13 @@ - - + +

Cwtch Components

- - + + \ No newline at end of file diff --git a/build-staging/es/security/category/cwtch-ui/index.html b/build-staging/es/security/category/cwtch-ui/index.html index b30f94e4..e767e222 100644 --- a/build-staging/es/security/category/cwtch-ui/index.html +++ b/build-staging/es/security/category/cwtch-ui/index.html @@ -12,13 +12,13 @@ - - + +

Cwtch UI

📄️ Image Previews

Built on the back of filesharing in Cwtch 1.3, image previews are keyed by the suggested filename’s extension (and no, we’re not interested in using MIME types or magic numbers) and advertised size. If enabled, the preview system will automatically download shared images to a configured downloads folder and display them as part of the message itself. (Due to limitations on Android, they’ll go to the app’s private storage cache, and give you the option to save them elsewhere later instead.) The file size limit is TBD but will obviously be much lower than the overall filesharing size limit, which is currently 10 gigabytes.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/category/cwtch/index.html b/build-staging/es/security/category/cwtch/index.html index 1e9c89ac..62967dbf 100644 --- a/build-staging/es/security/category/cwtch/index.html +++ b/build-staging/es/security/category/cwtch/index.html @@ -12,13 +12,13 @@ - - + +

Cwtch

- - + + \ No newline at end of file diff --git a/build-staging/es/security/category/tapir/index.html b/build-staging/es/security/category/tapir/index.html index 37ea9345..47ab63b4 100644 --- a/build-staging/es/security/category/tapir/index.html +++ b/build-staging/es/security/category/tapir/index.html @@ -12,13 +12,13 @@ - - + +

Tapir

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/connectivity/intro/index.html b/build-staging/es/security/components/connectivity/intro/index.html index 5bd5bdaf..a0856dea 100644 --- a/build-staging/es/security/components/connectivity/intro/index.html +++ b/build-staging/es/security/components/connectivity/intro/index.html @@ -12,13 +12,13 @@ - - + +

Connectivity

Cwtch makes use of Tor Onion Services (v3) for all inter-node communication.

We provide the openprivacy/connectivity package for managing the Tor daemon and setting up and tearing down onion services through Tor.

Known Risks

Private Key Exposure to the Tor Process

Status: Partially Mitigated (Requires Physical Access or Privilege Escalation to exploit)

We must pass the private key of any onion service we wish to set up to the connectivity library, through the Listen interface (and thus to the Tor process). This is one of the most critical areas that is outside of our control. Any binding to a rouge tor process or binary will result in compromise of the Onion private key.

Mitigations

Connectivity attempt to bind to the system-provided Tor process as the default, only when it has been provided with an authentication token.

Otherwise connectivity always attempts to deploy its own Tor process using a known good binary packaged with the system (outside of the scope of the connectivity package)

In the long term we hope an integrated library will become available and allow direct management through an in-process interface to prevent the private key from leaving the process boundary (or other alternative paths that allow us to maintain full control over the private key in-memory.)

Tor Process Management

Status: Partially Mitigated (Requires Physical Access or Privilege Escalation to exploit)

Many issues can arise from the management of a separate process, including the need to restart, exit and otherwise ensure appropriate management.

The ACN interface provides Restart, Close and GetBootstrapStatus interfaces to allow applications to manage the underlying Tor process. In addition the SetStatusCallback method can be used to allow an application to be notified when the status of the Tor process changes.

However, if sufficiently-privileged users wish they can interfere with this mechanism, and as such the Tor process is a more brittle component interaction than others.

Testing Status

Current connectivity has limited unit testing capabilities and none of these are run during pull requests or merges. There is no integration testing.

It is worth noting that connectivity is used by both Tapir and Cwtch in their integration tests (and so despite the lack of package level testing, it is exposed to system-wide test conditions)

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/cwtch/groups/index.html b/build-staging/es/security/components/cwtch/groups/index.html index b71f1c04..664494b1 100644 --- a/build-staging/es/security/components/cwtch/groups/index.html +++ b/build-staging/es/security/components/cwtch/groups/index.html @@ -12,13 +12,13 @@ - - + +

Groups

For the most part the Cwtch risk model for groups is split into two distinct profiles:

  • Groups made up of mutually trusted participants where peers are assumed honest.
  • Groups consisting of strangers where peers are assumed to be potentially malicious.

Most of the mitigations described in this section relate to the latter case, but naturally also impact the former. Even if assumed honest peers later turn malicious there are mechanisms that can detect such malice and prevent it from happening in the future.

Risk Overview: Key Derivation

In the ideal case we would use a protocol like OTR, the limitations preventing us from doing so right now are:

  • Offline messages are not guaranteed to reach all peers, and as such any metadata relating to key material might get lost. We need a key derivation process which is robust to missing messages or incomplete broadcast.

Risk: Malicious Peer Leaks Group Key and/or Conversation

Status: Partially Mitigated (but impossible to mitigate fully)

Whether dealing with trusted smaller groups or partially-public larger groups there is always the possibility that a malicious actor will leak group messages.

We plan to make it easy for peers to fork groups to mitigate the same key being used to encrypt lots of sensitive information and provide some level of forward secrecy for past group conversations.

Risk: Active Attacks by Group Members

Status: Partially Mitigated

Group members, who have access to the key material of the group, can conspire with a server or other group members to break transcript consistency.

While we cannot directly prevent censorship given this kind of active collusion, we have a number of mechanisms in place that should reveal the presence of censorship to honest members of the group.

Mitigations:

  • Because each message is signed by the peers public key, it should not be possible (within the cryptographic assumptions of the underlying cryptography) for one group member to imitate another.
  • Each message contains a unique identifier derived from the contents and the previous message hash - making it impossible for collaborators to include messages from non-colluding members without revealing an implicit message chain (which if they were attempting to censor other messages would reveal such censorship)

Finally: We are actively working on adding non-repudiation to Cwtch servers such that they themselves are restricted in what they can censor efficiently.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/cwtch/key_bundles/index.html b/build-staging/es/security/components/cwtch/key_bundles/index.html index d42f9fe0..a483a62f 100644 --- a/build-staging/es/security/components/cwtch/key_bundles/index.html +++ b/build-staging/es/security/components/cwtch/key_bundles/index.html @@ -12,13 +12,13 @@ - - + +

Key Bundles

Cwtch servers identify themselves through signed key bundles. These key bundles contain a list of keys necessary to make Cwtch group communication secure and metadata resistant.

At the time of writing, key bundles are expected to contain 3 keys:

  1. A Tor v3 Onion Service Public Key for the Token Board (ed25519)- used to connect to the service over Tor to post and receive messages.
  2. A Tor v3 Onion Service Public Key for the Token Service (ed25519) - used to acquire tokens to post on the service via a small proof-of-work exercise.
  3. A Privacy Pass Public Key - used in the token acquisition process (a ristretto curve point) . See: OPTR2019-01

The key bundle is signed and can be verified via the first v3 onion service key, thus binding it to that particular oninon address.

Verifying Key Bundles

Profiles who import server key bundles verify them using the following trust-on-first-use (TOFU) algorithm:

  1. Verify the attached signature using the v3 onion address of the server. (If this fails, the import process is halted)
  2. Check that every key type exists. (If this fails, the import process is halted)
  3. If the profile has imported the server key bundle previously, assert that all the keys are the same. (If this fails, the import process is halted)
  4. Save the keys to the servers contact entry.

In the future this algorithm will likely be altered to allow the addition of new public keys (e.g. to allow tokens to be acquired via a Zcash address.)

Technically, at steps (2) and (3() the server can be assumed to be malicious, having signed a valid key bundle that does not conform to the specifications. When groups are moved from "experimental" to "stable" such an action will result in a warning being communicated to the profile.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/cwtch/message_formats/index.html b/build-staging/es/security/components/cwtch/message_formats/index.html index 7a43697e..a4b30c4e 100644 --- a/build-staging/es/security/components/cwtch/message_formats/index.html +++ b/build-staging/es/security/components/cwtch/message_formats/index.html @@ -12,13 +12,13 @@ - - + +

Message Formats

Peer to Peer Messages

PeerMessage {
    ID      string // A unique Message ID (primarily used for acknowledgments)
    Context string // A unique context identifier i.e. im.cwtch.chat
    Data    []byte // The context-dependent serialized data packet.
}

Context Identifiers

  • im.cwtch.raw - Data contains a plain text chat message (see: overlays for more information)

  • im.cwtch.acknowledgement - Data is empty and ID references a previously sent message

  • im.cwtch.getVal and im.cwtch.retVal - Used for requesting / returning specific information about a peer. Data contains a serialized peerGetVal structure and peerRetVal respectively.

      peerGetVal struct {
              Scope string
              Path string
      }

      type peerRetVal struct {
          Val    string // Serialized path-dependent value
          Exists bool
      }

Plaintext / Decrypted Group Messages

type DecryptedGroupMessage struct {
    Text      string // plaintext of the message
    Onion     string // The Cwtch address of the sender
    Timestamp uint64 // A user specified timestamp
    // NOTE: SignedGroupID is now a misnomer, the only way this is signed is indirectly via the signed encrypted group messages
    // We now treat GroupID as binding to a server/key rather than an "owner" - additional validation logic (to e.g.
    // respect particular group constitutions) can be built on top of group messages, but the underlying groups are
    // now agnostic to those models.
    SignedGroupID      []byte 
    PreviousMessageSig []byte // A reference to a previous message
    Padding            []byte // random bytes of length = 1800 - len(Text)
}

DecryptedGroupMessage contains random padding to a fixed size that is equal to the length of all fixed length fields + 1800. This ensures that all encrypted group messages are equal length.

Encrypted Group Messages

// EncryptedGroupMessage provides an encapsulation of the encrypted group message stored on the server
type EncryptedGroupMessage struct {
    Ciphertext []byte
    Signature  []byte // Sign(groupID + group.GroupServer + base64(decrypted group message)) using the senders Cwtch key
}

Calculating the signature requires knowing the groupID of the message, the server the group is associated with and the decrypted group message (and thus, the Group Key). It is (ed25519) signed by the sender of the message, and can be verified using their public Cwtch address key.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/cwtch/server/index.html b/build-staging/es/security/components/cwtch/server/index.html index 1b46605e..0c203f76 100644 --- a/build-staging/es/security/components/cwtch/server/index.html +++ b/build-staging/es/security/components/cwtch/server/index.html @@ -12,13 +12,13 @@ - - + +

Cwtch Server

The goal of the Cwtch protocol is to enable group communication through Untrusted Infrastructure.

Unlike in relay-based schemes where the groups assign a leader, set of leaders, or a trusted third party server to ensure that every member of the group can send and receive messages in a timely manner (even if members are offline) - untrusted infrastructure has a goal of realizing those properties without the assumption of trust.

The original Cwtch paper defined a set of properties that Cwtch Servers were expected to provide:

  • Cwtch Server may be used by multiple groups or just one.
  • A Cwtch Server, without collaboration of a group member, should never learn the identity of participants within a group.
  • A Cwtch Server should never learn the content of any communication.
  • A Cwtch Server should never be able to distinguish messages as belonging to a particular group.

We note here that these properties are a superset of the design aims of Private Information Retrieval structures.

Malicious Servers

We expect the presence of malicious entities within the Cwtch ecosystem.

We also prioritize decentralization and permissionless entry into the ecosystem and as such we do not base any security claims on the following:

  • Any non-collusion assumptions between a set of Cwtch servers
  • Any third-party defined verification process

Peers themselves are encouraged to set up and run Cwtch servers where they can guarantee more efficient properties by relaxing trust and security assumptions - however, by default, we design the protocol to be secure without these assumptions - sacrificing efficiency where necessary.

Detectable Faults

  • If a Cwtch server fails to relay a specific message to a subset of group members then there will be a detectable gap in the message tree of certain peers that can be discovered through peer-to-peer gossip.
  • A Cwtch server cannot modify any message without the key material known to the group (any attempt to do so for a subset of group members will result in identical behavior to failing to relay a message).
  • While a server can duplicate messages, these will have no impact on the group message tree (because of encryption, nonces and message identities) - the source of the duplication is not knowable to a peer.

Efficiency

As of writing, only 1 protocol is known for achieving the desired properties, naive PIR or "the server sends everything, and the peers sift through it".

This has an obvious impact on bandwidth efficiency, especially for peers using mobile devices, as such we are actively developing new protocols in which the privacy and efficiency guarantees can be traded-off in different ways.

As of writing, the servers allow both a complete download of all stored messages, and a request to download messages from a certain specified message.

All peers when they first join a group on a new server download all messages from the server, and from then on download only new messages.

Note: This behaviour does permit a mild form of metadata analysis. The server can new messages for each suspected unique profile, and then use these unique message signatures to track unique sessions over time ( via requests for new messages).

This is mitigated by 2 confounding factors:

  1. Profiles can refresh their connections at any time - resulting in fresh server session.
  2. Profiles can "resync" from a server at any time - resulting in a new call to download all messages. The most common usecase for this behaviour is to fetch older messages from a group.

In combination, these 2 mitigations place bounds on what the server is able to infer however we still cannot provide full metadata-resistance.

For potential future solutions to this problem see Niwl

Protecting the Server from Malicious Peers

The main risk to servers come in the form of spam generated by peers. In the prototype of Cwtch a spamguard mechanism was put in place that required peers to conduct some arbitrary proof of work given a server-specified parameter.

This is not a robust solution in the presence of a determined adversary with a significant amount of resources, and thus one of the main external risks to the Cwtch system becomes censorship-via-resource exhaustion.

We have outlined a potential solution to this in token based services but note that this also requires further development.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/ecosystem-overview/index.html b/build-staging/es/security/components/ecosystem-overview/index.html index 52030799..b610a887 100644 --- a/build-staging/es/security/components/ecosystem-overview/index.html +++ b/build-staging/es/security/components/ecosystem-overview/index.html @@ -12,13 +12,13 @@ - - + +

Component Ecosystem Overview

Cwtch is made up of several smaller component libraries. This chapter will provide a brief overview of each component and how it relates to the wider Cwtch ecosystem.

openprivacy/connectivity

Summary: A library providing an ACN (Anonymous Communication Network ) networking abstraction.

The goal of connectivity is to abstract away the underlying libraries/software needed to communicate with a specific ACN. Right now we only support Tor and so the job of connectivity is to:

  • Start and Stop the Tor Process
  • Provide configuration to the Tor process
  • Allow raw connections to endpoints via the Tor process (e.g. connect to onion services)
  • Host endpoints via the Tor process (e.g. host onion services)
  • Provide status updates about the underlying Tor process

For more information see connectivity

cwtch.im/tapir

Summary: Tapir is a small library for building p2p applications over anonymous communication systems.

The goal of tapir is to abstract away applications over a particular ACN. Tapir supports:

For more information see tapir

cwtch.im/cwtch

Summary: Cwtch is the main library for implementing the Cwtch protocol / system.

The goal of Cwtch is to provide implementations for cwtch-specific applications e.g. message sending, groups, and file sharing(implemented as Tapir applications), provide interfaces for managing and storing Cwtch profiles, provide an event bus for subsystem splutting and building plugins with new functionality, in addition to managing other core functionality.

The Cwtch library is also responsible for maintaining canonical model representations for wire formats and overlays.

cwtch.im/libcwtch-go

Summary: libcwtch-go provides C (including Android) bindings for Cwtch for use in UI implementations.

The goal of libcwtch-go is to bridge the gap between the backend Cwtch library and any front end systems which may be written in a different language.

The API provided by libcwtch is much more restricted than the one provided by Cwtch directly, each libcwtch API typically packages up several calls to Cwtch.

libcwtch-go is also responsible for managing UI settings and experimental gating. It is also often used as a staging ground for experimental features and code that may eventually end up in Cwtch.

cwtch-ui

Summary: A flutter based UI for Cwtch.

Cwtch UI uses libcwtch-go to provide a complete UI for Cwtch, allowing people to create and manage profiles, add contacts and groups, message people, share files (coming soon) and more.

The UI is also responsible for managing localization and translations.

For more information see Cwtch UI

Auxiliary Components

Occasionally, Open Privacy will factor out parts of Cwtch into standalone libraries that are not Cwtch specific. These are briefly summarized here:

openprivacy/log

An Open Privacy specific logging framework that is used throughout Cwtch packages.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/intro/index.html b/build-staging/es/security/components/intro/index.html index 11beaffb..258f7433 100644 --- a/build-staging/es/security/components/intro/index.html +++ b/build-staging/es/security/components/intro/index.html @@ -12,13 +12,13 @@ - - + +

Cwtch Technical Basics

This page presents a brief technical overview of the Cwtch protocol.

A Cwtch Profile

Users can create one of more Cwtch Profiles. Each profile generates a random ed25519 keypair compatible with Tor.

In addition to the cryptographic material, a profile also contains a list of Contacts (other Cwtch profile public keys + associated data about that profile like nickname and (optionally) historical messages), a list of Groups (containing the group cryptographic material in addition to other associated data like the group nickname and historical messages).

2-party conversions: Peer to Peer

For 2 parties to engage in a peer-to-peer conversation both must be online, but only one needs to be reachable via their onion service. For the sake of clarity we often label one party the "inbound peer" (the one who hosts the onion service) and the other party the "outbound peer" (the one that connects to the onion service).

After connection both parties engage in an authentication protocol which:

  • Asserts that each party has access to the private key associated with their public identity.
  • Generates an ephemeral session key used to encrypt all further communication during the session.

This exchange (documented in further detail in authentication protocol) is offline deniable i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the fact - it is impossible to definitely prove that the exchange happened at all.

After, the authentication protocol the two parties may exchange messages with each other freely.

Multi-party conversations: Groups and Peer to Server Communication

Note: Metadata Resistant Group Communication is still an active research area and what is documented here will likely change in the future.

When a person wants to start a group conversation they first randomly generate a secret Group Key. All group communication will be encrypted using this key.

Along with the Group Key, the group creator also decides on a Cwtch Server to use as the host of the group. For more information on how Servers authenticate themselves see key bundles.

A Group Identifier is generated using the group key and the group server and these three elements are packaged up into an invite that can be sent to potential group members (e.g. over existing peer-to-peer connections).

To send a message to the group, a profile connects to the server hosting the group (see below), and encrypts their message using the Group Key and generates a cryptographic signature over the Group Id, Group Server and the decrypted message (see: wire formats for more information).

To receive message from the group, a profile connected to the server hosting the group and downloads all messages (since their previous connection). Profiles then attempt to decrypt each message using the Group Key and if successful attempt to verify the signature (see Cwtch Servers Cwtch Groups for an overview of attacks and mitigations).

Servers are Peers

In many respects communication with a server is identical to communication with a regular Cwtch peer, all the same steps above are taken however the server always acts as the inbound peer, and the outbound peer always uses newly generated ephemeral keypair as their "longterm identity".

As such peer-server conversations only differ in the kinds of messages that are sent between the two parties, with the server relaying all messages that it receives and also allowing any client to query for older messages.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/tapir/authentication_protocol/index.html b/build-staging/es/security/components/tapir/authentication_protocol/index.html index aa94af83..9c563b16 100644 --- a/build-staging/es/security/components/tapir/authentication_protocol/index.html +++ b/build-staging/es/security/components/tapir/authentication_protocol/index.html @@ -12,13 +12,13 @@ - - + +

Authentication Protocol

Each peer, given an open connection CC:

I=InitializeIdentity()Ie=InitializeEphemeralIdentity()I,IeCP,PeCk=KDF(Pei+Pie+Peie)c=E(k,transcript.Commit())cCcpCD(k,cp)=?transcript.LatestCommit()I = \mathrm{InitializeIdentity()} \\ I_e = \mathrm{InitializeEphemeralIdentity()} \\ I,I_e \rightarrow C \\ P,P_e \leftarrow C \\ k = \mathrm{KDF}({P_e}^{i} + {P}^{i_e} + {P_e}^{i_e}) \\ c = \mathrm{E}(k, transcript.Commit()) \\ c \rightarrow C \\ c_p \leftarrow C\\ \mathrm{D}(k, c_p) \stackrel{?}{=} transcript.LatestCommit()

The above represents a sketch protocol, in reality there are a few implementation details worth pointing out:

Once derived from the key derivation function (KDF\mathrm{KDF}) the key (kk) is set on the connection, meaning the authentication app doesn't do the encryption or decryption explicitly.

The concatenation of parts of the 3DH exchange is strictly ordered:

  • DH of the Long term identity of the outbound connection by the ephemeral key of the inbound connection.
  • DH of the Long term identity of the inbound connection by the ephemeral key of the outbound connection.
  • DH of the two ephemeral identities of the inbound and outbound connections.

This strict ordering ensures both sides of the connection derive the same session key.

Cryptographic Properties

During an online-session, all messages encrypted with the session key can be authenticated by the peers as having come from their peer (or at least, someone with possession of their peers secret key as it related to their onion address).

Once the session has ended, a transcript containing the long term and ephemeral public keys, a derived session key and all encrypted messages in the session cannot be proven to be authentic i.e. this protocol provides message & participant repudiation (offline deniable) in addition to message unlinkability (offline deniable) in the case where someone is satisfied that a single message in the transcript must have originated from a peer, there is no way of linking any other message to the session.

Intuition for the above: the only cryptographic material related to the transcript is the derived session key - if the session key is made public it can be used to forge new messages in the transcript - and as such, any standalone transcript is subject to forgery and thus cannot be used to cryptographically tie a peer to a conversation.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/tapir/packet_format/index.html b/build-staging/es/security/components/tapir/packet_format/index.html index 3ae7c24c..42088290 100644 --- a/build-staging/es/security/components/tapir/packet_format/index.html +++ b/build-staging/es/security/components/tapir/packet_format/index.html @@ -12,13 +12,13 @@ - - + +

Packet Format

All tapir packets are fixed length (8192 bytes) with the first 2 bytes indicated the actual length of the message, len bytes of data, and the rest zero padded:

| len (2 bytes) | data (len bytes) | paddding (8190-len bytes)|

Once encrypted, the entire 8192 byte data packet is encrypted using libsodium secretbox using the standard structure ( note in this case the actual usable size of the data packet is 8190-14 to accommodate the nonce included by secret box)

For information on how the secret key is derived see the authentication protocol

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/ui/android/index.html b/build-staging/es/security/components/ui/android/index.html index d297ba68..539c672c 100644 --- a/build-staging/es/security/components/ui/android/index.html +++ b/build-staging/es/security/components/ui/android/index.html @@ -12,13 +12,13 @@ - - + +

Android Service

Adapted from: Discreet Log #11: Integrating FFI processes with Android services

In addition to needing to make plain ol’ method calls into the Cwtch library, we also need to be able to communicate with (and receive events from) long-running Cwtch goroutines that keep the Tor process running in the background, manage connection and conversation state for all your contacts, and handle a few other monitoring and upkeep tasks as well. This isn’t really a problem on traditionally multitasking desktop operating systems, but on mobile devices running Android we have to contend with shorter sessions, frequent unloads, and network and power restrictions that can vary over time. As Cwtch is intended to be metadata resistant and privacy-centric, we also want to provide notifications without using the Google push notification service.

The solution for long-running network apps like Cwtch is to put our FFI code into an Android Foreground Service. (And no, it’s not lost on me that the code for our backend is placed in something called a ForegroundService.) With a big of finagling, the WorkManager API allows us to create and manage various types of services including ForegroundServices. This turned out to be a great choice for us, as our gomobile FFI handler happened to already be written in Kotlin, and WorkManager allows us to specify a Kotlin coroutine to be invoked as the service.

If you’d like to follow along, our WorkManager specifications are created in the handleCwtch() method of MainActivity.kt, and the workers themselves are defined in FlwtchWorker.kt.

Our plain ol’ method calls to FFI routines are also upgraded to be made as WorkManager work requests, which allows us to conveniently pass the return values back via the result callback.

One initial call (aptly named Start) gets hijacked by FlwtchWorker to become our eventbus loop. Since FlwtchWorker is a coroutine, it’s easy for it to yield and resume as necessary while waiting for events to be generated. Cwtch’s goroutines can then emit events, which will be picked up by FlwtchWorker and dispatched appropriately.

FlwtchWorker’s eventbus loop is not just a boring forwarder. It needs to check for certain message types that affect the Android state; for example, new message events should typically display notifications that the user can click to go to the appropriate conversation window, even when the app isn’t running in the foreground. When the time does come to forward the event to the app, we use LocalBroadcastManager to get the notification to MainActivity.onIntent. From there, we in turn use Flutter MethodChannels to forward the event data from Kotlin into the frontend’s Flutter engine, where the event finally gets parsed by Dart code that updates the UI as necessary.

Messages and other permanent state are stored on disk by the service, so the frontend doesn’t need to be updated if the app isnt open. However, some things (like dates and unread messages) can then lead to desyncs between the front and back ends, so we check for this at app launch/resume to see if we need to reinitialize Cwtch and/or resync the UI state.

Finally, while implementing these services on Android we observed that WorkManager is very good at persisting old enqueued work, to the point that old workers were even being resumed after app reinstalls! Adding calls to pruneWork() helps mitigate this, as long as the app was shut down gracefully and old jobs were properly canceled. This frequently isn’t the case on Android, however, so as an additional mitigation we found it useful to tag the work with the native library directory name:

private fun getNativeLibDir(): String {
    val ainfo = this.applicationContext.packageManager.getApplicationInfo(
            "im.cwtch.flwtch", // Must be app name
            PackageManager.GET_SHARED_LIBRARY_FILES)
    return ainfo.nativeLibraryDir
}

…then, whenever the app is launched, we cancel any jobs that aren’t tagged with the correct current library directory. Since this directory name changes between app installs, this technique prevents us from accidentally resuming with an outdated service worker.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/ui/image_previews/index.html b/build-staging/es/security/components/ui/image_previews/index.html index cccb9fc5..edca7ca7 100644 --- a/build-staging/es/security/components/ui/image_previews/index.html +++ b/build-staging/es/security/components/ui/image_previews/index.html @@ -12,13 +12,13 @@ - - + +

Image Previews

Built on the back of filesharing in Cwtch 1.3, image previews are keyed by the suggested filename’s extension (and no, we’re not interested in using MIME types or magic numbers) and advertised size. If enabled, the preview system will automatically download shared images to a configured downloads folder and display them as part of the message itself. (Due to limitations on Android, they’ll go to the app’s private storage cache, and give you the option to save them elsewhere later instead.) The file size limit is TBD but will obviously be much lower than the overall filesharing size limit, which is currently 10 gigabytes.

For now, we only support single-image messages, and any image editing/cropping will have to be done in a separate application. As we mention in the filesharing FAQ, image files also frequently contain significant hidden metadata, and you should only share them with people you trust.

KnownRisks

Other Applications and/or the OS Inferring Information from Images

Images must be stored somewhere, and for now we have chosen to store them unencrypted on the file system. We have done this for 2 reasons:

  1. In order to support more powerful file sharing schemes like rehosting we require the ability to efficiently scan files and deliver chunks - doing this through an encrypted database layer would harm performance.
  2. This information always has to transit the application boundary (either via display drivers, or storing and viewing the file in an external application) - there is nothing that Cwtch can do after that point in any case.

Malicious Images Crashing or otherwise Compromising Cwtch

Flutter uses Skia to render Images. While the underlying code is memory unsafe, it is extensively fuzzed as part of regular development.

We also conduct our own fuzz testing of Cwtch components. In that analysis we found a single crash bug related to a malformed GIF file that caused the renderer to allocate a ridiculous amount of memory (and eventually be refused by the kernel). To prevent this from impacting Cwtch we have adopted the policy of always enabling a maximum cacheWidth and/or cacheHeight for Image widgets.

Malicious Images Rendering Differently on Different Platforms, Potentially Exposing Metadata

Recently a bug was found in Apple's png parser which would cause an image to render differently on Apple devices as it would on non-Apple devices.

We conducted a few tests on our Mac builds and could not replicate this issue for Flutter (because all Flutter builds use Skia for rendering), however we will continue to include such cases in our testing corpus.

For now image previews will remain experimental and opt-in.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/ui/input/index.html b/build-staging/es/security/components/ui/input/index.html index 5fe47a92..235c80d7 100644 --- a/build-staging/es/security/components/ui/input/index.html +++ b/build-staging/es/security/components/ui/input/index.html @@ -12,13 +12,13 @@ - - + +

Input

Risk: Interception of Cwtch content or metadata through an IME on Mobile Devices

Status: Partially Mitigated

Any component that has the potential to intercept data between a person, and the Cwtch app is a potential security risk.

One of the most likely interceptors is a 3rd party IME (Input Method Editor) commonly used by people to generate characters not natively supported by their device.

Even benign and stock IME apps may unintentionally leak information about the contents of a persons message e.g. through cloud synchronization, cloud translation or personal dictionaries.

Ultimately, this problem cannot be solved by Cwtch alone, and is a wider risk impacting the entire mobile ecosystem.

A similar risk exists on desktop through the use of similar input applications (in addition to software keyloggers), however we consider that fully outside the scope of Cwtch risk assessment (in line with other attacks on the security of the underlying operating system itself).

This is partially mitigated in Cwtch 1.2 through the use of enableIMEPersonalizedLearning: false. See this PR for more information.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/components/ui/overlays/index.html b/build-staging/es/security/components/ui/overlays/index.html index 1a381c99..bbb4a593 100644 --- a/build-staging/es/security/components/ui/overlays/index.html +++ b/build-staging/es/security/components/ui/overlays/index.html @@ -12,13 +12,13 @@ - - + +

Message Overlays

Adapted from: Discreet Log #8: Notes on the Cwtch Chat API

Note: This section covers overlay protocols on-top of the Cwtch protcol. For information on the Cwtch Protocol messages themselves please see Message Formats

We envision Cwtch as a platform for providing an authenticated transport layer to higher-level applications. Developers are free to make their own choices about what application layer protocols to use, whether they want bespoke binary message formats or just want to throw an HTTP library on top and call it a day. Cwtch can generate new keypairs for you (which become onion addresses; no need for any DNS registrations!) and you can REST assured that any data your application receives from the (anonymous communication) network has been authenticated already.

For our current stack, messages are wrapped in a minimal JSON frame that adds some contextual information about the message type. And because serialised JSON objects are just dictionaries, we can easily add more metadata later on as needed.

Chat overlays, lists, and bulletins

The original Cwtch alpha demoed "overlays": different ways of interpreting the same data channel, depending on the structure of the atomic data itself. We included simple checklists and BBS/classified ads as overlays that could be viewed and shared with any Cwtch contact, be it a single peer or a group. The wire format looked like this:

{o:1,d:"hey there!"}
{o:2,d:"bread",l:"groceries"}
{o:3,d:"garage sale",p:"[parent message signature]"}

Overlay field o determined if it was a chat (1), list (2), or bulletin (3) message. The data field d is overloaded, and lists/bulletins need additional information about what group/post they belong to. (We use message signatures in place of IDs to avoid things like message ordering problems and maliciously crafted IDs. This is also how the Cwtch protocol communicates to the front end which message is being acked.)

Data structure

Implementing tree-structured data on top of a sequential message store comes with obvious performance disadvantages. For example, consider the message view, which loads most-recent-messages first and only goes back far enough to fetch enough messages to fill the current viewport, in comparison with a (somewhat pathological) forum where almost every message is a child of the very first message in the history, which could have been gigs and gigs of data-ago. If the UI only displays top-level posts until the user expands them, we have to parse the entire history before we get enough info to display anything at all.

Another problem is that multiplexing all these overlays into one data store creates "holes" in the data that confuse lazy-loaded listviews and scrollbars. The message count may indicate there is a ton more information to display if the user simply scrolls, but when it actually gets fetched and parsed we might realize that none of it is relevant to the current overlay.

None of these problems are insurmountable, but they demonstrate a flaw in our initial assumptions about the nature of collaborative message flows and how we should be handling that data.

Overlay Types

As stated above, overlays are specified in a very simple JSON format with the following structure:

type ChatMessage struct {
    O int    `json:"o"`
    D string `json:"d"`
}

Where O stands for Overlay with the current supported overlays documented below:

1: data is a chat string
2: data is a list state/delta
3: data is a bulletin state/delta
100: contact suggestion; data is a peer onion address
101: contact suggestion; data is a group invite string

Chat Messages (Overlay 1)

The most simple over is a chat message which simply contains raw, unprocessed chat message information.

{o:1,d:"got milk?"}

Invitations (Overlays 100 and 101)

Instead of receiving the invite as an incoming contact request at the profile level, new inline invites are shared with a particular contact/group, where they can be viewed and/or accepted later, even if they were initially rejected (potentially by accident).

The wire format for these are equally simple:

{o:100,d:"u4ypg7yyyrrvf2aceeclq5dgwtkirzletltbqofnb6km7u542qqk4jyd"}
{o:101,d:"torv3eyJHcm91cElEIjoiOWY3MWExYmFhNDkzNTAzMzAyZDFmODRhMzI2ODY2OWUiLCJHcm91cE5hbWUiOiI5ZjcxYTFiYWE0OTM1MDMzMDJkMWY4NGEzMjY4NjY5ZSIsIlNpZ25lZEdyb3VwSUQiOiJyVGY0dlJKRkQ2LzFDZjFwb2JQR0xHYzdMNXBKTGJTelBLRnRvc3lvWkx6R2ZUd2Jld0phWllLUWR5SGNqcnlmdXVRcjk3ckJ2RE9od0NpYndKbCtCZz09IiwiVGltZXN0YW1wIjowLCJTaGFyZWRLZXkiOiJmZVVVQS9OaEM3bHNzSE9lSm5zdDVjNFRBYThvMVJVOStPall2UzI1WUpJPSIsIlNlcnZlckhvc3QiOiJ1cjMzZWRid3ZiZXZjbHM1dWU2anBrb3ViZHB0Z2tnbDViZWR6ZnlhdTJpYmY1Mjc2bHlwNHVpZCJ9"}

This represents a departure from our original "overlays" thinking to a more action-oriented representation. The chat "overlay" can communicate that someone did something, even if it's paraphrased down to "added an item to a list," and the lists and bulletins and other beautifully chaotic data can have their state precomputed and stored separately.

Lists / Bulletin Boards

Note: Expected to be Defined in Cwtch Beta 1.5

- - + + \ No newline at end of file diff --git a/build-staging/es/security/deployment/index.html b/build-staging/es/security/deployment/index.html index ed15e274..0e4915c3 100644 --- a/build-staging/es/security/deployment/index.html +++ b/build-staging/es/security/deployment/index.html @@ -12,13 +12,13 @@ - - + +

Deployment

Risk: Binaries are replaced on the website with malicious ones

Status: Partially-mitigated

While this process is now mostly automated, should this automation ever be compromised then there is nothing in our current process that would detect this.

We need:

  • Reproducible Builds - we currently use public docker containers for all builds which should allow anyone to compare distributed builds with ones built from source.
  • Signed Releases - Open Privacy does not yet maintain a public record of staff public keys. This is likely a necessity for signing released builds and creating an audit chain backed by the organization. This process must be manual by definition.
- - + + \ No newline at end of file diff --git a/build-staging/es/security/development/index.html b/build-staging/es/security/development/index.html index e9b4edcb..ff1bd521 100644 --- a/build-staging/es/security/development/index.html +++ b/build-staging/es/security/development/index.html @@ -12,13 +12,13 @@ - - + +

Development

The main process to counter malicious actors in development of Cwtch is the openness of the process.

To enhance this openness, automated builds, testing and packaging are defined as part of the repositories - improving te robustness of the code base at every stage.

While individual tests aren't perfect, and all processes have gaps, we should be committed to make it as easy as possible to contribute to Cwtch while also building pipelines and processes that catch errors (unintential or malicious) as soon as possible.

Risk: Developer Directly Pushes Malicious Code

Status: Mitigated

trunk is currently locked and only 3 Open Privacy staff members have permission to override it, in addition the responsibility of monitoring changes.

Further every new pull request and merge triggered automated builds & tests which trigger emails and audit logs.

The code is also open source and inspectable by anyone.

Risk: Code Regressions

Status: Partially Mitigated (See individual project entries in this handbook for more information)

Our automated pipelines have the ability to catch regressions when that behaviour is detectable.

The greatest challenge is in defining how such regressions are detected for the ui - where behaviour isn't as strictly defined as it is for the individual libraries.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/intro/index.html b/build-staging/es/security/intro/index.html index fc035943..6e892420 100644 --- a/build-staging/es/security/intro/index.html +++ b/build-staging/es/security/intro/index.html @@ -12,13 +12,13 @@ - - + +

Cwtch Security Handbook

Welcome to the Cwtch Secure Development Handbook! The purpose of this handbook is to provide a guide to the various components of the Cwtch ecosystem, to document the known risks and mitigations, and to enable discussion about improvements and updates to Cwtch secure development processes.

What is Cwtch?

Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, multi-party messaging protocol that can be used to build metadata resistant applications.

  • Decentralized and Open: There is no “Cwtch service” or “Cwtch network”. Participants in Cwtch can host their own safe spaces, or lend their infrastructure to others seeking a safe space. The Cwtch protocol is open, and anyone is free to build bots, services and user interfaces and integrate and interact with Cwtch.
  • Privacy Preserving: All communication in Cwtch is end-to-end encrypted and takes place over Tor v3 onion services.
  • Metadata Resistant: Cwtch has been designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata.

A (Brief) History of Metadata Resistant Chat

In recent years, public awareness of the need and benefits of end-to-end encrypted solutions has increased with applications like Signal, Whatsapp and Wire now providing users with secure communications.

However, these tools require various levels of metadata exposure to function, and much of this metadata can be used to gain details about how and why a person is using a tool to communicate. [rottermanner2015privacy].

One tool that did seek to reduce metadata is Ricochet first released in 2014. Ricochet used Tor v2 onion services to provide secure end-to-end encrypted communication, and to protect the metadata of communications.

There were no centralized servers that assist in routing Ricochet conversations. No one other than the parties involved in a conversation could know that such a conversation is taking place.

Ricochet wasn't without limitations; there was no multi-device support, nor is there a mechanism for supporting group communication or for a user to send messages while a contact is offline.

This made adoption of Ricochet a difficult proposition; with even those in environments that would be served best by metadata resistance unaware that it exists [ermoshina2017can] [renaud2014doesn].

Additionally, any solution to decentralized, metadata resistant communication faces fundamental problems when it comes to efficiency, privacy and group security (as defined by transcript consensus and consistency).

Modern alternatives to Ricochet include Briar, Zbay and Ricochet Refresh - each tool seeks to optimize for a different set of trade-offs e.g. Briar seeks to allow people to communicate even when underlying network infrastructure is down while providing resistant to metadata surveillance.

The Cwtch project began in 2017 as an extension protocol for Ricochet providing group conversations via untrusted servers, with an eye to enabling decentralized, metadata resistant applications (like shared lists and bulletin board)

An alpha version of Cwtch was was launched in February 2019, and since then the Cwtch team (run by the Open Privacy Research Society) has conducted research and development into Cwtch and the underlying protocols and libraries and problem spaces.

- - + + \ No newline at end of file diff --git a/build-staging/es/security/references/index.html b/build-staging/es/security/references/index.html index 2e10688e..76568ddf 100644 --- a/build-staging/es/security/references/index.html +++ b/build-staging/es/security/references/index.html @@ -12,13 +12,13 @@ - - + +

References

  • Atwater, Erinn, and Sarah Jamie Lewis. "Token Based Services-Differences from Privacy Pass."

  • Brooks, John. Ricochet: Anonymous instant messaging for real privacy. https://ricochet.im. Accessed: 2018-03-10

  • Ermoshina K, Halpin H, Musiani F. Can johnny build a protocol? co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols. In European Workshop on Usable Security 2017.

  • Ermoshina, K., Musiani, F. and Halpin, H., 2016, September. End-to-end encrypted messaging protocols: An overview. In International Conference on Internet Science (pp. 244-254). Springer, Cham.

  • Farb, M., Lin, Y.H., Kim, T.H.J., McCune, J. and Perrig, A., 2013, September. Safeslinger: easy-to-use and secure public-key exchange. In Proceedings of the 19th annual international conference on Mobile computing & networking (pp. 417-428).

  • Greschbach, B., Kreitz, G. and Buchegger, S., 2012, March. The devil is in the metadata—New privacy challenges in Decentralised Online Social Networks. In 2012 IEEE international conference on pervasive computing and communications workshops (pp. 333-339). IEEE.

  • Langley, Adam. Pond. https://github.com/agl/pond. Accessed: 2018-05-21.

  • Le Blond, S., Zhang, C., Legout, A., Ross, K. and Dabbous, W., 2011, November. I know where you are and what you are sharing: exploiting p2p communications to invade users' privacy. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference (pp. 45-60).

  • Lewis, Sarah Jamie. "Cwtch: Privacy Preserving Infrastructure for Asynchronous, Decentralized, Multi-Party and Metadata Resistant Applications." (2018).

  • Kalysch, A., Bove, D. and Müller, T., 2018, November. How Android's UI Security is Undermined by Accessibility. In Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium (pp. 1-10).

  • Renaud, K., Volkamer, M. and Renkema-Padmos, A., 2014, July. Why doesn’t Jane protect her privacy?. In International Symposium on Privacy Enhancing Technologies Symposium (pp. 244-262). Springer, Cham.

  • Rottermanner, C., Kieseberg, P., Huber, M., Schmiedecker, M. and Schrittwieser, S., 2015, December. Privacy and data protection in smartphone messengers. In Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (pp. 1-10).

  • Unger, Nik et al. “SoK: secure messaging”. In: Security and Privacy (SP ), 2015 IEEE Sympo-sium on. IEEE. 2015, pp. 232–249 link

- - + + \ No newline at end of file diff --git a/build-staging/es/security/risk/index.html b/build-staging/es/security/risk/index.html index 00a5b59e..37f3df28 100644 --- a/build-staging/es/security/risk/index.html +++ b/build-staging/es/security/risk/index.html @@ -12,13 +12,13 @@ - - + +

Risk Model

Communications metadata is known to be exploited by various adversaries to undermine the security of systems, to track victims and to conduct large scale social network analysis to feed mass surveillance. Metadata resistant tools are in their infancy and research into the construction and user experience of such tools is lacking.

Cwtch was originally conceived as an extension of the metadata resistant protocol Ricochet to support asynchronous, multi-peer group communications through the use of discardable, untrusted, anonymous infrastructure.

Since then, Cwtch has evolved into a protocol in its own right, this section will outline the various known risks that Cwtch attempts to mitigate and will be heavily referenced throughout the rest of the document when discussing the various sub-components of the Cwtch Architecture.

Threat Model

It is important to identify and understand that metadata is ubiquitous in communication protocols, it is indeed necessary for such protocols to function efficiently and at scale. However, information that is useful to facilitating peers and servers is also highly relevant to adversaries wishing to exploit such information.

For our problem definition, we will assume that the content of a communication is encrypted in such a way that an adversary is practically unable to break (see tapir and cwtch for details on the encryption that we use, a and as such we will focus to the context to the communication metadata.

We seek to protect the following communication contexts:

  • Who is involved in a communication? It may be possible to identify people or simply device or network identifiers. E.g., “this communication involves Alice, a journalist, and Bob a government employee.”.
  • Where are the participants of the conversation? E.g., “during this communication Alice was in France and Bob was in Canada.”
  • When did a conversation take place? The timing and length of communication can reveal a large amount about the nature of a call, e.g., “Bob a government employee, talked to Alice on the phone for an hour yesterday evening. This is the first time they have communicated.” *How was the conversation mediated? Whether a conversation took place over an encrypted or unencrypted email can provide useful intelligence. E.g., “Alice sent an encrypted email to Bob yesterday, whereas they usually only send plaintext emails to each other.”
  • What is the conversation about? Even if the content of the communication is encrypted it is sometimes possible to derive a probable context of a conversation without knowing exactly what is said, e.g. “a person called a pizza store at dinner time” or “someone called a known suicide hotline number at 3am.”

Beyond individual conversations, we also seek to defend against context correlation attacks, whereby multiple conversations are analyzed to derive higher level information:

  • Relationships: Discovering social relationships between a pair of entities by analyzing the frequency and length of their communications over a period of time. E.g. Carol and Eve call each other every single day for multiple hours at a time.
  • Cliques: Discovering social relationships between a group of entities that all interact with each other. E.g. Alice, Bob and Eve all communicate with each other.
  • Loosely Connected Cliques and Bridge Individuals: Discovering groups that communicate to each other through intermediaries by analyzing communication chains (e.g. everytime Alice talks to Bob she talks to Carol almost immediately after; Bob and Carol never communicate.)
  • Pattern of Life: Discovering which communications are cyclical and predictable. E.g. Alice calls Eve every Monday evening for around an hour.

Active Attacks

Misrepresentation Attacks

Cwtch provides no global display name registry, and as such people using Cwtch are more vulnerable to attacks based around misrepresentation i.e. people pretending to be other people:

A basic flow of one of these attacks is as follows, although other flows also exist:

  • Alice has a friend named Bob and another called Eve
  • Eve finds out Alice has a friend named Bob
  • Eve creates thousands of new accounts to find one that has a similar picture / public key to Bob (won't be identical but might fool someone for a few minutes)
  • Eve calls this new account "Eve New Account" and adds Alice as a friend.
  • Eve then changes her name on "Eve New Account" to "Bob"
  • Alice sends messages intended for "Bob" to Eve's fake Bob account

Because misrepresentation attacks are inherently about trust and verification the only absolute way of preventing them is for users to absolutely validate the public key. This is obviously not-ideal and in many cases simply won't-happen.

As such we aim to provide some user-experience hints in the ui to guide people in making choices around whether to trust accounts and/or to distinguish accounts that may be attempting to represent themselves as other users.

A note on Physical Attacks

Cwtch does not consider attacks that require physical access (or equivalent) to the users machine as practically defendable. However, in the interests of good security engineering, throughout this document we will still refer to attacks or conditions that require such privilege and point out where any mitigations we have put in place will fail.

- - + + \ No newline at end of file diff --git a/build-staging/index.html b/build-staging/index.html index 82b7c436..723d9cdd 100644 --- a/build-staging/index.html +++ b/build-staging/index.html @@ -12,13 +12,13 @@ - +

The Cwtch Handbook

Your Guide to setting up, and using, Surveillance Resistant Infrastructure

Get Started With Cwtch
- + \ No newline at end of file diff --git a/build-staging/it/404.html b/build-staging/it/404.html index 2ad3f5dd..39d10cb0 100644 --- a/build-staging/it/404.html +++ b/build-staging/it/404.html @@ -12,13 +12,13 @@ - +

Pagina non trovata

Non abbiamo trovato quello che stavi cercando.

Contatta il proprietario del sito che ha linkato l'URL originario ed informalo che il collegamento non funziona.

- + \ No newline at end of file diff --git a/build-staging/it/assets/js/0991cafe.482a43f0.js b/build-staging/it/assets/js/0991cafe.482a43f0.js deleted file mode 100644 index 498a53bd..00000000 --- a/build-staging/it/assets/js/0991cafe.482a43f0.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[5876],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var n=a(7294);function o(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function r(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function i(e){for(var t=1;t=0||(o[a]=e[a]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(o[a]=e[a])}return o}var s=n.createContext({}),c=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var a=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=c(a),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||r;return a?n.createElement(m,i(i({ref:t},p),{},{components:a})):n.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=a.length,i=new Array(r);i[0]=u;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[h]="string"==typeof e?e:o,i[1]=l;for(var c=2;c{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var n=a(7462),o=(a(7294),a(3905));const r={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/it/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5 luglio 2023",tags:[{label:"cwtch",permalink:"/it/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/it/blog/tags/cwtch-stable"},{label:"planning",permalink:"/it/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Cwtch UI Reproducible Builds (Linux)",permalink:"/it/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/it/blog/cwtch-nightly-1-12"}},s={authorsImageUrls:[void 0]},c=[{value:"Update on the Cwtch Stable Roadmap",id:"update-on-the-cwtch-stable-roadmap",level:2},{value:"Next Steps, Refinements, Additional Work",id:"next-steps-refinements-additional-work",level:2},{value:"Get Involved",id:"get-involved",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],p={toc:c},h="wrapper";function d(e){let{components:t,...r}=e;return(0,o.kt)(h,(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,o.kt)("strong",{parentName:"p"},"Beta")," to ",(0,o.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,o.kt)("p",null,"This post ",(0,o.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,o.kt)("p",null,(0,o.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})),(0,o.kt)("h2",{id:"update-on-the-cwtch-stable-roadmap"},"Update on the Cwtch Stable Roadmap"),(0,o.kt)("p",null,"Back in March we extended and updated several goals from ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/path-to-cwtch-stable"},"our January roadmap")," that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing."),(0,o.kt)("p",null,"(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A Cwtch Release Process Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/#official-releases"},"Release Process")),(0,o.kt)("li",{parentName:"ul"},"A Cwtch Packaging Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/"},"Packaging Documentation")),(0,o.kt)("li",{parentName:"ul"},"Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new ",(0,o.kt)("a",{parentName:"li",href:"/docs/contribute/documentation"},"documentation style guide"),", and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have also released developer-centric documentation including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A guide to building Cwtch-apps using official libraries \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/category/building-a-cwtch-app"},"Building a Cwtch App")),(0,o.kt)("li",{parentName:"ul"},"Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. "))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th June 2023")," the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"An implementation of ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129"},"Conversation Search")," \ud83d\udfe1 - currently in ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518"},"active development")),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27"},"Profile statuses")," and other associated information \u2705 - released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")),(0,o.kt)("li",{parentName:"ul"},"An update to the network handling code to allow for ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593"},"better Protocol Engine management")," \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12"),". We now believe these changes will be complete in Cwtch Beta 1.13."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st July 2023")," the Cwtch team will have completed several infrastructure upgrades including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/openprivacy/repliqate"},"Repliqate")," to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks."),(0,o.kt)("li",{parentName:"ul"},"Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below)."),(0,o.kt)("li",{parentName:"ul"},"New testing environments for F-droid, Whonix, Raspberry Pi and other ",(0,o.kt)("a",{parentName:"li",href:"/docs/getting-started/supported_platforms"},"partially supported systems")," \ud83d\udfe1 - we have already launched an environment for testing ",(0,o.kt)("a",{parentName:"li",href:"/docs/platforms/tails"},"Tails"),". Other platforms are underway."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st August 2023")," the Cwtch team will have a released Cwtch Stable Release Candidate:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable."),(0,o.kt)("li",{parentName:"ul"},"Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security."),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("strong",{parentName:"li"},"This does not mark an end to Cwtch development"),", or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.")))),(0,o.kt)("h2",{id:"next-steps-refinements-additional-work"},"Next Steps, Refinements, Additional Work"),(0,o.kt)("p",null,"As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. "),(0,o.kt)("p",null,"Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like."),(0,o.kt)("p",null,"However, ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")," featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing."),(0,o.kt)("p",null,"The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup."),(0,o.kt)("p",null,"We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards."),(0,o.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,o.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,o.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,o.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,o.kt)("h2",{id:"get-involved"},"Get Involved"),(0,o.kt)("p",null,"We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/developing"},"Developing Cwtch")," - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on."),(0,o.kt)("p",null,"We also also updated our guides on ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/translate"},"Translating Cwtch")," and ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/testing"},"Testing Cwtch"),"."),(0,o.kt)("p",null,"If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to ",(0,o.kt)("inlineCode",{parentName:"p"},"team@cwtch.im")," (or open an issue) with any questions. All types of contributions ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/stickers"},"are eligible for stickers"),"."),(0,o.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,o.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,o.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,o.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,o.kt)("p",null,"Donations of ",(0,o.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,o.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"A Photo of Cwtch Stickers",src:a(4515).Z,width:"1024",height:"768"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/0991cafe.a9057a72.js b/build-staging/it/assets/js/0991cafe.a9057a72.js new file mode 100644 index 00000000..90126827 --- /dev/null +++ b/build-staging/it/assets/js/0991cafe.a9057a72.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[5876],{3905:(e,t,a)=>{a.d(t,{Zo:()=>p,kt:()=>m});var n=a(7294);function o(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function r(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function i(e){for(var t=1;t=0||(o[a]=e[a]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(o[a]=e[a])}return o}var s=n.createContext({}),c=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},h="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var a=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),h=c(a),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||r;return a?n.createElement(m,i(i({ref:t},p),{},{components:a})):n.createElement(m,i({ref:t},p))}));function m(e,t){var a=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=a.length,i=new Array(r);i[0]=u;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[h]="string"==typeof e?e:o,i[1]=l;for(var c=2;c{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var n=a(7462),o=(a(7294),a(3905));const r={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/it/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5 luglio 2023",tags:[{label:"cwtch",permalink:"/it/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/it/blog/tags/cwtch-stable"},{label:"planning",permalink:"/it/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Progress Towards Reproducible UI Builds",permalink:"/it/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/it/blog/cwtch-nightly-1-12"}},s={authorsImageUrls:[void 0]},c=[{value:"Update on the Cwtch Stable Roadmap",id:"update-on-the-cwtch-stable-roadmap",level:2},{value:"Next Steps, Refinements, Additional Work",id:"next-steps-refinements-additional-work",level:2},{value:"Get Involved",id:"get-involved",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],p={toc:c},h="wrapper";function d(e){let{components:t,...r}=e;return(0,o.kt)(h,(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,o.kt)("strong",{parentName:"p"},"Beta")," to ",(0,o.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,o.kt)("p",null,"This post ",(0,o.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,o.kt)("p",null,(0,o.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})),(0,o.kt)("h2",{id:"update-on-the-cwtch-stable-roadmap"},"Update on the Cwtch Stable Roadmap"),(0,o.kt)("p",null,"Back in March we extended and updated several goals from ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/path-to-cwtch-stable"},"our January roadmap")," that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing."),(0,o.kt)("p",null,"(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A Cwtch Release Process Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/#official-releases"},"Release Process")),(0,o.kt)("li",{parentName:"ul"},"A Cwtch Packaging Document \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/release/"},"Packaging Documentation")),(0,o.kt)("li",{parentName:"ul"},"Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new ",(0,o.kt)("a",{parentName:"li",href:"/docs/contribute/documentation"},"documentation style guide"),", and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th April 2023")," the Cwtch team will have also released developer-centric documentation including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"A guide to building Cwtch-apps using official libraries \u2705 - ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/developing/category/building-a-cwtch-app"},"Building a Cwtch App")),(0,o.kt)("li",{parentName:"ul"},"Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. "))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"30th June 2023")," the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"An implementation of ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129"},"Conversation Search")," \ud83d\udfe1 - currently in ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518"},"active development")),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27"},"Profile statuses")," and other associated information \u2705 - released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")),(0,o.kt)("li",{parentName:"ul"},"An update to the network handling code to allow for ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593"},"better Protocol Engine management")," \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in ",(0,o.kt)("a",{parentName:"li",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12"),". We now believe these changes will be complete in Cwtch Beta 1.13."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st July 2023")," the Cwtch team will have completed several infrastructure upgrades including:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to ",(0,o.kt)("a",{parentName:"li",href:"https://git.openprivacy.ca/openprivacy/repliqate"},"Repliqate")," to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks."),(0,o.kt)("li",{parentName:"ul"},"Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below)."),(0,o.kt)("li",{parentName:"ul"},"New testing environments for F-droid, Whonix, Raspberry Pi and other ",(0,o.kt)("a",{parentName:"li",href:"/docs/getting-started/supported_platforms"},"partially supported systems")," \ud83d\udfe1 - we have already launched an environment for testing ",(0,o.kt)("a",{parentName:"li",href:"/docs/platforms/tails"},"Tails"),". Other platforms are underway."))),(0,o.kt)("li",{parentName:"ul"},"By ",(0,o.kt)("strong",{parentName:"li"},"31st August 2023")," the Cwtch team will have a released Cwtch Stable Release Candidate:",(0,o.kt)("ul",{parentName:"li"},(0,o.kt)("li",{parentName:"ul"},"At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable."),(0,o.kt)("li",{parentName:"ul"},"Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security."),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("strong",{parentName:"li"},"This does not mark an end to Cwtch development"),", or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.")))),(0,o.kt)("h2",{id:"next-steps-refinements-additional-work"},"Next Steps, Refinements, Additional Work"),(0,o.kt)("p",null,"As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. "),(0,o.kt)("p",null,"Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like."),(0,o.kt)("p",null,"However, ",(0,o.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-nightly-1-12"},"Cwtch Beta 1.12")," featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing."),(0,o.kt)("p",null,"The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup."),(0,o.kt)("p",null,"We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards."),(0,o.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,o.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,o.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,o.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,o.kt)("h2",{id:"get-involved"},"Get Involved"),(0,o.kt)("p",null,"We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/developing"},"Developing Cwtch")," - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on."),(0,o.kt)("p",null,"We also also updated our guides on ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/translate"},"Translating Cwtch")," and ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/testing"},"Testing Cwtch"),"."),(0,o.kt)("p",null,"If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to ",(0,o.kt)("inlineCode",{parentName:"p"},"team@cwtch.im")," (or open an issue) with any questions. All types of contributions ",(0,o.kt)("a",{parentName:"p",href:"/docs/contribute/stickers"},"are eligible for stickers"),"."),(0,o.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,o.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,o.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,o.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,o.kt)("p",null,"Donations of ",(0,o.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,o.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,o.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"A Photo of Cwtch Stickers",src:a(4515).Z,width:"1024",height:"768"})))}d.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/0a2b8ac2.13582857.js b/build-staging/it/assets/js/0a2b8ac2.13582857.js new file mode 100644 index 00000000..99eee98e --- /dev/null +++ b/build-staging/it/assets/js/0a2b8ac2.13582857.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3674],{2549:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"cwtch-ui-reproducible-builds-linux","metadata":{"permalink":"/it/blog/cwtch-ui-reproducible-builds-linux","source":"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md","title":"Progress Towards Reproducible UI Builds","description":"","date":"2023-07-14T00:00:00.000Z","formattedDate":"14 luglio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/it/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"repliqate","permalink":"/it/blog/tags/repliqate"}],"readingTime":4.16,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Progress Towards Reproducible UI Builds","description":"","slug":"cwtch-ui-reproducible-builds-linux","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update-june"}},"content":"Earlier this year we talked about the changes we have made to make [Cwtch Bindings Reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible).\\n\\nIn this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. \\n\\nThis will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Building the Cwtch UI\\n\\nThe official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the `stable` channel.\\n\\nAll builds are conducted through the `flutter` tool e.g. `flutter build`. We inject two build flags as part of the official build `VERSION` and `COMMIT_DATE`:\\n\\n\\t\\tflutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\\n\\nThese flags are defined to be identical to Cwtch Bindings. `VERSION` is the latest git tag: `git describe --tags --abbrev=1` and `COMMIT_DATE` is the date of the latest commit on the branch ``echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE``\\n\\nAll Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in `LIBCWTCH-GO.version`, and fetched via the fetch-libcwtch scripts).\\n\\nThe binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.\\n\\n## Changes we made for reproducible builds\\n\\nFor reproducible linux builds we had to modify the generated `linux/CMakeLists.txt` file to include the following compiler and linker flags:\\n\\n* `-fno-ident` - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.\\n* `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts\\n* `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.\\n\\nWe have also defined a new [linker script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections.\\n\\n### Tar Archives\\n\\nFinally, following the [guide at reproducible-builds.org](https://reproducible-builds.org/docs/archives/) we have defined standard metadata for the generated Tar archives to make them also reproducible.\\n\\n## Limitations and Next Steps\\n\\nThe above changes mean that official linux builds of the same commit will now result in identical artifacts.\\n\\nThe next step is to roll these changes into [repliqate](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) as we have done with our bindings builds.\\n\\nHowever, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others.\\n\\nIn order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.\\n\\n### Pinned Dependencies\\n\\nAdditionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. \\n\\nThe major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). \\n\\nHowever this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.\\n\\n## Stay up to date!\\n\\nWe expect to make additional progress on this in the coming weeks and months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update-june","metadata":{"permalink":"/it/blog/cwtch-stable-roadmap-update-june","source":"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","date":"2023-07-05T00:00:00.000Z","formattedDate":"5 luglio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/it/blog/tags/planning"}],"readingTime":5.26,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","slug":"cwtch-stable-roadmap-update-june","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Progress Towards Reproducible UI Builds","permalink":"/it/blog/cwtch-ui-reproducible-builds-linux"},"nextItem":{"title":"Cwtch Beta 1.12","permalink":"/it/blog/cwtch-nightly-1-12"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the Cwtch Stable Roadmap\\n\\nBack in March we extended and updated several goals from [our January roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document \u2705 - [Release Process](https://docs.cwtch.im/developing/release/#official-releases)\\n - A Cwtch Packaging Document \u2705 - [Packaging Documentation](https://docs.cwtch.im/developing/release/)\\n - Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new [documentation style guide](/docs/contribute/documentation), and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries \u2705 - [Building a Cwtch App](https://docs.cwtch.im/developing/category/building-a-cwtch-app)\\n - Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. \\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129) \ud83d\udfe1 - currently in [active development](https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information \u2705 - released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12)\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593) \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12). We now believe these changes will be complete in Cwtch Beta 1.13.\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms) \ud83d\udfe1 - we have already launched an environment for testing [Tails](/docs/platforms/tails). Other platforms are underway.\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\n\\n## Next Steps, Refinements, Additional Work\\n\\nAs you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. \\n\\nOther work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.\\n\\nHowever, [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12) featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.\\n\\nThe work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.\\n\\nWe are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-12","metadata":{"permalink":"/it/blog/cwtch-nightly-1-12","source":"@site/blog/2023-06-16-cwtch-1.12.md","title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","date":"2023-06-16T00:00:00.000Z","formattedDate":"16 giugno 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"release","permalink":"/it/blog/tags/release"}],"readingTime":2.455,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","slug":"cwtch-nightly-1-12","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog13_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update-june"},"nextItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/it/blog/cwtch-nightly-v.11-74"}},"content":"[Cwtch 1.12 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new features like [profile attributes](https://docs.cwtch.im/docs/profiles/profile-info), support for new platforms like [Tails](https://docs.cwtch.im/docs/platforms/tails), and multiple improvements to performance and stability.\\n\\n![](/img/devlog13.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic1.12.png)](/img/picnic1.12.png)\\n\\n
A screenshot of Cwtch 1.12
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Profile Attributes** - profiles can now be augmented with [additional public information](https://docs.cwtch.im/docs/profiles/profile-info)\\n - **Availability Status** - you can now notify contacts that you [are **away** or **busy**](https://docs.cwtch.im/docs/profiles/availability-status)\\n - **Five New Supported Localizations**: **Japanese**, **Korean**, **Slovak**, **Swahili** and **Swedish**\\n - **Support for Tails** - adds an [OnionGrater](https://docs.cwtch.im/docs/platforms/tails) configuration and a new `CWTCH_TAILS` environment variable that enables special Tor behaviour.\\n- **Bug Fixes / Improvements:**\\n - Based on Flutter 3.10\\n - Inter is now the main UI font\\n - New Font Scaling setting\\n - New Network Management code to better manage Tor on unstable networks\\n - File Sharing Experiment Fixes\\n \\t- Fix performance issues for file bubble\\n \\t- Allow restarting of file shares that have timed out\\n \\t- Fix NPE in FileBubble caused by deleting the underlying file\\n \\t- Move from RetVal to UpdateConversationAttributes to minimze UI thread issues\\n - Updates to Linux install scripts to support more distributions\\n - Add a Retry Peer connection to prioritize connection attempts for certain conversations\\n - Updates to `_FlDartProject` to allow custom setting of Flutter asset paths\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Slovak**, **Spanish**, **Swahili**, **Swedish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Japanese** (29%), **Korean** (23%), **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n## Reproducible Bindings\\n\\nCwtch 1.12 is based on libCwtch version `libCwtch-autobindings-2023-06-13-10-50-v0.0.5`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-v.11-74","metadata":{"permalink":"/it/blog/cwtch-nightly-v.11-74","source":"@site/blog/2023-06-07-new-nightly.md","title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","date":"2023-06-07T00:00:00.000Z","formattedDate":"7 giugno 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/it/blog/tags/developer-documentation"}],"readingTime":1.845,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","slug":"cwtch-nightly-v.11-74","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog10_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.12","permalink":"/it/blog/cwtch-nightly-1-12"},"nextItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/it/blog/cwtch-developer-documentation"}},"content":"We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog10.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-06-05-17-36-v1.11.0-74-g0406](https://build.openprivacy.ca/files/flwtch-2023-06-05-17-36-v1.11.0-74-g0406/).\\n\\nThis version has a large number of improvements and bug fixes including:\\n\\n* A new Font Scaling setting\\n* Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.\\n* Updated UI font styles\\n* Dependency updates, including a new base of Flutter 3.10.\\n* A fix for stuck file downloading notifications on Android\\n* A fix for missing profile images in certain edge cases on Android\\n* Japanese, Swedish, and Swahili translation options\\n* A new retry peer connection button for prompting Cwtch to prioritize specific connections\\n* [Tails support](/docs/platforms/tails)\\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-developer-documentation","metadata":{"permalink":"/it/blog/cwtch-developer-documentation","source":"@site/blog/2023-04-28-developer-docs.md","title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","date":"2023-04-28T00:00:00.000Z","formattedDate":"28 aprile 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/it/blog/tags/developer-documentation"}],"readingTime":2.595,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","slug":"cwtch-developer-documentation","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/it/blog/cwtch-nightly-v.11-74"},"nextItem":{"title":"Availability Status and Profile Attributes","permalink":"/it/blog/availability-status-profile-attributes"}},"content":"One of the larger remaining goals outlined in our [Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents. \\n\\nIn this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!\\n\\nWe are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog9.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Cwtch Development Handbook\\n\\nWe have created a new documentation section, [the developers handbook](/developing/intro). This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).\\n\\n### Release and Packaging Process\\n\\nThe new handbook features a breakdown of [Cwtch release processes](/developing/release) - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.\\n\\n### Cwtch Application Development and Cwtchbot v0.1.0!\\n\\nFor the first time ever we now have [comprehensive documentation on how to build a Cwtch Application](/developing/category/building-a-cwtch-app). This section of the development handbook covers everything from [choosing a Cwtch library](/developing/building-a-cwtch-app/intro#choosing-a-cwtch-library), to [building your first application](/developing/building-a-cwtch-app/building-an-echobot).\\n\\nTogether with this new documentation we have also [released version 0.1 of the Cwtchbot framework](https://git.openprivacy.ca/sarah/cwtchbot), updating calls to use the [new Cwtch Stable API](/blog/cwtch-stable-api-design).\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-04-26-20-57-v1.11.0-33-gb4371](https://build.openprivacy.ca/files/flwtch-2023-04-26-20-57-v1.11.0-33-gb4371/).\\n\\nThis version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the [in-development Tails support](/docs/platforms/tails). \\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"availability-status-profile-attributes","metadata":{"permalink":"/it/blog/availability-status-profile-attributes","source":"@site/blog/2023-04-06-availability-and-profile-attributes.md","title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","date":"2023-04-06T00:00:00.000Z","formattedDate":"6 aprile 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"nightly","permalink":"/it/blog/tags/nightly"}],"readingTime":1.445,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","slug":"availability-status-profile-attributes","tags":["cwtch","cwtch-stable","nightly"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/it/blog/cwtch-developer-documentation"},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update"}},"content":"Two new Cwtch features are now available to test in nightly: [Availability Status](/docs/profiles/availability-status) and [Profile Information](/docs/profiles/profile-info).\\n\\nAdditionally, we have also published draft guidance on [running Cwtch on Tails](/docs/platforms/tails) that we would like volunteers to test and report back on.\\n \\nThe Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like\\nours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Availability Status\\n\\nNew in this nightly is the ability to notify your conversations that you are \\"Away\\" or \\"Busy\\".\\n\\n
\\n\\n[![](/img/profiles/status-tooltip-busy-set.png)](/img/profiles/status-tooltip-busy-set.png)\\n\\n
\\n
\\n\\nRead more: [Availability Status](/docs/profiles/availability-status)\\n\\n## Profile Attributes\\n\\nAlso new is the ability to augment your profile with a few small pieces of **public** information.\\n\\n
\\n\\n[![](/img/profiles/attributes-set.png)](/img/profiles/attributes-set.png)\\n\\n
\\n
\\n\\nRead more: [Profile Information](/docs/profiles/profile-info)\\n \\n## Downloading the Nightly\\n\\n[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-18-28-v1.11.0-7-g0290** are available below.\\n\\n* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/)\\n* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n* Mac: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/)\\n* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update","metadata":{"permalink":"/it/blog/cwtch-stable-roadmap-update","source":"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","date":"2023-03-31T00:00:00.000Z","formattedDate":"31 marzo 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/it/blog/tags/planning"}],"readingTime":5.61,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","slug":"cwtch-stable-roadmap-update","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Availability Status and Profile Attributes","permalink":"/it/blog/availability-status-profile-attributes"},"nextItem":{"title":"Cwtch Beta 1.11","permalink":"/it/blog/cwtch-nightly-1-11"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap](/blog/path-to-cwtch-stable) we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the January Roadmap\\n\\nBack in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \u274c not started.)\\n\\n- By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). \u2705\\n- By **1st February 2023**, the Cwtch team will have [finalized a feature set that defines Cwtch Stable](/blog/cwtch-stable-api-design) and established a timeline for including these features in upcoming Cwtch Beta releases. \u2705\\n- By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:\\n - [Security and Design Documents](/security/intro) \u2705\\n - Infrastructure and [Support](/docs/getting-started/supported_platforms) \ud83d\udfe1\\n - in addition to a new development blog. \u2705\\n- By **31st March 2023**, the Cwtch team will have created:\\n - a [style guide for documentation](/docs/contribute/documentation), and \u2705\\n - have used it to ensure that all Cwtch features have consistent documentation available, \ud83d\udfe1\\n - with at least one screenshot (where applicable). \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have published: \\n - a Cwtch [Interface Specification Document](/blog/cwtch-stable-api-design) \u2705\\n - a Cwtch Release Process Document \ud83d\udfe1\\n - a Cwtch [Support Plan document](/blog/cwtch-platform-support) \u2705\\n - a Cwtch Packaging Document \ud83d\udfe1\\n - a document describing the [Reproducible Builds Process](/blog/cwtch-bindings-reproducible) \u2705\\n - These documents will be available on the newly expanded Cwtch Documentation website \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. \u2705\\n- By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \u274c\\n- By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable \u2705 (this post!)\\n\\nWhile we didn\'t hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:\\n\\n* [Cwtch Autobindings](/blog/autobindings) with [compile-time optional experiments](/blog/autobindings-ii)\\n* [Cwtch 1.11](/blog/cwtch-nightly-1-11) - with support for reproducible bindings, two new localizations (Slovak and Korean), in addition to a myriad of bug fixes and performance improvements.\\n* [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) - a tool for testing and confirming reproducible builds processes based on Qemu, and a Debian Cloud image.\\n\\n## A Timeline for Cwtch Stable\\n\\nNow for the big news, we plan on releasing a candidate Cwtch Stable release during **Summer 2023**. Here is our plan for getting there:\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document\\n - A Cwtch Packaging Document\\n - Completion of documentation of existing Cwtch features, including relevant screenshots.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries\\n - Automatically generated API documentation for libCwtch\\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593)\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms)\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-11","metadata":{"permalink":"/it/blog/cwtch-nightly-1-11","source":"@site/blog/2023-03-29-cwtch-1.11.md","title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","date":"2023-03-29T00:00:00.000Z","formattedDate":"29 marzo 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"release","permalink":"/it/blog/tags/release"}],"readingTime":2.365,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","slug":"cwtch-nightly-1-11","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog12_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update"},"nextItem":{"title":"Updates to Cwtch Documentation","permalink":"/it/blog/cwtch-documentation"}},"content":"[Cwtch 1.11 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new [reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) and [automatically generated](https://docs.cwtch.im/blog/autobindings) bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.\\n\\n![](/img/devlog12.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic.png)](/img/picnic.png)\\n\\n
A screenshot of Cwtch 1.11
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Based on new Reproducible Cwtch Stable Autobuilds** - this is the first release of cwtch based on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) in addition to our new [automatically generated](https://docs.cwtch.im/blog/autobindings)\\n - **Two New Supported Localizations**: **Slovak** and **Korean**\\n- **Bug Fixes / Improvements:**\\n - When preserving a message draft, quoted messages are now also saved\\n - Layout issues caused by pathological unicode are now prevented\\n - Improved performance of message row rendering\\n - Clickable Links: Links in replies are now selectable\\n - Clickable Links: Fixed error when highlighting certain URIs \\n - File Downloading: Fixes for file downloading and exporting on 32bit Android devices\\n - Server Hosting: Fixes for several layout issues\\n - Build pipeline now runs automated UI tests\\n - Fix issues caused by scrollbar controller overriding\\n - Initial support for the Blodeuwedd Assistant (currently compile-time disabled)\\n - Cwtch Library:\\n - [New Stable Cwtch Peer API](/blog/cwtch-stable-api-design)\\n - Ported File Downloading and Image Previews experiments into Cwtch\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Spanish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n\\n\\n## Reproducible Bindings\\n\\nCwtch 1.11 is based on libCwtch version `2023-03-16-15-07-v0.0.3-1-g50c853a`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-documentation","metadata":{"permalink":"/it/blog/cwtch-documentation","source":"@site/blog/2023-03-10-cwtch-documentation.md","title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","date":"2023-03-10T00:00:00.000Z","formattedDate":"10 marzo 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"documentation","permalink":"/it/blog/tags/documentation"},{"label":"security-handbook","permalink":"/it/blog/tags/security-handbook"}],"readingTime":2.57,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","slug":"cwtch-documentation","tags":["cwtch","cwtch-stable","documentation","security-handbook"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.11","permalink":"/it/blog/cwtch-nightly-1-11"},"nextItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/it/blog/autobindings-ii"}},"content":"One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.\\n\\n![](/img/devlog9.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Cwtch Secure Development Handbook\\n \\nOne of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.\\n\\nWe have [now ported the the handbook to this documentation site](/security/intro), along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation. \\n\\n## Volunteer Development\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Next Steps\\n\\nWe still have more work to do on the documentation front:\\n\\n* Ensuring all pages [implement the new documentation style guide](/docs/contribute/documentation), and include appropriate screenshots and descriptions.\\n* Expanding the security handbook to provide information on [reproducible builds](/blog/cwtch-bindings-reproducible), [the new Cwtch Stable API](/blog/cwtch-stable-api-design) and upcoming improvements around fuzz testing.\\n* Creating new documentation sections on the [libCwtch autobindings API](/blog/autobindings) and building applications on top of Cwtch.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings-ii","metadata":{"permalink":"/it/blog/autobindings-ii","source":"@site/blog/2023-03-03-autobindings-optional-experiments.md","title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","date":"2023-03-03T00:00:00.000Z","formattedDate":"3 marzo 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"autobindings","permalink":"/it/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/it/blog/tags/libcwtch"}],"readingTime":4.655,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","slug":"autobindings-ii","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Updates to Cwtch Documentation","permalink":"/it/blog/cwtch-documentation"},"nextItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/it/blog/autobindings"}},"content":"[Last time we looked at autobindings](https://docs.cwtch.im/blog/autobindings) we mentioned that one of the next steps was introducing support for **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)**. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## The Structure of an Application Experiment\\n\\nAn application-level experiment consists of:\\n\\n1. A set of top-level APIs, e.g. `CreateServer`, `LoadServer`, `DeleteServer` - these are the APIs that we want to expose to calling applications.\\n2. An encapsulating structure for the set of APIs, e.g. `ServersFunctionality` - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.\\n3. A global variable that exists at the top level of libCwtch, e.g. `var serverExperiment *servers.ServersFunctionality servers` - our single pointer to the underlying functionality.\\n4. A set of management-related APIs, e.g. `Init`, `UpdateSettings`, `OnACNEvent` - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are\\nchanged (e.g. if the server hosting experiment is disabled we need to tear down all active servers).\\n5. Management code within `_startCwtch` and `_reconnectCwtch` that calls the management APIs on the global variable.\\n\\nFrom a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead\\nof on `application` or a specific `profile`.\\n\\nMost of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.\\n\\n### New Required Management APIs\\n\\nTo achieve this weaving, we now require application-level experiments to implement an `EventHandlerInterface` interface and expose itself via an\\ninitialize constructor `Init(acn, appDir) -> EventHandlerInterface`, and `Enable(app, acn)`.\\n\\nFor now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.\\n\\nWe can then generate, and optionally include blocks of code like:\\n\\n\\t\\t = .Init(&globalACN, appDir)\\n\\t\\teventHandler.AddModule()\\n\\t\\t.Enable(application, &globalACN)\\n\\nand place them at specific points in the code. `EventHandler` has also been extended to maintain a collection of `modules` so that it can\\npass on interesting events.\\n\\n### Adding Support for Application Experiments in the Spec File\\n\\nWe have introduced a new `!` operator which can be used to gate APIs behind a configured experiment. Along with a new\\ntemplating option `exp` which will call the function on the configured experiment, and `global` to allow the setting up\\nof a global functionality within the library.\\n\\n\\t\\t# Server Hosting Experiment\\n\\t\\t!serverExperiment import \\"git.openprivacy.ca/cwtch.im/cwtch-autobindings/experiments/servers\\"\\n\\t\\t!serverExperiment global serverExperiment *servers.ServersFunctionality servers\\n\\t\\t!serverExperiment exp CreateServer application password string:description bool:autostart\\n\\t\\t!serverExperiment exp SetServerAttribute application string:handle string:key string:val\\n\\t\\t!serverExperiment exp LoadServers application acn password\\n\\t\\t!serverExperiment exp LaunchServers application acn\\n\\t\\t!serverExperiment exp LaunchServer application string:handle\\n\\t\\t!serverExperiment exp StopServer application string:handle\\n\\t\\t!serverExperiment exp StopServers application\\n\\t\\t!serverExperiment exp DestroyServers\\n\\t\\t!serverExperiment exp DeleteServer application string:handle password\\n\\n### Generation-Time Inclusion\\n\\n Without any arguments provided `generate-bindings` will not generate code for any experiments.\\n\\n In order to determine what experimental code to generate, `generate-bindings` now interprets arguments as enabled compile time experiments, e.g. `generate-bindings serverExperiment` will turn on\\n generation of server hosting code, per the spec file above.\\n\\n### Cwtch UI Integration\\n\\nThe UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. `c_LoadServers` - if it doesn\'t then the UI is safe to assume the\\nfeature is not available.\\n\\n
\\n\\n![](/img/dev9-host-disabled.png)\\n\\n
A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.
\\n
\\n\\n## Nightlies & Next Steps\\n\\nWe are now publishing [nightlies](https://build.openprivacy.ca/files/libCwtch-autobindings-v0.0.2/) of autobinding derived libCwtch-go, along with [Repliqate scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.2) for reproducibility.\\n\\nWith application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced\\nin the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.\\n\\nHowever, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:\\n\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs).\\n * **Documentation generation**: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings","metadata":{"permalink":"/it/blog/autobindings","source":"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md","title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","date":"2023-02-24T00:00:00.000Z","formattedDate":"24 febbraio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"autobindings","permalink":"/it/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/it/blog/tags/libcwtch"}],"readingTime":4.545,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","slug":"autobindings","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/it/blog/autobindings-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/it/blog/cwtch-testing-ii"}},"content":"The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of\\nwhat the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to **automatically generate** these bindings: [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings).\\n\\nThis this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the [path to Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable).\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## A Brief History of Cwtch Bindings\\n\\nPrior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by [therecipe/qt](https://github.com/therecipe/qt). However, after encountering numerous\\ncrash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.\\n\\nAs part of early prototyping efforts for Flutter we built out a first version of [libCwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go), and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.\\n\\nThis approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular [experimental features](https://docs.cwtch.im/blog/cwtch-stable-api-design#the-cwtch-experiment-landscape) - handle settings, [duplication of logic between Cwtch and libCwtch-go](https://docs.cwtch.im/blog/cwtch-stable-api-design#bindings), and [special behaviour in libCwtch-go that better belongs in the core Cwtch library](https://docs.cwtch.im/blog/cwtch-stable-api-design#appendix-a-special-behaviour-defined-by-libcwtch-go).\\n\\nAs part of a broader effort to [refine the Cwtch API in preparation for Cwtch Stable](https://docs.cwtch.im/blog/cwtch-stable-api-design) we have taken the opportunity to fix many of these problems.\\n\\n## Cwtch Autobindings\\n\\nThe current `lib.go` file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the `BlockContact` API implementation is:\\n\\n\\t//export c_BlockContact\\n\\tfunc c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {\\n\\t\\tBlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))\\n\\t}\\n\\n\\tfunc BlockContact(profileOnion string, conversationID int) {\\n\\t\\tprofile := application.GetPeer(profileOnion)\\n\\t\\tif profile != nil {\\n\\t\\t\\tprofile.BlockConversation(conversationID)\\n\\t\\t}\\n\\t}\\n\\nAll that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.\\n\\nIn the new [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings) we reduce these multiple lines to [a single one](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec#L19):\\n\\n\\tprofile BlockConversation conversation\\n\\nDefining a `profile`-level function, called `BlockConversation` which takes in a single parameter of type `conversation`.\\n\\nUsing a similar boilerplate-reduction for the reset of `lib.go` yields [5-basic function prototypes](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/README.md#spec-file-format):\\n\\n* Application-level functions e.g. `CreateProfile`\\n* Profile-level functions e.g. `BlockConversation`\\n* Profile-level functions that return data e.g. `GetMessage`\\n* Experimental Profile-level feature functions e.g. `DownloadFile`\\n* Experimental Profile-level feature functions that return data e.g. `ShareFile`\\n\\nOnce aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be [described in fewer than 50 lines, including comments](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec). Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).\\n\\n## Next Steps\\n\\nCwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:\\n\\n * **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)** (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on `cwtch-server`). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don\'t support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart-side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs)\\n * **Documentation generation**: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n * **Cwtch API**: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the [Cwtch Stable API redesign](https://docs.cwtch.im/blog/cwtch-stable-api-design). In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-ii","metadata":{"permalink":"/it/blog/cwtch-testing-ii","source":"@site/blog/2023-02-17-cwtch-testing-ii.md","title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","date":"2023-02-17T00:00:00.000Z","formattedDate":"17 febbraio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"support","permalink":"/it/blog/tags/support"},{"label":"testing","permalink":"/it/blog/tags/testing"}],"readingTime":1.75,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","slug":"cwtch-testing-ii","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog7_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/it/blog/autobindings"},"nextItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/it/blog/cwtch-android-reproducibility"}},"content":"In this development log, we investigate some text-based UI bugs encountered by [Fuzzbot](https://docs.cwtch.im/docs/contribute/testing#running-fuzzbot), add more [automated UI tests](/blog/cwtch-testing-i) to the pipeline, and announce a new release of the Cwtchbot library.\\n\\n![](/img/devlog7.png)\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Constraining Cwtch UI Fields\\n\\nFuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this\\ndoesn\'t pose a safety issue, it is unsightly.\\n\\n
\\n\\n[![](/img/dl7-before.png)](/img/dl7-before.png)\\n\\n
Screenshot demonstrating how certain strings would violate the bounds of their containers.
\\n
\\n\\nThese cases were fixed by parenting impacted elements in a `Container` with `clip: hardEdge` and `decoration:BoxDecoration()` (note that both of these are required as Container widgets in Flutter cannot set clipping logic\\nwithout an associated decoration).\\n\\n
\\n\\n[![](/img/dl7-after.png)](/img/dl7-after.png)\\n\\n
Now these clipped strings are tightly constrained to their container bounds.
\\n
\\n\\nThese fixes are available in the [latest Cwtch Nightly](/docs/contribute/testing#cwtch-nightlies), and will be officially released in Cwtch 1.11.\\n\\n## More Automated UI Tests\\n\\nWe have added two new sets of automated UI tests to our pipeline:\\n\\n- *02: Global Settings* - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. ([PR: 628](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/628))\\n- *04: Profile Management* - these tests check that creating, unlocking, and deleting a profile work as expected. ([PR: 632](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/632))\\n\\n## New Release of Cwtchbot\\n\\n[Cwtchbot](https://git.openprivacy.ca/sarah/cwtchbot) has been updated to use the latest Cwtch 0.18.10 API.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-android-reproducibility","metadata":{"permalink":"/it/blog/cwtch-android-reproducibility","source":"@site/blog/2023-02-10-android-reproducibility.md","title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","date":"2023-02-10T00:00:00.000Z","formattedDate":"10 febbraio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/it/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"repliqate","permalink":"/it/blog/tags/repliqate"}],"readingTime":2.92,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","slug":"cwtch-android-reproducibility","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog6_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/it/blog/cwtch-testing-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing","permalink":"/it/blog/cwtch-testing-i"}},"content":"In this development log, we continue our previous work on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible), uncovering the final few sources of variation between our [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!\\n\\n![](/img/devlog6.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Changes Necessary for Reproducible Android Bindings\\n\\nAfter a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:\\n\\n- **Insufficient path stripping introduced by Android NDK tools** - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 [changed the binutils and default linker](https://github.com/android/ndk/wiki/Changelog-r22) to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our [long term support plan](https://docs.cwtch.im/blog/cwtch-platform-support), we will be moving towards adopting the latest NDK in the future.\\n- **Paths in DWARF entries** - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.\\n\\n
\\n\\n[![](/img/aar-diff.png)](/img/aar-diff.png)\\n\\n
Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
\\n
\\n\\n- **Go Compiler Acquisition** - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there *was* a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.\\n\\n## Repliqate Scripts\\n\\nWith those issues now fixed, Cwtch Android bindings are **officially reproducible!** The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under [cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script) in the [Cwtch Repliqate scripts repository](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/).\\n\\nThis is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-i","metadata":{"permalink":"/it/blog/cwtch-testing-i","source":"@site/blog/2023-02-03-cwtch-testing-i.md","title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","date":"2023-02-03T00:00:00.000Z","formattedDate":"3 febbraio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"support","permalink":"/it/blog/tags/support"},{"label":"testing","permalink":"/it/blog/tags/testing"}],"readingTime":4.74,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","slug":"cwtch-testing-i","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog5_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/it/blog/cwtch-android-reproducibility"},"nextItem":{"title":"Cwtch UI Platform Support","permalink":"/it/blog/cwtch-platform-support"}},"content":"We first [introduced UI tests last January](https://openprivacy.ca/discreet-log/23-cucumber-testing/). At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.\\n\\nOne of the main threads of work that needs to be complete early in the [Cwtch Stable roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.\\n\\n![](/img/devlog5.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Current Limitations of Flutter Gherkin\\n\\nThe original [flutter_gherkin](https://pub.dev/packages/flutter_gherkin) is under semi-active development; however, the latest published versions don\'t support using it with `flutter test`.\\n\\n- **Flutter Test** was originally intended to run single widget/unit tests for a Flutter project.\\n- **Flutter Drive** was originally intended to run integration tests *on a device or an emulator*.\\n\\nHowever, in recent releases these lines have become blurred. The new [integration_test](https://docs.flutter.dev/testing/integration-tests) package that comes built into newer Flutter releases has support for both `flutter drive` and `flutter test`. This was a great change because it decreases the required overhead to run larger integration tests (`flutter drive` sets up a host-controller model that requires a dedicated control channel to be setup, whereas `flutter test` can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).\\n\\nThere is thankfully code in the `flutter_gherkin` repository that supports running tests with `flutter test`, however this code currently has a few issues:\\n\\n- The test code generation produces code that doesn\'t compile without minor changes.\\n- Certain functionality like \\"take a screenshot\\" does not work on desktop.\\n\\nAdditionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:\\n\\n- Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.\\n- Certain Flutter widgets like `DropdownButton` are not compatible with built-in steps like `tap` because they internally contain multiple copies of the same widget.\\n\\nBecause of the above issues we have chosen to [fork flutter_gherkin](https://git.openprivacy.ca/openprivacy/flutter_gherkin) to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.\\n\\n## Integrating Tests into the Pipeline\\n\\nOne of the major limitations of `flutter test` is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.\\n\\nThankfully it is possible to use [Xfvb](https://en.wikipedia.org/wiki/Xvfb) to create a virtual framebuffer, and set `DISPLAY` to render to that buffer:\\n\\n export DISPLAY=:99\\n Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &\\n\\nThis allows us to neutralize our main issue with `flutter test`, and efficiently run tests in our pipeline.\\n\\n## Catching Bugs!\\n\\nThis small amount of integration work has already caught its first bug.\\n\\nOnce we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. [02_save_load.feature](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/integration_test/features/01_general/02_save_load.feature) simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on\\ndevelopment environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.\\n\\nThe cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory `$USER_HOME/Downloads` didn\'t exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.\\n\\nAs we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!\\n\\n## Next Steps\\n\\n- **More automated tests:** We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.\\n- **More platforms:** Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across [our target platforms](https://docs.cwtch.im/docs/getting-started/supported_platforms). We expect to start this work soon; expect more news in a future Cwtch Testing update!\\n\\n- **More steps:** One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the `expect to see the message` step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. `send a file` or `set profile picture`.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-platform-support","metadata":{"permalink":"/it/blog/cwtch-platform-support","source":"@site/blog/2023-01-27-platform-support.md","title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","date":"2023-01-27T00:00:00.000Z","formattedDate":"27 gennaio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"support","permalink":"/it/blog/tags/support"}],"readingTime":10.535,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","slug":"cwtch-platform-support","tags":["cwtch","cwtch-stable","support"],"image":"/img/devlog4_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing","permalink":"/it/blog/cwtch-testing-i"},"nextItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/it/blog/cwtch-bindings-reproducible"}},"content":"One of the [tenets for Cwtch Stable is **Universal Availability and Cohesive Support**](https://docs.cwtch.im/blog/path-to-cwtch-stable#tenets-of-cwtch-stable):\\n\\n> \\"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\"\\n\\nThis development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.\\n\\nThe questions we aim to answer in this post are: \\n\\n- What systems do we currently support?\\n- How do we decide what systems are supported?\\n- How do we handle new OS versions?\\n- How does application support differ from library support?\\n- What blockers exist for systems we wish to support, but currently cannot e.g ios?\\n\\n![](/img/devlog4.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Constraints on support\\n\\nFrom CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems. \\n\\nIn this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.\\n\\n### Limitations on general-purpose computing \\n\\nIn order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to *other* onion services). \\n\\nOn desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, **blocked entirely**. \\n\\nThis is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.\\n\\nWhile we expect that [Arti](https://gitlab.torproject.org/tpo/core/arti) will improve the management of onion services and connections, there is no way around the need to have an active process managing such services. \\n\\nAs Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.\\n\\nWe encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don\'t place restrictions on what you can do with your own device.\\n\\n### Constraints introduced by the Flutter SDK\\n\\nThe Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by [platforms that are supported by the Flutter SDK](https://docs.flutter.dev/development/tools/sdk/release-notes/supported-platforms).\\n\\nTo summarize, as of writing this document those platforms are:\\n\\n- Android API 16 and above (arm, arm64, and amd64)\\n- Debian-based Linux Distributions (64-bit only)\\n- macOS El Capitan (10.11) and above\\n- Windows 7 & above (64-bit only)\\n\\nTo put it plainly, without porting Cwtch UI to a different UI platform **we cannot support a 32-bit desktop version**.\\n\\n### Constraints introduced by Appstore Policy \\n\\nAs of writing, [Google is pushing applications to target API 31 or above](https://developer.android.com/google/play/requirements/target-sdk). This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.\\n\\n### CPU Architecture and Cwtch Bindings\\n\\nWe currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.\\n\\nIt is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.\\n\\n| Architecture / Platform | Windows | Linux | macOS | Android |\\n|--------------------------|---------|-----|-------| -------------|\\n| arm | \u274c | \u274c | \u274c | \u2705\ufe0f| \\n| arm64 | \u274c | \ud83d\udfe1 | \u2705 | \u2705\ufe0f | \\n| x86-64 / amd64 | \u2705 | \u2705 | \u2705\ufe0f | \u2705\ufe0f |\\n\\n\\"\ud83d\udfe1\\" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).\\n\\n### Testing and official support\\n\\nAs a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the [Cwtch Release Candidate Testers](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.\\n\\nWe officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.\\n\\n### End-of-life platforms\\n\\nOperating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. [Windows 7 fell out of support on January 14, 2020](https://www.microsoft.com/en-us/windows/end-of-support), Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.\\n\\nLikewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.\\n\\nThe same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. [Cwtch currently requires libc 2.31+](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#linux-specific-considerations).\\n\\nAndroid versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our [Cwtch Release Candidate Testers groups](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to help us understand the limitations of Android support across different API versions.\\n\\n## How we decide to officially support a platform\\n\\nTo help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:\\n\\n1. **The target platform needs to be officially supported by our development tools** - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.\\n2. **The target operating system needs to be supported by the Vendor** - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).\\n3. **The target platform must be backwards compatible with the most recent version in general use** - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch *may* run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).\\n4. **People want to use Cwtch on that platform** - We will generally only consider new platform support if people ask us about it. If Cwtch isn\'t available for a platform you want to use it on, then please get in touch and ask us about it!\\n\\n## Summary of official support\\n\\nThe table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023). \\n\\nIn many cases we are looking for testers to confirm that various functionality works. A version of this table will be [maintained as part of the Cwtch Handbook](/docs/getting-started/supported_platforms).\\n\\n**Legend:**\\n\\n- \u2705: **Officially Supported**. Cwtch should work on these platforms without issue. Regressions are treated as high priority.\\n- \ud83d\udfe1: **Best Effort Support**. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.\\n- \u274c: **Not Supported**. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.\\n\\n\\n\\n| Platform | Official Cwtch Builds | Source Support | Notes |\\n|-----------------------------|-----------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------|\\n| Windows 11 | \u2705 | \u2705 | 64-bit amd64 only. |\\n| Windows 10 |\u2705 | \u2705 | 64-bit amd64 only. Not officially supported, but official builds may work. |\\n| Windows 8 and below | \u274c | \ud83d\udfe1 | Not supported. Dedicated builds from source may work. Testing Needed. |\\n| OSX 10 and below | \u274c | \ud83d\udfe1 | 64-bit Only. Official builds have been reported to work on Catalina but not High Sierra |\\n| OSX 11 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 12 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 13 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| Debian 11 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Debian 10 | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. |\\n| Debian 9 and below | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies. |\\n| Ubuntu 22.04 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Other Ubuntu | \ud83d\udfe1 | \u2705 | 64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies. | \\n| CentOS | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Gentoo | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Arch | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Whonix | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support. ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550) |\\n| Raspian (arm64) | \ud83d\udfe1 | \u2705 | Builds from source work. |\\n| Other Linux Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Android 9 and below | \ud83d\udfe1 | \ud83d\udfe1 | Official builds may work. |\\n| Android 10 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 11 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 12 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 13 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| LineageOS | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support.](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/607) |\\n| Other Android Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-bindings-reproducible","metadata":{"permalink":"/it/blog/cwtch-bindings-reproducible","source":"@site/blog/2023-01-20-reproducible-builds-bindings.md","title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","date":"2023-01-20T00:00:00.000Z","formattedDate":"20 gennaio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/it/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"repliqate","permalink":"/it/blog/tags/repliqate"}],"readingTime":7.915,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","slug":"cwtch-bindings-reproducible","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog3_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Platform Support","permalink":"/it/blog/cwtch-platform-support"},"nextItem":{"title":"Cwtch Stable API Design","permalink":"/it/blog/cwtch-stable-api-design"}},"content":"From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.\\n\\nBut open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.\\n\\nThe whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can **independently verify** that the binaries we release are built from the Cwtch source code.\\n\\nIn this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n\x3c!--truncate--\x3e\\n\\n## How Cwtch Bindings are Built\\n\\nSince we launched Cwtch Beta we have used Docker containers as part of our continuous build process.\\n\\nWhen a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.\\n\\nThe Cwtch Bindings build pipeline results in four compiled libraries:\\n\\n- **libcwtch.so** \u2013 For Linux Platforms, built using the [official golang:1.19.X Docker Image](https://hub.docker.com/_/golang)\\n- **libcwtch.dll** \u2013 For Windows Platforms, built using our own [mingw-go Docker Image](https://git.openprivacy.ca/openprivacy/mingw-go)\\n- **libcwtch.ld** \u2013 For OSX Platforms, built using our dedicated OSX build server (Big Sur 11.6.1)\\n- **cwtch.aar** \u2013 For Android Platforms, built using our own [Android/GoMobile Docker Image](https://git.openprivacy.ca/openprivacy/android-go-mobile)\\n\\nThese compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.\\n\\n## Making libCwtch Reproducible\\n\\nDocker containers alone aren\'t enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:\\n\\n* **Go Build ID**: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.\\n* **Build Paths and Go Environment Variables**: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary \u2013 ostensibly to aid with debugging. These can be removed using the `trimPath` option, which we now specify for all bindings builds.\\n\\n### Linux Specific Considerations\\n\\nAfter the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.\\n\\nOur Drone/Docker build environments are based on [Debian Bullseye](https://www.debian.org/releases/bullseye/) which provides [libc6-dev version 2.31](https://packages.debian.org/bullseye/i386/libc6-dev). Other development setups will likely link libc-dev 2.34+.\\n\\nlibc6-dev 2.34 is notable [because it removed dependencies on libpthread and libdl](https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread) \u2013 neither are used in libCwtch, but they are currently referenced \u2013 which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.\\n\\nThis means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on [Next Steps](#next-steps) for more information).\\n\\n### Windows Specific Considerations\\n\\nThe headers of PE files technically contain a timestamp field. In recent years an [effort has been made to use this field for other purposes](https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705), but by default `go build` will still include the timestamp of the file when producing a DLL file (at least when using CGO).\\n\\nFortunately this field can be zeroed out through passing `-Xlinker \u2013no-insert-timestamp` into the `mingw32-gcc` process.\\n\\nWith that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.\\n\\n\\n### Android Specific Considerations\\n\\nWith the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:\\n\\n* Cwtch makes use of [GoMobile](https://github.com/golang/mobile) for compiling Android libraries. We pin to a specific version `43a0384520996c8376bfb8637390f12b44773e65` in our Docker containers. Unlike `go build`, the `trimpPath` parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized `/tmp/go-build*` references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.\\n* We still use [sdk-tools](https://developer.android.com/studio/releases/sdk-tools) instead of the new [commandline-tools](https://developer.android.com/studio/command-line). The latest version of sdk-tools is `4333796` and available from: [https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip](https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip). As part of our plans for Cwtch Stable we will be updating this dependency.\\n* Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated `openjdk:8` image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency. \\n\\nAll of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.\\n\\n### OSX Specific Considerations\\n\\nPerhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.\\n\\nAs with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.\\n\\nIn order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.\\n\\nIn an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a [proprietary SDK](https://www.apple.com/legal/sla/docs/xcode.pdf). There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.\\n\\nBecause of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.\\n\\n## Introducing Repliqate!\\n\\nWith all the above changes, **Cwtch Bindings for Linux and Windows are fully reproducible!**\\n\\nThat alone is great, but we also want to make it easier for **you** to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.\\n\\nTo make this process accessible we are releasing a new tool called [repliqate](https://git.openprivacy.ca/openprivacy/repliqate).\\n\\nRepliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.\\n\\nRepliqate runs [build-scripts](https://git.openprivacy.ca/openprivacy/repliqate#writing-a-build-script) to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from [builds.openprivacy.ca](https://build.openprivacy.ca/files/).\\n\\nWe now provide [Repliqate build-scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts) for reproducible both [Linux libCwtch.so builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-linux.script), [Windows libCwtch.dll builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-windows.script)!\\n\\nWe also have a partially repeatable [Android cwtch.aar build](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-android.script) script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.\\n\\nYou can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.\\n\\n## Next Steps\\n\\nReproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.\\n\\nAs we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-api-design","metadata":{"permalink":"/it/blog/cwtch-stable-api-design","source":"@site/blog/2023-01-13-cwtch-stable-api-design.md","title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","date":"2023-01-13T00:00:00.000Z","formattedDate":"13 gennaio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/it/blog/tags/planning"},{"label":"api","permalink":"/it/blog/tags/api"}],"readingTime":17.28,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","slug":"cwtch-stable-api-design","tags":["cwtch","cwtch-stable","planning","api"],"image":"/img/devlog2_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/it/blog/cwtch-bindings-reproducible"},"nextItem":{"title":"Path to Cwtch Stable","permalink":"/it/blog/path-to-cwtch-stable"}},"content":"Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications. \\n\\nAs we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.\\n\\nAs we move out of Beta and [towards Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable) it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.\\n\\nIn this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.\\n\\n![](/img/devlog2.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Clarifying Terminology\\n\\nOver the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:\\n\\n- **Cwtch** refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application. \\n- **Cwtchlib** refers to the [reference implementation of the Cwtch Protocol](https://git.openprivacy.ca/cwtch.im/cwtch) / Application framework, currently written in Go.\\n- **Bindings** refers to C/Java/Kotlin/Rust bindings (primarily [libcwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go)) that act as an interface between Cwtchlib and downstream applications.\\n- `CwtchPeer` is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).\\n- `ProtocolEngine` is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, `ProtocolEngine` is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.\\n\\n\\n### Tenets of the Cwtch API Design\\n\\nBased on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:\\n\\n- **Robustness** - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.\\n- **Completeness** - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.\\n- **Security** \u2013 experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.\\n\\n### The Cwtch Experiment Landscape\\n\\nA summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.\\n\\n- **Groups** \u2013 the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized `ProtocolEngine` functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup. \\n - **Hybrid Groups** - we have plans to upgrade the Groups experience to a more flexible \u201chybrid-groups\u201d protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.\\n- **Filesharing** \u2013 like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in `ProtocolEngine`.\\n- **Profile Images** \u2013 based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.\\n- **Server Hosting** \u2013 the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.\\n- **Message Formatting** \u2013 notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history\\n- **Search / Microblogging** \u2013 proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.\\n- **Status / Profile Metadata** \u2013 proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.\\n\\n### The Problem with Experiments\\n\\nWe have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the `SendMessages` interface that only allows callers to send messages.\\n\\nWe have also worked to package experimental functionality into so-called **Gated Functionalities** that are only available if a given experiment is turned on.\\n\\nTogether, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:\\n\\n- The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. `SendMessages` \u2013 there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).\\n- The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.\\n- This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.\\n\\n### Restricting Powerful Cwtch APIs\\n\\nTo carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:\\n\\n- Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through `Application` and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.\\n- Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a `RestrictedCwtchConversationInterface` which decorates a Cwtch Profile interface such that it can only interact with a single conversation \u2013 these can then be passed into hooks and interface functions to limit their impact.\\n- Registered Hooks at pre-specified points with restricted capabilities \u2013 to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow `CwtchPeer` to control which experiments get access to which events at a given time.\\n\\n#### Pre-Registered Hooks\\n\\nIn order to implement certain functionality actions need to take place in-between events handled by `CwtchPeer`. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).\\n\\nThis is currently only possible with invasive changes to the `CwtchPeer` interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.\\n\\nWe are introducing a new set of Cwtch APIs designed for this purpose:\\n\\n- `OnNewPeerMessage` - hooked prior to inserting the message into the database.\\n- `OnPeerMessageConfirmed` \u2013 hooked after a peer message has been inserted into the database.\\n- `OnEncryptedGroupMessage` \u2013 hooked after receiving an encrypted message from a group server.\\n- `OnGroupMessageReceived` \u2013 hooked after a successful decryption of a group message, but before inserting it into the database.\\n- `OnContactRequestValue` \u2013 hooked on request of a scoped (the permission level of the attribute e.g. `public` or `conversation` level attributes), zoned ( relating to a specific feature e.g. `filesharing` or `chat`), and keyed (the name of the attribute e.g. `name` or `manifest`) value from a contact.\\n- `OnContactReceiveValue` \u2013 hooked on receipt of a requested scoped,zoned, and keyed value from a contact.\\n\\nIncluding the following APIs for managing hooked functionality:\\n\\n- `RegisterEvents` - returns a set of events that the extension is interested processing.\\n- `RegisterExperiments` - returns a set of experiments that the extension is interested in being notified about\\n- `OnEvent` - to be called by `CwtchPeer` whenever an event registered with `RegisterEvents` is called (assuming all experiments registered through `RegisterExperiments` is active)\\n\\n#### `ProtocolEngine` Subsystems\\n\\nAs mentioned in our experiment summary, some functionality needs to be implemented directly in the `ProtocolEngine`. The `ProtocolEngine` is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).\\n\\nSome types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a `ProtocolEngine`.\\n\\nAt the moment is this done through the concept of informal \u201csubsystems\u201d, modular add-ons to `ProtocolEngine` that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider `ProtocolEngine` ecosystem. \\n\\nWe are formalizing this subsystem into an interface, similar to the hooked functionality in `CwtchPeer`:\\n\\n- `RegisterEvents` - returns a set of events that the subsystem needs to consume to operate.\\n- `OnEvent` \u2013 to be called by `ProtocolEngine` whenever an event registered with `RegisterEvents` is called (when all the experiments registered through `RegisterExperiments` are active)\\n- `RegisterContexts` - returns the set of contexts that the subsystem implements e.g. `im.cwtch.filesharing`\\n\\nThis also requires a formalization of two *engine specific* events (for use on the event bus):\\n\\n- `SendCwtchMessage` \u2013 encapsulating the existing `CwtchPeerMessage` that is used internally in `ProtocolEngine` for messages between subsystems.\\n- `CwtchMessageReceived` \u2013 encapsulating the existing `handlePeerMessage` function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.\\n\\nAnd the introduction of three **additional** `ProtocolEnine` specific events:\\n\\n- `StartEngineSubsystem` \u2013 replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.\\n- `StopEngineSubsystem` \u2013 replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.\\n- `SubsystemStatus` \u2013 a generic event that can be published by subsystems with a collection of fields useful for debugging\\n\\nThis will allow us to move the following functionality, currently part of `ProtocolEngine` itself, into generic subsystems:\\n\\n- **Attribute Lookup Handling** - this functionality is currently part of the overloaded `handlePeerMessage` function, filtered using the `Context` parameter of the `CwtchPeerMessage`. As such it can be entirely delegated to a subsystem. \\n- **Filesharing Chunk Request Handling** \u2013 this is also part of handlePeerMessage, also filtered using the `Context` parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by `handlePeerMessage`)\\n- **Filesharing Start File Share/Stop File Share** \u2013 this is currently part of the `handleEvent` behaviour of `ProtocolEngine` and can be moved into an `OnEvent` handler of the file sharing subsystem (where such events are already processed).\\n\\nThe introduction of pre-registered hooks in combination with the formalizations of `ProtocolEngine` subsystems will allow the follow functionality, currently implemented in `CwtchPeer` or libcwtch-go to be moved to standalone packages:\\n\\n- **Filesharing** makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension. \\n - Filesharing also depends on the file sharing subsystem to be enabled in a `ProtocolEngine`. This subsystem is responsible for processing chunk requests.\\n- **Profile Images** \u2013 we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)\\n- **Legacy Groups** \u2013 while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.\\n- **Status/Profile Metadata** \u2013 status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.\\n \\n#### Impact on Enabling (Powerful) New Functionality\\n\\nNone of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:\\n\\n- **Search** \u2013 a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.\\n- **Non Chat Conversation Contexts** - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.\\n\\n## Application Experiments\\n\\nOne kind of experiment we haven\u2019t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting \u2013 this allows a Cwtch desktop client to setup and manage Cwtch Servers.\\n\\nThis kind of functionality doesn\u2019t belong in Cwtchlib \u2013 as it would necessarily introduce unrelated dependencies into the core library.\\n\\nThis functionality also doesn\u2019t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.\\n\\n## Bindings\\n\\nThe last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.\\n\\nWe can split the bindings into four core areas:\\n\\n- **Application Management** - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.\\n- **Application Experiments** - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.\\n- **Core Profile Management** - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.\\n- **Experimental Profile Features** \u2013 auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.\\n\\nThe flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.\\n\\nIn an ideal future, all of these bindings could be **generated automatically** from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)\\n\\nWe can define three types of C/Java/Kotlin interface function templates:\\n\\n- `ProfileMethodName(profilehandle String, args...)` \u2013 which directly resolves the Cwtch Profile and calls the function.\\n- `ProfileExperimentalMethodName(profilehandle String, args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.\\n- `ApplicationExperimentalMethodName(args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.\\n\\nAll we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context `ProfileInterface` for the first, exported methods of the various `Functionalities` for the second, and `ApplicationExperiment` definitions for the third.\\n\\n## Timelines and Next Actions\\n\\n- **Freeze any changes to the bindings interface** - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 \u2013 until we have implemented the proposed changes into cwtchlib.\\n- As part of Cwtch 1.11 and 1.12 Release Cycles\\n - Implement the `ProtocolEngine` Subsystem Design as outlined above.\\n - Implement the Hooks API.\\n - Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib \u2013 with the exception of behaviour related to Application Experiments (i.e. Server Hosting).\\n - Move event handling from the bindings into Application.\\n - Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) \u2013 keeping the existing interface definitions.\\n- Once Automated UI Tests have been integrated into the Cwtch UI Repository:\\n - Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings **and** a dart calling convention library from cwtchlib and any configured application experiments libraries\\n - Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).\\n - At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n## Appendix A: Special Behaviour Defined by libcwtch-go\\n\\nThe following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:\\n\\n- Application Settings\\n - Including Enabling / Disabling Experiment\\n- ACN Process Management - starting/stopping/restarting/configuring Tor.\\n- Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)\\n- Logging Levels - configuring appropriate logging levels (e.g. `INFO` or `DEBUG`)\\n- Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.\\n- UI Contact Structures - aggregating contact information for the main Cwtch UI.\\n- Group Experiment Functionality\\n - Experiment Gating\\n - GetServerInfoList\\n - GetServerInfo\\n - UI Server Struct Definition\\n- Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.\\n- \\"Unencrypted\\" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated \\"unencrypted\\".\\n- Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).\\n- Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.\\n- Cwtch Profile Engine Activation - starting/stopping a `ProtocolEngine` when requested by the UI, or in response to changes in ACN state.\\n- UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.\\n- File sharing restarts \\n- UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn\'t directly embedded within the event (e.g. converting `handle` to a `conversation id`). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.\\n- Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)"},{"id":"path-to-cwtch-stable","metadata":{"permalink":"/it/blog/path-to-cwtch-stable","source":"@site/blog/2023-01-06-path-to-cwtch-stable.md","title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","date":"2023-01-06T00:00:00.000Z","formattedDate":"6 gennaio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/it/blog/tags/planning"}],"readingTime":9.995,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","slug":"path-to-cwtch-stable","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable API Design","permalink":"/it/blog/cwtch-stable-api-design"}},"content":"As of December 2022 we have released 10 versions of Cwtch Beta since the [initial launch, 18 months ago, in June 2021](https://openprivacy.ca/discreet-log/10-cwtch-beta-and-beyond/).\\n\\nThere is a consensus among the team that the next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable.\\n\\nThis post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.\\n\\n![](/img/devlog1.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Tenets of Cwtch Stable\\n\\nIt is important to state that Cwtch Stable **does not mean an end to Cwtch development**. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:\\n\\n1. **Consistent Interface** \u2013 each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.\\n2. **Universal Availability and Cohesive Support** \u2013 people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\n3. **Reproducible Builds** \u2013 Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.\\n4. **Proven Security** \u2013 we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.\\n\\n### Known Problems\\n\\nTo begin, let\'s outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.\\n\\n1. **Lack of a Stable API for future feature development** \u2013 while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)\\n2. **Special functionality in libCwtch-go** \u2013 our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)\\n3. **libCwtch-rs partial support** - we currently do not officially consider [libCwtch-rs](https://lib.rs/crates/libcwtch) when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)\\n4. **Lack of Reproducible Pipelines** - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)\\n5. **Lack of up to date, and translated, Security Documentation** \u2013 the [Cwtch security handbook](https://docs.openprivacy.ca/cwtch-security-handbook/) is currently isolated from the rest of our documentation and doesn\u2019t benefit from cross-linking, or translations. (Tenet 4)\\n6. **No Automated UI Tests** \u2013 we put a lot of work into [building out a testing framework for the UI](https://openprivacy.ca/discreet-log/23-cucumber-testing/), but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)\\n7. **Code Signing Provider** \u2013 our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)\\n8. **Second-class Android Support** - while we have put [a lot of effort behind Android support](https://openprivacy.ca/discreet-log/27-android-improvements/) across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)\\n9. **Lack of Fuzzing** \u2013 while [Fuzzbot](https://openprivacy.ca/discreet-log/07-fuzzbot/) sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)\\n10. **Lack of Formal Release Acceptance Process** \u2013 currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to \u201cunrelated\u201d changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)\\n11. **Inconsistent Cwtch Information Discovery** \u2013 our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)\\n12. **Incomplete Documentation** \u2013 docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)\\n\\n### Plan of Action\\n\\nOutside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:\\n\\n1. **Define, Publish, and Implement a Cwtch Interface Specification Documentation** \u2013 this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)\\n2. **Define, Publish, and Implement a Cwtch Release Process** \u2013 this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)\\n3. **Define, Publish, and Implement a Cwtch Support Document** - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)\\n4. **Define, Publish, and Implement a Cwtch Packaging Document** - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)\\n5. **Define, Publish, and Implement a Reproducible Builds Document** \u2013 this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)\\n6. **Expand the Cwtch Documentation Site** \u2013 to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)\\n7. **Expand our Automated Testing to include UI and Fuzzing** - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)\\n8. **Re-evaluate all Issues across all Cwtch related repositories** \u2013 issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don\u2019t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.\\n9. **Define a Stable Feature Set** \u2013 there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)\\n\\n### Goals and Timelines\\n\\nWith all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:\\n\\n1. By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).\\n2. By **1st February 2023**, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.\\n3. By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.\\n4. By **31st March 2023**, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).\\n5. By **31st March 2023** the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.\\n6. By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.\\n7. By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.\\n8. By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.\\n\\nAs these documents are written, and these goals met we will be posting them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, Cwtch development.\\n\\n### Help us get there!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"}]}')}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/0a2b8ac2.3bbb0f78.js b/build-staging/it/assets/js/0a2b8ac2.3bbb0f78.js deleted file mode 100644 index 0537b279..00000000 --- a/build-staging/it/assets/js/0a2b8ac2.3bbb0f78.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3674],{2549:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"cwtch-ui-reproducible-builds-linux","metadata":{"permalink":"/it/blog/cwtch-ui-reproducible-builds-linux","source":"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md","title":"Cwtch UI Reproducible Builds (Linux)","description":"","date":"2023-07-14T00:00:00.000Z","formattedDate":"14 luglio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/it/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"repliqate","permalink":"/it/blog/tags/repliqate"}],"readingTime":4.06,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Reproducible Builds (Linux)","description":"","slug":"cwtch-ui-reproducible-builds-linux","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update-june"}},"content":"Earlier this year we talked about the changes we have made to make [Cwtch Bindings Reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible).\\n\\nIn this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. \\n\\nThis will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Building the Cwtch UI\\n\\nThe official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the `stable` channel.\\n\\nAll builds are conducted through the `flutter` tool e.g. `flutter build`. We inject two build flags as part of the official build `VERSION` and `COMMIT_DATE`:\\n\\n\\t\\tflutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\\n\\nThese flags are defined to be identical to Cwtch Bindings. `VERSION` is the latest git tag: `git describe --tags --abbrev=1` and `COMMIT_DATE` is the date of the latest commit on the branch ``echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE``\\n\\nAll Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in `LIBCWTCH-GO.version`, and fetched via the fetch-libcwtch scripts).\\n\\nThe binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.\\n\\n## Changes we made for reproducible builds\\n\\nFor reproducible linux builds we had to modify the generated `linux/CMakeLists.txt` file to include the following compiler and linker flags:\\n\\n* `-fno-ident` - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.\\n* `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts\\n* `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.\\n\\nWe also define a new [link script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections.\\n\\n### Tar Archives\\n\\nFinally, following the [guide at https://reproducible-builds.org/docs/archives/](https://reproducible-builds.org/docs/archives/) we defined standard metadata for the generated Tar archives to make them also reproducible.\\n\\n## Limitations and Next Steps\\n\\nThe above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script\\n\\nHowever, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. `crti.o` with full branch protection enabled. On 64-bit systems this results in an `endcr64` instruction being inserted at the start of the `.init` and `.fini` sections, among others.\\n\\nIn order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.\\n\\n### Pinned Dependencies\\n\\nWhile our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. \\n\\nThe major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). \\n\\nHowever this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n\\n## Stay up to date!\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development."},{"id":"cwtch-stable-roadmap-update-june","metadata":{"permalink":"/it/blog/cwtch-stable-roadmap-update-june","source":"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","date":"2023-07-05T00:00:00.000Z","formattedDate":"5 luglio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/it/blog/tags/planning"}],"readingTime":5.26,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals","slug":"cwtch-stable-roadmap-update-june","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Reproducible Builds (Linux)","permalink":"/it/blog/cwtch-ui-reproducible-builds-linux"},"nextItem":{"title":"Cwtch Beta 1.12","permalink":"/it/blog/cwtch-nightly-1-12"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the Cwtch Stable Roadmap\\n\\nBack in March we extended and updated several goals from [our January roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \ud83d\udd52 reprioritized)\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document \u2705 - [Release Process](https://docs.cwtch.im/developing/release/#official-releases)\\n - A Cwtch Packaging Document \u2705 - [Packaging Documentation](https://docs.cwtch.im/developing/release/)\\n - Completion of documentation of existing Cwtch features, including relevant screenshots. \ud83d\udfe1 - new features are documented to the standards outlined in new [documentation style guide](/docs/contribute/documentation), and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries \u2705 - [Building a Cwtch App](https://docs.cwtch.im/developing/category/building-a-cwtch-app)\\n - Automatically generated API documentation for libCwtch \ud83d\udd52 - this effort has been delayed pending other higher priority work. \\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129) \ud83d\udfe1 - currently in [active development](https://git.openprivacy.ca/cwtch.im/cwtch/pulls/518)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information \u2705 - released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12)\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593) \ud83d\udfe1\ud83d\udd52 - new Network Management code was released in [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12). We now believe these changes will be complete in Cwtch Beta 1.13.\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. \ud83d\udfe1 - we have recently made a few updates to [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \ud83d\udd52 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms) \ud83d\udfe1 - we have already launched an environment for testing [Tails](/docs/platforms/tails). Other platforms are underway.\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\n\\n## Next Steps, Refinements, Additional Work\\n\\nAs you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments. \\n\\nOther work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.\\n\\nHowever, [Cwtch Beta 1.12](https://docs.cwtch.im/blog/cwtch-nightly-1-12) featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.\\n\\nThe work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.\\n\\nWe are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-12","metadata":{"permalink":"/it/blog/cwtch-nightly-1-12","source":"@site/blog/2023-06-16-cwtch-1.12.md","title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","date":"2023-06-16T00:00:00.000Z","formattedDate":"16 giugno 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"release","permalink":"/it/blog/tags/release"}],"readingTime":2.455,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.12","description":"Cwtch Beta 1.12 is now available for download","slug":"cwtch-nightly-1-12","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog13_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update-june"},"nextItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/it/blog/cwtch-nightly-v.11-74"}},"content":"[Cwtch 1.12 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new features like [profile attributes](https://docs.cwtch.im/docs/profiles/profile-info), support for new platforms like [Tails](https://docs.cwtch.im/docs/platforms/tails), and multiple improvements to performance and stability.\\n\\n![](/img/devlog13.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic1.12.png)](/img/picnic1.12.png)\\n\\n
A screenshot of Cwtch 1.12
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Profile Attributes** - profiles can now be augmented with [additional public information](https://docs.cwtch.im/docs/profiles/profile-info)\\n - **Availability Status** - you can now notify contacts that you [are **away** or **busy**](https://docs.cwtch.im/docs/profiles/availability-status)\\n - **Five New Supported Localizations**: **Japanese**, **Korean**, **Slovak**, **Swahili** and **Swedish**\\n - **Support for Tails** - adds an [OnionGrater](https://docs.cwtch.im/docs/platforms/tails) configuration and a new `CWTCH_TAILS` environment variable that enables special Tor behaviour.\\n- **Bug Fixes / Improvements:**\\n - Based on Flutter 3.10\\n - Inter is now the main UI font\\n - New Font Scaling setting\\n - New Network Management code to better manage Tor on unstable networks\\n - File Sharing Experiment Fixes\\n \\t- Fix performance issues for file bubble\\n \\t- Allow restarting of file shares that have timed out\\n \\t- Fix NPE in FileBubble caused by deleting the underlying file\\n \\t- Move from RetVal to UpdateConversationAttributes to minimze UI thread issues\\n - Updates to Linux install scripts to support more distributions\\n - Add a Retry Peer connection to prioritize connection attempts for certain conversations\\n - Updates to `_FlDartProject` to allow custom setting of Flutter asset paths\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Slovak**, **Spanish**, **Swahili**, **Swedish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Japanese** (29%), **Korean** (23%), **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n## Reproducible Bindings\\n\\nCwtch 1.12 is based on libCwtch version `libCwtch-autobindings-2023-06-13-10-50-v0.0.5`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-v.11-74","metadata":{"permalink":"/it/blog/cwtch-nightly-v.11-74","source":"@site/blog/2023-06-07-new-nightly.md","title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","date":"2023-06-07T00:00:00.000Z","formattedDate":"7 giugno 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/it/blog/tags/developer-documentation"}],"readingTime":1.845,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","description":"In this development log we take a look at the new Cwtch Nightly","slug":"cwtch-nightly-v.11-74","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog10_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.12","permalink":"/it/blog/cwtch-nightly-1-12"},"nextItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/it/blog/cwtch-developer-documentation"}},"content":"We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog10.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-06-05-17-36-v1.11.0-74-g0406](https://build.openprivacy.ca/files/flwtch-2023-06-05-17-36-v1.11.0-74-g0406/).\\n\\nThis version has a large number of improvements and bug fixes including:\\n\\n* A new Font Scaling setting\\n* Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.\\n* Updated UI font styles\\n* Dependency updates, including a new base of Flutter 3.10.\\n* A fix for stuck file downloading notifications on Android\\n* A fix for missing profile images in certain edge cases on Android\\n* Japanese, Swedish, and Swahili translation options\\n* A new retry peer connection button for prompting Cwtch to prioritize specific connections\\n* [Tails support](/docs/platforms/tails)\\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-developer-documentation","metadata":{"permalink":"/it/blog/cwtch-developer-documentation","source":"@site/blog/2023-04-28-developer-docs.md","title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","date":"2023-04-28T00:00:00.000Z","formattedDate":"28 aprile 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"developer-documentation","permalink":"/it/blog/tags/developer-documentation"}],"readingTime":2.595,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","description":"In this development log we take a look at the new Cwtch developer docs!","slug":"cwtch-developer-documentation","tags":["cwtch","cwtch-stable","developer-documentation"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/it/blog/cwtch-nightly-v.11-74"},"nextItem":{"title":"Availability Status and Profile Attributes","permalink":"/it/blog/availability-status-profile-attributes"}},"content":"One of the larger remaining goals outlined in our [Cwtch Stable roadmap update](/blog/cwtch-stable-roadmap-update) is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents. \\n\\nIn this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!\\n\\nWe are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!\\n\\nAs a reminder, the Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like ours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n![](/img/devlog9.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Cwtch Development Handbook\\n\\nWe have created a new documentation section, [the developers handbook](/developing/intro). This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).\\n\\n### Release and Packaging Process\\n\\nThe new handbook features a breakdown of [Cwtch release processes](/developing/release) - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.\\n\\n### Cwtch Application Development and Cwtchbot v0.1.0!\\n\\nFor the first time ever we now have [comprehensive documentation on how to build a Cwtch Application](/developing/category/building-a-cwtch-app). This section of the development handbook covers everything from [choosing a Cwtch library](/developing/building-a-cwtch-app/intro#choosing-a-cwtch-library), to [building your first application](/developing/building-a-cwtch-app/building-an-echobot).\\n\\nTogether with this new documentation we have also [released version 0.1 of the Cwtchbot framework](https://git.openprivacy.ca/sarah/cwtchbot), updating calls to use the [new Cwtch Stable API](/blog/cwtch-stable-api-design).\\n\\n### New Nightly\\n\\nThere is a [new Nightly build](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. The latest nightly we recommend testing is [2023-04-26-20-57-v1.11.0-33-gb4371](https://build.openprivacy.ca/files/flwtch-2023-04-26-20-57-v1.11.0-33-gb4371/).\\n\\nThis version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the [in-development Tails support](/docs/platforms/tails). \\n\\nIn addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"availability-status-profile-attributes","metadata":{"permalink":"/it/blog/availability-status-profile-attributes","source":"@site/blog/2023-04-06-availability-and-profile-attributes.md","title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","date":"2023-04-06T00:00:00.000Z","formattedDate":"6 aprile 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"nightly","permalink":"/it/blog/tags/nightly"}],"readingTime":1.445,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Availability Status and Profile Attributes","description":"Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.","slug":"availability-status-profile-attributes","tags":["cwtch","cwtch-stable","nightly"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/it/blog/cwtch-developer-documentation"},"nextItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update"}},"content":"Two new Cwtch features are now available to test in nightly: [Availability Status](/docs/profiles/availability-status) and [Profile Information](/docs/profiles/profile-info).\\n\\nAdditionally, we have also published draft guidance on [running Cwtch on Tails](/docs/platforms/tails) that we would like volunteers to test and report back on.\\n \\nThe Open Privacy Research Society have [also announced they are want to raise $60,000 in 2023](https://openprivacy.ca/discreet-log/38-march-2023/) to help move forward projects like Cwtch. Please help support projects like\\nours with a [one-off donations](https://openprivacy.ca/donate) or [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Availability Status\\n\\nNew in this nightly is the ability to notify your conversations that you are \\"Away\\" or \\"Busy\\".\\n\\n
\\n\\n[![](/img/profiles/status-tooltip-busy-set.png)](/img/profiles/status-tooltip-busy-set.png)\\n\\n
\\n
\\n\\nRead more: [Availability Status](/docs/profiles/availability-status)\\n\\n## Profile Attributes\\n\\nAlso new is the ability to augment your profile with a few small pieces of **public** information.\\n\\n
\\n\\n[![](/img/profiles/attributes-set.png)](/img/profiles/attributes-set.png)\\n\\n
\\n
\\n\\nRead more: [Profile Information](/docs/profiles/profile-info)\\n \\n## Downloading the Nightly\\n\\n[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-18-28-v1.11.0-7-g0290** are available below.\\n\\n* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/)\\n* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n* Mac: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/)\\n* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)\\n\\nPlease see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-roadmap-update","metadata":{"permalink":"/it/blog/cwtch-stable-roadmap-update","source":"@site/blog/2023-03-31-cwtch-stable-roadmap-update.md","title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","date":"2023-03-31T00:00:00.000Z","formattedDate":"31 marzo 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/it/blog/tags/planning"}],"readingTime":5.61,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable Roadmap Update","description":"Back in january we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we revisit those and announce some more","slug":"cwtch-stable-roadmap-update","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Availability Status and Profile Attributes","permalink":"/it/blog/availability-status-profile-attributes"},"nextItem":{"title":"Cwtch Beta 1.11","permalink":"/it/blog/cwtch-nightly-1-11"}},"content":"The next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.\\n\\nThis post [revisits the Cwtch Stable roadmap](/blog/path-to-cwtch-stable) we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.\\n\\n![](/img/devlog1.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Update on the January Roadmap\\n\\nBack in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:\\n\\n(\u2705 means complete, \ud83d\udfe1 means in-progress, \u274c not started.)\\n\\n- By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). \u2705\\n- By **1st February 2023**, the Cwtch team will have [finalized a feature set that defines Cwtch Stable](/blog/cwtch-stable-api-design) and established a timeline for including these features in upcoming Cwtch Beta releases. \u2705\\n- By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:\\n - [Security and Design Documents](/security/intro) \u2705\\n - Infrastructure and [Support](/docs/getting-started/supported_platforms) \ud83d\udfe1\\n - in addition to a new development blog. \u2705\\n- By **31st March 2023**, the Cwtch team will have created:\\n - a [style guide for documentation](/docs/contribute/documentation), and \u2705\\n - have used it to ensure that all Cwtch features have consistent documentation available, \ud83d\udfe1\\n - with at least one screenshot (where applicable). \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have published: \\n - a Cwtch [Interface Specification Document](/blog/cwtch-stable-api-design) \u2705\\n - a Cwtch Release Process Document \ud83d\udfe1\\n - a Cwtch [Support Plan document](/blog/cwtch-platform-support) \u2705\\n - a Cwtch Packaging Document \ud83d\udfe1\\n - a document describing the [Reproducible Builds Process](/blog/cwtch-bindings-reproducible) \u2705\\n - These documents will be available on the newly expanded Cwtch Documentation website \ud83d\udfe1\\n- By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. \u2705\\n- By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team \u274c\\n- By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable \u2705 (this post!)\\n\\nWhile we didn\'t hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:\\n\\n* [Cwtch Autobindings](/blog/autobindings) with [compile-time optional experiments](/blog/autobindings-ii)\\n* [Cwtch 1.11](/blog/cwtch-nightly-1-11) - with support for reproducible bindings, two new localizations (Slovak and Korean), in addition to a myriad of bug fixes and performance improvements.\\n* [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) - a tool for testing and confirming reproducible builds processes based on Qemu, and a Debian Cloud image.\\n\\n## A Timeline for Cwtch Stable\\n\\nNow for the big news, we plan on releasing a candidate Cwtch Stable release during **Summer 2023**. Here is our plan for getting there:\\n\\n- By **30th April 2023** the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:\\n - A Cwtch Release Process Document\\n - A Cwtch Packaging Document\\n - Completion of documentation of existing Cwtch features, including relevant screenshots.\\n- By **30th April 2023** the Cwtch team will have also released developer-centric documentation including:\\n - A guide to building Cwtch-apps using official libraries\\n - Automatically generated API documentation for libCwtch\\n- By **30th June 2023** the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:\\n - An implementation of [Conversation Search](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/129)\\n - [Profile statuses](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/27) and other associated information\\n - An update to the network handling code to allow for [better Protocol Engine management](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/593)\\n- By **31st July 2023** the Cwtch team will have completed several infrastructure upgrades including:\\n - Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.\\n - Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team\\n - New testing environments for F-droid, Whonix, Raspberry Pi and other [partially supported systems](/docs/getting-started/supported_platforms)\\n- By **31st August 2023** the Cwtch team will have a released Cwtch Stable Release Candidate:\\n - At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.\\n - Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.\\n - **This does not mark an end to Cwtch development**, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.\\n\\nThis is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Get Involved\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-nightly-1-11","metadata":{"permalink":"/it/blog/cwtch-nightly-1-11","source":"@site/blog/2023-03-29-cwtch-1.11.md","title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","date":"2023-03-29T00:00:00.000Z","formattedDate":"29 marzo 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"release","permalink":"/it/blog/tags/release"}],"readingTime":2.365,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Beta 1.11","description":"Cwtch Beta 1.11 is now available for download","slug":"cwtch-nightly-1-11","tags":["cwtch","cwtch-stable","release"],"image":"/img/devlog12_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update"},"nextItem":{"title":"Updates to Cwtch Documentation","permalink":"/it/blog/cwtch-documentation"}},"content":"[Cwtch 1.11 is now available for download](https://cwtch.im/download)!\\n\\nCwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for [Cwtch Stable](/blog/path-to-cwtch-stable) including new [reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) and [automatically generated](https://docs.cwtch.im/blog/autobindings) bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.\\n\\n![](/img/devlog12.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## In This Release\\n\\n
\\n\\n[![](/img/picnic.png)](/img/picnic.png)\\n\\n
A screenshot of Cwtch 1.11
\\n
\\n\\nA special thanks to the [amazing volunteer translators](https://docs.cwtch.im/docs/contribute/translate) and [testers](https://docs.cwtch.im/docs/contribute/testing) who made this release possible.\\n\\n- **New Features:**\\n - **Based on new Reproducible Cwtch Stable Autobuilds** - this is the first release of cwtch based on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible) in addition to our new [automatically generated](https://docs.cwtch.im/blog/autobindings)\\n - **Two New Supported Localizations**: **Slovak** and **Korean**\\n- **Bug Fixes / Improvements:**\\n - When preserving a message draft, quoted messages are now also saved\\n - Layout issues caused by pathological unicode are now prevented\\n - Improved performance of message row rendering\\n - Clickable Links: Links in replies are now selectable\\n - Clickable Links: Fixed error when highlighting certain URIs \\n - File Downloading: Fixes for file downloading and exporting on 32bit Android devices\\n - Server Hosting: Fixes for several layout issues\\n - Build pipeline now runs automated UI tests\\n - Fix issues caused by scrollbar controller overriding\\n - Initial support for the Blodeuwedd Assistant (currently compile-time disabled)\\n - Cwtch Library:\\n - [New Stable Cwtch Peer API](/blog/cwtch-stable-api-design)\\n - Ported File Downloading and Image Previews experiments into Cwtch\\n- **Accessibility / UX:**\\n - Full translations for **Brazilian Portuguese**, **Dutch**, **French**, **German**, **Italian**, **Russian**, **Polish**, **Spanish**, **Turkish**, and **Welsh**\\n - Core translations for **Danish** (75%), **Norwegian** (76%), and **Romanian** (75%)\\n - Partial translations for **Luxembourgish** (22%), **Greek** (16%), and **Portuguese** (6%)\\n\\n\\n\\n## Reproducible Bindings\\n\\nCwtch 1.11 is based on libCwtch version `2023-03-16-15-07-v0.0.3-1-g50c853a`. The [repliqate scripts](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate) to reproduce these bindings from source can be found at [https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a)\\n\\n## Download the New Version \\n\\nYou can download Cwtch from [https://cwtch.im/download](https://cwtch.im/download).\\n\\nSubscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\nAlternatively we also provide a [releases-only RSS feed](https://cwtch.im/releases/index.xml).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-documentation","metadata":{"permalink":"/it/blog/cwtch-documentation","source":"@site/blog/2023-03-10-cwtch-documentation.md","title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","date":"2023-03-10T00:00:00.000Z","formattedDate":"10 marzo 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"documentation","permalink":"/it/blog/tags/documentation"},{"label":"security-handbook","permalink":"/it/blog/tags/security-handbook"}],"readingTime":2.57,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Updates to Cwtch Documentation","description":" In this development log we will highlight some of the major documentation updates over the last few weeks.","slug":"cwtch-documentation","tags":["cwtch","cwtch-stable","documentation","security-handbook"],"image":"/img/devlog9_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Beta 1.11","permalink":"/it/blog/cwtch-nightly-1-11"},"nextItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/it/blog/autobindings-ii"}},"content":"One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.\\n\\n![](/img/devlog9.png)\\n \\n\x3c!--truncate--\x3e\\n\\n## Cwtch Secure Development Handbook\\n \\nOne of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.\\n\\nWe have [now ported the the handbook to this documentation site](/security/intro), along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation. \\n\\n## Volunteer Development\\n\\nWe have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called [Developing Cwtch](/docs/contribute/developing) - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.\\n\\nWe also also updated our guides on [Translating Cwtch](/docs/contribute/translate) and [Testing Cwtch](/docs/contribute/testing).\\n\\nIf you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to `team@cwtch.im` (or open an issue) with any questions. All types of contributions [are eligible for stickers](/docs/contribute/stickers).\\n\\n## Next Steps\\n\\nWe still have more work to do on the documentation front:\\n\\n* Ensuring all pages [implement the new documentation style guide](/docs/contribute/documentation), and include appropriate screenshots and descriptions.\\n* Expanding the security handbook to provide information on [reproducible builds](/blog/cwtch-bindings-reproducible), [the new Cwtch Stable API](/blog/cwtch-stable-api-design) and upcoming improvements around fuzz testing.\\n* Creating new documentation sections on the [libCwtch autobindings API](/blog/autobindings) and building applications on top of Cwtch.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings-ii","metadata":{"permalink":"/it/blog/autobindings-ii","source":"@site/blog/2023-03-03-autobindings-optional-experiments.md","title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","date":"2023-03-03T00:00:00.000Z","formattedDate":"3 marzo 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"autobindings","permalink":"/it/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/it/blog/tags/libcwtch"}],"readingTime":4.655,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Compile-time Optional Application Experiments (Autobindings)","description":"In this development log we document how we added compile-time optional application-level experiments to Cwtch autobindings.","slug":"autobindings-ii","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Updates to Cwtch Documentation","permalink":"/it/blog/cwtch-documentation"},"nextItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/it/blog/autobindings"}},"content":"[Last time we looked at autobindings](https://docs.cwtch.im/blog/autobindings) we mentioned that one of the next steps was introducing support for **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)**. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## The Structure of an Application Experiment\\n\\nAn application-level experiment consists of:\\n\\n1. A set of top-level APIs, e.g. `CreateServer`, `LoadServer`, `DeleteServer` - these are the APIs that we want to expose to calling applications.\\n2. An encapsulating structure for the set of APIs, e.g. `ServersFunctionality` - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.\\n3. A global variable that exists at the top level of libCwtch, e.g. `var serverExperiment *servers.ServersFunctionality servers` - our single pointer to the underlying functionality.\\n4. A set of management-related APIs, e.g. `Init`, `UpdateSettings`, `OnACNEvent` - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are\\nchanged (e.g. if the server hosting experiment is disabled we need to tear down all active servers).\\n5. Management code within `_startCwtch` and `_reconnectCwtch` that calls the management APIs on the global variable.\\n\\nFrom a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead\\nof on `application` or a specific `profile`.\\n\\nMost of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.\\n\\n### New Required Management APIs\\n\\nTo achieve this weaving, we now require application-level experiments to implement an `EventHandlerInterface` interface and expose itself via an\\ninitialize constructor `Init(acn, appDir) -> EventHandlerInterface`, and `Enable(app, acn)`.\\n\\nFor now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.\\n\\nWe can then generate, and optionally include blocks of code like:\\n\\n\\t\\t = .Init(&globalACN, appDir)\\n\\t\\teventHandler.AddModule()\\n\\t\\t.Enable(application, &globalACN)\\n\\nand place them at specific points in the code. `EventHandler` has also been extended to maintain a collection of `modules` so that it can\\npass on interesting events.\\n\\n### Adding Support for Application Experiments in the Spec File\\n\\nWe have introduced a new `!` operator which can be used to gate APIs behind a configured experiment. Along with a new\\ntemplating option `exp` which will call the function on the configured experiment, and `global` to allow the setting up\\nof a global functionality within the library.\\n\\n\\t\\t# Server Hosting Experiment\\n\\t\\t!serverExperiment import \\"git.openprivacy.ca/cwtch.im/cwtch-autobindings/experiments/servers\\"\\n\\t\\t!serverExperiment global serverExperiment *servers.ServersFunctionality servers\\n\\t\\t!serverExperiment exp CreateServer application password string:description bool:autostart\\n\\t\\t!serverExperiment exp SetServerAttribute application string:handle string:key string:val\\n\\t\\t!serverExperiment exp LoadServers application acn password\\n\\t\\t!serverExperiment exp LaunchServers application acn\\n\\t\\t!serverExperiment exp LaunchServer application string:handle\\n\\t\\t!serverExperiment exp StopServer application string:handle\\n\\t\\t!serverExperiment exp StopServers application\\n\\t\\t!serverExperiment exp DestroyServers\\n\\t\\t!serverExperiment exp DeleteServer application string:handle password\\n\\n### Generation-Time Inclusion\\n\\n Without any arguments provided `generate-bindings` will not generate code for any experiments.\\n\\n In order to determine what experimental code to generate, `generate-bindings` now interprets arguments as enabled compile time experiments, e.g. `generate-bindings serverExperiment` will turn on\\n generation of server hosting code, per the spec file above.\\n\\n### Cwtch UI Integration\\n\\nThe UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. `c_LoadServers` - if it doesn\'t then the UI is safe to assume the\\nfeature is not available.\\n\\n
\\n\\n![](/img/dev9-host-disabled.png)\\n\\n
A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.
\\n
\\n\\n## Nightlies & Next Steps\\n\\nWe are now publishing [nightlies](https://build.openprivacy.ca/files/libCwtch-autobindings-v0.0.2/) of autobinding derived libCwtch-go, along with [Repliqate scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.2) for reproducibility.\\n\\nWith application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced\\nin the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.\\n\\nHowever, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:\\n\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs).\\n * **Documentation generation**: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"autobindings","metadata":{"permalink":"/it/blog/autobindings","source":"@site/blog/2023-02-24-autogenerating-cwtch-bindings.md","title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","date":"2023-02-24T00:00:00.000Z","formattedDate":"24 febbraio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"autobindings","permalink":"/it/blog/tags/autobindings"},{"label":"libcwtch","permalink":"/it/blog/tags/libcwtch"}],"readingTime":4.545,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Autogenerating Cwtch Bindings","description":"In this development log we describe a first-cut of a workflow to automatically generate Cwtch C and Java bindings from a high-level specification.","slug":"autobindings","tags":["cwtch","cwtch-stable","bindings","autobindings","libcwtch"],"image":"/img/devlog8_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/it/blog/autobindings-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/it/blog/cwtch-testing-ii"}},"content":"The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of\\nwhat the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to **automatically generate** these bindings: [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings).\\n\\nThis this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the [path to Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable).\\n\\n![](/img/devlog8.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## A Brief History of Cwtch Bindings\\n\\nPrior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by [therecipe/qt](https://github.com/therecipe/qt). However, after encountering numerous\\ncrash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.\\n\\nAs part of early prototyping efforts for Flutter we built out a first version of [libCwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go), and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.\\n\\nThis approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular [experimental features](https://docs.cwtch.im/blog/cwtch-stable-api-design#the-cwtch-experiment-landscape) - handle settings, [duplication of logic between Cwtch and libCwtch-go](https://docs.cwtch.im/blog/cwtch-stable-api-design#bindings), and [special behaviour in libCwtch-go that better belongs in the core Cwtch library](https://docs.cwtch.im/blog/cwtch-stable-api-design#appendix-a-special-behaviour-defined-by-libcwtch-go).\\n\\nAs part of a broader effort to [refine the Cwtch API in preparation for Cwtch Stable](https://docs.cwtch.im/blog/cwtch-stable-api-design) we have taken the opportunity to fix many of these problems.\\n\\n## Cwtch Autobindings\\n\\nThe current `lib.go` file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the `BlockContact` API implementation is:\\n\\n\\t//export c_BlockContact\\n\\tfunc c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {\\n\\t\\tBlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))\\n\\t}\\n\\n\\tfunc BlockContact(profileOnion string, conversationID int) {\\n\\t\\tprofile := application.GetPeer(profileOnion)\\n\\t\\tif profile != nil {\\n\\t\\t\\tprofile.BlockConversation(conversationID)\\n\\t\\t}\\n\\t}\\n\\nAll that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.\\n\\nIn the new [cwtch-autobindings](https://git.openprivacy.ca/cwtch.im/autobindings) we reduce these multiple lines to [a single one](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec#L19):\\n\\n\\tprofile BlockConversation conversation\\n\\nDefining a `profile`-level function, called `BlockConversation` which takes in a single parameter of type `conversation`.\\n\\nUsing a similar boilerplate-reduction for the reset of `lib.go` yields [5-basic function prototypes](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/README.md#spec-file-format):\\n\\n* Application-level functions e.g. `CreateProfile`\\n* Profile-level functions e.g. `BlockConversation`\\n* Profile-level functions that return data e.g. `GetMessage`\\n* Experimental Profile-level feature functions e.g. `DownloadFile`\\n* Experimental Profile-level feature functions that return data e.g. `ShareFile`\\n\\nOnce aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be [described in fewer than 50 lines, including comments](https://git.openprivacy.ca/cwtch.im/autobindings/src/branch/main/spec). Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).\\n\\n## Next Steps\\n\\nCwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:\\n\\n * **[Application-level experiments](https://docs.cwtch.im/blog/cwtch-stable-api-design#application-experiments)** (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on `cwtch-server`). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don\'t support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.\\n* **Dart Library generation**: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the [Dart-side](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/cwtch) of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. [libcwtch-rs](https://git.openprivacy.ca/cwtch.im/libcwtch-rs)\\n * **Documentation generation**: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with [docs.cwtch.im](https://cwtch.im).\\n * **Cwtch API**: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the [Cwtch Stable API redesign](https://docs.cwtch.im/blog/cwtch-stable-api-design). In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-ii","metadata":{"permalink":"/it/blog/cwtch-testing-ii","source":"@site/blog/2023-02-17-cwtch-testing-ii.md","title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","date":"2023-02-17T00:00:00.000Z","formattedDate":"17 febbraio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"support","permalink":"/it/blog/tags/support"},{"label":"testing","permalink":"/it/blog/tags/testing"}],"readingTime":1.75,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing (II)","description":"In this development log we provide more updates on automated UI integration testing!","slug":"cwtch-testing-ii","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog7_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Autogenerating Cwtch Bindings","permalink":"/it/blog/autobindings"},"nextItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/it/blog/cwtch-android-reproducibility"}},"content":"In this development log, we investigate some text-based UI bugs encountered by [Fuzzbot](https://docs.cwtch.im/docs/contribute/testing#running-fuzzbot), add more [automated UI tests](/blog/cwtch-testing-i) to the pipeline, and announce a new release of the Cwtchbot library.\\n\\n![](/img/devlog7.png)\\n\\n\x3c!--truncate--\x3e\\n\\n\\n## Constraining Cwtch UI Fields\\n\\nFuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this\\ndoesn\'t pose a safety issue, it is unsightly.\\n\\n
\\n\\n[![](/img/dl7-before.png)](/img/dl7-before.png)\\n\\n
Screenshot demonstrating how certain strings would violate the bounds of their containers.
\\n
\\n\\nThese cases were fixed by parenting impacted elements in a `Container` with `clip: hardEdge` and `decoration:BoxDecoration()` (note that both of these are required as Container widgets in Flutter cannot set clipping logic\\nwithout an associated decoration).\\n\\n
\\n\\n[![](/img/dl7-after.png)](/img/dl7-after.png)\\n\\n
Now these clipped strings are tightly constrained to their container bounds.
\\n
\\n\\nThese fixes are available in the [latest Cwtch Nightly](/docs/contribute/testing#cwtch-nightlies), and will be officially released in Cwtch 1.11.\\n\\n## More Automated UI Tests\\n\\nWe have added two new sets of automated UI tests to our pipeline:\\n\\n- *02: Global Settings* - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. ([PR: 628](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/628))\\n- *04: Profile Management* - these tests check that creating, unlocking, and deleting a profile work as expected. ([PR: 632](https://git.openprivacy.ca/cwtch.im/cwtch-ui/pulls/632))\\n\\n## New Release of Cwtchbot\\n\\n[Cwtchbot](https://git.openprivacy.ca/sarah/cwtchbot) has been updated to use the latest Cwtch 0.18.10 API.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-android-reproducibility","metadata":{"permalink":"/it/blog/cwtch-android-reproducibility","source":"@site/blog/2023-02-10-android-reproducibility.md","title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","date":"2023-02-10T00:00:00.000Z","formattedDate":"10 febbraio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/it/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"repliqate","permalink":"/it/blog/tags/repliqate"}],"readingTime":2.92,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Android Bindings Reproducible","description":"In this devlog we revisit reproducible builds and make Cwtch Android bindings reproducible","slug":"cwtch-android-reproducibility","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog6_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing (II)","permalink":"/it/blog/cwtch-testing-ii"},"nextItem":{"title":"Notes on Cwtch UI Testing","permalink":"/it/blog/cwtch-testing-i"}},"content":"In this development log, we continue our previous work on [reproducible Cwtch bindings](https://docs.cwtch.im/blog/cwtch-bindings-reproducible), uncovering the final few sources of variation between our [Repliqate](https://git.openprivacy.ca/openprivacy/repliqate) scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!\\n\\n![](/img/devlog6.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Changes Necessary for Reproducible Android Bindings\\n\\nAfter a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:\\n\\n- **Insufficient path stripping introduced by Android NDK tools** - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 [changed the binutils and default linker](https://github.com/android/ndk/wiki/Changelog-r22) to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our [long term support plan](https://docs.cwtch.im/blog/cwtch-platform-support), we will be moving towards adopting the latest NDK in the future.\\n- **Paths in DWARF entries** - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.\\n\\n
\\n\\n[![](/img/aar-diff.png)](/img/aar-diff.png)\\n\\n
Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
\\n
\\n\\n- **Go Compiler Acquisition** - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there *was* a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.\\n\\n## Repliqate Scripts\\n\\nWith those issues now fixed, Cwtch Android bindings are **officially reproducible!** The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under [cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script) in the [Cwtch Repliqate scripts repository](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/).\\n\\nThis is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-testing-i","metadata":{"permalink":"/it/blog/cwtch-testing-i","source":"@site/blog/2023-02-03-cwtch-testing-i.md","title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","date":"2023-02-03T00:00:00.000Z","formattedDate":"3 febbraio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"support","permalink":"/it/blog/tags/support"},{"label":"testing","permalink":"/it/blog/tags/testing"}],"readingTime":4.74,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Notes on Cwtch UI Testing","description":"In this development log we provide an update on automated UI integration testing!","slug":"cwtch-testing-i","tags":["cwtch","cwtch-stable","support","testing"],"image":"/img/devlog5_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/it/blog/cwtch-android-reproducibility"},"nextItem":{"title":"Cwtch UI Platform Support","permalink":"/it/blog/cwtch-platform-support"}},"content":"We first [introduced UI tests last January](https://openprivacy.ca/discreet-log/23-cucumber-testing/). At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.\\n\\nOne of the main threads of work that needs to be complete early in the [Cwtch Stable roadmap](https://docs.cwtch.im/blog/path-to-cwtch-stable) is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.\\n\\n![](/img/devlog5.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Current Limitations of Flutter Gherkin\\n\\nThe original [flutter_gherkin](https://pub.dev/packages/flutter_gherkin) is under semi-active development; however, the latest published versions don\'t support using it with `flutter test`.\\n\\n- **Flutter Test** was originally intended to run single widget/unit tests for a Flutter project.\\n- **Flutter Drive** was originally intended to run integration tests *on a device or an emulator*.\\n\\nHowever, in recent releases these lines have become blurred. The new [integration_test](https://docs.flutter.dev/testing/integration-tests) package that comes built into newer Flutter releases has support for both `flutter drive` and `flutter test`. This was a great change because it decreases the required overhead to run larger integration tests (`flutter drive` sets up a host-controller model that requires a dedicated control channel to be setup, whereas `flutter test` can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).\\n\\nThere is thankfully code in the `flutter_gherkin` repository that supports running tests with `flutter test`, however this code currently has a few issues:\\n\\n- The test code generation produces code that doesn\'t compile without minor changes.\\n- Certain functionality like \\"take a screenshot\\" does not work on desktop.\\n\\nAdditionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:\\n\\n- Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.\\n- Certain Flutter widgets like `DropdownButton` are not compatible with built-in steps like `tap` because they internally contain multiple copies of the same widget.\\n\\nBecause of the above issues we have chosen to [fork flutter_gherkin](https://git.openprivacy.ca/openprivacy/flutter_gherkin) to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.\\n\\n## Integrating Tests into the Pipeline\\n\\nOne of the major limitations of `flutter test` is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.\\n\\nThankfully it is possible to use [Xfvb](https://en.wikipedia.org/wiki/Xvfb) to create a virtual framebuffer, and set `DISPLAY` to render to that buffer:\\n\\n export DISPLAY=:99\\n Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &\\n\\nThis allows us to neutralize our main issue with `flutter test`, and efficiently run tests in our pipeline.\\n\\n## Catching Bugs!\\n\\nThis small amount of integration work has already caught its first bug.\\n\\nOnce we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. [02_save_load.feature](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/integration_test/features/01_general/02_save_load.feature) simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on\\ndevelopment environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.\\n\\nThe cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory `$USER_HOME/Downloads` didn\'t exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.\\n\\nAs we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!\\n\\n## Next Steps\\n\\n- **More automated tests:** We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.\\n- **More platforms:** Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across [our target platforms](https://docs.cwtch.im/docs/getting-started/supported_platforms). We expect to start this work soon; expect more news in a future Cwtch Testing update!\\n\\n- **More steps:** One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the `expect to see the message` step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. `send a file` or `set profile picture`.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-platform-support","metadata":{"permalink":"/it/blog/cwtch-platform-support","source":"@site/blog/2023-01-27-platform-support.md","title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","date":"2023-01-27T00:00:00.000Z","formattedDate":"27 gennaio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"support","permalink":"/it/blog/tags/support"}],"readingTime":10.535,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch UI Platform Support","description":"This development log captures the current state of Cwtch platform support, and how we plan to make platform support decisions going forward are we move towards Cwtch Stable.","slug":"cwtch-platform-support","tags":["cwtch","cwtch-stable","support"],"image":"/img/devlog4_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Notes on Cwtch UI Testing","permalink":"/it/blog/cwtch-testing-i"},"nextItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/it/blog/cwtch-bindings-reproducible"}},"content":"One of the [tenets for Cwtch Stable is **Universal Availability and Cohesive Support**](https://docs.cwtch.im/blog/path-to-cwtch-stable#tenets-of-cwtch-stable):\\n\\n> \\"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\"\\n\\nThis development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.\\n\\nThe questions we aim to answer in this post are: \\n\\n- What systems do we currently support?\\n- How do we decide what systems are supported?\\n- How do we handle new OS versions?\\n- How does application support differ from library support?\\n- What blockers exist for systems we wish to support, but currently cannot e.g ios?\\n\\n![](/img/devlog4.png)\\n\\n\x3c!--truncate--\x3e\\n\\n## Constraints on support\\n\\nFrom CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems. \\n\\nIn this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.\\n\\n### Limitations on general-purpose computing \\n\\nIn order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to *other* onion services). \\n\\nOn desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, **blocked entirely**. \\n\\nThis is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.\\n\\nWhile we expect that [Arti](https://gitlab.torproject.org/tpo/core/arti) will improve the management of onion services and connections, there is no way around the need to have an active process managing such services. \\n\\nAs Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.\\n\\nWe encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don\'t place restrictions on what you can do with your own device.\\n\\n### Constraints introduced by the Flutter SDK\\n\\nThe Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by [platforms that are supported by the Flutter SDK](https://docs.flutter.dev/development/tools/sdk/release-notes/supported-platforms).\\n\\nTo summarize, as of writing this document those platforms are:\\n\\n- Android API 16 and above (arm, arm64, and amd64)\\n- Debian-based Linux Distributions (64-bit only)\\n- macOS El Capitan (10.11) and above\\n- Windows 7 & above (64-bit only)\\n\\nTo put it plainly, without porting Cwtch UI to a different UI platform **we cannot support a 32-bit desktop version**.\\n\\n### Constraints introduced by Appstore Policy \\n\\nAs of writing, [Google is pushing applications to target API 31 or above](https://developer.android.com/google/play/requirements/target-sdk). This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.\\n\\n### CPU Architecture and Cwtch Bindings\\n\\nWe currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.\\n\\nIt is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.\\n\\n| Architecture / Platform | Windows | Linux | macOS | Android |\\n|--------------------------|---------|-----|-------| -------------|\\n| arm | \u274c | \u274c | \u274c | \u2705\ufe0f| \\n| arm64 | \u274c | \ud83d\udfe1 | \u2705 | \u2705\ufe0f | \\n| x86-64 / amd64 | \u2705 | \u2705 | \u2705\ufe0f | \u2705\ufe0f |\\n\\n\\"\ud83d\udfe1\\" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).\\n\\n### Testing and official support\\n\\nAs a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the [Cwtch Release Candidate Testers](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.\\n\\nWe officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.\\n\\n### End-of-life platforms\\n\\nOperating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. [Windows 7 fell out of support on January 14, 2020](https://www.microsoft.com/en-us/windows/end-of-support), Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.\\n\\nLikewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.\\n\\nThe same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. [Cwtch currently requires libc 2.31+](https://docs.cwtch.im/blog/cwtch-bindings-reproducible#linux-specific-considerations).\\n\\nAndroid versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our [Cwtch Release Candidate Testers groups](https://docs.cwtch.im/docs/contribute/testing#join-the-cwtch-release-candidate-testers-group) to help us understand the limitations of Android support across different API versions.\\n\\n## How we decide to officially support a platform\\n\\nTo help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:\\n\\n1. **The target platform needs to be officially supported by our development tools** - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.\\n2. **The target operating system needs to be supported by the Vendor** - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).\\n3. **The target platform must be backwards compatible with the most recent version in general use** - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch *may* run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).\\n4. **People want to use Cwtch on that platform** - We will generally only consider new platform support if people ask us about it. If Cwtch isn\'t available for a platform you want to use it on, then please get in touch and ask us about it!\\n\\n## Summary of official support\\n\\nThe table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023). \\n\\nIn many cases we are looking for testers to confirm that various functionality works. A version of this table will be [maintained as part of the Cwtch Handbook](/docs/getting-started/supported_platforms).\\n\\n**Legend:**\\n\\n- \u2705: **Officially Supported**. Cwtch should work on these platforms without issue. Regressions are treated as high priority.\\n- \ud83d\udfe1: **Best Effort Support**. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.\\n- \u274c: **Not Supported**. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.\\n\\n\\n\\n| Platform | Official Cwtch Builds | Source Support | Notes |\\n|-----------------------------|-----------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------|\\n| Windows 11 | \u2705 | \u2705 | 64-bit amd64 only. |\\n| Windows 10 |\u2705 | \u2705 | 64-bit amd64 only. Not officially supported, but official builds may work. |\\n| Windows 8 and below | \u274c | \ud83d\udfe1 | Not supported. Dedicated builds from source may work. Testing Needed. |\\n| OSX 10 and below | \u274c | \ud83d\udfe1 | 64-bit Only. Official builds have been reported to work on Catalina but not High Sierra |\\n| OSX 11 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 12 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| OSX 13 | \u2705 | \u2705 | 64-bit Only. Official builds supports both arm64 and x86 architectures. |\\n| Debian 11 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Debian 10 | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. |\\n| Debian 9 and below | \ud83d\udfe1 | \u2705 | 64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies. |\\n| Ubuntu 22.04 | \u2705 | \u2705 | 64-bit amd64 Only. |\\n| Other Ubuntu | \ud83d\udfe1 | \u2705 | 64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies. | \\n| CentOS | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Gentoo | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Arch | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Whonix | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support. ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550) |\\n| Raspian (arm64) | \ud83d\udfe1 | \u2705 | Builds from source work. |\\n| Other Linux Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n| Android 9 and below | \ud83d\udfe1 | \ud83d\udfe1 | Official builds may work. |\\n| Android 10 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 11 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 12 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| Android 13 | \u2705 | \u2705 | Official SDK supprts arm, arm64, and amd64 architectures. |\\n| LineageOS | \ud83d\udfe1 | \ud83d\udfe1 | [Known Issues. Specific changes to Cwtch are required for support.](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/607) |\\n| Other Android Distributions | \ud83d\udfe1 | \ud83d\udfe1 | Testing Needed. |\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-bindings-reproducible","metadata":{"permalink":"/it/blog/cwtch-bindings-reproducible","source":"@site/blog/2023-01-20-reproducible-builds-bindings.md","title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","date":"2023-01-20T00:00:00.000Z","formattedDate":"20 gennaio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"reproducible-builds","permalink":"/it/blog/tags/reproducible-builds"},{"label":"bindings","permalink":"/it/blog/tags/bindings"},{"label":"repliqate","permalink":"/it/blog/tags/repliqate"}],"readingTime":7.915,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Making Cwtch Bindings Reproducible","description":"How Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.","slug":"cwtch-bindings-reproducible","tags":["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],"image":"/img/devlog3_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch UI Platform Support","permalink":"/it/blog/cwtch-platform-support"},"nextItem":{"title":"Cwtch Stable API Design","permalink":"/it/blog/cwtch-stable-api-design"}},"content":"From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.\\n\\nBut open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.\\n\\nThe whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can **independently verify** that the binaries we release are built from the Cwtch source code.\\n\\nIn this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.\\n\\n\x3c!--truncate--\x3e\\n\\n## How Cwtch Bindings are Built\\n\\nSince we launched Cwtch Beta we have used Docker containers as part of our continuous build process.\\n\\nWhen a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.\\n\\nThe Cwtch Bindings build pipeline results in four compiled libraries:\\n\\n- **libcwtch.so** \u2013 For Linux Platforms, built using the [official golang:1.19.X Docker Image](https://hub.docker.com/_/golang)\\n- **libcwtch.dll** \u2013 For Windows Platforms, built using our own [mingw-go Docker Image](https://git.openprivacy.ca/openprivacy/mingw-go)\\n- **libcwtch.ld** \u2013 For OSX Platforms, built using our dedicated OSX build server (Big Sur 11.6.1)\\n- **cwtch.aar** \u2013 For Android Platforms, built using our own [Android/GoMobile Docker Image](https://git.openprivacy.ca/openprivacy/android-go-mobile)\\n\\nThese compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.\\n\\n## Making libCwtch Reproducible\\n\\nDocker containers alone aren\'t enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:\\n\\n* **Go Build ID**: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.\\n* **Build Paths and Go Environment Variables**: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary \u2013 ostensibly to aid with debugging. These can be removed using the `trimPath` option, which we now specify for all bindings builds.\\n\\n### Linux Specific Considerations\\n\\nAfter the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.\\n\\nOur Drone/Docker build environments are based on [Debian Bullseye](https://www.debian.org/releases/bullseye/) which provides [libc6-dev version 2.31](https://packages.debian.org/bullseye/i386/libc6-dev). Other development setups will likely link libc-dev 2.34+.\\n\\nlibc6-dev 2.34 is notable [because it removed dependencies on libpthread and libdl](https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread) \u2013 neither are used in libCwtch, but they are currently referenced \u2013 which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.\\n\\nThis means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on [Next Steps](#next-steps) for more information).\\n\\n### Windows Specific Considerations\\n\\nThe headers of PE files technically contain a timestamp field. In recent years an [effort has been made to use this field for other purposes](https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705), but by default `go build` will still include the timestamp of the file when producing a DLL file (at least when using CGO).\\n\\nFortunately this field can be zeroed out through passing `-Xlinker \u2013no-insert-timestamp` into the `mingw32-gcc` process.\\n\\nWith that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.\\n\\n\\n### Android Specific Considerations\\n\\nWith the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:\\n\\n* Cwtch makes use of [GoMobile](https://github.com/golang/mobile) for compiling Android libraries. We pin to a specific version `43a0384520996c8376bfb8637390f12b44773e65` in our Docker containers. Unlike `go build`, the `trimpPath` parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized `/tmp/go-build*` references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.\\n* We still use [sdk-tools](https://developer.android.com/studio/releases/sdk-tools) instead of the new [commandline-tools](https://developer.android.com/studio/command-line). The latest version of sdk-tools is `4333796` and available from: [https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip](https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip). As part of our plans for Cwtch Stable we will be updating this dependency.\\n* Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated `openjdk:8` image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency. \\n\\nAll of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.\\n\\n### OSX Specific Considerations\\n\\nPerhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.\\n\\nAs with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.\\n\\nIn order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.\\n\\nIn an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a [proprietary SDK](https://www.apple.com/legal/sla/docs/xcode.pdf). There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.\\n\\nBecause of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.\\n\\n## Introducing Repliqate!\\n\\nWith all the above changes, **Cwtch Bindings for Linux and Windows are fully reproducible!**\\n\\nThat alone is great, but we also want to make it easier for **you** to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.\\n\\nTo make this process accessible we are releasing a new tool called [repliqate](https://git.openprivacy.ca/openprivacy/repliqate).\\n\\nRepliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.\\n\\nRepliqate runs [build-scripts](https://git.openprivacy.ca/openprivacy/repliqate#writing-a-build-script) to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from [builds.openprivacy.ca](https://build.openprivacy.ca/files/).\\n\\nWe now provide [Repliqate build-scripts](https://git.openprivacy.ca/cwtch.im/repliqate-scripts) for reproducible both [Linux libCwtch.so builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-linux.script), [Windows libCwtch.dll builds](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-windows.script)!\\n\\nWe also have a partially repeatable [Android cwtch.aar build](https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/libcwtch.v1.10.2-android.script) script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.\\n\\nYou can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.\\n\\n## Next Steps\\n\\nReproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.\\n\\nAs we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"},{"id":"cwtch-stable-api-design","metadata":{"permalink":"/it/blog/cwtch-stable-api-design","source":"@site/blog/2023-01-13-cwtch-stable-api-design.md","title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","date":"2023-01-13T00:00:00.000Z","formattedDate":"13 gennaio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/it/blog/tags/planning"},{"label":"api","permalink":"/it/blog/tags/api"}],"readingTime":17.28,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Cwtch Stable API Design","description":"The post outlines the technical changes we are planning on making to the core Cwtch API in preparation for Cwtch Stable ","slug":"cwtch-stable-api-design","tags":["cwtch","cwtch-stable","planning","api"],"image":"/img/devlog2_small.png","hide_table_of_contents":false,"toc_max_heading_level":4,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Making Cwtch Bindings Reproducible","permalink":"/it/blog/cwtch-bindings-reproducible"},"nextItem":{"title":"Path to Cwtch Stable","permalink":"/it/blog/path-to-cwtch-stable"}},"content":"Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications. \\n\\nAs we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.\\n\\nAs we move out of Beta and [towards Cwtch Stable](https://docs.cwtch.im/blog/path-to-cwtch-stable) it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.\\n\\nIn this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.\\n\\n![](/img/devlog2.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Clarifying Terminology\\n\\nOver the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:\\n\\n- **Cwtch** refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application. \\n- **Cwtchlib** refers to the [reference implementation of the Cwtch Protocol](https://git.openprivacy.ca/cwtch.im/cwtch) / Application framework, currently written in Go.\\n- **Bindings** refers to C/Java/Kotlin/Rust bindings (primarily [libcwtch-go](https://git.openprivacy.ca/cwtch.im/libcwtch-go)) that act as an interface between Cwtchlib and downstream applications.\\n- `CwtchPeer` is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).\\n- `ProtocolEngine` is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, `ProtocolEngine` is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.\\n\\n\\n### Tenets of the Cwtch API Design\\n\\nBased on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:\\n\\n- **Robustness** - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.\\n- **Completeness** - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.\\n- **Security** \u2013 experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.\\n\\n### The Cwtch Experiment Landscape\\n\\nA summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.\\n\\n- **Groups** \u2013 the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized `ProtocolEngine` functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup. \\n - **Hybrid Groups** - we have plans to upgrade the Groups experience to a more flexible \u201chybrid-groups\u201d protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.\\n- **Filesharing** \u2013 like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in `ProtocolEngine`.\\n- **Profile Images** \u2013 based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.\\n- **Server Hosting** \u2013 the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.\\n- **Message Formatting** \u2013 notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history\\n- **Search / Microblogging** \u2013 proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.\\n- **Status / Profile Metadata** \u2013 proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.\\n\\n### The Problem with Experiments\\n\\nWe have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the `SendMessages` interface that only allows callers to send messages.\\n\\nWe have also worked to package experimental functionality into so-called **Gated Functionalities** that are only available if a given experiment is turned on.\\n\\nTogether, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:\\n\\n- The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. `SendMessages` \u2013 there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).\\n- The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.\\n- This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.\\n\\n### Restricting Powerful Cwtch APIs\\n\\nTo carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:\\n\\n- Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through `Application` and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.\\n- Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a `RestrictedCwtchConversationInterface` which decorates a Cwtch Profile interface such that it can only interact with a single conversation \u2013 these can then be passed into hooks and interface functions to limit their impact.\\n- Registered Hooks at pre-specified points with restricted capabilities \u2013 to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow `CwtchPeer` to control which experiments get access to which events at a given time.\\n\\n#### Pre-Registered Hooks\\n\\nIn order to implement certain functionality actions need to take place in-between events handled by `CwtchPeer`. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).\\n\\nThis is currently only possible with invasive changes to the `CwtchPeer` interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.\\n\\nWe are introducing a new set of Cwtch APIs designed for this purpose:\\n\\n- `OnNewPeerMessage` - hooked prior to inserting the message into the database.\\n- `OnPeerMessageConfirmed` \u2013 hooked after a peer message has been inserted into the database.\\n- `OnEncryptedGroupMessage` \u2013 hooked after receiving an encrypted message from a group server.\\n- `OnGroupMessageReceived` \u2013 hooked after a successful decryption of a group message, but before inserting it into the database.\\n- `OnContactRequestValue` \u2013 hooked on request of a scoped (the permission level of the attribute e.g. `public` or `conversation` level attributes), zoned ( relating to a specific feature e.g. `filesharing` or `chat`), and keyed (the name of the attribute e.g. `name` or `manifest`) value from a contact.\\n- `OnContactReceiveValue` \u2013 hooked on receipt of a requested scoped,zoned, and keyed value from a contact.\\n\\nIncluding the following APIs for managing hooked functionality:\\n\\n- `RegisterEvents` - returns a set of events that the extension is interested processing.\\n- `RegisterExperiments` - returns a set of experiments that the extension is interested in being notified about\\n- `OnEvent` - to be called by `CwtchPeer` whenever an event registered with `RegisterEvents` is called (assuming all experiments registered through `RegisterExperiments` is active)\\n\\n#### `ProtocolEngine` Subsystems\\n\\nAs mentioned in our experiment summary, some functionality needs to be implemented directly in the `ProtocolEngine`. The `ProtocolEngine` is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).\\n\\nSome types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a `ProtocolEngine`.\\n\\nAt the moment is this done through the concept of informal \u201csubsystems\u201d, modular add-ons to `ProtocolEngine` that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider `ProtocolEngine` ecosystem. \\n\\nWe are formalizing this subsystem into an interface, similar to the hooked functionality in `CwtchPeer`:\\n\\n- `RegisterEvents` - returns a set of events that the subsystem needs to consume to operate.\\n- `OnEvent` \u2013 to be called by `ProtocolEngine` whenever an event registered with `RegisterEvents` is called (when all the experiments registered through `RegisterExperiments` are active)\\n- `RegisterContexts` - returns the set of contexts that the subsystem implements e.g. `im.cwtch.filesharing`\\n\\nThis also requires a formalization of two *engine specific* events (for use on the event bus):\\n\\n- `SendCwtchMessage` \u2013 encapsulating the existing `CwtchPeerMessage` that is used internally in `ProtocolEngine` for messages between subsystems.\\n- `CwtchMessageReceived` \u2013 encapsulating the existing `handlePeerMessage` function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.\\n\\nAnd the introduction of three **additional** `ProtocolEnine` specific events:\\n\\n- `StartEngineSubsystem` \u2013 replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.\\n- `StopEngineSubsystem` \u2013 replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.\\n- `SubsystemStatus` \u2013 a generic event that can be published by subsystems with a collection of fields useful for debugging\\n\\nThis will allow us to move the following functionality, currently part of `ProtocolEngine` itself, into generic subsystems:\\n\\n- **Attribute Lookup Handling** - this functionality is currently part of the overloaded `handlePeerMessage` function, filtered using the `Context` parameter of the `CwtchPeerMessage`. As such it can be entirely delegated to a subsystem. \\n- **Filesharing Chunk Request Handling** \u2013 this is also part of handlePeerMessage, also filtered using the `Context` parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by `handlePeerMessage`)\\n- **Filesharing Start File Share/Stop File Share** \u2013 this is currently part of the `handleEvent` behaviour of `ProtocolEngine` and can be moved into an `OnEvent` handler of the file sharing subsystem (where such events are already processed).\\n\\nThe introduction of pre-registered hooks in combination with the formalizations of `ProtocolEngine` subsystems will allow the follow functionality, currently implemented in `CwtchPeer` or libcwtch-go to be moved to standalone packages:\\n\\n- **Filesharing** makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension. \\n - Filesharing also depends on the file sharing subsystem to be enabled in a `ProtocolEngine`. This subsystem is responsible for processing chunk requests.\\n- **Profile Images** \u2013 we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)\\n- **Legacy Groups** \u2013 while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.\\n- **Status/Profile Metadata** \u2013 status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.\\n \\n#### Impact on Enabling (Powerful) New Functionality\\n\\nNone of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:\\n\\n- **Search** \u2013 a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.\\n- **Non Chat Conversation Contexts** - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.\\n\\n## Application Experiments\\n\\nOne kind of experiment we haven\u2019t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting \u2013 this allows a Cwtch desktop client to setup and manage Cwtch Servers.\\n\\nThis kind of functionality doesn\u2019t belong in Cwtchlib \u2013 as it would necessarily introduce unrelated dependencies into the core library.\\n\\nThis functionality also doesn\u2019t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.\\n\\n## Bindings\\n\\nThe last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.\\n\\nWe can split the bindings into four core areas:\\n\\n- **Application Management** - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.\\n- **Application Experiments** - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.\\n- **Core Profile Management** - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.\\n- **Experimental Profile Features** \u2013 auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.\\n\\nThe flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.\\n\\nIn an ideal future, all of these bindings could be **generated automatically** from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)\\n\\nWe can define three types of C/Java/Kotlin interface function templates:\\n\\n- `ProfileMethodName(profilehandle String, args...)` \u2013 which directly resolves the Cwtch Profile and calls the function.\\n- `ProfileExperimentalMethodName(profilehandle String, args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.\\n- `ApplicationExperimentalMethodName(args...)` \u2013 which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.\\n\\nAll we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context `ProfileInterface` for the first, exported methods of the various `Functionalities` for the second, and `ApplicationExperiment` definitions for the third.\\n\\n## Timelines and Next Actions\\n\\n- **Freeze any changes to the bindings interface** - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 \u2013 until we have implemented the proposed changes into cwtchlib.\\n- As part of Cwtch 1.11 and 1.12 Release Cycles\\n - Implement the `ProtocolEngine` Subsystem Design as outlined above.\\n - Implement the Hooks API.\\n - Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib \u2013 with the exception of behaviour related to Application Experiments (i.e. Server Hosting).\\n - Move event handling from the bindings into Application.\\n - Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) \u2013 keeping the existing interface definitions.\\n- Once Automated UI Tests have been integrated into the Cwtch UI Repository:\\n - Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings **and** a dart calling convention library from cwtchlib and any configured application experiments libraries\\n - Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).\\n - At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.\\n\\nAs these changes are made, and these goals met we will be posting about them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all Cwtch development.\\n\\n## Help us go further!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)\\n\\n## Appendix A: Special Behaviour Defined by libcwtch-go\\n\\nThe following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:\\n\\n- Application Settings\\n - Including Enabling / Disabling Experiment\\n- ACN Process Management - starting/stopping/restarting/configuring Tor.\\n- Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)\\n- Logging Levels - configuring appropriate logging levels (e.g. `INFO` or `DEBUG`)\\n- Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.\\n- UI Contact Structures - aggregating contact information for the main Cwtch UI.\\n- Group Experiment Functionality\\n - Experiment Gating\\n - GetServerInfoList\\n - GetServerInfo\\n - UI Server Struct Definition\\n- Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.\\n- \\"Unencrypted\\" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated \\"unencrypted\\".\\n- Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).\\n- Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.\\n- Cwtch Profile Engine Activation - starting/stopping a `ProtocolEngine` when requested by the UI, or in response to changes in ACN state.\\n- UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.\\n- File sharing restarts \\n- UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn\'t directly embedded within the event (e.g. converting `handle` to a `conversation id`). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.\\n- Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)"},{"id":"path-to-cwtch-stable","metadata":{"permalink":"/it/blog/path-to-cwtch-stable","source":"@site/blog/2023-01-06-path-to-cwtch-stable.md","title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","date":"2023-01-06T00:00:00.000Z","formattedDate":"6 gennaio 2023","tags":[{"label":"cwtch","permalink":"/it/blog/tags/cwtch"},{"label":"cwtch-stable","permalink":"/it/blog/tags/cwtch-stable"},{"label":"planning","permalink":"/it/blog/tags/planning"}],"readingTime":9.995,"hasTruncateMarker":true,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}],"frontMatter":{"title":"Path to Cwtch Stable","description":"The post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview the next steps and a timeline to tackle them.","slug":"path-to-cwtch-stable","tags":["cwtch","cwtch-stable","planning"],"image":"/img/devlog1_small.jpg","hide_table_of_contents":false,"authors":[{"name":"Sarah Jamie Lewis","title":"Executive Director, Open Privacy Research Society","image_url":"/img/sarah.jpg","imageURL":"/img/sarah.jpg"}]},"prevItem":{"title":"Cwtch Stable API Design","permalink":"/it/blog/cwtch-stable-api-design"}},"content":"As of December 2022 we have released 10 versions of Cwtch Beta since the [initial launch, 18 months ago, in June 2021](https://openprivacy.ca/discreet-log/10-cwtch-beta-and-beyond/).\\n\\nThere is a consensus among the team that the next large step for the Cwtch project to take is a move from public **Beta** to **Stable** \u2013 marking a point at which we consider Cwtch to be secure and usable.\\n\\nThis post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.\\n\\n![](/img/devlog1.png)\\n\\n\x3c!--truncate--\x3e\\n\\n### Tenets of Cwtch Stable\\n\\nIt is important to state that Cwtch Stable **does not mean an end to Cwtch development**. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:\\n\\n1. **Consistent Interface** \u2013 each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.\\n2. **Universal Availability and Cohesive Support** \u2013 people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.\\n3. **Reproducible Builds** \u2013 Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.\\n4. **Proven Security** \u2013 we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.\\n\\n### Known Problems\\n\\nTo begin, let\'s outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.\\n\\n1. **Lack of a Stable API for future feature development** \u2013 while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)\\n2. **Special functionality in libCwtch-go** \u2013 our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)\\n3. **libCwtch-rs partial support** - we currently do not officially consider [libCwtch-rs](https://lib.rs/crates/libcwtch) when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)\\n4. **Lack of Reproducible Pipelines** - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)\\n5. **Lack of up to date, and translated, Security Documentation** \u2013 the [Cwtch security handbook](https://docs.openprivacy.ca/cwtch-security-handbook/) is currently isolated from the rest of our documentation and doesn\u2019t benefit from cross-linking, or translations. (Tenet 4)\\n6. **No Automated UI Tests** \u2013 we put a lot of work into [building out a testing framework for the UI](https://openprivacy.ca/discreet-log/23-cucumber-testing/), but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)\\n7. **Code Signing Provider** \u2013 our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)\\n8. **Second-class Android Support** - while we have put [a lot of effort behind Android support](https://openprivacy.ca/discreet-log/27-android-improvements/) across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)\\n9. **Lack of Fuzzing** \u2013 while [Fuzzbot](https://openprivacy.ca/discreet-log/07-fuzzbot/) sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)\\n10. **Lack of Formal Release Acceptance Process** \u2013 currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to \u201cunrelated\u201d changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)\\n11. **Inconsistent Cwtch Information Discovery** \u2013 our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)\\n12. **Incomplete Documentation** \u2013 docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)\\n\\n### Plan of Action\\n\\nOutside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:\\n\\n1. **Define, Publish, and Implement a Cwtch Interface Specification Documentation** \u2013 this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)\\n2. **Define, Publish, and Implement a Cwtch Release Process** \u2013 this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)\\n3. **Define, Publish, and Implement a Cwtch Support Document** - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)\\n4. **Define, Publish, and Implement a Cwtch Packaging Document** - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)\\n5. **Define, Publish, and Implement a Reproducible Builds Document** \u2013 this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)\\n6. **Expand the Cwtch Documentation Site** \u2013 to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)\\n7. **Expand our Automated Testing to include UI and Fuzzing** - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)\\n8. **Re-evaluate all Issues across all Cwtch related repositories** \u2013 issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don\u2019t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.\\n9. **Define a Stable Feature Set** \u2013 there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)\\n\\n### Goals and Timelines\\n\\nWith all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:\\n\\n1. By **1st February 2023**, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).\\n2. By **1st February 2023**, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.\\n3. By **1st February 2023**, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.\\n4. By **31st March 2023**, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).\\n5. By **31st March 2023** the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.\\n6. By **31st March 2023** the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.\\n7. By **31st March 2023** the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.\\n8. By **31st March 2023** the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.\\n\\nAs these documents are written, and these goals met we will be posting them here! Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, Cwtch development.\\n\\n### Help us get there!\\n\\nWe couldn\'t do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy).\\n\\nIf you want to see us move faster on some of these goals and are in a position, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.\\n\\nDonations of **$5 or more** can opt to receive stickers as a thank-you gift!\\n\\nFor more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/).\\n\\n![A Photo of Cwtch Stickers](/img/stickers-new.jpg)"}]}')}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/814f3328.2705309e.js b/build-staging/it/assets/js/814f3328.2705309e.js new file mode 100644 index 00000000..4946730a --- /dev/null +++ b/build-staging/it/assets/js/814f3328.2705309e.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2535],{5641:t=>{t.exports=JSON.parse('{"title":"Recent Logs","items":[{"title":"Progress Towards Reproducible UI Builds","permalink":"/it/blog/cwtch-ui-reproducible-builds-linux"},{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update-june"},{"title":"Cwtch Beta 1.12","permalink":"/it/blog/cwtch-nightly-1-12"},{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/it/blog/cwtch-nightly-v.11-74"},{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/it/blog/cwtch-developer-documentation"},{"title":"Availability Status and Profile Attributes","permalink":"/it/blog/availability-status-profile-attributes"},{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update"},{"title":"Cwtch Beta 1.11","permalink":"/it/blog/cwtch-nightly-1-11"},{"title":"Updates to Cwtch Documentation","permalink":"/it/blog/cwtch-documentation"},{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/it/blog/autobindings-ii"},{"title":"Autogenerating Cwtch Bindings","permalink":"/it/blog/autobindings"},{"title":"Notes on Cwtch UI Testing (II)","permalink":"/it/blog/cwtch-testing-ii"},{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/it/blog/cwtch-android-reproducibility"},{"title":"Notes on Cwtch UI Testing","permalink":"/it/blog/cwtch-testing-i"},{"title":"Cwtch UI Platform Support","permalink":"/it/blog/cwtch-platform-support"},{"title":"Making Cwtch Bindings Reproducible","permalink":"/it/blog/cwtch-bindings-reproducible"},{"title":"Cwtch Stable API Design","permalink":"/it/blog/cwtch-stable-api-design"},{"title":"Path to Cwtch Stable","permalink":"/it/blog/path-to-cwtch-stable"}]}')}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/814f3328.e77df9de.js b/build-staging/it/assets/js/814f3328.e77df9de.js deleted file mode 100644 index 90b3b528..00000000 --- a/build-staging/it/assets/js/814f3328.e77df9de.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2535],{5641:t=>{t.exports=JSON.parse('{"title":"Recent Logs","items":[{"title":"Cwtch UI Reproducible Builds (Linux)","permalink":"/it/blog/cwtch-ui-reproducible-builds-linux"},{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update-june"},{"title":"Cwtch Beta 1.12","permalink":"/it/blog/cwtch-nightly-1-12"},{"title":"New Cwtch Nightly (v1.11.0-74-g0406)","permalink":"/it/blog/cwtch-nightly-v.11-74"},{"title":"Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.","permalink":"/it/blog/cwtch-developer-documentation"},{"title":"Availability Status and Profile Attributes","permalink":"/it/blog/availability-status-profile-attributes"},{"title":"Cwtch Stable Roadmap Update","permalink":"/it/blog/cwtch-stable-roadmap-update"},{"title":"Cwtch Beta 1.11","permalink":"/it/blog/cwtch-nightly-1-11"},{"title":"Updates to Cwtch Documentation","permalink":"/it/blog/cwtch-documentation"},{"title":"Compile-time Optional Application Experiments (Autobindings)","permalink":"/it/blog/autobindings-ii"},{"title":"Autogenerating Cwtch Bindings","permalink":"/it/blog/autobindings"},{"title":"Notes on Cwtch UI Testing (II)","permalink":"/it/blog/cwtch-testing-ii"},{"title":"Making Cwtch Android Bindings Reproducible","permalink":"/it/blog/cwtch-android-reproducibility"},{"title":"Notes on Cwtch UI Testing","permalink":"/it/blog/cwtch-testing-i"},{"title":"Cwtch UI Platform Support","permalink":"/it/blog/cwtch-platform-support"},{"title":"Making Cwtch Bindings Reproducible","permalink":"/it/blog/cwtch-bindings-reproducible"},{"title":"Cwtch Stable API Design","permalink":"/it/blog/cwtch-stable-api-design"},{"title":"Path to Cwtch Stable","permalink":"/it/blog/path-to-cwtch-stable"}]}')}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/a6f005ae.057a4e3a.js b/build-staging/it/assets/js/a6f005ae.5384cc62.js similarity index 77% rename from build-staging/it/assets/js/a6f005ae.057a4e3a.js rename to build-staging/it/assets/js/a6f005ae.5384cc62.js index 5939235b..fff8dc17 100644 --- a/build-staging/it/assets/js/a6f005ae.057a4e3a.js +++ b/build-staging/it/assets/js/a6f005ae.5384cc62.js @@ -1 +1 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3412],{3905:(e,t,a)=>{a.d(t,{Zo:()=>s,kt:()=>m});var r=a(7294);function n(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function o(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,r)}return a}function i(e){for(var t=1;t=0||(n[a]=e[a]);return n}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(n[a]=e[a])}return n}var c=r.createContext({}),p=function(e){var t=r.useContext(c),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},s=function(e){var t=p(e.components);return r.createElement(c.Provider,{value:t},e.children)},h="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var a=e.components,n=e.mdxType,o=e.originalType,c=e.parentName,s=l(e,["components","mdxType","originalType","parentName"]),h=p(a),d=n,m=h["".concat(c,".").concat(d)]||h[d]||u[d]||o;return a?r.createElement(m,i(i({ref:t},s),{},{components:a})):r.createElement(m,i({ref:t},s))}));function m(e,t){var a=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var o=a.length,i=new Array(o);i[0]=d;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l[h]="string"==typeof e?e:n,i[1]=l;for(var p=2;p{a.r(t),a.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>u,frontMatter:()=>o,metadata:()=>l,toc:()=>p});var r=a(7462),n=(a(7294),a(3905));const o={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/it/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5 luglio 2023",tags:[{label:"cwtch",permalink:"/it/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/it/blog/tags/cwtch-stable"},{label:"planning",permalink:"/it/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Cwtch UI Reproducible Builds (Linux)",permalink:"/it/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/it/blog/cwtch-nightly-1-12"}},c={authorsImageUrls:[void 0]},p=[],s={toc:p},h="wrapper";function u(e){let{components:t,...o}=e;return(0,n.kt)(h,(0,r.Z)({},s,o,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,n.kt)("strong",{parentName:"p"},"Beta")," to ",(0,n.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,n.kt)("p",null,"This post ",(0,n.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})))}u.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>r});const r=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[3412],{3905:(e,t,a)=>{a.d(t,{Zo:()=>s,kt:()=>m});var r=a(7294);function n(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function o(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,r)}return a}function i(e){for(var t=1;t=0||(n[a]=e[a]);return n}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(n[a]=e[a])}return n}var c=r.createContext({}),p=function(e){var t=r.useContext(c),a=t;return e&&(a="function"==typeof e?e(t):i(i({},t),e)),a},s=function(e){var t=p(e.components);return r.createElement(c.Provider,{value:t},e.children)},h="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var a=e.components,n=e.mdxType,o=e.originalType,c=e.parentName,s=l(e,["components","mdxType","originalType","parentName"]),h=p(a),d=n,m=h["".concat(c,".").concat(d)]||h[d]||u[d]||o;return a?r.createElement(m,i(i({ref:t},s),{},{components:a})):r.createElement(m,i({ref:t},s))}));function m(e,t){var a=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var o=a.length,i=new Array(o);i[0]=d;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l[h]="string"==typeof e?e:n,i[1]=l;for(var p=2;p{a.r(t),a.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>u,frontMatter:()=>o,metadata:()=>l,toc:()=>p});var r=a(7462),n=(a(7294),a(3905));const o={title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},i=void 0,l={permalink:"/it/blog/cwtch-stable-roadmap-update-june",source:"@site/blog/2023-07-05-cwtch-stable-roadmap-update.md",title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",date:"2023-07-05T00:00:00.000Z",formattedDate:"5 luglio 2023",tags:[{label:"cwtch",permalink:"/it/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/it/blog/tags/cwtch-stable"},{label:"planning",permalink:"/it/blog/tags/planning"}],readingTime:5.26,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch Stable Roadmap Update",description:"Back in March we provided an update on several goals that we would have to hit on our way to Cwtch Stable, and the timelines to hit them. In this post we provide a new update on those goals",slug:"cwtch-stable-roadmap-update-june",tags:["cwtch","cwtch-stable","planning"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},prevItem:{title:"Progress Towards Reproducible UI Builds",permalink:"/it/blog/cwtch-ui-reproducible-builds-linux"},nextItem:{title:"Cwtch Beta 1.12",permalink:"/it/blog/cwtch-nightly-1-12"}},c={authorsImageUrls:[void 0]},p=[],s={toc:p},h="wrapper";function u(e){let{components:t,...o}=e;return(0,n.kt)(h,(0,r.Z)({},s,o,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"The next large step for the Cwtch project to take is a move from public ",(0,n.kt)("strong",{parentName:"p"},"Beta")," to ",(0,n.kt)("strong",{parentName:"p"},"Stable")," \u2013 marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months."),(0,n.kt)("p",null,"This post ",(0,n.kt)("a",{parentName:"p",href:"/blog/cwtch-stable-roadmap-update"},"revisits the Cwtch Stable roadmap update")," we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(9469).Z,width:"1005",height:"480"})))}u.isMDXComponent=!0},9469:(e,t,a)=>{a.d(t,{Z:()=>r});const r=a.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/a84d2af0.7f27d724.js b/build-staging/it/assets/js/a84d2af0.7f27d724.js new file mode 100644 index 00000000..43355353 --- /dev/null +++ b/build-staging/it/assets/js/a84d2af0.7f27d724.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[890],{3905:(e,t,i)=>{i.d(t,{Zo:()=>d,kt:()=>m});var a=i(7294);function n(e,t,i){return t in e?Object.defineProperty(e,t,{value:i,enumerable:!0,configurable:!0,writable:!0}):e[t]=i,e}function r(e,t){var i=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),i.push.apply(i,a)}return i}function o(e){for(var t=1;t=0||(n[i]=e[i]);return n}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,i)&&(n[i]=e[i])}return n}var s=a.createContext({}),c=function(e){var t=a.useContext(s),i=t;return e&&(i="function"==typeof e?e(t):o(o({},t),e)),i},d=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var i=e.components,n=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),p=c(i),h=n,m=p["".concat(s,".").concat(h)]||p[h]||u[h]||r;return i?a.createElement(m,o(o({ref:t},d),{},{components:i})):a.createElement(m,o({ref:t},d))}));function m(e,t){var i=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var r=i.length,o=new Array(r);o[0]=h;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[p]="string"==typeof e?e:n,o[1]=l;for(var c=2;c{i.r(t),i.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var a=i(7462),n=(i(7294),i(3905));const r={title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},o=void 0,l={permalink:"/it/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Progress Towards Reproducible UI Builds",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14 luglio 2023",tags:[{label:"cwtch",permalink:"/it/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/it/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/it/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/it/blog/tags/bindings"},{label:"repliqate",permalink:"/it/blog/tags/repliqate"}],readingTime:4.16,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/it/blog/cwtch-stable-roadmap-update-june"}},s={authorsImageUrls:[void 0]},c=[{value:"Building the Cwtch UI",id:"building-the-cwtch-ui",level:2},{value:"Changes we made for reproducible builds",id:"changes-we-made-for-reproducible-builds",level:2},{value:"Tar Archives",id:"tar-archives",level:3},{value:"Limitations and Next Steps",id:"limitations-and-next-steps",level:2},{value:"Pinned Dependencies",id:"pinned-dependencies",level:3},{value:"Stay up to date!",id:"stay-up-to-date",level:2},{value:"Help us go further!",id:"help-us-go-further",level:2}],d={toc:c},p="wrapper";function u(e){let{components:t,...r}=e;return(0,n.kt)(p,(0,a.Z)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,n.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,n.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,n.kt)("p",null,(0,n.kt)("img",{src:i(9469).Z,width:"1005",height:"480"})),(0,n.kt)("h2",{id:"building-the-cwtch-ui"},"Building the Cwtch UI"),(0,n.kt)("p",null,"The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the ",(0,n.kt)("inlineCode",{parentName:"p"},"stable")," channel."),(0,n.kt)("p",null,"All builds are conducted through the ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter")," tool e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter build"),". We inject two build flags as part of the official build ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE"),":"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"}," flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\n")),(0,n.kt)("p",null,"These flags are defined to be identical to Cwtch Bindings. ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," is the latest git tag: ",(0,n.kt)("inlineCode",{parentName:"p"},"git describe --tags --abbrev=1")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE")," is the date of the latest commit on the branch ",(0,n.kt)("inlineCode",{parentName:"p"},"echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE")),(0,n.kt)("p",null,"All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in ",(0,n.kt)("inlineCode",{parentName:"p"},"LIBCWTCH-GO.version"),", and fetched via the fetch-libcwtch scripts)."),(0,n.kt)("p",null,"The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process."),(0,n.kt)("h2",{id:"changes-we-made-for-reproducible-builds"},"Changes we made for reproducible builds"),(0,n.kt)("p",null,"For reproducible linux builds we had to modify the generated ",(0,n.kt)("inlineCode",{parentName:"p"},"linux/CMakeLists.txt")," file to include the following compiler and linker flags:"),(0,n.kt)("ul",null,(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"-fno-ident")," - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries."),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--hash-style=gnu")," - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts"),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--build-id=none")," - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.")),(0,n.kt)("p",null,"We have also defined a new ",(0,n.kt)("a",{parentName:"p",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x"},"linker script")," that differs from the default by removing all ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," sections from object files. We do this because the linking process links in non-project artifacts like ",(0,n.kt)("inlineCode",{parentName:"p"},"crtbeginS.o")," which, in most systems, us compiled with a ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," section (the default linking script already removes the ",(0,n.kt)("inlineCode",{parentName:"p"},".note.gnu*")," sections."),(0,n.kt)("h3",{id:"tar-archives"},"Tar Archives"),(0,n.kt)("p",null,"Finally, following the ",(0,n.kt)("a",{parentName:"p",href:"https://reproducible-builds.org/docs/archives/"},"guide at reproducible-builds.org")," we have defined standard metadata for the generated Tar archives to make them also reproducible."),(0,n.kt)("h2",{id:"limitations-and-next-steps"},"Limitations and Next Steps"),(0,n.kt)("p",null,"The above changes mean that official linux builds of the same commit will now result in identical artifacts."),(0,n.kt)("p",null,"The next step is to roll these changes into ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible#introducing-repliqate"},"repliqate")," as we have done with our bindings builds."),(0,n.kt)("p",null,"However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"crti.o")," with full branch protection enabled. On 64-bit systems this results in an ",(0,n.kt)("inlineCode",{parentName:"p"},"endcr64")," instruction being inserted at the start of the ",(0,n.kt)("inlineCode",{parentName:"p"},".init")," and ",(0,n.kt)("inlineCode",{parentName:"p"},".fini")," sections, among others."),(0,n.kt)("p",null,"In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate."),(0,n.kt)("h3",{id:"pinned-dependencies"},"Pinned Dependencies"),(0,n.kt)("p",null,"Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. "),(0,n.kt)("p",null,"The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). "),(0,n.kt)("p",null,"However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward."),(0,n.kt)("h2",{id:"stay-up-to-date"},"Stay up to date!"),(0,n.kt)("p",null,"We expect to make additional progress on this in the coming weeks and months. Subscribe to our ",(0,n.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,n.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,n.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."),(0,n.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,n.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,n.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,n.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,n.kt)("p",null,"Donations of ",(0,n.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,n.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"A Photo of Cwtch Stickers",src:i(4515).Z,width:"1024",height:"768"})))}u.isMDXComponent=!0},9469:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/a84d2af0.af8ccc6b.js b/build-staging/it/assets/js/a84d2af0.af8ccc6b.js deleted file mode 100644 index a656a18c..00000000 --- a/build-staging/it/assets/js/a84d2af0.af8ccc6b.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[890],{3905:(e,t,i)=>{i.d(t,{Zo:()=>d,kt:()=>m});var a=i(7294);function n(e,t,i){return t in e?Object.defineProperty(e,t,{value:i,enumerable:!0,configurable:!0,writable:!0}):e[t]=i,e}function r(e,t){var i=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),i.push.apply(i,a)}return i}function o(e){for(var t=1;t=0||(n[i]=e[i]);return n}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,i)&&(n[i]=e[i])}return n}var s=a.createContext({}),c=function(e){var t=a.useContext(s),i=t;return e&&(i="function"==typeof e?e(t):o(o({},t),e)),i},d=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p="mdxType",u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var i=e.components,n=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),p=c(i),h=n,m=p["".concat(s,".").concat(h)]||p[h]||u[h]||r;return i?a.createElement(m,o(o({ref:t},d),{},{components:i})):a.createElement(m,o({ref:t},d))}));function m(e,t){var i=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var r=i.length,o=new Array(r);o[0]=h;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[p]="string"==typeof e?e:n,o[1]=l;for(var c=2;c{i.r(t),i.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var a=i(7462),n=(i(7294),i(3905));const r={title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},o=void 0,l={permalink:"/it/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Cwtch UI Reproducible Builds (Linux)",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14 luglio 2023",tags:[{label:"cwtch",permalink:"/it/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/it/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/it/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/it/blog/tags/bindings"},{label:"repliqate",permalink:"/it/blog/tags/repliqate"}],readingTime:4.06,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/it/blog/cwtch-stable-roadmap-update-june"}},s={authorsImageUrls:[void 0]},c=[{value:"Building the Cwtch UI",id:"building-the-cwtch-ui",level:2},{value:"Changes we made for reproducible builds",id:"changes-we-made-for-reproducible-builds",level:2},{value:"Tar Archives",id:"tar-archives",level:3},{value:"Limitations and Next Steps",id:"limitations-and-next-steps",level:2},{value:"Pinned Dependencies",id:"pinned-dependencies",level:3},{value:"Help us go further!",id:"help-us-go-further",level:2},{value:"Stay up to date!",id:"stay-up-to-date",level:2}],d={toc:c},p="wrapper";function u(e){let{components:t,...r}=e;return(0,n.kt)(p,(0,a.Z)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,n.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,n.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,n.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,n.kt)("p",null,(0,n.kt)("img",{src:i(9469).Z,width:"1005",height:"480"})),(0,n.kt)("h2",{id:"building-the-cwtch-ui"},"Building the Cwtch UI"),(0,n.kt)("p",null,"The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the ",(0,n.kt)("inlineCode",{parentName:"p"},"stable")," channel."),(0,n.kt)("p",null,"All builds are conducted through the ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter")," tool e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"flutter build"),". We inject two build flags as part of the official build ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE"),":"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"}," flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`\n")),(0,n.kt)("p",null,"These flags are defined to be identical to Cwtch Bindings. ",(0,n.kt)("inlineCode",{parentName:"p"},"VERSION")," is the latest git tag: ",(0,n.kt)("inlineCode",{parentName:"p"},"git describe --tags --abbrev=1")," and ",(0,n.kt)("inlineCode",{parentName:"p"},"COMMIT_DATE")," is the date of the latest commit on the branch ",(0,n.kt)("inlineCode",{parentName:"p"},"echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE")),(0,n.kt)("p",null,"All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in ",(0,n.kt)("inlineCode",{parentName:"p"},"LIBCWTCH-GO.version"),", and fetched via the fetch-libcwtch scripts)."),(0,n.kt)("p",null,"The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process."),(0,n.kt)("h2",{id:"changes-we-made-for-reproducible-builds"},"Changes we made for reproducible builds"),(0,n.kt)("p",null,"For reproducible linux builds we had to modify the generated ",(0,n.kt)("inlineCode",{parentName:"p"},"linux/CMakeLists.txt")," file to include the following compiler and linker flags:"),(0,n.kt)("ul",null,(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"-fno-ident")," - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries."),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--hash-style=gnu")," - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts"),(0,n.kt)("li",{parentName:"ul"},(0,n.kt)("inlineCode",{parentName:"li"},"--build-id=none")," - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.")),(0,n.kt)("p",null,"We also define a new ",(0,n.kt)("a",{parentName:"p",href:"https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x"},"link script")," that differs from the default by removing all ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," sections from object files. We do this because the linking process links in non-project artifacts like ",(0,n.kt)("inlineCode",{parentName:"p"},"crtbeginS.o")," which, in most systems, us compiled with a ",(0,n.kt)("inlineCode",{parentName:"p"},".comment")," section (the default linking script already removes the ",(0,n.kt)("inlineCode",{parentName:"p"},".note.gnu*")," sections."),(0,n.kt)("h3",{id:"tar-archives"},"Tar Archives"),(0,n.kt)("p",null,"Finally, following the ",(0,n.kt)("a",{parentName:"p",href:"https://reproducible-builds.org/docs/archives/"},"guide at https://reproducible-builds.org/docs/archives/")," we defined standard metadata for the generated Tar archives to make them also reproducible."),(0,n.kt)("h2",{id:"limitations-and-next-steps"},"Limitations and Next Steps"),(0,n.kt)("p",null,"The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script"),(0,n.kt)("p",null,"However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. ",(0,n.kt)("inlineCode",{parentName:"p"},"crti.o")," with full branch protection enabled. On 64-bit systems this results in an ",(0,n.kt)("inlineCode",{parentName:"p"},"endcr64")," instruction being inserted at the start of the ",(0,n.kt)("inlineCode",{parentName:"p"},".init")," and ",(0,n.kt)("inlineCode",{parentName:"p"},".fini")," sections, among others."),(0,n.kt)("p",null,"In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate."),(0,n.kt)("h3",{id:"pinned-dependencies"},"Pinned Dependencies"),(0,n.kt)("p",null,"While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned. "),(0,n.kt)("p",null,"The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking). "),(0,n.kt)("p",null,"However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from."),(0,n.kt)("h2",{id:"help-us-go-further"},"Help us go further!"),(0,n.kt)("p",null,"We couldn't do what we do without all the wonderful community support we get, from ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"one-off donations")," to ",(0,n.kt)("a",{parentName:"p",href:"https://www.patreon.com/openprivacy"},"recurring support via Patreon"),"."),(0,n.kt)("p",null,"If you want to see us move faster on some of these goals and are in a position to, please ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate"},"donate"),". If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer."),(0,n.kt)("p",null,"Donations of ",(0,n.kt)("strong",{parentName:"p"},"$5 or more")," can opt to receive stickers as a thank-you gift!"),(0,n.kt)("p",null,"For more information about donating to Open Privacy and claiming a thank you gift ",(0,n.kt)("a",{parentName:"p",href:"https://openprivacy.ca/donate/"},"please visit the Open Privacy Donate page"),"."),(0,n.kt)("p",null,(0,n.kt)("img",{alt:"A Photo of Cwtch Stickers",src:i(4515).Z,width:"1024",height:"768"})),(0,n.kt)("h2",{id:"stay-up-to-date"},"Stay up to date!"),(0,n.kt)("p",null,"This is not all we have planned for the upcoming months. Subscribe to our ",(0,n.kt)("a",{parentName:"p",href:"/blog/rss.xml"},"RSS feed"),", ",(0,n.kt)("a",{parentName:"p",href:"/blog/atom.xml"},"Atom feed"),", or ",(0,n.kt)("a",{parentName:"p",href:"/blog/feed.json"},"JSON feed")," to stay up to date, and get the latest on, all aspects of Cwtch development."))}u.isMDXComponent=!0},9469:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"},4515:(e,t,i)=>{i.d(t,{Z:()=>a});const a=i.p+"assets/images/stickers-new-1e9b14bdd638b4907cce833e813a09ad.jpg"}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/d548bd8c.87b8b92d.js b/build-staging/it/assets/js/d548bd8c.87b8b92d.js new file mode 100644 index 00000000..32e8e22e --- /dev/null +++ b/build-staging/it/assets/js/d548bd8c.87b8b92d.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2006],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var i=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,i)}return r}function l(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);for(i=0;i=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=i.createContext({}),s=function(e){var t=i.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=s(e.components);return i.createElement(c.Provider,{value:t},e.children)},p="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return i.createElement(i.Fragment,{},t)}},b=i.forwardRef((function(e,t){var r=e.components,a=e.mdxType,n=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),p=s(r),b=a,g=p["".concat(c,".").concat(b)]||p[b]||d[b]||n;return r?i.createElement(g,l(l({ref:t},u),{},{components:r})):i.createElement(g,l({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var n=r.length,l=new Array(n);l[0]=b;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o[p]="string"==typeof e?e:a,l[1]=o;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>d,frontMatter:()=>n,metadata:()=>o,toc:()=>s});var i=r(7462),a=(r(7294),r(3905));const n={title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},l=void 0,o={permalink:"/it/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Progress Towards Reproducible UI Builds",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14 luglio 2023",tags:[{label:"cwtch",permalink:"/it/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/it/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/it/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/it/blog/tags/bindings"},{label:"repliqate",permalink:"/it/blog/tags/repliqate"}],readingTime:4.16,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Progress Towards Reproducible UI Builds",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/it/blog/cwtch-stable-roadmap-update-june"}},c={authorsImageUrls:[void 0]},s=[],u={toc:s},p="wrapper";function d(e){let{components:t,...n}=e;return(0,a.kt)(p,(0,i.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,a.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,a.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,a.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,a.kt)("p",null,(0,a.kt)("img",{src:r(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,r)=>{r.d(t,{Z:()=>i});const i=r.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/d548bd8c.f842d24b.js b/build-staging/it/assets/js/d548bd8c.f842d24b.js deleted file mode 100644 index c6869256..00000000 --- a/build-staging/it/assets/js/d548bd8c.f842d24b.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkuser_handbook=self.webpackChunkuser_handbook||[]).push([[2006],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var i=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,i)}return r}function l(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);for(i=0;i=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=i.createContext({}),s=function(e){var t=i.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=s(e.components);return i.createElement(c.Provider,{value:t},e.children)},p="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return i.createElement(i.Fragment,{},t)}},b=i.forwardRef((function(e,t){var r=e.components,a=e.mdxType,n=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),p=s(r),b=a,g=p["".concat(c,".").concat(b)]||p[b]||d[b]||n;return r?i.createElement(g,l(l({ref:t},u),{},{components:r})):i.createElement(g,l({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var n=r.length,l=new Array(n);l[0]=b;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o[p]="string"==typeof e?e:a,l[1]=o;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>d,frontMatter:()=>n,metadata:()=>o,toc:()=>s});var i=r(7462),a=(r(7294),r(3905));const n={title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg"}]},l=void 0,o={permalink:"/it/blog/cwtch-ui-reproducible-builds-linux",source:"@site/blog/2023-07-14-cwtch-ui-reproducible-builds.md",title:"Cwtch UI Reproducible Builds (Linux)",description:"",date:"2023-07-14T00:00:00.000Z",formattedDate:"14 luglio 2023",tags:[{label:"cwtch",permalink:"/it/blog/tags/cwtch"},{label:"cwtch-stable",permalink:"/it/blog/tags/cwtch-stable"},{label:"reproducible-builds",permalink:"/it/blog/tags/reproducible-builds"},{label:"bindings",permalink:"/it/blog/tags/bindings"},{label:"repliqate",permalink:"/it/blog/tags/repliqate"}],readingTime:4.06,hasTruncateMarker:!0,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}],frontMatter:{title:"Cwtch UI Reproducible Builds (Linux)",description:"",slug:"cwtch-ui-reproducible-builds-linux",tags:["cwtch","cwtch-stable","reproducible-builds","bindings","repliqate"],image:"/img/devlog1_small.jpg",hide_table_of_contents:!1,authors:[{name:"Sarah Jamie Lewis",title:"Executive Director, Open Privacy Research Society",image_url:"/img/sarah.jpg",imageURL:"/img/sarah.jpg"}]},nextItem:{title:"Cwtch Stable Roadmap Update",permalink:"/it/blog/cwtch-stable-roadmap-update-june"}},c={authorsImageUrls:[void 0]},s=[],u={toc:s},p="wrapper";function d(e){let{components:t,...n}=e;return(0,a.kt)(p,(0,i.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("p",null,"Earlier this year we talked about the changes we have made to make ",(0,a.kt)("a",{parentName:"p",href:"https://docs.cwtch.im/blog/cwtch-bindings-reproducible"},"Cwtch Bindings Reproducible"),"."),(0,a.kt)("p",null,"In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. "),(0,a.kt)("p",null,"This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project."),(0,a.kt)("p",null,(0,a.kt)("img",{src:r(9469).Z,width:"1005",height:"480"})))}d.isMDXComponent=!0},9469:(e,t,r)=>{r.d(t,{Z:()=>i});const i=r.p+"assets/images/devlog1-53937adbfa7a7edf40d34660f71ed0fd.png"}}]); \ No newline at end of file diff --git a/build-staging/it/assets/js/runtime~main.511bb481.js b/build-staging/it/assets/js/runtime~main.acad40c6.js similarity index 96% rename from build-staging/it/assets/js/runtime~main.511bb481.js rename to build-staging/it/assets/js/runtime~main.acad40c6.js index 44b3f243..15bfa1e5 100644 --- a/build-staging/it/assets/js/runtime~main.511bb481.js +++ b/build-staging/it/assets/js/runtime~main.acad40c6.js @@ -1 +1 @@ -(()=>{"use strict";var e,c,f,a,b,d={},t={};function r(e){var c=t[e];if(void 0!==c)return c.exports;var f=t[e]={id:e,loaded:!1,exports:{}};return d[e].call(f.exports,f,f.exports,r),f.loaded=!0,f.exports}r.m=d,r.c=t,e=[],r.O=(c,f,a,b)=>{if(!f){var d=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](f[o])))?f.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[f,a,b]},r.n=e=>{var c=e&&e.__esModule?()=>e.default:()=>e;return r.d(c,{a:c}),c},f=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var d={};c=c||[null,f({}),f([]),f(f)];for(var t=2&a&&e;"object"==typeof t&&!~c.indexOf(t);t=f(t))Object.getOwnPropertyNames(t).forEach((c=>d[c]=()=>e[c]));return d.default=()=>e,r.d(b,d),b},r.d=(e,c)=>{for(var f in c)r.o(c,f)&&!r.o(e,f)&&Object.defineProperty(e,f,{enumerable:!0,get:c[f]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((c,f)=>(r.f[f](e,c),c)),[])),r.u=e=>"assets/js/"+({27:"fe910059",48:"f21fe67f",53:"935f2afb",80:"13965eb4",225:"f9b019e0",276:"fb3c1916",360:"b979d7e4",439:"6a78f460",621:"2887095c",785:"2ffad701",788:"4d27f429",818:"bc51653d",854:"937969ee",877:"dabb1858",890:"a84d2af0",923:"5dc151e9",981:"f2d017e0",1006:"b2a64359",1155:"ddf22f37",1199:"fd27e325",1210:"917f768f",1258:"9e2a7473",1312:"9f1c7621",1322:"18b4904d",1384:"e759f958",1602:"9034063a",1739:"8a8a5858",1814:"b51a5363",1871:"9009e554",1932:"f9cff38b",1950:"ef6f692b",1979:"fe1dd7ae",2006:"d548bd8c",2033:"11796dfe",2081:"88d0c547",2111:"794fc1e8",2135:"3b87f7a6",2184:"f76a3b8e",2234:"7f5e9c41",2348:"231a229c",2397:"2c10bcf6",2411:"e2032214",2436:"f894db60",2450:"115541e2",2469:"ecbb35df",2481:"ef71f686",2535:"814f3328",2537:"209bdfc3",2605:"73c8cde5",2688:"9dd8190d",2723:"3e80d710",2861:"8281c315",2909:"5cb298ca",3007:"c3b86ae0",3026:"6648656d",3056:"fccc5d20",3089:"a6aa9e1f",3171:"508409b4",3185:"19563afa",3218:"af23c5f9",3224:"fc999220",3319:"b74cf248",3412:"a6f005ae",3417:"b11de5d5",3492:"a02b4022",3516:"4f68bcc6",3587:"8d811565",3588:"66f0cf59",3608:"9e4087bc",3674:"0a2b8ac2",3693:"1578504c",3712:"1cbfc7c5",3761:"c96c5262",3763:"a7e50e09",3905:"7a06dbff",3936:"68c206b4",3949:"0999b6aa",4013:"01a85c17",4071:"6b44a42a",4108:"a8c7fdc6",4195:"c4f5d8e4",4239:"3d43f565",4268:"adfd2a96",4508:"f04f0ec9",4561:"644e0e81",4612:"f7ca86a6",4788:"1ebd8798",4862:"3bf835b2",4867:"3b7b256a",4986:"08c3bd78",5003:"fad3d52b",5089:"a4396826",5194:"c5a58ca1",5221:"0fb199c9",5226:"f041e880",5233:"8fe7a387",5273:"bf059cf9",5314:"2c901dd2",5391:"af2ce9b1",5398:"5e9927d2",5490:"0d59ece6",5532:"ef78badf",5540:"c9f9ad20",5552:"19cde8ec",5583:"46b0c109",5732:"1a25c548",5861:"6e2435dc",5869:"d5f314f9",5876:"0991cafe",5905:"824a28c6",6098:"83643414",6103:"ccc49370",6266:"29659bc8",6299:"59e122e4",6318:"49b07f50",6325:"8051e978",6457:"9944c673",6555:"6275ceb4",6585:"e88d32a9",6711:"1d0a8d89",6730:"7246b934",6735:"57d795a6",6758:"97ac6d59",6891:"47db09cd",6940:"34843fbe",7139:"3db42865",7241:"d634637f",7275:"043d4691",7293:"141cdfa9",7430:"dfb11b4d",7541:"e83cebc7",7591:"a65a3c47",7594:"53cc4802",7621:"21d06810",7649:"c14f15fd",7782:"3a109bd3",7797:"4aa555c3",7860:"b0404c31",7918:"17896441",7970:"8e3a693e",7977:"ae271b89",8070:"247a7af4",8098:"9947de33",8181:"f748f255",8185:"553c6794",8192:"5e5faacc",8237:"b331d16d",8239:"b8ae7715",8254:"7c6e9bc2",8371:"3bf8c048",8573:"298daba3",8590:"b58c7628",8610:"6875c492",8697:"0bb12077",8710:"0d64c1d9",8786:"f928e8d9",8789:"cbb0e45e",8795:"6c4339db",8801:"a8875a35",8835:"c747432f",8838:"010d07c1",8848:"b29d9412",8907:"8918cacc",8909:"98bd2791",9010:"07eed749",9051:"02cf6bb5",9146:"c94c4dfb",9195:"56ee2ea4",9200:"43b107c1",9207:"0b5b83c5",9239:"8838b5d9",9249:"9b12a270",9251:"45a7c7c6",9284:"c50453d6",9399:"fa088e0f",9427:"d1fa313c",9444:"5beee875",9477:"9148c1ad",9481:"3bc00383",9506:"d78ab406",9507:"5ae3487b",9514:"1be78505",9516:"8aa5d230",9565:"ef02fbbd",9645:"876f085b",9661:"e31178cb",9717:"08c34551",9737:"ba6ec3d2",9759:"89f86a37",9798:"d228e678",9817:"14eb3368",9902:"f4279852",9923:"8e8114dc",9976:"a79c88c2"}[e]||e)+"."+{27:"ad535d04",48:"4708943f",53:"4d8ff31b",80:"7c9d96d5",225:"b5b4a856",276:"37c9304f",360:"b414f5c1",439:"0e1fdfda",621:"3218a046",785:"d61d2196",788:"e6e4fc99",818:"e2e0d594",854:"9ce0fad1",877:"b567202d",890:"af8ccc6b",923:"1beabf93",981:"bf63989d",1006:"46032bc4",1155:"5e3032eb",1199:"a240efeb",1210:"e40a65e1",1258:"b225b622",1312:"b2660e0a",1322:"fd5db813",1384:"17eb6149",1602:"b3f2b831",1739:"77d8271b",1814:"10684eb3",1871:"cdd0c2e4",1932:"63dfbda8",1950:"fa621589",1979:"158f4574",2006:"f842d24b",2033:"c8f1e93b",2081:"9912f681",2111:"eeed2713",2135:"e4176764",2184:"d87fb81c",2234:"f850b1e9",2348:"9ecf60b7",2397:"fe137241",2411:"c3c30dff",2436:"de13cf40",2450:"64566ecd",2469:"f50bac3d",2481:"ec798b10",2535:"e77df9de",2537:"e88f9793",2605:"b5747b40",2688:"904f5daf",2723:"8ccc7d7c",2861:"b32fff9f",2909:"f94bfc38",3007:"8788091c",3026:"67321fde",3056:"09b8e29a",3089:"8ac198c5",3171:"0048c1c5",3185:"3086b02e",3218:"b63a4e5e",3224:"ea2cb007",3319:"76183dc6",3412:"057a4e3a",3417:"978db84c",3492:"36668ac2",3516:"d9b156bf",3587:"c9c12fe6",3588:"0da7321c",3608:"582408aa",3674:"3bbb0f78",3693:"2df26b14",3712:"b1788676",3761:"48df994f",3763:"c61ec664",3905:"706e10d2",3936:"e35aacf5",3949:"fc623388",4013:"fbcc85f1",4071:"8c885907",4108:"455cd2f8",4195:"ea3b76f3",4239:"27cb38fe",4268:"2bed8868",4508:"67327fd7",4561:"b5ab2ba3",4612:"973d26c1",4788:"efaa5cf8",4862:"df84e28a",4867:"61f28f34",4972:"486cf118",4986:"e7043240",5003:"713a3fa8",5089:"a9e17b33",5194:"24a71a39",5221:"acecd5d0",5226:"8b186783",5233:"ed7b87ab",5273:"2818d042",5314:"29005498",5391:"6fa59457",5398:"f2fc59f6",5490:"08931564",5532:"25d419d6",5540:"c11c18c5",5552:"3738013a",5583:"0cefc4f0",5732:"9e772eca",5861:"3f74bf5b",5869:"1dc05f26",5876:"482a43f0",5905:"c282e634",6048:"e7c7c18a",6098:"f98f85cb",6103:"a9ca1f91",6266:"6aaa4109",6299:"b1557b13",6318:"aea03bee",6325:"6039d367",6457:"96d5ab3f",6555:"3ba97e15",6585:"ff20b8ba",6711:"a73fb03b",6730:"ad3706f2",6735:"5de42757",6758:"270edd8e",6891:"872c613a",6940:"da3b7d88",7139:"27ab3fca",7241:"1a735df4",7275:"ff8e86cc",7293:"d8dc748d",7430:"cca8a468",7541:"0d3d23db",7591:"547749ae",7594:"a67d245e",7621:"9f9af253",7649:"05646011",7782:"e8f7d386",7797:"65cc139a",7860:"04c08dcd",7918:"27340309",7970:"956fc1bf",7977:"fa96b586",8070:"659e593b",8098:"8f316599",8181:"06c1bb18",8185:"bb21a347",8192:"07853952",8237:"bf18ac84",8239:"9962717d",8254:"e7ec1ee4",8371:"fc0d4ec1",8573:"cc57f664",8590:"8d84bd8d",8610:"a3d95c11",8697:"7ea6f02f",8710:"640c15f3",8786:"9677409e",8789:"4f1fe907",8795:"4177106d",8801:"968c4441",8835:"a76bb1c0",8838:"ea72f1c9",8848:"0ca2217e",8907:"c76c44c5",8909:"fa1ded97",9010:"e6de9ce0",9051:"883205f6",9146:"5e3bcaf2",9195:"e554caa6",9200:"87b92c1b",9207:"27b62f27",9239:"2f73078b",9249:"6003290e",9251:"49c7af0e",9284:"bf72966c",9399:"7d5235c3",9427:"f05028e7",9444:"1a7eefd7",9477:"a9bddf70",9481:"ea404c51",9506:"8962f566",9507:"84e96a03",9514:"c2da882e",9516:"868664e0",9565:"0acf98a3",9645:"d32dc0bc",9661:"4e22fdc9",9717:"c234e086",9737:"43de8ddb",9759:"6c1214b1",9785:"e0c467d7",9798:"59d2d9e1",9817:"5ac78d9e",9902:"d6d718e6",9923:"d55afec6",9976:"7b161edf"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,c)=>Object.prototype.hasOwnProperty.call(e,c),a={},b="user-handbook:",r.l=(e,c,f,d)=>{if(a[e])a[e].push(c);else{var t,o;if(void 0!==f)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=a[e];if(delete a[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(f))),c)return c(f)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/it/",r.gca=function(e){return e={17896441:"7918",83643414:"6098",fe910059:"27",f21fe67f:"48","935f2afb":"53","13965eb4":"80",f9b019e0:"225",fb3c1916:"276",b979d7e4:"360","6a78f460":"439","2887095c":"621","2ffad701":"785","4d27f429":"788",bc51653d:"818","937969ee":"854",dabb1858:"877",a84d2af0:"890","5dc151e9":"923",f2d017e0:"981",b2a64359:"1006",ddf22f37:"1155",fd27e325:"1199","917f768f":"1210","9e2a7473":"1258","9f1c7621":"1312","18b4904d":"1322",e759f958:"1384","9034063a":"1602","8a8a5858":"1739",b51a5363:"1814","9009e554":"1871",f9cff38b:"1932",ef6f692b:"1950",fe1dd7ae:"1979",d548bd8c:"2006","11796dfe":"2033","88d0c547":"2081","794fc1e8":"2111","3b87f7a6":"2135",f76a3b8e:"2184","7f5e9c41":"2234","231a229c":"2348","2c10bcf6":"2397",e2032214:"2411",f894db60:"2436","115541e2":"2450",ecbb35df:"2469",ef71f686:"2481","814f3328":"2535","209bdfc3":"2537","73c8cde5":"2605","9dd8190d":"2688","3e80d710":"2723","8281c315":"2861","5cb298ca":"2909",c3b86ae0:"3007","6648656d":"3026",fccc5d20:"3056",a6aa9e1f:"3089","508409b4":"3171","19563afa":"3185",af23c5f9:"3218",fc999220:"3224",b74cf248:"3319",a6f005ae:"3412",b11de5d5:"3417",a02b4022:"3492","4f68bcc6":"3516","8d811565":"3587","66f0cf59":"3588","9e4087bc":"3608","0a2b8ac2":"3674","1578504c":"3693","1cbfc7c5":"3712",c96c5262:"3761",a7e50e09:"3763","7a06dbff":"3905","68c206b4":"3936","0999b6aa":"3949","01a85c17":"4013","6b44a42a":"4071",a8c7fdc6:"4108",c4f5d8e4:"4195","3d43f565":"4239",adfd2a96:"4268",f04f0ec9:"4508","644e0e81":"4561",f7ca86a6:"4612","1ebd8798":"4788","3bf835b2":"4862","3b7b256a":"4867","08c3bd78":"4986",fad3d52b:"5003",a4396826:"5089",c5a58ca1:"5194","0fb199c9":"5221",f041e880:"5226","8fe7a387":"5233",bf059cf9:"5273","2c901dd2":"5314",af2ce9b1:"5391","5e9927d2":"5398","0d59ece6":"5490",ef78badf:"5532",c9f9ad20:"5540","19cde8ec":"5552","46b0c109":"5583","1a25c548":"5732","6e2435dc":"5861",d5f314f9:"5869","0991cafe":"5876","824a28c6":"5905",ccc49370:"6103","29659bc8":"6266","59e122e4":"6299","49b07f50":"6318","8051e978":"6325","9944c673":"6457","6275ceb4":"6555",e88d32a9:"6585","1d0a8d89":"6711","7246b934":"6730","57d795a6":"6735","97ac6d59":"6758","47db09cd":"6891","34843fbe":"6940","3db42865":"7139",d634637f:"7241","043d4691":"7275","141cdfa9":"7293",dfb11b4d:"7430",e83cebc7:"7541",a65a3c47:"7591","53cc4802":"7594","21d06810":"7621",c14f15fd:"7649","3a109bd3":"7782","4aa555c3":"7797",b0404c31:"7860","8e3a693e":"7970",ae271b89:"7977","247a7af4":"8070","9947de33":"8098",f748f255:"8181","553c6794":"8185","5e5faacc":"8192",b331d16d:"8237",b8ae7715:"8239","7c6e9bc2":"8254","3bf8c048":"8371","298daba3":"8573",b58c7628:"8590","6875c492":"8610","0bb12077":"8697","0d64c1d9":"8710",f928e8d9:"8786",cbb0e45e:"8789","6c4339db":"8795",a8875a35:"8801",c747432f:"8835","010d07c1":"8838",b29d9412:"8848","8918cacc":"8907","98bd2791":"8909","07eed749":"9010","02cf6bb5":"9051",c94c4dfb:"9146","56ee2ea4":"9195","43b107c1":"9200","0b5b83c5":"9207","8838b5d9":"9239","9b12a270":"9249","45a7c7c6":"9251",c50453d6:"9284",fa088e0f:"9399",d1fa313c:"9427","5beee875":"9444","9148c1ad":"9477","3bc00383":"9481",d78ab406:"9506","5ae3487b":"9507","1be78505":"9514","8aa5d230":"9516",ef02fbbd:"9565","876f085b":"9645",e31178cb:"9661","08c34551":"9717",ba6ec3d2:"9737","89f86a37":"9759",d228e678:"9798","14eb3368":"9817",f4279852:"9902","8e8114dc":"9923",a79c88c2:"9976"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(c,f)=>{var a=r.o(e,c)?e[c]:void 0;if(0!==a)if(a)f.push(a[2]);else if(/^(1303|532)$/.test(c))e[c]=0;else{var b=new Promise(((f,b)=>a=e[c]=[f,b]));f.push(a[2]=b);var d=r.p+r.u(c),t=new Error;r.l(d,(f=>{if(r.o(e,c)&&(0!==(a=e[c])&&(e[c]=void 0),a)){var b=f&&("load"===f.type?"missing":f.type),d=f&&f.target&&f.target.src;t.message="Loading chunk "+c+" failed.\n("+b+": "+d+")",t.name="ChunkLoadError",t.type=b,t.request=d,a[1](t)}}),"chunk-"+c,c)}},r.O.j=c=>0===e[c];var c=(c,f)=>{var a,b,d=f[0],t=f[1],o=f[2],n=0;if(d.some((c=>0!==e[c]))){for(a in t)r.o(t,a)&&(r.m[a]=t[a]);if(o)var i=o(r)}for(c&&c(f);n{"use strict";var e,c,f,a,b,d={},t={};function r(e){var c=t[e];if(void 0!==c)return c.exports;var f=t[e]={id:e,loaded:!1,exports:{}};return d[e].call(f.exports,f,f.exports,r),f.loaded=!0,f.exports}r.m=d,r.c=t,e=[],r.O=(c,f,a,b)=>{if(!f){var d=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](f[o])))?f.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[f,a,b]},r.n=e=>{var c=e&&e.__esModule?()=>e.default:()=>e;return r.d(c,{a:c}),c},f=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var d={};c=c||[null,f({}),f([]),f(f)];for(var t=2&a&&e;"object"==typeof t&&!~c.indexOf(t);t=f(t))Object.getOwnPropertyNames(t).forEach((c=>d[c]=()=>e[c]));return d.default=()=>e,r.d(b,d),b},r.d=(e,c)=>{for(var f in c)r.o(c,f)&&!r.o(e,f)&&Object.defineProperty(e,f,{enumerable:!0,get:c[f]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((c,f)=>(r.f[f](e,c),c)),[])),r.u=e=>"assets/js/"+({27:"fe910059",48:"f21fe67f",53:"935f2afb",80:"13965eb4",225:"f9b019e0",276:"fb3c1916",360:"b979d7e4",439:"6a78f460",621:"2887095c",785:"2ffad701",788:"4d27f429",818:"bc51653d",854:"937969ee",877:"dabb1858",890:"a84d2af0",923:"5dc151e9",981:"f2d017e0",1006:"b2a64359",1155:"ddf22f37",1199:"fd27e325",1210:"917f768f",1258:"9e2a7473",1312:"9f1c7621",1322:"18b4904d",1384:"e759f958",1602:"9034063a",1739:"8a8a5858",1814:"b51a5363",1871:"9009e554",1932:"f9cff38b",1950:"ef6f692b",1979:"fe1dd7ae",2006:"d548bd8c",2033:"11796dfe",2081:"88d0c547",2111:"794fc1e8",2135:"3b87f7a6",2184:"f76a3b8e",2234:"7f5e9c41",2348:"231a229c",2397:"2c10bcf6",2411:"e2032214",2436:"f894db60",2450:"115541e2",2469:"ecbb35df",2481:"ef71f686",2535:"814f3328",2537:"209bdfc3",2605:"73c8cde5",2688:"9dd8190d",2723:"3e80d710",2861:"8281c315",2909:"5cb298ca",3007:"c3b86ae0",3026:"6648656d",3056:"fccc5d20",3089:"a6aa9e1f",3171:"508409b4",3185:"19563afa",3218:"af23c5f9",3224:"fc999220",3319:"b74cf248",3412:"a6f005ae",3417:"b11de5d5",3492:"a02b4022",3516:"4f68bcc6",3587:"8d811565",3588:"66f0cf59",3608:"9e4087bc",3674:"0a2b8ac2",3693:"1578504c",3712:"1cbfc7c5",3761:"c96c5262",3763:"a7e50e09",3905:"7a06dbff",3936:"68c206b4",3949:"0999b6aa",4013:"01a85c17",4071:"6b44a42a",4108:"a8c7fdc6",4195:"c4f5d8e4",4239:"3d43f565",4268:"adfd2a96",4508:"f04f0ec9",4561:"644e0e81",4612:"f7ca86a6",4788:"1ebd8798",4862:"3bf835b2",4867:"3b7b256a",4986:"08c3bd78",5003:"fad3d52b",5089:"a4396826",5194:"c5a58ca1",5221:"0fb199c9",5226:"f041e880",5233:"8fe7a387",5273:"bf059cf9",5314:"2c901dd2",5391:"af2ce9b1",5398:"5e9927d2",5490:"0d59ece6",5532:"ef78badf",5540:"c9f9ad20",5552:"19cde8ec",5583:"46b0c109",5732:"1a25c548",5861:"6e2435dc",5869:"d5f314f9",5876:"0991cafe",5905:"824a28c6",6098:"83643414",6103:"ccc49370",6266:"29659bc8",6299:"59e122e4",6318:"49b07f50",6325:"8051e978",6457:"9944c673",6555:"6275ceb4",6585:"e88d32a9",6711:"1d0a8d89",6730:"7246b934",6735:"57d795a6",6758:"97ac6d59",6891:"47db09cd",6940:"34843fbe",7139:"3db42865",7241:"d634637f",7275:"043d4691",7293:"141cdfa9",7430:"dfb11b4d",7541:"e83cebc7",7591:"a65a3c47",7594:"53cc4802",7621:"21d06810",7649:"c14f15fd",7782:"3a109bd3",7797:"4aa555c3",7860:"b0404c31",7918:"17896441",7970:"8e3a693e",7977:"ae271b89",8070:"247a7af4",8098:"9947de33",8181:"f748f255",8185:"553c6794",8192:"5e5faacc",8237:"b331d16d",8239:"b8ae7715",8254:"7c6e9bc2",8371:"3bf8c048",8573:"298daba3",8590:"b58c7628",8610:"6875c492",8697:"0bb12077",8710:"0d64c1d9",8786:"f928e8d9",8789:"cbb0e45e",8795:"6c4339db",8801:"a8875a35",8835:"c747432f",8838:"010d07c1",8848:"b29d9412",8907:"8918cacc",8909:"98bd2791",9010:"07eed749",9051:"02cf6bb5",9146:"c94c4dfb",9195:"56ee2ea4",9200:"43b107c1",9207:"0b5b83c5",9239:"8838b5d9",9249:"9b12a270",9251:"45a7c7c6",9284:"c50453d6",9399:"fa088e0f",9427:"d1fa313c",9444:"5beee875",9477:"9148c1ad",9481:"3bc00383",9506:"d78ab406",9507:"5ae3487b",9514:"1be78505",9516:"8aa5d230",9565:"ef02fbbd",9645:"876f085b",9661:"e31178cb",9717:"08c34551",9737:"ba6ec3d2",9759:"89f86a37",9798:"d228e678",9817:"14eb3368",9902:"f4279852",9923:"8e8114dc",9976:"a79c88c2"}[e]||e)+"."+{27:"ad535d04",48:"4708943f",53:"4d8ff31b",80:"7c9d96d5",225:"b5b4a856",276:"37c9304f",360:"b414f5c1",439:"0e1fdfda",621:"3218a046",785:"d61d2196",788:"e6e4fc99",818:"e2e0d594",854:"9ce0fad1",877:"b567202d",890:"7f27d724",923:"1beabf93",981:"bf63989d",1006:"46032bc4",1155:"5e3032eb",1199:"a240efeb",1210:"e40a65e1",1258:"b225b622",1312:"b2660e0a",1322:"fd5db813",1384:"17eb6149",1602:"b3f2b831",1739:"77d8271b",1814:"10684eb3",1871:"cdd0c2e4",1932:"63dfbda8",1950:"fa621589",1979:"158f4574",2006:"87b8b92d",2033:"c8f1e93b",2081:"9912f681",2111:"eeed2713",2135:"e4176764",2184:"d87fb81c",2234:"f850b1e9",2348:"9ecf60b7",2397:"fe137241",2411:"c3c30dff",2436:"de13cf40",2450:"64566ecd",2469:"f50bac3d",2481:"ec798b10",2535:"2705309e",2537:"e88f9793",2605:"b5747b40",2688:"904f5daf",2723:"8ccc7d7c",2861:"b32fff9f",2909:"f94bfc38",3007:"8788091c",3026:"67321fde",3056:"09b8e29a",3089:"8ac198c5",3171:"0048c1c5",3185:"3086b02e",3218:"b63a4e5e",3224:"ea2cb007",3319:"76183dc6",3412:"5384cc62",3417:"978db84c",3492:"36668ac2",3516:"d9b156bf",3587:"c9c12fe6",3588:"0da7321c",3608:"582408aa",3674:"13582857",3693:"2df26b14",3712:"b1788676",3761:"48df994f",3763:"c61ec664",3905:"706e10d2",3936:"e35aacf5",3949:"fc623388",4013:"fbcc85f1",4071:"8c885907",4108:"455cd2f8",4195:"ea3b76f3",4239:"27cb38fe",4268:"2bed8868",4508:"67327fd7",4561:"b5ab2ba3",4612:"973d26c1",4788:"efaa5cf8",4862:"df84e28a",4867:"61f28f34",4972:"486cf118",4986:"e7043240",5003:"713a3fa8",5089:"a9e17b33",5194:"24a71a39",5221:"acecd5d0",5226:"8b186783",5233:"ed7b87ab",5273:"2818d042",5314:"29005498",5391:"6fa59457",5398:"f2fc59f6",5490:"08931564",5532:"25d419d6",5540:"c11c18c5",5552:"3738013a",5583:"0cefc4f0",5732:"9e772eca",5861:"3f74bf5b",5869:"1dc05f26",5876:"a9057a72",5905:"c282e634",6048:"e7c7c18a",6098:"f98f85cb",6103:"a9ca1f91",6266:"6aaa4109",6299:"b1557b13",6318:"aea03bee",6325:"6039d367",6457:"96d5ab3f",6555:"3ba97e15",6585:"ff20b8ba",6711:"a73fb03b",6730:"ad3706f2",6735:"5de42757",6758:"270edd8e",6891:"872c613a",6940:"da3b7d88",7139:"27ab3fca",7241:"1a735df4",7275:"ff8e86cc",7293:"d8dc748d",7430:"cca8a468",7541:"0d3d23db",7591:"547749ae",7594:"a67d245e",7621:"9f9af253",7649:"05646011",7782:"e8f7d386",7797:"65cc139a",7860:"04c08dcd",7918:"27340309",7970:"956fc1bf",7977:"fa96b586",8070:"659e593b",8098:"8f316599",8181:"06c1bb18",8185:"bb21a347",8192:"07853952",8237:"bf18ac84",8239:"9962717d",8254:"e7ec1ee4",8371:"fc0d4ec1",8573:"cc57f664",8590:"8d84bd8d",8610:"a3d95c11",8697:"7ea6f02f",8710:"640c15f3",8786:"9677409e",8789:"4f1fe907",8795:"4177106d",8801:"968c4441",8835:"a76bb1c0",8838:"ea72f1c9",8848:"0ca2217e",8907:"c76c44c5",8909:"fa1ded97",9010:"e6de9ce0",9051:"883205f6",9146:"5e3bcaf2",9195:"e554caa6",9200:"87b92c1b",9207:"27b62f27",9239:"2f73078b",9249:"6003290e",9251:"49c7af0e",9284:"bf72966c",9399:"7d5235c3",9427:"f05028e7",9444:"1a7eefd7",9477:"a9bddf70",9481:"ea404c51",9506:"8962f566",9507:"84e96a03",9514:"c2da882e",9516:"868664e0",9565:"0acf98a3",9645:"d32dc0bc",9661:"4e22fdc9",9717:"c234e086",9737:"43de8ddb",9759:"6c1214b1",9785:"e0c467d7",9798:"59d2d9e1",9817:"5ac78d9e",9902:"d6d718e6",9923:"d55afec6",9976:"7b161edf"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,c)=>Object.prototype.hasOwnProperty.call(e,c),a={},b="user-handbook:",r.l=(e,c,f,d)=>{if(a[e])a[e].push(c);else{var t,o;if(void 0!==f)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=a[e];if(delete a[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(f))),c)return c(f)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/it/",r.gca=function(e){return e={17896441:"7918",83643414:"6098",fe910059:"27",f21fe67f:"48","935f2afb":"53","13965eb4":"80",f9b019e0:"225",fb3c1916:"276",b979d7e4:"360","6a78f460":"439","2887095c":"621","2ffad701":"785","4d27f429":"788",bc51653d:"818","937969ee":"854",dabb1858:"877",a84d2af0:"890","5dc151e9":"923",f2d017e0:"981",b2a64359:"1006",ddf22f37:"1155",fd27e325:"1199","917f768f":"1210","9e2a7473":"1258","9f1c7621":"1312","18b4904d":"1322",e759f958:"1384","9034063a":"1602","8a8a5858":"1739",b51a5363:"1814","9009e554":"1871",f9cff38b:"1932",ef6f692b:"1950",fe1dd7ae:"1979",d548bd8c:"2006","11796dfe":"2033","88d0c547":"2081","794fc1e8":"2111","3b87f7a6":"2135",f76a3b8e:"2184","7f5e9c41":"2234","231a229c":"2348","2c10bcf6":"2397",e2032214:"2411",f894db60:"2436","115541e2":"2450",ecbb35df:"2469",ef71f686:"2481","814f3328":"2535","209bdfc3":"2537","73c8cde5":"2605","9dd8190d":"2688","3e80d710":"2723","8281c315":"2861","5cb298ca":"2909",c3b86ae0:"3007","6648656d":"3026",fccc5d20:"3056",a6aa9e1f:"3089","508409b4":"3171","19563afa":"3185",af23c5f9:"3218",fc999220:"3224",b74cf248:"3319",a6f005ae:"3412",b11de5d5:"3417",a02b4022:"3492","4f68bcc6":"3516","8d811565":"3587","66f0cf59":"3588","9e4087bc":"3608","0a2b8ac2":"3674","1578504c":"3693","1cbfc7c5":"3712",c96c5262:"3761",a7e50e09:"3763","7a06dbff":"3905","68c206b4":"3936","0999b6aa":"3949","01a85c17":"4013","6b44a42a":"4071",a8c7fdc6:"4108",c4f5d8e4:"4195","3d43f565":"4239",adfd2a96:"4268",f04f0ec9:"4508","644e0e81":"4561",f7ca86a6:"4612","1ebd8798":"4788","3bf835b2":"4862","3b7b256a":"4867","08c3bd78":"4986",fad3d52b:"5003",a4396826:"5089",c5a58ca1:"5194","0fb199c9":"5221",f041e880:"5226","8fe7a387":"5233",bf059cf9:"5273","2c901dd2":"5314",af2ce9b1:"5391","5e9927d2":"5398","0d59ece6":"5490",ef78badf:"5532",c9f9ad20:"5540","19cde8ec":"5552","46b0c109":"5583","1a25c548":"5732","6e2435dc":"5861",d5f314f9:"5869","0991cafe":"5876","824a28c6":"5905",ccc49370:"6103","29659bc8":"6266","59e122e4":"6299","49b07f50":"6318","8051e978":"6325","9944c673":"6457","6275ceb4":"6555",e88d32a9:"6585","1d0a8d89":"6711","7246b934":"6730","57d795a6":"6735","97ac6d59":"6758","47db09cd":"6891","34843fbe":"6940","3db42865":"7139",d634637f:"7241","043d4691":"7275","141cdfa9":"7293",dfb11b4d:"7430",e83cebc7:"7541",a65a3c47:"7591","53cc4802":"7594","21d06810":"7621",c14f15fd:"7649","3a109bd3":"7782","4aa555c3":"7797",b0404c31:"7860","8e3a693e":"7970",ae271b89:"7977","247a7af4":"8070","9947de33":"8098",f748f255:"8181","553c6794":"8185","5e5faacc":"8192",b331d16d:"8237",b8ae7715:"8239","7c6e9bc2":"8254","3bf8c048":"8371","298daba3":"8573",b58c7628:"8590","6875c492":"8610","0bb12077":"8697","0d64c1d9":"8710",f928e8d9:"8786",cbb0e45e:"8789","6c4339db":"8795",a8875a35:"8801",c747432f:"8835","010d07c1":"8838",b29d9412:"8848","8918cacc":"8907","98bd2791":"8909","07eed749":"9010","02cf6bb5":"9051",c94c4dfb:"9146","56ee2ea4":"9195","43b107c1":"9200","0b5b83c5":"9207","8838b5d9":"9239","9b12a270":"9249","45a7c7c6":"9251",c50453d6:"9284",fa088e0f:"9399",d1fa313c:"9427","5beee875":"9444","9148c1ad":"9477","3bc00383":"9481",d78ab406:"9506","5ae3487b":"9507","1be78505":"9514","8aa5d230":"9516",ef02fbbd:"9565","876f085b":"9645",e31178cb:"9661","08c34551":"9717",ba6ec3d2:"9737","89f86a37":"9759",d228e678:"9798","14eb3368":"9817",f4279852:"9902","8e8114dc":"9923",a79c88c2:"9976"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(c,f)=>{var a=r.o(e,c)?e[c]:void 0;if(0!==a)if(a)f.push(a[2]);else if(/^(1303|532)$/.test(c))e[c]=0;else{var b=new Promise(((f,b)=>a=e[c]=[f,b]));f.push(a[2]=b);var d=r.p+r.u(c),t=new Error;r.l(d,(f=>{if(r.o(e,c)&&(0!==(a=e[c])&&(e[c]=void 0),a)){var b=f&&("load"===f.type?"missing":f.type),d=f&&f.target&&f.target.src;t.message="Loading chunk "+c+" failed.\n("+b+": "+d+")",t.name="ChunkLoadError",t.type=b,t.request=d,a[1](t)}}),"chunk-"+c,c)}},r.O.j=c=>0===e[c];var c=(c,f)=>{var a,b,d=f[0],t=f[1],o=f[2],n=0;if(d.some((c=>0!==e[c]))){for(a in t)r.o(t,a)&&(r.m[a]=t[a]);if(o)var i=o(r)}for(c&&c(f);n - +
-

Archivio

Archivio

2023

- +

Archivio

Archivio

2023

+ \ No newline at end of file diff --git a/build-staging/it/blog/atom.xml b/build-staging/it/blog/atom.xml index 0839a6a0..dcf1c4a3 100644 --- a/build-staging/it/blog/atom.xml +++ b/build-staging/it/blog/atom.xml @@ -9,11 +9,11 @@ https://docs.cwtch.im/it/img/favicon.png Copyright © ${new Date().getFullYear()} Open Privacy Research Society - <![CDATA[Cwtch UI Reproducible Builds (Linux)]]> + <![CDATA[Progress Towards Reproducible UI Builds]]> https://docs.cwtch.im/it/blog/cwtch-ui-reproducible-builds-linux 2023-07-14T00:00:00.000Z - Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

]]> + Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

]]> Sarah Jamie Lewis diff --git a/build-staging/it/blog/autobindings-ii/index.html b/build-staging/it/blog/autobindings-ii/index.html index 84b082e9..b8183ec1 100644 --- a/build-staging/it/blog/autobindings-ii/index.html +++ b/build-staging/it/blog/autobindings-ii/index.html @@ -12,12 +12,12 @@ - +
-

Compile-time Optional Application Experiments (Autobindings)

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

The Structure of an Application Experiment

An application-level experiment consists of:

  1. A set of top-level APIs, e.g. CreateServer, LoadServer, DeleteServer - these are the APIs that we want to expose to calling applications.
  2. An encapsulating structure for the set of APIs, e.g. ServersFunctionality - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.
  3. A global variable that exists at the top level of libCwtch, e.g. var serverExperiment *servers.ServersFunctionality servers - our single pointer to the underlying functionality.
  4. A set of management-related APIs, e.g. Init, UpdateSettings, OnACNEvent - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are +

    Compile-time Optional Application Experiments (Autobindings)

    · 5 minuti di lettura
    Sarah Jamie Lewis

    Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

    The Structure of an Application Experiment

    An application-level experiment consists of:

    1. A set of top-level APIs, e.g. CreateServer, LoadServer, DeleteServer - these are the APIs that we want to expose to calling applications.
    2. An encapsulating structure for the set of APIs, e.g. ServersFunctionality - it is much easy to manage a cohesive set of functionality if it is wrapped up in a single entity.
    3. A global variable that exists at the top level of libCwtch, e.g. var serverExperiment *servers.ServersFunctionality servers - our single pointer to the underlying functionality.
    4. A set of management-related APIs, e.g. Init, UpdateSettings, OnACNEvent - in the case of the server hosting experiment we need to perform specific actions when we start up (e.g. loading unencrypted hosted servers), and when settings are changed (e.g. if the server hosting experiment is disabled we need to tear down all active servers).
    5. Management code within _startCwtch and _reconnectCwtch that calls the management APIs on the global variable.

    From a code generation perspective we already have most of the functionality is place to support (1) - the one major difference being that we need to wrap function calls on the global variable associated with the experiment, instead of on application or a specific profile.

    Most of the effort required to support optional experiments was focused on optionally weaving experiment management code within the template.

    New Required Management APIs

    To achieve this weaving, we now require application-level experiments to implement an EventHandlerInterface interface and expose itself via an initialize constructor Init(acn, appDir) -> EventHandlerInterface, and Enable(app, acn).

    For now this interface is rather minimal, and has been mapped almost exactly to how the server hosting experiment already worked. If, or when, a new application experiment is required we will likely revisit this interface.

    We can then generate, and optionally include blocks of code like:

        <experimentGlobal> = <experimentPackage>.Init(&globalACN, appDir)
        eventHandler.AddModule(<experimentGlobal>)
        <experimentGlobal>.Enable(application, &globalACN)

    and place them at specific points in the code. EventHandler has also been extended to maintain a collection of modules so that it can @@ -27,7 +27,7 @@ of a global functionality within the library.

    Cwtch UI Integration

    The UI, and other downstream applications, can now check for support for server hosting by simply checking if the loaded library provides the expected symbols, e.g. c_LoadServers - if it doesn't then the UI is safe to assume the feature is not available.

    A screenshot of the Cwtch UI Settings Pane demonstrating how the Server Hosting experiment option looks when the UI is pointed to a libCwtch compiled without server hosting support.

    Nightlies & Next Steps

    We are now publishing nightlies of autobinding derived libCwtch-go, along with Repliqate scripts for reproducibility.

    With application experiments supported, this phase of autobindings comes to a close. The immediate next steps involve extensive testing and release candidates proving out the new bindings to ensure that no bugs have been introduced in the migration from libCwtch-go. These candidates will form the basis for Cwtch Beta 1.11.

    However, there is still more work to do, and we expect to make progress on a few areas over the next few months, including:

    • Dart Library generation: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the Dart side of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface, e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces, e.g. libcwtch-rs.
    • Documentation generation: as another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with docs.cwtch.im.

    Help us go further!

    We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

    If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

    Donations of $5 or more can opt to receive stickers as a thank-you gift!

    For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

    A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/it/blog/autobindings/index.html b/build-staging/it/blog/autobindings/index.html index f2da9a3f..4dff0375 100644 --- a/build-staging/it/blog/autobindings/index.html +++ b/build-staging/it/blog/autobindings/index.html @@ -12,15 +12,15 @@ - +
-

Autogenerating Cwtch Bindings

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

Autogenerating Cwtch Bindings

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

A Brief History of Cwtch Bindings

Prior to the modern Flutter-based UI application, the first Cwtch UI prototype was based on Qt, with the bindings automatically generated by therecipe/qt. However, after encountering numerous crash-bugs on the compiled Arm version for Android, and a few weeks of prototyping different approaches, we settled on Flutter as a replacement UI framework.

As part of early prototyping efforts for Flutter we built out a first version of libCwtch-go, and over the two years of beta development we have evolved that prototype into a functional set of Cwtch bindings.

This approach has not been without side effects. There is still code from those early prototypes floating around in libCwtch-go, inconsistencies in how functions - in particular experimental features - handle settings, duplication of logic between Cwtch and libCwtch-go, and special behaviour in libCwtch-go that better belongs in the core Cwtch library.

As part of a broader effort to refine the Cwtch API in preparation for Cwtch Stable we have taken the opportunity to fix many of these problems.

Cwtch Autobindings

The current lib.go file that encapsulates the vast majority of libCwtch-go currently sits at 1500+ lines of code. However, much of that code is boilerplate calling conventions e.g. the BlockContact API implementation is:

//export c_BlockContact
func c_BlockContact(profilePtr *C.char, profileLen C.int, conversation_id C.int) {
    BlockContact(C.GoStringN(profilePtr, profileLen), int(conversation_id))
}

func BlockContact(profileOnion string, conversationID int) {
    profile := application.GetPeer(profileOnion)
    if profile != nil {
        profile.BlockConversation(conversationID)
    }
}

All that code is doing is defining a C-compatible API, performing some basic checking of parameters, and passing the result into the core Cwtch library. The two functions themselves support the C-bindings and Java-bindings respectively.

In the new cwtch-autobindings we reduce these multiple lines to a single one:

profile BlockConversation conversation

Defining a profile-level function, called BlockConversation which takes in a single parameter of type conversation.

Using a similar boilerplate-reduction for the reset of lib.go yields 5-basic function prototypes:

  • Application-level functions e.g. CreateProfile
  • Profile-level functions e.g. BlockConversation
  • Profile-level functions that return data e.g. GetMessage
  • Experimental Profile-level feature functions e.g. DownloadFile
  • Experimental Profile-level feature functions that return data e.g. ShareFile

Once aggregated and itemized the full set of bindings for Cwtch applications, profile interactions, and experiments can be described in fewer than 50 lines, including comments. Even including the code necessary to generate the bindings from this specification file (~400 lines), and the code needed to initialize the bindings themselves (~300 lines). This cuts the amount of coded needed by 60%, and eliminates many classes of error and inconsistencies associated with maintaining bindings (e.g. regularizing function calls / checking experiment status / handling error conditions etc.).

Next Steps

Cwtch autobindings work today, are API-compatible with the existing libCwtch-go implements, and can be fully integrated into an existing Cwtch application with minimal effort. However, there are a few areas which need to be addressed prior to a full rollout:

  • Application-level experiments (of which there is only one: Desktop Server Hosting) are not currently supported. This functionality is only tangentially related to the rest of the Cwtch bindings, and necessarily introduces additional dependencies (e.g. on cwtch-server). In the coming weeks we will allow optional application experiments to be enabled at compile time, to allow us to produce smaller bindings for platforms that don't support the experiment, and to allow us to build new kinds of platform-targeted experiments that can take advantage of platform specific features.
  • Dart Library generation: since we now have a formal description of the bindings interface, we can move ahead with also autogenerating the Dart-side of the bindings interface, giving a boost to UI integration of new features, and allowing us to generate tailored versions of the UI interface e.g. one compiled without experiment support. We can also extend the same logic to other downstream interfaces e.g. libcwtch-rs
  • Documentation generation: another benefit of a formal description of the bindings interface, we can easily generate documentation compatible with docs.cwtch.im.
  • Cwtch API: This first cut of autobindings is based on an unreleased version of the core Cwtch library that implements much of the Cwtch Stable API redesign. In a short while we will be merging these features into Cwtch, in preparation for Cwtch 1.11, and beyond.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/it/blog/availability-status-profile-attributes/index.html b/build-staging/it/blog/availability-status-profile-attributes/index.html index bcf4ea3e..73e0e731 100644 --- a/build-staging/it/blog/availability-status-profile-attributes/index.html +++ b/build-staging/it/blog/availability-status-profile-attributes/index.html @@ -12,14 +12,14 @@ - +
-

Availability Status and Profile Attributes

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

Availability Status and Profile Attributes

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Availability Status

New in this nightly is the ability to notify your conversations that you are "Away" or "Busy".

Read more: Availability Status

Profile Attributes

Also new is the ability to augment your profile with a few small pieces of public information.

Read more: Profile Information

Downloading the Nightly

Nightly builds are available from our build server. Download links for 2023-04-05-18-28-v1.11.0-7-g0290 are available below.

Please see the contribution documentation for advice on submitting feedback

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-android-reproducibility/index.html b/build-staging/it/blog/cwtch-android-reproducibility/index.html index f5f65078..799a5eec 100644 --- a/build-staging/it/blog/cwtch-android-reproducibility/index.html +++ b/build-staging/it/blog/cwtch-android-reproducibility/index.html @@ -12,13 +12,13 @@ - +
-

Making Cwtch Android Bindings Reproducible

· 3 minuti di lettura
Sarah Jamie Lewis

In this development log, we continue our previous work on reproducible Cwtch bindings, uncovering the final few sources of variation between our Repliqate scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!

Changes Necessary for Reproducible Android Bindings

After a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:

  • Insufficient path stripping introduced by Android NDK tools - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 changed the binutils and default linker to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our long term support plan, we will be moving towards adopting the latest NDK in the future.
  • Paths in DWARF entries - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.

Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
  • Go Compiler Acquisition - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there was a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.

Repliqate Scripts

With those issues now fixed, Cwtch Android bindings are officially reproducible! The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script in the Cwtch Repliqate scripts repository.

This is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Making Cwtch Android Bindings Reproducible

· 3 minuti di lettura
Sarah Jamie Lewis

In this development log, we continue our previous work on reproducible Cwtch bindings, uncovering the final few sources of variation between our Repliqate scripts and our docker/drone builds, leading to fully reproducible builds for Cwtch Android bindings!

Changes Necessary for Reproducible Android Bindings

After a thorough investigation of the build artifacts produced by Repliqate and Drone we uncovered three additional sources of variation:

  • Insufficient path stripping introduced by Android NDK tools - it turns out that Android builds using NDK versions below 22 are not reproducible as they produce randomized artifacts (through unstripped temporary directory paths appearing in compiled binares). NDK 22 changed the binutils and default linker to versions that correctly strip such paths from build artifacts. As such it was necessary for us to update the NDK version we used. We chose the technically outdated NDK 22 rather than the more modern NDK 25 to minimize Android OS compatibility changes during this switch. However, per our long term support plan, we will be moving towards adopting the latest NDK in the future.
  • Paths in DWARF entries - while we have been unable to track down exactly where these are being introduced, we did track the final difference in the produced bindings to DWARF debug lines embedded in compiled ELF binaries. These entries encoded the actual location of the NDK on the disk of the build machine, instead of the symbolic link that we believed should have been followed. By physically placing the NDK at same location in repliqate as in our Docker container we were able to get these entries to be consistent - however there is still work to do to understand exactly why they are being introduced at all.

Vimdiff comparing the decoded (readelf --debug-dump=line) DWARF debug section of Drone-produced Android bindings v.s. Repliqate-produced. The difference in paths is highlighted.
  • Go Compiler Acquisition - our Docker container was compiling the Go compiler from source, while Repliqate was downloading a pre-compiled version. During debugging we changed the Dockerfile to also download the pre-compiled version in order to eliminate the difference as a potential reproducibility issue. Our tests indicated that there was a difference between artifacts produced by the precompiled compiler v.s. one built from source - this is likely explained by introduced environmental differences caused by the compilation of the compiler itself e.g. the contents/versions of modules in the Go package cache which we have seen as having an impact on other produced binaries.

Repliqate Scripts

With those issues now fixed, Cwtch Android bindings are officially reproducible! The first version that officially met this requirement was 1.10.5, and you can find the Repliqate script under cwtch-bindings-v1.10.5/libcwtch.v1.10.5-android.script in the Cwtch Repliqate scripts repository.

This is another big milestone towards our ultimate goal of full reproducibility for Cwtch releases.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-bindings-reproducible/index.html b/build-staging/it/blog/cwtch-bindings-reproducible/index.html index fda08ef0..65b72038 100644 --- a/build-staging/it/blog/cwtch-bindings-reproducible/index.html +++ b/build-staging/it/blog/cwtch-bindings-reproducible/index.html @@ -12,13 +12,13 @@ - +
-

Making Cwtch Bindings Reproducible

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

How Cwtch Bindings are Built

Since we launched Cwtch Beta we have used Docker containers as part of our continuous build process.

When a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.

The Cwtch Bindings build pipeline results in four compiled libraries:

These compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.

Making libCwtch Reproducible

Docker containers alone aren't enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:

  • Go Build ID: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.
  • Build Paths and Go Environment Variables: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary – ostensibly to aid with debugging. These can be removed using the trimPath option, which we now specify for all bindings builds.

Linux Specific Considerations

After the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.

Our Drone/Docker build environments are based on Debian Bullseye which provides libc6-dev version 2.31. Other development setups will likely link libc-dev 2.34+.

libc6-dev 2.34 is notable because it removed dependencies on libpthread and libdl – neither are used in libCwtch, but they are currently referenced – which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.

This means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on Next Steps for more information).

Windows Specific Considerations

The headers of PE files technically contain a timestamp field. In recent years an effort has been made to use this field for other purposes, but by default go build will still include the timestamp of the file when producing a DLL file (at least when using CGO).

Fortunately this field can be zeroed out through passing -Xlinker –no-insert-timestamp into the mingw32-gcc process.

With that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.

Android Specific Considerations

With the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:

  • Cwtch makes use of GoMobile for compiling Android libraries. We pin to a specific version 43a0384520996c8376bfb8637390f12b44773e65 in our Docker containers. Unlike go build, the trimpPath parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized /tmp/go-build* references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.
  • We still use sdk-tools instead of the new commandline-tools. The latest version of sdk-tools is 4333796 and available from: https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip. As part of our plans for Cwtch Stable we will be updating this dependency.
  • Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated openjdk:8 image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency.

All of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.

OSX Specific Considerations

Perhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.

As with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.

In order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.

In an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a proprietary SDK. There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.

Because of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.

Introducing Repliqate!

With all the above changes, Cwtch Bindings for Linux and Windows are fully reproducible!

That alone is great, but we also want to make it easier for you to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.

To make this process accessible we are releasing a new tool called repliqate.

Repliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.

Repliqate runs build-scripts to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from builds.openprivacy.ca.

We now provide Repliqate build-scripts for reproducible both Linux libCwtch.so builds, Windows libCwtch.dll builds!

We also have a partially repeatable Android cwtch.aar build script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.

You can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.

Next Steps

Reproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.

As we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Making Cwtch Bindings Reproducible

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

How Cwtch Bindings are Built

Since we launched Cwtch Beta we have used Docker containers as part of our continuous build process.

When a new change is merged into the repository it kicks off the Cwtch bindings build pipeline which result in the new source tree being downloaded, inspected, compiled, tested, and eventually packaged for different platforms.

The Cwtch Bindings build pipeline results in four compiled libraries:

These compiled libraries eventually make their way into Cwtch-based applications, like the Cwtch UI.

Making libCwtch Reproducible

Docker containers alone aren't enough to guarantee reproducibility. On inspection of several builds of the same source tree, we noticed a few elements that were distinct to each build:

  • Go Build ID: By default, Go includes a build ID as part of compiled binaries. When using CGO this build ID is non-deterministic and differs for every build. We made the decision to override this build ID for all outputs, setting it to the version of the code being built.
  • Build Paths and Go Environment Variables: By default, Go includes full filesystem paths, and many Go-specific environment variables in the compiled binary – ostensibly to aid with debugging. These can be removed using the trimPath option, which we now specify for all bindings builds.

Linux Specific Considerations

After the general fixes for Go builds are applied, the main variable input that impacts reproducibility is the version of libc that the bindings are compiled against.

Our Drone/Docker build environments are based on Debian Bullseye which provides libc6-dev version 2.31. Other development setups will likely link libc-dev 2.34+.

libc6-dev 2.34 is notable because it removed dependencies on libpthread and libdl – neither are used in libCwtch, but they are currently referenced – which increases the number of sections (and thus the virtual addresses of those sections) defined in the produced ELF file.

This means that in order to reproduce libCwtch Linux bindings it is necessary to have a development environment that will link libc 2.31. We have provided a small, standalone environment which can be used for this purpose (see the section on Next Steps for more information).

Windows Specific Considerations

The headers of PE files technically contain a timestamp field. In recent years an effort has been made to use this field for other purposes, but by default go build will still include the timestamp of the file when producing a DLL file (at least when using CGO).

Fortunately this field can be zeroed out through passing -Xlinker –no-insert-timestamp into the mingw32-gcc process.

With that, and the universal Go fixes outlined above, Windows bindings are now reproducible using the same standalone Linux environment.

Android Specific Considerations

With the above universal Go fixes, Android build artifacts become almost repeatable. And on certain setups they appear to be reproducible. However,achieving full reproducibility for Android builds requires a number of specific environment dependencies, and considerations:

  • Cwtch makes use of GoMobile for compiling Android libraries. We pin to a specific version 43a0384520996c8376bfb8637390f12b44773e65 in our Docker containers. Unlike go build, the trimpPath parameter passed to GoMobile does not strip all development environment paths. This means that the build environment needs consistent directory structures. We have noticed inconsistencies in the detail stripped between setups e.g. cwtch.aar files build by our Docker and Repliqate builds still contain randomized /tmp/go-build* references that developer builds do not. We are still in the process of tracking down how these inconsistencies are introduced.
  • We still use sdk-tools instead of the new commandline-tools. The latest version of sdk-tools is 4333796 and available from: https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip. As part of our plans for Cwtch Stable we will be updating this dependency.
  • Cwtch Android builds currently use OpenJDK 8, unchanged from the earliest prototypes when Android development required Java 8. There is no nice way of obtaining this JDK version anymore, our Docker Containers are based on the now deprecated openjdk:8 image. As with sdk-tooks, as part of our plans for Cwtch Stable we will be updating this dependency.

All of the above mean that we cannot consider Android builds to be reproducible yet, but we believe this is an achievable goal within the next couple of release cycles.

OSX Specific Considerations

Perhaps surprisingly, OSX builds present the biggest reproducibility challenge. Unlike Linux, Windows, and Android builds we do not have a Dockerized build environment for OSX builds - relying instead on a dedicated machine to perform the builds.

As with Linux above, the general fixes for setting Go build id and trimming paths are enough to ensure repeatability on the same machine.

In order to fully guarantee reproducibility, OSX libraries need to be built on the same version of OSX with the same version of Xcode. For reference our current build system uses: Big Sur 11.6.1 with Xcode version 13.2.1.

In an ideal world we would be able to cross-compile OSX libraries on Linux the same way we do for Windows and Android. While there are no technical limits, compiling for OSX is dependent on a proprietary SDK. There is no way to trustfully obtain this SDK from anyone except Apple, and the license appears to strictly prohibit transferring the SDK to non-Apple hardware.

Because of these limitations we cannot yet offer a way to automatically verify OSX builds, in the same way that we can for Linux, Windows, and Android. We will continue to look for ways to bring OSX builds to the same level as the rest of our Windows and Linux distributions.

Introducing Repliqate!

With all the above changes, Cwtch Bindings for Linux and Windows are fully reproducible!

That alone is great, but we also want to make it easier for you to check the reproducibility of our builds yourself! As we noted in the introduction, the whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team.

To make this process accessible we are releasing a new tool called repliqate.

Repliqate makes it easy to construct isolated build environments, powered by Qemu and a standard Debian Cloud Image distribution.

Repliqate runs build-scripts to perform actions like downloading the specific versions of Go used in Cwtch official builds, grabbing a copy of the source code for Cwtch bindings, compiling the latest tagged version, and checking the hash against the same version that is available from builds.openprivacy.ca.

We now provide Repliqate build-scripts for reproducible both Linux libCwtch.so builds, Windows libCwtch.dll builds!

We also have a partially repeatable Android cwtch.aar build script that reproduces the official build environment, which we will be using to complete Android reproducible builds as detailed in the last section.

You can (and I want to highly encourage you to) perform all these steps yourself (either via Repliqate, or a setup with the same specifications) and report back. We want to know if there are any other barriers to reproducing Cwtch bindings, and anything that we can do to make the process easier.

Next Steps

Reproducible bindings are a big achievement, but there is obviously much more to do. In the coming weeks we are committed to undertaking the same process with our Cwtch UI builds to determine what needs to be done to make this as reproducible as bindings.

As we go through this process we also expect to add additional functionality to Repliqate. If you have any feedback or would like to contribute to Repliqate development then please get in touch!

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-developer-documentation/index.html b/build-staging/it/blog/cwtch-developer-documentation/index.html index 0ca348ae..55dd8a33 100644 --- a/build-staging/it/blog/cwtch-developer-documentation/index.html +++ b/build-staging/it/blog/cwtch-developer-documentation/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Cwtch Development Handbook

We have created a new documentation section, the developers handbook. This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).

Release and Packaging Process

The new handbook features a breakdown of Cwtch release processes - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.

Cwtch Application Development and Cwtchbot v0.1.0!

For the first time ever we now have comprehensive documentation on how to build a Cwtch Application. This section of the development handbook covers everything from choosing a Cwtch library, to building your first application.

Together with this new documentation we have also released version 0.1 of the Cwtchbot framework, updating calls to use the new Cwtch Stable API.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-04-26-20-57-v1.11.0-33-gb4371.

This version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the in-development Tails support.

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Developer Documentation, Cwtchbot v0.1.0 and New Nightly.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

Cwtch Development Handbook

We have created a new documentation section, the developers handbook. This new section is targeted towards to people working on Cwtch projects (e.g. the official Cwtch library or the Cwtch UI), as well as people who want to build new Cwtch applications (e.g. chat bots or custom clients).

Release and Packaging Process

The new handbook features a breakdown of Cwtch release processes - describing what, and how, build artifacts are created; the difference between nightly and official builds; how the official release process works; and how reproducible build scripts are created.

Cwtch Application Development and Cwtchbot v0.1.0!

For the first time ever we now have comprehensive documentation on how to build a Cwtch Application. This section of the development handbook covers everything from choosing a Cwtch library, to building your first application.

Together with this new documentation we have also released version 0.1 of the Cwtchbot framework, updating calls to use the new Cwtch Stable API.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-04-26-20-57-v1.11.0-33-gb4371.

This version has a number of fixes and updates to the file sharing and image previews/profile pictures experiment, and an update to the in-development Tails support.

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-documentation/index.html b/build-staging/it/blog/cwtch-documentation/index.html index 54b26c7e..592c7a4a 100644 --- a/build-staging/it/blog/cwtch-documentation/index.html +++ b/build-staging/it/blog/cwtch-documentation/index.html @@ -12,13 +12,13 @@ - +
-

Updates to Cwtch Documentation

· 3 minuti di lettura
Sarah Jamie Lewis

One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.

Cwtch Secure Development Handbook

One of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.

We have now ported the the handbook to this documentation site, along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation.

Volunteer Development

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Next Steps

We still have more work to do on the documentation front:

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Updates to Cwtch Documentation

· 3 minuti di lettura
Sarah Jamie Lewis

One of the main streams of work in the lead up to Cwtch Stable has been improving all aspects of Cwtch Documentation. In this development log we will highlight some of the major updates over the last few weeks.

Cwtch Secure Development Handbook

One of the earliest compendiums of Cwtch documentation was the Cwtch Secure Development Handbook. This handbook provided an overview of the various parts of the Cwtch ecosystem, the known risks, and any existing mitigations. The handbook was designed to serve as a guide to developers who were building or extending Cwtch, and over the years it also served as a permanent home for documenting long-standing design decisions.

We have now ported the the handbook to this documentation site, along with updating some of the contents. Over the next few months we will be expanding this section to include new sections on fuzzing, plugins, and client implementation.

Volunteer Development

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Next Steps

We still have more work to do on the documentation front:

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-nightly-1-11/index.html b/build-staging/it/blog/cwtch-nightly-1-11/index.html index 2383dabb..6055bb37 100644 --- a/build-staging/it/blog/cwtch-nightly-1-11/index.html +++ b/build-staging/it/blog/cwtch-nightly-1-11/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Beta 1.11

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

In This Release

A screenshot of Cwtch 1.11

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
  • Bug Fixes / Improvements:
    • When preserving a message draft, quoted messages are now also saved
    • Layout issues caused by pathological unicode are now prevented
    • Improved performance of message row rendering
    • Clickable Links: Links in replies are now selectable
    • Clickable Links: Fixed error when highlighting certain URIs
    • File Downloading: Fixes for file downloading and exporting on 32bit Android devices
    • Server Hosting: Fixes for several layout issues
    • Build pipeline now runs automated UI tests
    • Fix issues caused by scrollbar controller overriding
    • Initial support for the Blodeuwedd Assistant (currently compile-time disabled)
    • Cwtch Library:
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Spanish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.11 is based on libCwtch version 2023-03-16-15-07-v0.0.3-1-g50c853a. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Beta 1.11

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

In This Release

A screenshot of Cwtch 1.11

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
  • Bug Fixes / Improvements:
    • When preserving a message draft, quoted messages are now also saved
    • Layout issues caused by pathological unicode are now prevented
    • Improved performance of message row rendering
    • Clickable Links: Links in replies are now selectable
    • Clickable Links: Fixed error when highlighting certain URIs
    • File Downloading: Fixes for file downloading and exporting on 32bit Android devices
    • Server Hosting: Fixes for several layout issues
    • Build pipeline now runs automated UI tests
    • Fix issues caused by scrollbar controller overriding
    • Initial support for the Blodeuwedd Assistant (currently compile-time disabled)
    • Cwtch Library:
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Spanish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.11 is based on libCwtch version 2023-03-16-15-07-v0.0.3-1-g50c853a. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.3-1-g50c853a

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-nightly-1-12/index.html b/build-staging/it/blog/cwtch-nightly-1-12/index.html index 89ecd059..b6e276e9 100644 --- a/build-staging/it/blog/cwtch-nightly-1-12/index.html +++ b/build-staging/it/blog/cwtch-nightly-1-12/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Beta 1.12

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

In This Release

A screenshot of Cwtch 1.12

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
    • Profile Attributes - profiles can now be augmented with additional public information
    • Availability Status - you can now notify contacts that you are away or busy
    • Five New Supported Localizations: Japanese, Korean, Slovak, Swahili and Swedish
    • Support for Tails - adds an OnionGrater configuration and a new CWTCH_TAILS environment variable that enables special Tor behaviour.
  • Bug Fixes / Improvements:
    • Based on Flutter 3.10
    • Inter is now the main UI font
    • New Font Scaling setting
    • New Network Management code to better manage Tor on unstable networks
    • File Sharing Experiment Fixes
      • Fix performance issues for file bubble
      • Allow restarting of file shares that have timed out
      • Fix NPE in FileBubble caused by deleting the underlying file
      • Move from RetVal to UpdateConversationAttributes to minimze UI thread issues
    • Updates to Linux install scripts to support more distributions
    • Add a Retry Peer connection to prioritize connection attempts for certain conversations
    • Updates to _FlDartProject to allow custom setting of Flutter asset paths
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Slovak, Spanish, Swahili, Swedish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Japanese (29%), Korean (23%), Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.12 is based on libCwtch version libCwtch-autobindings-2023-06-13-10-50-v0.0.5. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Beta 1.12

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

In This Release

A screenshot of Cwtch 1.12

A special thanks to the amazing volunteer translators and testers who made this release possible.

  • New Features:
    • Profile Attributes - profiles can now be augmented with additional public information
    • Availability Status - you can now notify contacts that you are away or busy
    • Five New Supported Localizations: Japanese, Korean, Slovak, Swahili and Swedish
    • Support for Tails - adds an OnionGrater configuration and a new CWTCH_TAILS environment variable that enables special Tor behaviour.
  • Bug Fixes / Improvements:
    • Based on Flutter 3.10
    • Inter is now the main UI font
    • New Font Scaling setting
    • New Network Management code to better manage Tor on unstable networks
    • File Sharing Experiment Fixes
      • Fix performance issues for file bubble
      • Allow restarting of file shares that have timed out
      • Fix NPE in FileBubble caused by deleting the underlying file
      • Move from RetVal to UpdateConversationAttributes to minimze UI thread issues
    • Updates to Linux install scripts to support more distributions
    • Add a Retry Peer connection to prioritize connection attempts for certain conversations
    • Updates to _FlDartProject to allow custom setting of Flutter asset paths
  • Accessibility / UX:
    • Full translations for Brazilian Portuguese, Dutch, French, German, Italian, Russian, Polish, Slovak, Spanish, Swahili, Swedish, Turkish, and Welsh
    • Core translations for Danish (75%), Norwegian (76%), and Romanian (75%)
    • Partial translations for Japanese (29%), Korean (23%), Luxembourgish (22%), Greek (16%), and Portuguese (6%)

Reproducible Bindings

Cwtch 1.12 is based on libCwtch version libCwtch-autobindings-2023-06-13-10-50-v0.0.5. The repliqate scripts to reproduce these bindings from source can be found at https://git.openprivacy.ca/cwtch.im/repliqate-scripts/src/branch/main/cwtch-autobindings-v0.0.5

Download the New Version

You can download Cwtch from https://cwtch.im/download.

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Alternatively we also provide a releases-only RSS feed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-nightly-v.11-74/index.html b/build-staging/it/blog/cwtch-nightly-v.11-74/index.html index 77d18244..b8c61110 100644 --- a/build-staging/it/blog/cwtch-nightly-v.11-74/index.html +++ b/build-staging/it/blog/cwtch-nightly-v.11-74/index.html @@ -12,13 +12,13 @@ - +
-

New Cwtch Nightly (v1.11.0-74-g0406)

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-06-05-17-36-v1.11.0-74-g0406.

This version has a large number of improvements and bug fixes including:

  • A new Font Scaling setting
  • Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.
  • Updated UI font styles
  • Dependency updates, including a new base of Flutter 3.10.
  • A fix for stuck file downloading notifications on Android
  • A fix for missing profile images in certain edge cases on Android
  • Japanese, Swedish, and Swahili translation options
  • A new retry peer connection button for prompting Cwtch to prioritize specific connections
  • Tails support

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

New Cwtch Nightly (v1.11.0-74-g0406)

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

New Nightly

There is a new Nightly build are available from our build server. The latest nightly we recommend testing is 2023-06-05-17-36-v1.11.0-74-g0406.

This version has a large number of improvements and bug fixes including:

  • A new Font Scaling setting
  • Several networking and connection management improvements including automatic detection and response to network changes, and several bug fixes that impacted time-to-connection after a resetting Tor.
  • Updated UI font styles
  • Dependency updates, including a new base of Flutter 3.10.
  • A fix for stuck file downloading notifications on Android
  • A fix for missing profile images in certain edge cases on Android
  • Japanese, Swedish, and Swahili translation options
  • A new retry peer connection button for prompting Cwtch to prioritize specific connections
  • Tails support

In addition, this nightly also includes a number of performance improvements that should fix reported rendering issues on less powerful devices.

Please see the contribution documentation for advice on submitting feedback

Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-platform-support/index.html b/build-staging/it/blog/cwtch-platform-support/index.html index 2aca4679..35c1c195 100644 --- a/build-staging/it/blog/cwtch-platform-support/index.html +++ b/build-staging/it/blog/cwtch-platform-support/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch UI Platform Support

· 11 minuti di lettura
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

Constraints on support

From CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems.

In this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.

Limitations on general-purpose computing

In order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to other onion services).

On desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, blocked entirely.

This is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.

While we expect that Arti will improve the management of onion services and connections, there is no way around the need to have an active process managing such services.

As Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.

We encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don't place restrictions on what you can do with your own device.

Constraints introduced by the Flutter SDK

The Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by platforms that are supported by the Flutter SDK.

To summarize, as of writing this document those platforms are:

  • Android API 16 and above (arm, arm64, and amd64)
  • Debian-based Linux Distributions (64-bit only)
  • macOS El Capitan (10.11) and above
  • Windows 7 & above (64-bit only)

To put it plainly, without porting Cwtch UI to a different UI platform we cannot support a 32-bit desktop version.

Constraints introduced by Appstore Policy

As of writing, Google is pushing applications to target API 31 or above. This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.

CPU Architecture and Cwtch Bindings

We currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.

It is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.

Architecture / PlatformWindowsLinuxmacOSAndroid
arm✅️
arm64🟡✅️
x86-64 / amd64✅️✅️

"🟡" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).

Testing and official support

As a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the Cwtch Release Candidate Testers to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.

We officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.

End-of-life platforms

Operating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. Windows 7 fell out of support on January 14, 2020, Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.

Likewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.

The same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. Cwtch currently requires libc 2.31+.

Android versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our Cwtch Release Candidate Testers groups to help us understand the limitations of Android support across different API versions.

How we decide to officially support a platform

To help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:

  1. The target platform needs to be officially supported by our development tools - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.
  2. The target operating system needs to be supported by the Vendor - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).
  3. The target platform must be backwards compatible with the most recent version in general use - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch may run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).
  4. People want to use Cwtch on that platform - We will generally only consider new platform support if people ask us about it. If Cwtch isn't available for a platform you want to use it on, then please get in touch and ask us about it!

Summary of official support

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. A version of this table will be maintained as part of the Cwtch Handbook.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOS🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Other Android Distributions🟡🟡Testing Needed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch UI Platform Support

· 11 minuti di lettura
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

Constraints on support

From CPU architecture, to app store policies, there are a large number of constraints that restrict what platforms Cwtch can target, and how usable Cwtch may be on those systems.

In this section we will highlight the restrictions that we are aware of, and provide a summary of the major external forces that impact our ability to support Cwtch across various platforms.

Limitations on general-purpose computing

In order for Cwtch to work, and be useful, it needs the ability to launch and manage long-lived onion services (in addition to Tor connections to other onion services).

On desktop platforms this is usually a given, but the ability to do that kind of activity on mobile operating systems is severely limited or, in many cases, blocked entirely.

This is the core reason why Cwtch is not available on iOS, and the main reason why Android support often lags behind.

While we expect that Arti will improve the management of onion services and connections, there is no way around the need to have an active process managing such services.

As Appstore restrictions are tightened, and mobile operating systems are likewise restricted, we expect that Cwtch on mobile will have to move to a light-client model, requiring the aid of a companion desktop application to be usable.

We encourage you to support mobile operating system vendors who understand the value of general purpose computing, and who don't place restrictions on what you can do with your own device.

Constraints introduced by the Flutter SDK

The Cwtch UI is based on Flutter, and as such we have some hard boundaries driven by platforms that are supported by the Flutter SDK.

To summarize, as of writing this document those platforms are:

  • Android API 16 and above (arm, arm64, and amd64)
  • Debian-based Linux Distributions (64-bit only)
  • macOS El Capitan (10.11) and above
  • Windows 7 & above (64-bit only)

To put it plainly, without porting Cwtch UI to a different UI platform we cannot support a 32-bit desktop version.

Constraints introduced by Appstore Policy

As of writing, Google is pushing applications to target API 31 or above. This target API version is increased on a regular cadence and usually packaged with greater restrictions on what applications can do. To put it another way, even if our minimum theoretical supported Android version is 16, we are practically limited to a subset of tolerated functionality.

CPU Architecture and Cwtch Bindings

We currently build the Cwtch UI and Cwtch Bindings for a wide variety of platform/architecture combinations (see the table below). Our ability to support a given architecture is driven primarily by the overlap of Go Compiler support, Flutter SDK support, and what architectures the underling operating system is available for.

It is worth noting that there is an explicit dependency between the Bindings and the UI. If we cannot build Cwtch Bindings for a given architecture (i.e. if the Go Compiler does not support a given architectures), then we also cannot offer the Cwtch UI for that architecture.

Architecture / PlatformWindowsLinuxmacOSAndroid
arm✅️
arm64🟡✅️
x86-64 / amd64✅️✅️

"🟡" - indicates that support is possible, but not yet official e.g. arm64 linux (Raspberry Pi).

Testing and official support

As a non-profit, and an open source software project, we are limited in the resources we have to invest. We rely on the Cwtch Release Candidate Testers to do much of the heavy lifting when it comes to Cwtch support on various platforms. This is especially true when it comes to Android variants where, even after testing across the spread of devices available to the Cwtch team, testers still encounter major issues.

We officially only perform full scale automated tests on Linux. With minimal platform regression tests on Windows, Android and OSX. Prior to Cwtch Stable we plan to have support for running automated regression tests across Linux, Windows and Android instances.

End-of-life platforms

Operating Systems are never supported indefinitely. The Flutter SDK may allow support for Windows 7, but Microsoft no longer does. Windows 7 fell out of support on January 14, 2020, Windows 8 followed early this month, on January 10th. 2023. Windows 10 will no longer be support after October 14, 2025.

Likewise, while the Flutter SDK official supports OSX versions back to El Capitan (version 10.11), the oldest OSX version currently supported by Apple is Big Sur (version 11). While it may be possible for us to build different versions of Cwtch targeting different OSX versions, we would be doing so against unsupported SDK versions - incurring not only a support cost, but a possible security one also.

The same fundamental restrictions also impact Linux based distributions. While Flutter supports Ubuntu 18.04, and the platform still receiving updates until April 2023, the Cwtch team does not, because of the outdated version of libc installed on the platform would require a distinct build process. Cwtch currently requires libc 2.31+.

Android versions prior to Android 10 are no longer officially support, and the requirement to target the most recent versions of Android for inclusion on the Google Playstore mean that long term support for Android versions is driven almost entirely by Google. While Flutter technically has support for Android 16 and above (and we target that as a minimum SDK version), because we have to target the most recent SDK for inclusion on Google Playstore, we cannot make guarantees that these SDKs are fully backwards compatible. We encourage volunteers interested in Cwtch Android to join our Cwtch Release Candidate Testers groups to help us understand the limitations of Android support across different API versions.

How we decide to officially support a platform

To help make decisions on what platforms we target for official builds, the Cwtch team have developed four key tenets:

  1. The target platform needs to be officially supported by our development tools - We do not have the resources to maintain forks of the Go compiler or the Flutter SDK that target other operating systems or architectures. The one exception to this rule are non-Debian Linux distributions which while not officially supported by Flutter, are unlikely to have major blockers to official support.
  2. The target operating system needs to be supported by the Vendor - We cannot support a platform that is no longer receiving security updates. Nor do we have the resources to maintain distinct build environments that target out-of-support operating systems. While Cwtch may run on these platforms without additional assistance, we will not schedule work to fix broken support on such platforms. (We may, however, accept Pull Requests from volunteers).
  3. The target platform must be backwards compatible with the most recent version in general use - Even if a system is technically supported by our development tools, and still receives security updates from the vendor, we may still be unbale to officially support it if doing so requires maintaining a separate build environment (because SDK or APIs of dependent libraries are no longer backwards compatible). Like above, Cwtch may run on these platforms without additional assistance, but we will not schedule work to fix broken support on such platforms. (we may, however, accept Pull Requests from volunteers).
  4. People want to use Cwtch on that platform - We will generally only consider new platform support if people ask us about it. If Cwtch isn't available for a platform you want to use it on, then please get in touch and ask us about it!

Summary of official support

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. A version of this table will be maintained as part of the Cwtch Handbook.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOS🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Other Android Distributions🟡🟡Testing Needed.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-stable-api-design/index.html b/build-staging/it/blog/cwtch-stable-api-design/index.html index 2dec6602..caaf48f8 100644 --- a/build-staging/it/blog/cwtch-stable-api-design/index.html +++ b/build-staging/it/blog/cwtch-stable-api-design/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Stable API Design

· 18 minuti di lettura
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

Clarifying Terminology

Over the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:

  • Cwtch refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application.
  • Cwtchlib refers to the reference implementation of the Cwtch Protocol / Application framework, currently written in Go.
  • Bindings refers to C/Java/Kotlin/Rust bindings (primarily libcwtch-go) that act as an interface between Cwtchlib and downstream applications.
  • CwtchPeer is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).
  • ProtocolEngine is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, ProtocolEngine is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.

Tenets of the Cwtch API Design

Based on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:

  • Robustness - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.
  • Completeness - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.
  • Security – experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.

The Cwtch Experiment Landscape

A summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.

  • Groups – the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized ProtocolEngine functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup.
    • Hybrid Groups - we have plans to upgrade the Groups experience to a more flexible “hybrid-groups” protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.
  • Filesharing – like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in ProtocolEngine.
  • Profile Images – based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.
  • Server Hosting – the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.
  • Message Formatting – notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history
  • Search / Microblogging – proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.
  • Status / Profile Metadata – proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.

The Problem with Experiments

We have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the SendMessages interface that only allows callers to send messages.

We have also worked to package experimental functionality into so-called Gated Functionalities that are only available if a given experiment is turned on.

Together, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:

  • The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. SendMessages – there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).
  • The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.
  • This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.

Restricting Powerful Cwtch APIs

To carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:

  • Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through Application and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.
  • Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a RestrictedCwtchConversationInterface which decorates a Cwtch Profile interface such that it can only interact with a single conversation – these can then be passed into hooks and interface functions to limit their impact.
  • Registered Hooks at pre-specified points with restricted capabilities – to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow CwtchPeer to control which experiments get access to which events at a given time.

Pre-Registered Hooks

In order to implement certain functionality actions need to take place in-between events handled by CwtchPeer. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).

This is currently only possible with invasive changes to the CwtchPeer interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.

We are introducing a new set of Cwtch APIs designed for this purpose:

  • OnNewPeerMessage - hooked prior to inserting the message into the database.
  • OnPeerMessageConfirmed – hooked after a peer message has been inserted into the database.
  • OnEncryptedGroupMessage – hooked after receiving an encrypted message from a group server.
  • OnGroupMessageReceived – hooked after a successful decryption of a group message, but before inserting it into the database.
  • OnContactRequestValue – hooked on request of a scoped (the permission level of the attribute e.g. public or conversation level attributes), zoned ( relating to a specific feature e.g. filesharing or chat), and keyed (the name of the attribute e.g. name or manifest) value from a contact.
  • OnContactReceiveValue – hooked on receipt of a requested scoped,zoned, and keyed value from a contact.

Including the following APIs for managing hooked functionality:

  • RegisterEvents - returns a set of events that the extension is interested processing.
  • RegisterExperiments - returns a set of experiments that the extension is interested in being notified about
  • OnEvent - to be called by CwtchPeer whenever an event registered with RegisterEvents is called (assuming all experiments registered through RegisterExperiments is active)

ProtocolEngine Subsystems

As mentioned in our experiment summary, some functionality needs to be implemented directly in the ProtocolEngine. The ProtocolEngine is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).

Some types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a ProtocolEngine.

At the moment is this done through the concept of informal “subsystems”, modular add-ons to ProtocolEngine that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider ProtocolEngine ecosystem.

We are formalizing this subsystem into an interface, similar to the hooked functionality in CwtchPeer:

  • RegisterEvents - returns a set of events that the subsystem needs to consume to operate.
  • OnEvent – to be called by ProtocolEngine whenever an event registered with RegisterEvents is called (when all the experiments registered through RegisterExperiments are active)
  • RegisterContexts - returns the set of contexts that the subsystem implements e.g. im.cwtch.filesharing

This also requires a formalization of two engine specific events (for use on the event bus):

  • SendCwtchMessage – encapsulating the existing CwtchPeerMessage that is used internally in ProtocolEngine for messages between subsystems.
  • CwtchMessageReceived – encapsulating the existing handlePeerMessage function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.

And the introduction of three additional ProtocolEnine specific events:

  • StartEngineSubsystem – replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.
  • StopEngineSubsystem – replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.
  • SubsystemStatus – a generic event that can be published by subsystems with a collection of fields useful for debugging

This will allow us to move the following functionality, currently part of ProtocolEngine itself, into generic subsystems:

  • Attribute Lookup Handling - this functionality is currently part of the overloaded handlePeerMessage function, filtered using the Context parameter of the CwtchPeerMessage. As such it can be entirely delegated to a subsystem.
  • Filesharing Chunk Request Handling – this is also part of handlePeerMessage, also filtered using the Context parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by handlePeerMessage)
  • Filesharing Start File Share/Stop File Share – this is currently part of the handleEvent behaviour of ProtocolEngine and can be moved into an OnEvent handler of the file sharing subsystem (where such events are already processed).

The introduction of pre-registered hooks in combination with the formalizations of ProtocolEngine subsystems will allow the follow functionality, currently implemented in CwtchPeer or libcwtch-go to be moved to standalone packages:

  • Filesharing makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension.
    • Filesharing also depends on the file sharing subsystem to be enabled in a ProtocolEngine. This subsystem is responsible for processing chunk requests.
  • Profile Images – we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)
  • Legacy Groups – while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.
  • Status/Profile Metadata – status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.

Impact on Enabling (Powerful) New Functionality

None of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:

  • Search – a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.
  • Non Chat Conversation Contexts - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.

Application Experiments

One kind of experiment we haven’t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting – this allows a Cwtch desktop client to setup and manage Cwtch Servers.

This kind of functionality doesn’t belong in Cwtchlib – as it would necessarily introduce unrelated dependencies into the core library.

This functionality also doesn’t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.

Bindings

The last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.

We can split the bindings into four core areas:

  • Application Management - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.
  • Application Experiments - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.
  • Core Profile Management - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.
  • Experimental Profile Features – auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.

The flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.

In an ideal future, all of these bindings could be generated automatically from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)

We can define three types of C/Java/Kotlin interface function templates:

  • ProfileMethodName(profilehandle String, args...) – which directly resolves the Cwtch Profile and calls the function.
  • ProfileExperimentalMethodName(profilehandle String, args...) – which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.
  • ApplicationExperimentalMethodName(args...) – which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.

All we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context ProfileInterface for the first, exported methods of the various Functionalities for the second, and ApplicationExperiment definitions for the third.

Timelines and Next Actions

  • Freeze any changes to the bindings interface - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 – until we have implemented the proposed changes into cwtchlib.
  • As part of Cwtch 1.11 and 1.12 Release Cycles
    • Implement the ProtocolEngine Subsystem Design as outlined above.
    • Implement the Hooks API.
    • Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib – with the exception of behaviour related to Application Experiments (i.e. Server Hosting).
    • Move event handling from the bindings into Application.
    • Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) – keeping the existing interface definitions.
  • Once Automated UI Tests have been integrated into the Cwtch UI Repository:
    • Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings and a dart calling convention library from cwtchlib and any configured application experiments libraries
    • Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).
    • At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Appendix A: Special Behaviour Defined by libcwtch-go

The following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:

  • Application Settings
    • Including Enabling / Disabling Experiment
  • ACN Process Management - starting/stopping/restarting/configuring Tor.
  • Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)
  • Logging Levels - configuring appropriate logging levels (e.g. INFO or DEBUG)
  • Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.
  • UI Contact Structures - aggregating contact information for the main Cwtch UI.
  • Group Experiment Functionality
    • Experiment Gating
    • GetServerInfoList
    • GetServerInfo
    • UI Server Struct Definition
  • Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.
  • "Unencrypted" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated "unencrypted".
  • Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).
  • Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.
  • Cwtch Profile Engine Activation - starting/stopping a ProtocolEngine when requested by the UI, or in response to changes in ACN state.
  • UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.
  • File sharing restarts
  • UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn't directly embedded within the event (e.g. converting handle to a conversation id). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.
  • Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)
- +

Cwtch Stable API Design

· 18 minuti di lettura
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

Clarifying Terminology

Over the years we have evolved how we talk about the various parts of the Cwtch ecosystem. To make this document clear we have revised and clarified some terms:

  • Cwtch refers to the overall ecosystem including all the component libraries, bindings, and the flagship Cwtch application.
  • Cwtchlib refers to the reference implementation of the Cwtch Protocol / Application framework, currently written in Go.
  • Bindings refers to C/Java/Kotlin/Rust bindings (primarily libcwtch-go) that act as an interface between Cwtchlib and downstream applications.
  • CwtchPeer is where the reference Cwtch API is defined. It is responsible for managing the state of a single Cwtch Profile, persistence (e.g. storing messages), and automatically reacting to certain messages like message acknowledgements and providing public profile attributes (e.g. profile display name).
  • ProtocolEngine is responsible for maintaining networking resources like listening threads, peer connections, ephemeral server connections. At present, ProtocolEngine is also responsible for automatically responding to certain kinds of messages like providing file chunks for shared files.

Tenets of the Cwtch API Design

Based on the tenets we have laid out for the Path to Cwtch Stable, we have adopted the following guiding principles for a new API design:

  • Robustness - new features and functionality can be implemented in Cwtch without adding new functions or dependencies to existing Cwtch interfaces.
  • Completeness - all behaviour is either defined in the official library, or explicitly deferred to applications, no special behaviour is implemented by intermediate wrappers.
  • Security – experiments should not compromise existing Cwtch functionality - and should be able to be turned on/off at any time without issue.

The Cwtch Experiment Landscape

A summary of the experiments that are currently implements or in design, and the changes to the code that were required to support them.

  • Groups – the very first prototypes of Cwtch were designed around group messaging and, as such, multi-party chats are the most integrated experiment within Cwtch sharing interfaces with P2P chat and requiring specialized ProtocolEngine functionality to manage ephemeral connections and antispam tokens, including the introduction of new peer events like NewMessageFromGroup.
    • Hybrid Groups - we have plans to upgrade the Groups experience to a more flexible “hybrid-groups” protocol which requires additional custom hook-response that needs to be tightly controlled and isolated from other parts of the system.
  • Filesharing – like Groups, Filesharing is a cross-cutting feature that required new APIs, new Hooks into Peer Events, and additional capability in ProtocolEngine.
  • Profile Images – based on Filesharing and the core get/val functionality, there are only a few small parts of the codebase that are explicitly dedicated to profile images, and these are all event-based reactions that currently reside in the event-decoration module of licwtch-go, but could easily be moved to a standalone module if a hook-based API was available.
  • Server Hosting – the only example of an Application-level experiment in Cwch at present. This functionality requires no changes to the cwtchlib module, but is mainly implemented in the libcwtch-go bindings themselves. Ideally this functionality would be moved into a standalone package.
  • Message Formatting – notable as the the main example of a former experimental-functionality that was promoted to an optional feature, but because it is entirely UI based in implementation there are few insights that can be gained from its history
  • Search / Microblogging – proposed features that would require database access/changes in order to implement fully and efficiently, any proposed changes to the Cwtch API should allow for the possibility of new functionality at all layers of the Cwtch stack, including storage.
  • Status / Profile Metadata – proposed features that only require specific APIs / hooks for saving requested information for the purposes of caching.

The Problem with Experiments

We have done some work in past to limit the impact an experimental feature can have on the rest of Cwtch, mainly through providing restricted sets of public Cwtch APIs e.g. the SendMessages interface that only allows callers to send messages.

We have also worked to package experimental functionality into so-called Gated Functionalities that are only available if a given experiment is turned on.

Together, these form the current basis for implementing to Cwtch features in the official libraries, but they are not without problems:

  • The scope of a functionality is rather broad, and can only be passed a complete Cwtch profile or a denoted subset of functionality e.g. SendMessages – there is no current way to scope a function to a specific conversation, or to a given zone (e.g. filesharing code is technically able to update attributes unrelated to filesharing).
  • The implementation of experiments has mostly been delegated to bindings and, as such, the gating inside CwtchLib is limited, often relying on state to be passed into it by the bindings, or relying on the bindings explicitly disable the functionality.
  • This lack of ownership over experiments by the official CwtchLib means that libraries based on CwtchLib instead of bindings do not have access to the safeguards provided by the bindings.

Restricting Powerful Cwtch APIs

To carefully expand Cwtch out using additional experimental APIs we must work to limit the impact further e.g. restricting actions to a given type of conversation, or only executing actions at registered times. To do this we require three separate but related strands of work:

  • Assume responsibility for experiments and features in Cwtch itself so that Cwtchlib has direct access to which experiments are enabled at any given time. Doing this allows changes to settings to always flow through Application and, (as currently happens with Anonymous Communication Network (ACN) state), provides a natural point at which to interface those changes into a Cwtch Profile.
  • Finer-grained Interfaces that allow restricting actions to preregistered conversation types e.g. a RestrictedCwtchConversationInterface which decorates a Cwtch Profile interface such that it can only interact with a single conversation – these can then be passed into hooks and interface functions to limit their impact.
  • Registered Hooks at pre-specified points with restricted capabilities – to allow experimental functionality to register interest in certain events, and act on them at the correct time, and to allow CwtchPeer to control which experiments get access to which events at a given time.

Pre-Registered Hooks

In order to implement certain functionality actions need to take place in-between events handled by CwtchPeer. As a motivating example consider a new group membership protocol overlayed above the existing messages. Such a protocol may require checking against group permission settings after receiving a new message, but before inserting it into into the database (e.g. the message author needs to be confirmed against the list of current members authorized to post to the group).

This is currently only possible with invasive changes to the CwtchPeer interface, explicitly inserting a hook point and acting on it. In an ideal design we would be able to register such hooks for most likely events without additional development effort.

We are introducing a new set of Cwtch APIs designed for this purpose:

  • OnNewPeerMessage - hooked prior to inserting the message into the database.
  • OnPeerMessageConfirmed – hooked after a peer message has been inserted into the database.
  • OnEncryptedGroupMessage – hooked after receiving an encrypted message from a group server.
  • OnGroupMessageReceived – hooked after a successful decryption of a group message, but before inserting it into the database.
  • OnContactRequestValue – hooked on request of a scoped (the permission level of the attribute e.g. public or conversation level attributes), zoned ( relating to a specific feature e.g. filesharing or chat), and keyed (the name of the attribute e.g. name or manifest) value from a contact.
  • OnContactReceiveValue – hooked on receipt of a requested scoped,zoned, and keyed value from a contact.

Including the following APIs for managing hooked functionality:

  • RegisterEvents - returns a set of events that the extension is interested processing.
  • RegisterExperiments - returns a set of experiments that the extension is interested in being notified about
  • OnEvent - to be called by CwtchPeer whenever an event registered with RegisterEvents is called (assuming all experiments registered through RegisterExperiments is active)

ProtocolEngine Subsystems

As mentioned in our experiment summary, some functionality needs to be implemented directly in the ProtocolEngine. The ProtocolEngine is responsible for managing networking clients, and sending/receiving packets from those clients to/from a CwtchPeer (via the event bus).

Some types of data are too costly to send over the event bus e.g. requested chunks from shared files, and as such we need to delegate the handling of such data to a ProtocolEngine.

At the moment is this done through the concept of informal “subsystems”, modular add-ons to ProtocolEngine that process certain events. The current informal nature of this design means that there are not hard-and-fast rules regarding what functionality lives in a subsystem, and how subsystems interact with the wider ProtocolEngine ecosystem.

We are formalizing this subsystem into an interface, similar to the hooked functionality in CwtchPeer:

  • RegisterEvents - returns a set of events that the subsystem needs to consume to operate.
  • OnEvent – to be called by ProtocolEngine whenever an event registered with RegisterEvents is called (when all the experiments registered through RegisterExperiments are active)
  • RegisterContexts - returns the set of contexts that the subsystem implements e.g. im.cwtch.filesharing

This also requires a formalization of two engine specific events (for use on the event bus):

  • SendCwtchMessage – encapsulating the existing CwtchPeerMessage that is used internally in ProtocolEngine for messages between subsystems.
  • CwtchMessageReceived – encapsulating the existing handlePeerMessage function which effectively already serves this purpose, but instead of using an Observer pattern, is implemented as an increasingly unwieldy set of if/else blocks.

And the introduction of three additional ProtocolEnine specific events:

  • StartEngineSubsystem – replaces subsystem specific start event, can be driven by functionalities to (re)start protocol specific handling.
  • StopEngineSubsystem – replaces subsystem specific stop event mechanisms, can be driven by functionalities to stop all protocol specific handling.
  • SubsystemStatus – a generic event that can be published by subsystems with a collection of fields useful for debugging

This will allow us to move the following functionality, currently part of ProtocolEngine itself, into generic subsystems:

  • Attribute Lookup Handling - this functionality is currently part of the overloaded handlePeerMessage function, filtered using the Context parameter of the CwtchPeerMessage. As such it can be entirely delegated to a subsystem.
  • Filesharing Chunk Request Handling – this is also part of handlePeerMessage, also filtered using the Context parameter, and is already almost entirely implementing in a standalone subsystem (only routing is handled by handlePeerMessage)
  • Filesharing Start File Share/Stop File Share – this is currently part of the handleEvent behaviour of ProtocolEngine and can be moved into an OnEvent handler of the file sharing subsystem (where such events are already processed).

The introduction of pre-registered hooks in combination with the formalizations of ProtocolEngine subsystems will allow the follow functionality, currently implemented in CwtchPeer or libcwtch-go to be moved to standalone packages:

  • Filesharing makes heavy use of the getval/retval functionality, we can move all of this into a hooked-based functionality extension.
    • Filesharing also depends on the file sharing subsystem to be enabled in a ProtocolEngine. This subsystem is responsible for processing chunk requests.
  • Profile Images – we treat profile images as a specialization of the file sharing function, as such the experiment can operate entirely over apis provided by the filesharing experiment. (Right now this specialization lives in libcwtch-go as hooks into the relevant functions)
  • Legacy Groups – while groups themselves are a first-class consideration for Cwtch, the actual process of constructing and receiving group messages relies heavily on processing of events, or interpreting generic conversation attributes, and as such this functionality can be moved entirely to hooked-based functionality. By doing this we also open the path towards introducing new group protocols based on the same interface.
  • Status/Profile Metadata – status depends entirely on OnPeerRequestValue / OnPeerReceiveValue and requires little Cwtch Peer interaction other than saving the result.

Impact on Enabling (Powerful) New Functionality

None of the above restricts our ability to introduce new functionality in to Cwtch that is dependent on more invasive changes (e.g. direct database access / updates), but they do allow us to structure such changes into discrete modules:

  • Search – a fulltext search feature requires new indexes to be created in Cwtch Storage (likely using the sqlite FT5 module). As an experiment SearchFunctionality would need access to a hook after database setup in order to create and populate those indexes. This is a far more powerful feature than most as it requires direct database access.
  • Non Chat Conversation Contexts - the storage backend work we implemented last year had a long-term goal of enabling non-chat contexts like microblogging. Like search, these kinds of experiments will require deeply integrated access to the Cwtch database.

Application Experiments

One kind of experiment we haven’t touched on yet is additional application functionality, at present we have one main example: Embedded Server Hosting – this allows a Cwtch desktop client to setup and manage Cwtch Servers.

This kind of functionality doesn’t belong in Cwtchlib – as it would necessarily introduce unrelated dependencies into the core library.

This functionality also doesn’t belong in the bindings either. They should be as minimal as possible. To that end, we will be moving this functionality out of the bindings and into dedicated repositories which can be managed via an Application Experiment interface.

Bindings

The last problem to be solved is how to interface experiments with the bindings (libcwtch-go) and ultimately downstream applications.

We can split the bindings into four core areas:

  • Application Management - functionality necessary to manage the core Cwtch application e.g. StartCwtch, ReconnectCwtchForeground, Shutdown, CreateProfile etc. This category also include FreePointer which is necessary for safe memory management.
  • Application Experiments - auxiliary functionality that augments the Cwtch application with new features e.g. Server Hosting etc.
  • Core Profile Management - core non-experimental functionality that requires a profile e.g. ImportBundle, SendMessage etc. These apis take a handle in addition to the parameters needed to call the underlying function.
  • Experimental Profile Features – auxiliary functionality that augments profiles with additional features e.g. ShareFile, SetProfileImage etc. These apis also take a handle.

The flip side of the bindings is the event bus handing which is responsible for maintaining a queue for the downstream application. This queue provides some filtering and enhancement of events to improve performance. This queue can be moved entirely into Application with only GetAppBusEvent defined and exposed in the bindings.

In an ideal future, all of these bindings could be generated automatically from the Cwtchlib interface definitions i.e. there should be no special functionality in the bindings themselves. The generation would need to include C bindings (untyped with automatic checks) and the Dart library calling convention (type safe)

We can define three types of C/Java/Kotlin interface function templates:

  • ProfileMethodName(profilehandle String, args...) – which directly resolves the Cwtch Profile and calls the function.
  • ProfileExperimentalMethodName(profilehandle String, args...) – which checks the current application settings to see if the experiment is enabled, and then resolves the CwtchProfile and calls the function - else errors.
  • ApplicationExperimentalMethodName(args...) – which checks the current application settings to see if the experiment is enabled, and if so, calls the experimental application functionality.

All we need to know from CwtchLib is what methods to export to C bindings, and what template they should use. This can be automatically derived from the context ProfileInterface for the first, exported methods of the various Functionalities for the second, and ApplicationExperiment definitions for the third.

Timelines and Next Actions

  • Freeze any changes to the bindings interface - we have made minimal changes to the bindings in the Cwtch 1.9 and 1.10 – until we have implemented the proposed changes into cwtchlib.
  • As part of Cwtch 1.11 and 1.12 Release Cycles
    • Implement the ProtocolEngine Subsystem Design as outlined above.
    • Implement the Hooks API.
    • Move all special behaviour / extra functionalities in the libcwtch-go bindings into cwtchlib – with the exception of behaviour related to Application Experiments (i.e. Server Hosting).
    • Move event handling from the bindings into Application.
    • Move Application Experiments defined in bindings into their own libraries (or integrate them into existing libraries like cwtch-server) – keeping the existing interface definitions.
  • Once Automated UI Tests have been integrated into the Cwtch UI Repository:
    • Write a generate-cwtch-bindings tool that auto generates the libcwtch-go C/Android bindings and a dart calling convention library from cwtchlib and any configured application experiments libraries
    • Port the existing UI app to use the newly generated dart Cwtch library (this must wait until we have automated UI testing as part of the build process to ensure that there are no regressions during this process).
    • At this point the bindings are based off of the generated library and libcwtch-go is deprecated / replaced with automatically generated and versioned bindings.

As these changes are made, and these goals met we will be posting about them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Appendix A: Special Behaviour Defined by libcwtch-go

The following is an exhaustive list of functionality currently provided by libcwtch-go bindings instead of the cwtchlib:

  • Application Settings
    • Including Enabling / Disabling Experiment
  • ACN Process Management - starting/stopping/restarting/configuring Tor.
  • Notification Handling - augmenting/suppressing/augmenting interesting event notifications (primarily for Android)
  • Logging Levels - configuring appropriate logging levels (e.g. INFO or DEBUG)
  • Profile Images Helper Functions - handling default profile images for contacts and groups, in addition to looking up custom profile images if the experiment is enabled.
  • UI Contact Structures - aggregating contact information for the main Cwtch UI.
  • Group Experiment Functionality
    • Experiment Gating
    • GetServerInfoList
    • GetServerInfo
    • UI Server Struct Definition
  • Server Hosting Experiment Functionality - creating/deleting/managing the server hosting experiment for desktop Cwtch clients.
  • "Unencrypted" Profile Handling - replacing a blank password with a default password where the underlying API expects a password but the profile has been designated "unencrypted".
  • Image Previews Experiment Handling - automatically starting the downloading of certain file types (when the experiment is enabled).
  • Cwtch UI Reconnection Handling (for Android) - restarting various Cwtch subsystems when the UI attempts to reconnect in circumstances where the Android kernel has killed the underlying process.
  • Cwtch Profile Engine Activation - starting/stopping a ProtocolEngine when requested by the UI, or in response to changes in ACN state.
  • UI Profile Aggregation - aggregating information related to Profiles for the UI (e.g. network connection status / unread messages) into a single event.
  • File sharing restarts
  • UI Event Augmentation - augmenting various internal Cwtch events with information that the UI needs but that isn't directly embedded within the event (e.g. converting handle to a conversation id). Much of this augmentation is legacy, implemented before recent changes to internal Cwtch structs, and likely can either be removed entirely, or delegated into Cwtch itself.
  • Debug Information - special information available to Cwtch debug builds (memory use / active goroutines etc.)
+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-stable-roadmap-update-june/index.html b/build-staging/it/blog/cwtch-stable-roadmap-update-june/index.html index 4af160f9..a7df8335 100644 --- a/build-staging/it/blog/cwtch-stable-roadmap-update-june/index.html +++ b/build-staging/it/blog/cwtch-stable-roadmap-update-june/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Stable Roadmap Update

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the Cwtch Stable Roadmap

Back in March we extended and updated several goals from our January roadmap that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.

(✅ means complete, 🟡 means in-progress, 🕒 reprioritized)

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document ✅ - Release Process
    • A Cwtch Packaging Document ✅ - Packaging Documentation
    • Completion of documentation of existing Cwtch features, including relevant screenshots. 🟡 - new features are documented to the standards outlined in new documentation style guide, and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries ✅ - Building a Cwtch App
    • Automatically generated API documentation for libCwtch 🕒 - this effort has been delayed pending other higher priority work.
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. 🟡 - we have recently made a few updates to Repliqate to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team 🕒 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems 🟡 - we have already launched an environment for testing Tails. Other platforms are underway.
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

Next Steps, Refinements, Additional Work

As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments.

Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.

However, Cwtch Beta 1.12 featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.

The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.

We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Stable Roadmap Update

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the Cwtch Stable Roadmap

Back in March we extended and updated several goals from our January roadmap that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of many of these goals, we can look back and see how work is progressing.

(✅ means complete, 🟡 means in-progress, 🕒 reprioritized)

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document ✅ - Release Process
    • A Cwtch Packaging Document ✅ - Packaging Documentation
    • Completion of documentation of existing Cwtch features, including relevant screenshots. 🟡 - new features are documented to the standards outlined in new documentation style guide, and many older feature documentation features have been updated to that standard. Work is ongoing to refine the standard.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries ✅ - Building a Cwtch App
    • Automatically generated API documentation for libCwtch 🕒 - this effort has been delayed pending other higher priority work.
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist. 🟡 - we have recently made a few updates to Repliqate to support this work, and expect to begin in-depth examination of build artifacts in the next couple of weeks.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team 🕒 - after some initial explorations into new Go fuzzing tools we reached the conclusion that it would be better to replace this effort with other assurance work (see below).
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems 🟡 - we have already launched an environment for testing Tails. Other platforms are underway.
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labeled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

Next Steps, Refinements, Additional Work

As you may have noticed above we have reprioritized some work after initial investigations forced us to reevaluate the expected cost/benefit trade-off. This has allowed us to move up timelines for tasks e.g. reproducible UI builds and testing environments.

Other work has been reprioritized due to developer availability. Documentation work in particular has not progressed as fast as we would like.

However, Cwtch Beta 1.12 featured many new features alongside improved performance, more robust packaging, and several fixes impacting experimental features like file sharing.

The work that we have done on reproducible and automatically generated bindings has considerably reduced the maintenance burden associated with updates and adding new features, and has allowed us to also tackle long standing issues related to Tor process managements and Cwtch startup.

We are still on track for releasing a Cwtch Stable release candidate in August 2023, with an official Cwtch Stable release expected shortly afterwards.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-stable-roadmap-update/index.html b/build-staging/it/blog/cwtch-stable-roadmap-update/index.html index c09d66f3..ff909264 100644 --- a/build-staging/it/blog/cwtch-stable-roadmap-update/index.html +++ b/build-staging/it/blog/cwtch-stable-roadmap-update/index.html @@ -12,13 +12,13 @@ - +
-

Cwtch Stable Roadmap Update

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the January Roadmap

Back in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:

(✅ means complete, 🟡 means in-progress, ❌ not started.)

  • By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). ✅
  • By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases. ✅
  • By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:
  • By 31st March 2023, the Cwtch team will have created:
    • a style guide for documentation, and ✅
    • have used it to ensure that all Cwtch features have consistent documentation available, 🟡
    • with at least one screenshot (where applicable). 🟡
  • By 31st March 2023 the Cwtch team will have published:
  • By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. ✅
  • By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team ❌
  • By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable ✅ (this post!)

While we didn't hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:

A Timeline for Cwtch Stable

Now for the big news, we plan on releasing a candidate Cwtch Stable release during Summer 2023. Here is our plan for getting there:

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document
    • A Cwtch Packaging Document
    • Completion of documentation of existing Cwtch features, including relevant screenshots.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries
    • Automatically generated API documentation for libCwtch
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Cwtch Stable Roadmap Update

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

Update on the January Roadmap

Back in January we outlined several goals that we would have to hit on our way to Cwtch Stable, and the timelines for achieving them. Now that we have reached target date of the last of these goals, we can look back and see how we did:

(✅ means complete, 🟡 means in-progress, ❌ not started.)

  • By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases). ✅
  • By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases. ✅
  • By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for:
  • By 31st March 2023, the Cwtch team will have created:
    • a style guide for documentation, and ✅
    • have used it to ensure that all Cwtch features have consistent documentation available, 🟡
    • with at least one screenshot (where applicable). 🟡
  • By 31st March 2023 the Cwtch team will have published:
  • By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository. ✅
  • By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team ❌
  • By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable ✅ (this post!)

While we didn't hit all of our goals, we did make progress on nearly all of them, and in addition also made progress in a few other key areas:

A Timeline for Cwtch Stable

Now for the big news, we plan on releasing a candidate Cwtch Stable release during Summer 2023. Here is our plan for getting there:

  • By 30th April 2023 the Cwtch team will have written the remaining outstanding documentation from the January roadmap including:
    • A Cwtch Release Process Document
    • A Cwtch Packaging Document
    • Completion of documentation of existing Cwtch features, including relevant screenshots.
  • By 30th April 2023 the Cwtch team will have also released developer-centric documentation including:
    • A guide to building Cwtch-apps using official libraries
    • Automatically generated API documentation for libCwtch
  • By 30th June 2023 the Cwtch team will have released new Cwtch Beta releases (1.12+) featuring:
  • By 31st July 2023 the Cwtch team will have completed several infrastructure upgrades including:
    • Extended reproducible builds to cover the Cwtch UI, or document where the blockers to achieving this exist.
    • Integration of automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team
    • New testing environments for F-droid, Whonix, Raspberry Pi and other partially supported systems
  • By 31st August 2023 the Cwtch team will have a released Cwtch Stable Release Candidate:
    • At this point we expect that the Cwtch application and existing documentation will be robust and complete enough to be labelled as stable.
    • Along with this label comes a higher standard for how we consider all aspects of Cwtch development. The work we have done up to this point reflects a much stronger development pipeline, and an ongoing commitment to security.
    • This does not mark an end to Cwtch development, or new Cwtch features. But it does denote the point at which we consider Cwtch to be appropriate for wider use.

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Get Involved

We have noticed an uptick in the number of people reaching out interested in contributing to Cwtch development. In order to help people get acclimated to our development flow we have created a new section on the main documentation site called Developing Cwtch - there you will find a collection of useful links and information about how to get started with Cwtch development, what libraries and tools we use, how pull requests are validated and verified, and how to choose an issue to work on.

We also also updated our guides on Translating Cwtch and Testing Cwtch.

If you are interested in getting started with Cwtch development then please check it out, and feel free to reach out to team@cwtch.im (or open an issue) with any questions. All types of contributions are eligible for stickers.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-testing-i/index.html b/build-staging/it/blog/cwtch-testing-i/index.html index c6159f84..50392da7 100644 --- a/build-staging/it/blog/cwtch-testing-i/index.html +++ b/build-staging/it/blog/cwtch-testing-i/index.html @@ -12,14 +12,14 @@ - +
-

Notes on Cwtch UI Testing

· 5 minuti di lettura
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

Current Limitations of Flutter Gherkin

The original flutter_gherkin is under semi-active development; however, the latest published versions don't support using it with flutter test.

  • Flutter Test was originally intended to run single widget/unit tests for a Flutter project.
  • Flutter Drive was originally intended to run integration tests on a device or an emulator.

However, in recent releases these lines have become blurred. The new integration_test package that comes built into newer Flutter releases has support for both flutter drive and flutter test. This was a great change because it decreases the required overhead to run larger integration tests (flutter drive sets up a host-controller model that requires a dedicated control channel to be setup, whereas flutter test can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).

There is thankfully code in the flutter_gherkin repository that supports running tests with flutter test, however this code currently has a few issues:

  • The test code generation produces code that doesn't compile without minor changes.
  • Certain functionality like "take a screenshot" does not work on desktop.

Additionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:

  • Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.
  • Certain Flutter widgets like DropdownButton are not compatible with built-in steps like tap because they internally contain multiple copies of the same widget.

Because of the above issues we have chosen to fork flutter_gherkin to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.

Integrating Tests into the Pipeline

One of the major limitations of flutter test is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.

Thankfully it is possible to use Xfvb to create a virtual framebuffer, and set DISPLAY to render to that buffer:

export DISPLAY=:99
Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &

This allows us to neutralize our main issue with flutter test, and efficiently run tests in our pipeline.

Catching Bugs!

This small amount of integration work has already caught its first bug.

Once we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. 02_save_load.feature simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on +

Notes on Cwtch UI Testing

· 5 minuti di lettura
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

Current Limitations of Flutter Gherkin

The original flutter_gherkin is under semi-active development; however, the latest published versions don't support using it with flutter test.

  • Flutter Test was originally intended to run single widget/unit tests for a Flutter project.
  • Flutter Drive was originally intended to run integration tests on a device or an emulator.

However, in recent releases these lines have become blurred. The new integration_test package that comes built into newer Flutter releases has support for both flutter drive and flutter test. This was a great change because it decreases the required overhead to run larger integration tests (flutter drive sets up a host-controller model that requires a dedicated control channel to be setup, whereas flutter test can take advantage of the knowledge that it is being run in the same process, and is noticeably faster - very important when the goal is to run tests as often as possible).

There is thankfully code in the flutter_gherkin repository that supports running tests with flutter test, however this code currently has a few issues:

  • The test code generation produces code that doesn't compile without minor changes.
  • Certain functionality like "take a screenshot" does not work on desktop.

Additionally, there are a few limitations in built-in flutter_gherkin steps that we noticed our tests running into:

  • Certain tests that fail with async timeouts will cause Flutter exceptions instead of a failed test.
  • Certain Flutter widgets like DropdownButton are not compatible with built-in steps like tap because they internally contain multiple copies of the same widget.

Because of the above issues we have chosen to fork flutter_gherkin to fix some of these issues, with the intent of contributing significant fixes upstream, while allowing us to iterate faster on Flutter UI testing.

Integrating Tests into the Pipeline

One of the major limitations of flutter test is the lack of a headless mode. In order to successfully run tests in our pipeline we need a headless mode, as most of the containers we use do not have any kind of active display.

Thankfully it is possible to use Xfvb to create a virtual framebuffer, and set DISPLAY to render to that buffer:

export DISPLAY=:99
Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &

This allows us to neutralize our main issue with flutter test, and efficiently run tests in our pipeline.

Catching Bugs!

This small amount of integration work has already caught its first bug.

Once we had fixed most of the issues outlined above, we were still seeing failures on what should have been a very basic scenario. 02_save_load.feature simply turns a set of experiments on and checks that the state is saved. This test runs perfectly fine on development environments, but when uploaded to our build pipeline it always failed in the same place - turning on the file sharing experiment.

The cause of this was an actual bug in Cwtch UI. The file sharing experiment failed to turn on if the directory $USER_HOME/Downloads didn't exist. This is rarely the case on most real world systems, but is the case in our build pipelines. We have since fixed this behaviour to allow file sharing to be turned on even if the usual Download directories are not available.

As we enable more of our UI tests in our pipeline, and across more platforms, we expect to catch more subtle issues like the above - a big win for people who use Cwtch!

Next Steps

  • More automated tests: We have a nice collection of pre-written tests that we can begin to automatically run within pipelines. We have already begun this work, and anticipate finishing it before Cwtch 1.11.

  • More platforms: Right now UI tests only run on Linux. In order to fully take advantage of these tests we need to be able to run them across our target platforms. We expect to start this work soon; expect more news in a future Cwtch Testing update!

  • More steps: One of our longer-term goals with UI testing was to produce a language around Cwtch testing that went beyond widgets. We had begun to explore this last year with the expect to see the message step. As we grow our test library we will be looking for opportunities to build out additional higher-level and Cwtch-specific constructs, e.g. send a file or set profile picture.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-testing-ii/index.html b/build-staging/it/blog/cwtch-testing-ii/index.html index f78cbac9..b07d2dca 100644 --- a/build-staging/it/blog/cwtch-testing-ii/index.html +++ b/build-staging/it/blog/cwtch-testing-ii/index.html @@ -12,15 +12,15 @@ - +
-

Notes on Cwtch UI Testing (II)

· 2 minuti di lettura
Sarah Jamie Lewis

In this development log, we investigate some text-based UI bugs encountered by Fuzzbot, add more automated UI tests to the pipeline, and announce a new release of the Cwtchbot library.

Constraining Cwtch UI Fields

Fuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this +

Notes on Cwtch UI Testing (II)

· 2 minuti di lettura
Sarah Jamie Lewis

In this development log, we investigate some text-based UI bugs encountered by Fuzzbot, add more automated UI tests to the pipeline, and announce a new release of the Cwtchbot library.

Constraining Cwtch UI Fields

Fuzzbot identified a few bugs relating to UI layout and text clipping. Certain strings would violate the bounds of their containers and overlap with other UI elements. While this doesn't pose a safety issue, it is unsightly.

Screenshot demonstrating how certain strings would violate the bounds of their containers.

These cases were fixed by parenting impacted elements in a Container with clip: hardEdge and decoration:BoxDecoration() (note that both of these are required as Container widgets in Flutter cannot set clipping logic without an associated decoration).

Now these clipped strings are tightly constrained to their container bounds.

These fixes are available in the latest Cwtch Nightly, and will be officially released in Cwtch 1.11.

More Automated UI Tests

We have added two new sets of automated UI tests to our pipeline:

  • 02: Global Settings - these tests check that certain global settings like languages, theme, unknown contacts blocking, and streamer mode work as expected. (PR: 628)
  • 04: Profile Management - these tests check that creating, unlocking, and deleting a profile work as expected. (PR: 632)

New Release of Cwtchbot

Cwtchbot has been updated to use the latest Cwtch 0.18.10 API.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/it/blog/cwtch-ui-reproducible-builds-linux/index.html b/build-staging/it/blog/cwtch-ui-reproducible-builds-linux/index.html index f846f96a..ae67ffde 100644 --- a/build-staging/it/blog/cwtch-ui-reproducible-builds-linux/index.html +++ b/build-staging/it/blog/cwtch-ui-reproducible-builds-linux/index.html @@ -3,7 +3,7 @@ -Cwtch UI Reproducible Builds (Linux) | The Cwtch Handbook +Progress Towards Reproducible UI Builds | The Cwtch Handbook @@ -12,13 +12,13 @@ - +
-

Cwtch UI Reproducible Builds (Linux)

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

- +

Progress Towards Reproducible UI Builds

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/feed.json b/build-staging/it/blog/feed.json index f10c0154..09202aa4 100644 --- a/build-staging/it/blog/feed.json +++ b/build-staging/it/blog/feed.json @@ -6,9 +6,9 @@ "items": [ { "id": "https://docs.cwtch.im/it/blog/cwtch-ui-reproducible-builds-linux", - "content_html": "

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

\"A

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

", + "content_html": "

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

\"A

", "url": "https://docs.cwtch.im/it/blog/cwtch-ui-reproducible-builds-linux", - "title": "Cwtch UI Reproducible Builds (Linux)", + "title": "Progress Towards Reproducible UI Builds", "date_modified": "2023-07-14T00:00:00.000Z", "author": { "name": "Sarah Jamie Lewis" diff --git a/build-staging/it/blog/index.html b/build-staging/it/blog/index.html index 6e04d09c..7e5464f7 100644 --- a/build-staging/it/blog/index.html +++ b/build-staging/it/blog/index.html @@ -12,14 +12,14 @@ - +
-

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

- + \ No newline at end of file diff --git a/build-staging/it/blog/page/2/index.html b/build-staging/it/blog/page/2/index.html index 71eb3efb..9b7cda04 100644 --- a/build-staging/it/blog/page/2/index.html +++ b/build-staging/it/blog/page/2/index.html @@ -12,14 +12,14 @@ - +
-

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 5 minuti di lettura
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 minuti di lettura
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 18 minuti di lettura
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 minuti di lettura
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- + \ No newline at end of file diff --git a/build-staging/it/blog/path-to-cwtch-stable/index.html b/build-staging/it/blog/path-to-cwtch-stable/index.html index 6b73c07a..efc15028 100644 --- a/build-staging/it/blog/path-to-cwtch-stable/index.html +++ b/build-staging/it/blog/path-to-cwtch-stable/index.html @@ -12,13 +12,13 @@ - +
-

Path to Cwtch Stable

· 10 minuti di lettura
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

Tenets of Cwtch Stable

It is important to state that Cwtch Stable does not mean an end to Cwtch development. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:

  1. Consistent Interface – each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.
  2. Universal Availability and Cohesive Support – people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.
  3. Reproducible Builds – Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.
  4. Proven Security – we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.

Known Problems

To begin, let's outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.

  1. Lack of a Stable API for future feature development – while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)
  2. Special functionality in libCwtch-go – our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)
  3. libCwtch-rs partial support - we currently do not officially consider libCwtch-rs when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)
  4. Lack of Reproducible Pipelines - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)
  5. Lack of up to date, and translated, Security Documentation – the Cwtch security handbook is currently isolated from the rest of our documentation and doesn’t benefit from cross-linking, or translations. (Tenet 4)
  6. No Automated UI Tests – we put a lot of work into building out a testing framework for the UI, but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)
  7. Code Signing Provider – our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)
  8. Second-class Android Support - while we have put a lot of effort behind Android support across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)
  9. Lack of Fuzzing – while Fuzzbot sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)
  10. Lack of Formal Release Acceptance Process – currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to “unrelated” changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)
  11. Inconsistent Cwtch Information Discovery – our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)
  12. Incomplete Documentation – docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)

Plan of Action

Outside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:

  1. Define, Publish, and Implement a Cwtch Interface Specification Documentation – this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)
  2. Define, Publish, and Implement a Cwtch Release Process – this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)
  3. Define, Publish, and Implement a Cwtch Support Document - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)
  4. Define, Publish, and Implement a Cwtch Packaging Document - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)
  5. Define, Publish, and Implement a Reproducible Builds Document – this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)
  6. Expand the Cwtch Documentation Site – to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)
  7. Expand our Automated Testing to include UI and Fuzzing - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)
  8. Re-evaluate all Issues across all Cwtch related repositories – issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don’t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.
  9. Define a Stable Feature Set – there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)

Goals and Timelines

With all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:

  1. By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).
  2. By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.
  3. By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.
  4. By 31st March 2023, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).
  5. By 31st March 2023 the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.
  6. By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.
  7. By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.
  8. By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.

As these documents are written, and these goals met we will be posting them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, Cwtch development.

Help us get there!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

- +

Path to Cwtch Stable

· 10 minuti di lettura
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

Tenets of Cwtch Stable

It is important to state that Cwtch Stable does not mean an end to Cwtch development. Rather, it establishes a baseline at which point Cwtch is considered to be a fully supported project. The Cwtch Team have set the following tenets that guide our decision-making and priorities:

  1. Consistent Interface – each new Cwtch release should be accompanied by consistent releases to all support libraries. This requires a stable and documented API so that we can be clear when upgrading a library will result in breaking change for downstream projects. We should not, as a general rule, have to make breaking changes to this API interface in order to support new experimental features.
  2. Universal Availability and Cohesive Support – people who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch.
  3. Reproducible Builds – Cwtch builds should be trivially reproducible, including the ability to reproduce all bundled assets. Reproducibility should not rely on containerization, but all containers used in our build process should be reproducible.
  4. Proven Security – we can demonstrate that Cwtch provides first class security through well documented design, testing, and audit procedures. We should be able to do this for Cwtch in addition to all functional dependencies.

Known Problems

To begin, let's outline the current state of Cwtch and lay out the issues that stand in the way of Cwtch Stable.

  1. Lack of a Stable API for future feature development – while the core Cwtch API has remained fairly unchanged in recent releases we understand that the addition of new features e.g. cohesive group support likely requires new API hooks that allow safe manipulation of Cwtch Profile (transactional semantics and post-event hooks). Before we can even consider a stable release we need to define what this API should look like, and implement it. (Tenet 1)
  2. Special functionality in libCwtch-go – our C-API bridge (libCwtch-go) currently implements a lot of special functionality in support for both experimental features (e.g. profile images) and UI settings. This special behaviour makes it difficult to track feature responsibility. This behaviour must either be pushed back into the main Cwtch library, or defined to be the responsibility of a downstream application e.g. Cwtch UI. (Tenet 1)
  3. libCwtch-rs partial support - we currently do not officially consider libCwtch-rs when updating libCwtch-go as part of our release schedule. Before we can consider a Cwtch Stable release we should have multiple beta releases where libCwtch-rs has full support for any and all new Cwtch features. (Tenet 1, Tenet 2)
  4. Lack of Reproducible Pipelines - while the vast majority of our build pipeline is automated, containerized, and reproducible, there remain bundled assets that cannot be trivially constructed, and assets that have non-reproducible elements (e.g. build-time injected via git tags, and go binaries including build user information). (Tenet 3)
  5. Lack of up to date, and translated, Security Documentation – the Cwtch security handbook is currently isolated from the rest of our documentation and doesn’t benefit from cross-linking, or translations. (Tenet 4)
  6. No Automated UI Tests – we put a lot of work into building out a testing framework for the UI, but it currently sits mostly unused, and unexercised in our build pipelines. We should revisit that work. (Tenet 4)
  7. Code Signing Provider – our previous code signing certificate provider had support issues, and we have not yet decided on a replacement. ( Tenet 4)
  8. Second-class Android Support - while we have put a lot of effort behind Android support across the Beta timeline, it still clearly suffers from additional issues that desktop editions do not. In order to consider Cwtch stable we must resolve all major bugs impacting Android usability. (Tenet 2)
  9. Lack of Fuzzing – while Fuzzbot sets a standard high above most other secure communication applications, we can and should do better. Fuzzbot currently only targets user-endpoint messages, which are the most likely to result in real-world risk, but we should strive to have the same coverage for internal events at both the network level, the internal Cwtch App level, and the event bus level. (Tenet 4)
  10. Lack of Formal Release Acceptance Process – currently the features and experiments that get included in each release are determined in an ad-hoc consensus. This occasionally means that some features are left unsupported on certain platforms, and bugs occasionally arise in platforms (Android in particular) due to “unrelated” changes. In order for Cwtch to be declared stable, a formal acceptance process must ensure that new changes do not break existing features, and that they work across all platforms. (Tenet2, Tenet 4)
  11. Inconsistent Cwtch Information Discovery – our current documentation is split between docs.cwtch.im, cwtch.im and docs.openprivacy.ca, in additional to blogs on Discreet Log. This makes it difficult for people to learn about Cwtch, and also means that our own explanations often must link across multiple different sites. (Tenet 2)
  12. Incomplete Documentation – docs.cwtch.im was very well received. However, it still suffers from incomplete sections, missing links, and an overall lack of screenshots. What screenshots there are lack consistency in sizing, style, and feel. (Tenet 2)

Plan of Action

Outside of the problems that have standalone solutions (e.g. find a new code signing provider, or fix all Android issues), there are a number of higher level activities that need to be completed before we can be confident in a Cwtch Stable release:

  1. Define, Publish, and Implement a Cwtch Interface Specification Documentation – this should include examples of how new (experimental) behaviour might be implemented from finer-grained composition. Must include moving all special functionality out of libCwtch-go. Should be followed up by implementing the proposed design. (Tenet 1, Tenet 4)
  2. Define, Publish, and Implement a Cwtch Release Process – this document should outline the criteria for publishing a new release, the difference between major and minor versions, how features are tested, how regressions are caught before release, and who is responsible for different parts of the process. (Tenet 2)
  3. Define, Publish, and Implement a Cwtch Support Document - including answers to the questions: what systems do we support, how do we decide what systems are supported, how do we handle new OS versions, and how does application support differ from library support. This should also include a list of blockers for systems we wish to support, but currently cannot e.g ios. (Tenet 2)
  4. Define, Publish, and Implement a Cwtch Packaging Document - as a supplement to the Support document we need to define what packaging we support, in addition to what app stores and managers for which we provide official releases. ( Tenet 2)
  5. Define, Publish, and Implement a Reproducible Builds Document – this should cover not only Cwtch binaries, but also Docker containers, and included assets (e.g. Tor binaries). Followed up by implementing the plan into our build pipeline. ( Tenet 3)
  6. Expand the Cwtch Documentation Site – to include the Security Handbook, development blogs, design documentation, and support plans. This should be our only publishing platform, outside of a landing page, and downloads on cwtch.im. This expansion should include a style guide for documentation and screenshots to ensure that we maintain consistent language and visuals when talking about a feature (e.g. we should use the same profile image style, theme, profile names, message style etc.) (Tenet 1, Tenet 2, Tenet 3, Tenet 4)
  7. Expand our Automated Testing to include UI and Fuzzing - integrate UI automated tests into our build pipeline. Expand our fuzzing to include the event bus, and PeerApp packets. Finally, integrate automated fuzzing into the build pipeline, so that all new features are fuzzed to the same level. (Tenet 4)
  8. Re-evaluate all Issues across all Cwtch related repositories – issues are either bugs that need to be fixed before stable (i.e. they are in service of one of the Tenets), new feature ideas that should be scheduled around stable work (i.e. they don’t align with a specific Tenet), or support requests for systems that need input from the Support and Packaging Plans.
  9. Define a Stable Feature Set – there are still a few features which do not exist in Cwtch Beta which would be required for a stable release, such as chat search. Following on from the Cwtch Interface Specification Document, the team should decide what features Cwtch Stable will target, and these features should be prioritized for inclusion in Cwtch 1.11, Cwtch 1.12 and any future Beta releases. (Tenet 1)

Goals and Timelines

With all of that laid out, we are now ready to introduce a timeline for resolving some of these problems, and moving us towards a state where we can launch Cwtch Stable:

  1. By 1st February 2023, the Cwtch team will have reviewed all existing Cwtch issues in line with this document, and established a timeline for including them in upcoming releases (or specifically commit to not including them in upcoming releases).
  2. By 1st February 2023, the Cwtch team will have finalized a feature set that defines Cwtch Stable and established a timeline for including these features in upcoming Cwtch Beta releases.
  3. By 1st February 2023, the Cwtch team will have expanded the Cwtch Documentation website to include a section for Security, Design Documents, Infrastructure and Support, in addition to a new development blog.
  4. By 31st March 2023, the Cwtch team will have created a style guide for documentation and have used it to ensure that all Cwtch features have consistent documentation available, with at least one screenshot (where applicable).
  5. By 31st March 2023 the Cwtch team will have published a Cwtch Interface Specification Document, a Cwtch Release Process Document, a Cwtch Support Plan document, a Cwtch Packaging Document, and a document describing the Reproducible Builds Process. These documents will be available on the newly expanded Cwtch Documentation website.
  6. By 31st March 2023 the Cwtch team will have integrated automated UI tests into the build pipeline for the cwtch-ui repository.
  7. By 31st March 2023 the Cwtch team will have integrated automated fuzzing into the build pipeline for all Cwtch dependencies maintained by the Cwtch team.
  8. By 31st March 2023 the Cwtch team will have committed to a date, timeline, and roadmap for launching Cwtch Stable.

As these documents are written, and these goals met we will be posting them here! Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, Cwtch development.

Help us get there!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

+ \ No newline at end of file diff --git a/build-staging/it/blog/rss.xml b/build-staging/it/blog/rss.xml index 3c6dc41b..0c3d2110 100644 --- a/build-staging/it/blog/rss.xml +++ b/build-staging/it/blog/rss.xml @@ -10,11 +10,11 @@ it Copyright © ${new Date().getFullYear()} Open Privacy Research Society - <![CDATA[Cwtch UI Reproducible Builds (Linux)]]> + <![CDATA[Progress Towards Reproducible UI Builds]]> https://docs.cwtch.im/it/blog/cwtch-ui-reproducible-builds-linux https://docs.cwtch.im/it/blog/cwtch-ui-reproducible-builds-linux Fri, 14 Jul 2023 00:00:00 GMT - Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We also define a new link script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at https://reproducible-builds.org/docs/archives/ we defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts. We have also produced a repliqate script

However, because repliqate is based on Debian images and our official builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

While our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

Stay up to date!

This is not all we have planned for the upcoming months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

]]> + Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

Building the Cwtch UI

The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the stable channel.

All builds are conducted through the flutter tool e.g. flutter build. We inject two build flags as part of the official build VERSION and COMMIT_DATE:

    flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE`

These flags are defined to be identical to Cwtch Bindings. VERSION is the latest git tag: git describe --tags --abbrev=1 and COMMIT_DATE is the date of the latest commit on the branch echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE

All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in LIBCWTCH-GO.version, and fetched via the fetch-libcwtch scripts).

The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process.

Changes we made for reproducible builds

For reproducible linux builds we had to modify the generated linux/CMakeLists.txt file to include the following compiler and linker flags:

  • -fno-ident - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries.
  • --hash-style=gnu - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts
  • --build-id=none - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data.

We have also defined a new linker script that differs from the default by removing all .comment sections from object files. We do this because the linking process links in non-project artifacts like crtbeginS.o which, in most systems, us compiled with a .comment section (the default linking script already removes the .note.gnu* sections.

Tar Archives

Finally, following the guide at reproducible-builds.org we have defined standard metadata for the generated Tar archives to make them also reproducible.

Limitations and Next Steps

The above changes mean that official linux builds of the same commit will now result in identical artifacts.

The next step is to roll these changes into repliqate as we have done with our bindings builds.

However, because Repliqate is based on Debian images and our official UI builds are based on an Ubuntu distribution the resulting archives differ by a single instruction at the start of a few sections - introduced because Ubuntu compiles and provides C Runtime (CRT) artifacts (e.g. crti.o with full branch protection enabled. On 64-bit systems this results in an endcr64 instruction being inserted at the start of the .init and .fini sections, among others.

In order to allow people to fully repliqate Cwtch builds in an isolated environment like repliqate, as we do for Cwtch Bindings, it will be necessary to provide instructions for setting up a hardened image that can work the same way in repliqate.

Pinned Dependencies

Additionally, while our repliqate scripts pin several major dependencies like flutter and go, and the dependencies managed by these systems are locked to specific versions, there are still a few dependencies within the ecosystems that are not strictly pinned.

The major one is libc. Operating systems rarely make big changes to packaged libc versions for a specific distribution (typically because doing so in a non-breaking way would be a major undertaking).

However this does mean that Cwtch reproduciblility is implicitly tied to operating system practices - this is something we would like to begin decoupling ourselves from going forward.

Stay up to date!

We expect to make additional progress on this in the coming weeks and months. Subscribe to our RSS feed, Atom feed, or JSON feed to stay up to date, and get the latest on, all aspects of Cwtch development.

Help us go further!

We couldn't do what we do without all the wonderful community support we get, from one-off donations to recurring support via Patreon.

If you want to see us move faster on some of these goals and are in a position to, please donate. If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer.

Donations of $5 or more can opt to receive stickers as a thank-you gift!

For more information about donating to Open Privacy and claiming a thank you gift please visit the Open Privacy Donate page.

A Photo of Cwtch Stickers

]]> cwtch cwtch-stable reproducible-builds diff --git a/build-staging/it/blog/tags/api/index.html b/build-staging/it/blog/tags/api/index.html index 76ea7328..0c64b02a 100644 --- a/build-staging/it/blog/tags/api/index.html +++ b/build-staging/it/blog/tags/api/index.html @@ -12,13 +12,13 @@ - +
-

Un post etichettati con "api"

Visualizza tutte le etichette

· 18 minuti di lettura
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

- +

Un post etichettati con "api"

Visualizza tutte le etichette

· 18 minuti di lettura
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/autobindings/index.html b/build-staging/it/blog/tags/autobindings/index.html index 458f71a2..0bde2cdb 100644 --- a/build-staging/it/blog/tags/autobindings/index.html +++ b/build-staging/it/blog/tags/autobindings/index.html @@ -12,14 +12,14 @@ - +
-

2 post etichettati con "autobindings"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

2 post etichettati con "autobindings"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

- + \ No newline at end of file diff --git a/build-staging/it/blog/tags/bindings/index.html b/build-staging/it/blog/tags/bindings/index.html index 2b908efe..4fccc3be 100644 --- a/build-staging/it/blog/tags/bindings/index.html +++ b/build-staging/it/blog/tags/bindings/index.html @@ -12,14 +12,14 @@ - +
-

5 post etichettati con "bindings"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

5 post etichettati con "bindings"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- + \ No newline at end of file diff --git a/build-staging/it/blog/tags/cwtch-stable/index.html b/build-staging/it/blog/tags/cwtch-stable/index.html index e23e833c..4501efb6 100644 --- a/build-staging/it/blog/tags/cwtch-stable/index.html +++ b/build-staging/it/blog/tags/cwtch-stable/index.html @@ -12,14 +12,14 @@ - +
-

18 post etichettati con "cwtch-stable"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

18 post etichettati con "cwtch-stable"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

- + \ No newline at end of file diff --git a/build-staging/it/blog/tags/cwtch-stable/page/2/index.html b/build-staging/it/blog/tags/cwtch-stable/page/2/index.html index b7a50f5e..588d62a5 100644 --- a/build-staging/it/blog/tags/cwtch-stable/page/2/index.html +++ b/build-staging/it/blog/tags/cwtch-stable/page/2/index.html @@ -12,14 +12,14 @@ - +
-

18 post etichettati con "cwtch-stable"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

18 post etichettati con "cwtch-stable"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 5 minuti di lettura
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 minuti di lettura
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 18 minuti di lettura
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 minuti di lettura
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- + \ No newline at end of file diff --git a/build-staging/it/blog/tags/cwtch/index.html b/build-staging/it/blog/tags/cwtch/index.html index a37da2c2..b6195d42 100644 --- a/build-staging/it/blog/tags/cwtch/index.html +++ b/build-staging/it/blog/tags/cwtch/index.html @@ -12,14 +12,14 @@ - +
-

18 post etichettati con "cwtch"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

18 post etichettati con "cwtch"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

- + \ No newline at end of file diff --git a/build-staging/it/blog/tags/cwtch/page/2/index.html b/build-staging/it/blog/tags/cwtch/page/2/index.html index 921e2d3e..31a38150 100644 --- a/build-staging/it/blog/tags/cwtch/page/2/index.html +++ b/build-staging/it/blog/tags/cwtch/page/2/index.html @@ -12,14 +12,14 @@ - +
-

18 post etichettati con "cwtch"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

18 post etichettati con "cwtch"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

· 5 minuti di lettura
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 minuti di lettura
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 18 minuti di lettura
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 minuti di lettura
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- + \ No newline at end of file diff --git a/build-staging/it/blog/tags/developer-documentation/index.html b/build-staging/it/blog/tags/developer-documentation/index.html index c482b02e..de17628a 100644 --- a/build-staging/it/blog/tags/developer-documentation/index.html +++ b/build-staging/it/blog/tags/developer-documentation/index.html @@ -12,13 +12,13 @@ - +
-

2 post etichettati con "developer-documentation"

Visualizza tutte le etichette

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

- +

2 post etichettati con "developer-documentation"

Visualizza tutte le etichette

· 2 minuti di lettura
Sarah Jamie Lewis

We are getting close to a 1.12 release. This week we are drawing attention to the latest Cwtch Nightly (2023-06-05-17-36-v1.11.0-74-g0406) that is now available for wider testing.

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

· 3 minuti di lettura
Sarah Jamie Lewis

One of the larger remaining goals outlined in our Cwtch Stable roadmap update is comprehensive developer documentation. We have recently spent some time writing the foundation for these documents.

In this devlog we will introduce some of them, and outline the next steps. We also have a new nightly Cwtch release available for testing!

We are very interested in getting feedback on these documents, and we encourage anyone who is excited to build a Cwtch Bot, or even an alternative UI, to read them over and reach out to us with comments, questions, and suggestions!

As a reminder, the Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/documentation/index.html b/build-staging/it/blog/tags/documentation/index.html index a91be535..972493b6 100644 --- a/build-staging/it/blog/tags/documentation/index.html +++ b/build-staging/it/blog/tags/documentation/index.html @@ -12,13 +12,13 @@ - +
-

Un post etichettati con "documentation"

Visualizza tutte le etichette
- +

Un post etichettati con "documentation"

Visualizza tutte le etichette
+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/index.html b/build-staging/it/blog/tags/index.html index ebf5d53b..586e479c 100644 --- a/build-staging/it/blog/tags/index.html +++ b/build-staging/it/blog/tags/index.html @@ -12,13 +12,13 @@ - +
-

Tags

- +

Tags

+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/libcwtch/index.html b/build-staging/it/blog/tags/libcwtch/index.html index 09968bd9..00ca031f 100644 --- a/build-staging/it/blog/tags/libcwtch/index.html +++ b/build-staging/it/blog/tags/libcwtch/index.html @@ -12,14 +12,14 @@ - +
-

2 post etichettati con "libcwtch"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of +

2 post etichettati con "libcwtch"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Last time we looked at autobindings we mentioned that one of the next steps was introducing support for Application-level experiments. In this development log we will explore what application-level experiments are (technically), and how we added (optional) autobindings support for them.

· 5 minuti di lettura
Sarah Jamie Lewis

The C-bindings for Cwtch evolved as part of Cwtch UI development. After two years of prototyping, development, new features, and revisiting first-implementations we have reached the point where we have a good understanding of what the bindings need to do, and how they should do it. To that end we have produced a first-cut of a workflow to automatically generate these bindings: cwtch-autobindings.

This this development log we will introduced autobindings, the motivation behind them, and how we plan to use them on the path to Cwtch Stable.

- + \ No newline at end of file diff --git a/build-staging/it/blog/tags/nightly/index.html b/build-staging/it/blog/tags/nightly/index.html index 0b479108..90ef12b0 100644 --- a/build-staging/it/blog/tags/nightly/index.html +++ b/build-staging/it/blog/tags/nightly/index.html @@ -12,14 +12,14 @@ - +
-

Un post etichettati con "nightly"

Visualizza tutte le etichette

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like +

Un post etichettati con "nightly"

Visualizza tutte le etichette

· 2 minuti di lettura
Sarah Jamie Lewis

Two new Cwtch features are now available to test in nightly: Availability Status and Profile Information.

Additionally, we have also published draft guidance on running Cwtch on Tails that we would like volunteers to test and report back on.

The Open Privacy Research Society have also announced they are want to raise $60,000 in 2023 to help move forward projects like Cwtch. Please help support projects like ours with a one-off donations or recurring support via Patreon.

- + \ No newline at end of file diff --git a/build-staging/it/blog/tags/planning/index.html b/build-staging/it/blog/tags/planning/index.html index df951ddf..e81d50ae 100644 --- a/build-staging/it/blog/tags/planning/index.html +++ b/build-staging/it/blog/tags/planning/index.html @@ -12,13 +12,13 @@ - +
-

4 post etichettati con "planning"

Visualizza tutte le etichette

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 18 minuti di lettura
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 minuti di lettura
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

- +

4 post etichettati con "planning"

Visualizza tutte le etichette

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap update we provided back in March, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 6 minuti di lettura
Sarah Jamie Lewis

The next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable. We have been working hard towards that goal over the last few months.

This post revisits the Cwtch Stable roadmap we introduced at the start of the year, and provides an overview of the next steps on our journey towards Cwtch Stable.

· 18 minuti di lettura
Sarah Jamie Lewis

Cwtch grew out of a prototype and has been allowed to evolve over time as we discovered better ways of implementing safe and secure metadata resistant communications.

As we grew, we inserted experimental functionality where it was most accessible to place - not, necessarily, where it was ultimately best to place it - this has led to some degree of overlapping, and inconsistent, responsibilities across Cwtch software packages.

As we move out of Beta and towards Cwtch Stable it is time to revisit these previous decisions with both the benefit of hindsight, and years of real-world testing.

In this post we will outline our plans for the Cwtch API that realign responsibilities, and explicitly enable new functionality to be built in a modular, controlled, and secure way. In preparation for Cwtch Stable, and beyond.

· 10 minuti di lettura
Sarah Jamie Lewis

As of December 2022 we have released 10 versions of Cwtch Beta since the initial launch, 18 months ago, in June 2021.

There is a consensus among the team that the next large step for the Cwtch project to take is a move from public Beta to Stable – marking a point at which we consider Cwtch to be secure and usable.

This post outlines the general principles that are guiding the development of Cwtch Stable, the obstacles that prevent a stable Cwtch release, and closes with an overview of the next steps and our timeline for tackling them.

+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/release/index.html b/build-staging/it/blog/tags/release/index.html index 16dcab15..aa187630 100644 --- a/build-staging/it/blog/tags/release/index.html +++ b/build-staging/it/blog/tags/release/index.html @@ -12,13 +12,13 @@ - +
-

2 post etichettati con "release"

Visualizza tutte le etichette

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

- +

2 post etichettati con "release"

Visualizza tutte le etichette

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.12 is now available for download!

Cwtch 1.12 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new features like profile attributes, support for new platforms like Tails, and multiple improvements to performance and stability.

· 3 minuti di lettura
Sarah Jamie Lewis

Cwtch 1.11 is now available for download!

Cwtch 1.11 is the culmination of the last few months of effort by the Cwtch team, and includes many foundational changes that pave the way for Cwtch Stable including new reproducible and automatically generated bindings, as well as support for two new languages (Slovak and Korean), in addition to several performance improvements and bug fixes.

+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/repliqate/index.html b/build-staging/it/blog/tags/repliqate/index.html index 096070de..71074226 100644 --- a/build-staging/it/blog/tags/repliqate/index.html +++ b/build-staging/it/blog/tags/repliqate/index.html @@ -12,13 +12,13 @@ - +
-

3 post etichettati con "repliqate"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- +

3 post etichettati con "repliqate"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/reproducible-builds/index.html b/build-staging/it/blog/tags/reproducible-builds/index.html index dccb9acc..ee19d226 100644 --- a/build-staging/it/blog/tags/reproducible-builds/index.html +++ b/build-staging/it/blog/tags/reproducible-builds/index.html @@ -12,13 +12,13 @@ - +
-

3 post etichettati con "reproducible-builds"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

- +

3 post etichettati con "reproducible-builds"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

Earlier this year we talked about the changes we have made to make Cwtch Bindings Reproducible.

In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible.

This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project.

· 8 minuti di lettura
Sarah Jamie Lewis

From the start of the Cwtch project, the source code for all components making up Cwtch has been freely available for anyone to inspect, use, and modify.

But open source code is only one defense against malicious actors who might seek to undermine your privacy and security. This is why, as part of our ongoing Cwtch Stable work, we are working towards making all parts of the Cwtch chain reproducible and verifiable.

The whole point of reproducible builds is that you no longer have to trust binaries provided by the Cwtch Team because you can independently verify that the binaries we release are built from the Cwtch source code.

In this devlog we will talk about how Cwtch bindings are currently built, the changes we have made to Cwtch bindings to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. This will be useful to anyone who is looking to reproduce Cwtch bindings specifically, and to anyone who wants to start implementing reproducible builds in their own project.

+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/security-handbook/index.html b/build-staging/it/blog/tags/security-handbook/index.html index 2bbf865f..05cc61c3 100644 --- a/build-staging/it/blog/tags/security-handbook/index.html +++ b/build-staging/it/blog/tags/security-handbook/index.html @@ -12,13 +12,13 @@ - +
-

Un post etichettati con "security-handbook"

Visualizza tutte le etichette
- +

Un post etichettati con "security-handbook"

Visualizza tutte le etichette
+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/support/index.html b/build-staging/it/blog/tags/support/index.html index 30730eb5..f2470de5 100644 --- a/build-staging/it/blog/tags/support/index.html +++ b/build-staging/it/blog/tags/support/index.html @@ -12,13 +12,13 @@ - +
-

3 post etichettati con "support"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 minuti di lettura
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

- +

3 post etichettati con "support"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

· 11 minuti di lettura
Sarah Jamie Lewis

One of the tenets for Cwtch Stable is Universal Availability and Cohesive Support:

"People who use Cwtch understand that if Cwtch is available for a platform then that means all features will work as expected, that there are no surprise limitations, and any differences are well documented. People should not have to go out of their way to install Cwtch."

This development log seeks to capture the current state of Cwtch platform support, and how we plan to make platform support decisions going forward as we move towards Cwtch Stable.

The questions we aim to answer in this post are:

  • What systems do we currently support?
  • How do we decide what systems are supported?
  • How do we handle new OS versions?
  • How does application support differ from library support?
  • What blockers exist for systems we wish to support, but currently cannot e.g ios?

+ \ No newline at end of file diff --git a/build-staging/it/blog/tags/testing/index.html b/build-staging/it/blog/tags/testing/index.html index af1a4dca..e79f775c 100644 --- a/build-staging/it/blog/tags/testing/index.html +++ b/build-staging/it/blog/tags/testing/index.html @@ -12,13 +12,13 @@ - +
-

2 post etichettati con "testing"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

- +

2 post etichettati con "testing"

Visualizza tutte le etichette

· 5 minuti di lettura
Sarah Jamie Lewis

We first introduced UI tests last January. At the time we had developed a suite of UI tests that could be run manually in a development environment. However, we faced a number of issues consistently running these tests in our automated pipelines.

One of the main threads of work that needs to be complete early in the Cwtch Stable roadmap is integrating UI tests into our CI pipelines, in addition to expanding their scope. Now that Flutter 3 has stabilized desktop support, and we have invested effort in improving Cwtch performance, it is time to ensure these tests are running on every build.

+ \ No newline at end of file diff --git a/build-staging/it/developing/building-a-cwtch-app/building-an-echobot/index.html b/build-staging/it/developing/building-a-cwtch-app/building-an-echobot/index.html index 828e70c9..b2ef7d96 100644 --- a/build-staging/it/developing/building-a-cwtch-app/building-an-echobot/index.html +++ b/build-staging/it/developing/building-a-cwtch-app/building-an-echobot/index.html @@ -12,14 +12,14 @@ - +

Building a Cwtch Echobot

In this tutorial we will walk through building a simple Cwtch Echobot. A bot that, when messaged, simply responds with the message it was sent.

For completeness, we will build an Echobot in multiple difference Cwtch frameworks to get a feel for the different levels of functionality offered by each library or framework.

Using CwtchBot (Go)

CwtchBot Framework

This tutorial uses the CwtchBot framework.

Start by creating a new Go project, and a file main.go. In the main function:

package main

import (
    "cwtch.im/cwtch/event"
    "cwtch.im/cwtch/model"
    "cwtch.im/cwtch/model/attr"
    "cwtch.im/cwtch/model/constants"
    "fmt"
    "git.openprivacy.ca/sarah/cwtchbot"
    _ "github.com/mutecomm/go-sqlcipher/v4"
    "os/user"
    "path"
)

func main() {
    user, _ := user.Current()
    cwtchbot := bot.NewCwtchBot(path.Join(user.HomeDir, "/.echobot/"), "echobot")
    cwtchbot.Launch()

    // Set Some Profile Information
    cwtchbot.Peer.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name, "echobot2")
    cwtchbot.Peer.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.ProfileAttribute1, "A Cwtchbot Echobot")

    fmt.Printf("echobot address: %v\n", cwtchbot.Peer.GetOnion())

    for {
        message := cwtchbot.Queue.Next()
        cid, _ := cwtchbot.Peer.FetchConversationInfo(message.Data[event.RemotePeer])
        switch message.EventType {
        case event.NewMessageFromPeer:
            msg := cwtchbot.UnpackMessage(message.Data[event.Data])
            fmt.Printf("Message: %v\n", msg)
            reply := string(cwtchbot.PackMessage(msg.Overlay, msg.Data))
            cwtchbot.Peer.SendMessage(cid.ID, reply)
        case event.ContactCreated:
            fmt.Printf("Auto approving stranger %v %v\n", cid, message.Data[event.RemotePeer])
            // accept the stranger as a new contact
            cwtchbot.Peer.AcceptConversation(cid.ID)
            // Send Hello...
            reply := string(cwtchbot.PackMessage(model.OverlayChat, "Hello!"))
            cwtchbot.Peer.SendMessage(cid.ID, reply)
        }
    }
}

Using Imp (Rust)

Imp (Rust) Bot Framework

This tutorial uses the Imp Cwtch Bot framework (Rust). This framework is currently a work-in-progress and the API design is subject to change. IMP is also based on libcwtch-rs which is currently based on an older pre-stable API version of Cwtch. We are planning in updating libcwtch-rs in Summer 2023.

use std::borrow::BorrowMut;
use std::thread;
use chrono::{DateTime, FixedOffset};
use libcwtch;
use libcwtch::CwtchLib;
use libcwtch::structs::*;
use libcwtch::event::*;
use cwtch_imp::imp;
use cwtch_imp::behaviour::*;
use cwtch_imp::imp::Imp;

const BOT_HOME: &str = "~/.cwtch/bots/echobot";
const BOT_NAME: &str = "echobot";

struct Echobot {}

fn main() {
    let behaviour: Behaviour = BehaviourBuilder::new().name(BOT_NAME.to_string()).new_contact_policy(NewContactPolicy::Accept).build();
    let event_loop_handle = thread::spawn(move || {
        let mut echobot = Echobot {};
        let mut bot = Imp::spawn(behaviour,String::new(), BOT_HOME.to_string());
        bot.event_loop::<Echobot>(echobot.borrow_mut());
    });
    event_loop_handle.join().expect("Error running event loop");
}

impl imp::EventHandler for Echobot {
    fn on_new_message_from_contact(&self, cwtch: &dyn libcwtch::CwtchLib, profile: &Profile, conversation_id: ConversationID, handle: String, timestamp_received: DateTime<FixedOffset>, message: Message) {
        let response = Message {
            o: MessageType::TextMessage,
            d: message.d,
        };
        cwtch.send_message(&profile.profile_id, conversation_id, &response);
    }

    fn handle(&mut self, cwtch: &dyn CwtchLib, profile_opt: Option<&Profile>, event: &Event) {
        match event {
            Event::NewPeer { profile_id, tag, created, name, default_picture, picture, online, profile_data } => {
                println!(
                    "\n***** {} at {} *****\n",
                    name, profile_id.as_str()
                );
            }
            _ => (),
        };
    }
}
- + \ No newline at end of file diff --git a/build-staging/it/developing/building-a-cwtch-app/core-concepts/index.html b/build-staging/it/developing/building-a-cwtch-app/core-concepts/index.html index 80d61cd8..11570be3 100644 --- a/build-staging/it/developing/building-a-cwtch-app/core-concepts/index.html +++ b/build-staging/it/developing/building-a-cwtch-app/core-concepts/index.html @@ -12,13 +12,13 @@ - +

Core Concepts

This page documents the core concepts that you, as a Cwtch App Developer, will encounter fairly frequently.

Cwtch Home Directory

Often referred to as $CWTCH_HOME, the Cwtch application home directory is the location where Cwtch stores all information from a Cwtch application.

Profiles

Cwtch profiles are saved as encrypted sqlite3 databases. You will rarely/never have to interact directly with the database. Instead each library provides a set of interfaces to interact with the Cwtch App, create profiles, manage profiles, and engage in conversations.

The Event Bus

Regardless of which library you end up choosing, the one constant interface you will have to get used to is the EventBus. Cwtch handles all asynchronous tasks (e.g. receiving a message from a peer) automatically, eventually placing a message on the EventBus. Application can subscribe to certain kinds of messages e.g. NewMessageFromPeer and setup an event handler to run code in response to such a message.

For an example see the Echo Bot tutorial.

Settings

Most Cwtch settings (with the exception of experiments) are designed for downstream graphical user interfaces e.g. themes / column layouts - in particular the Cwtch UI. As such these settings are not used at all by Cwtch libraries, and are only intended as a convenient storage place for UI configuration.

Experiments

Certain Cwtch features are gated behind experiments. These experiments need to be enabled before functionality related to them will activate. Different libraries may expose different experiments, and some libraries may not support certain experiments at all.

- + \ No newline at end of file diff --git a/build-staging/it/developing/building-a-cwtch-app/intro/index.html b/build-staging/it/developing/building-a-cwtch-app/intro/index.html index a7a87c79..fa3fff87 100644 --- a/build-staging/it/developing/building-a-cwtch-app/intro/index.html +++ b/build-staging/it/developing/building-a-cwtch-app/intro/index.html @@ -12,13 +12,13 @@ - +

Getting Started

Choosing A Cwtch Library

Cwtch Go Lib

The official Cwtch library is written in Go and can be found at https://git.openprivacy.ca/cwtch.im/cwtch. This library allows access to all Cwtch functionality.

CwtchBot

We also provide a specialized Cwtch Bot framework in Go that provides a more lightweight and tailored approach to building chat bots. For an introduction to building chatbots with the CwtchBot framework check out the building an echobot tutorial.

Autobindings (C-bindings)

The official c-bindings for Cwtch are automatically generated from the Cwtch Go Library. The API is limited compared to accessing the Cwtch Go Library directly, and is explicitly tailored towards building the Cwtch UI.

libCwtch-rs (Rust)

An experimental rust-fied version of Cwtch Autobindings is available in libCwtch-rs. While we have plans to officially adopt rust bindings in the future, right now Rust support lags behind the rest of the Cwtch ecosystem.

- + \ No newline at end of file diff --git a/build-staging/it/developing/category/building-a-cwtch-app/index.html b/build-staging/it/developing/category/building-a-cwtch-app/index.html index c1115153..6f60d9da 100644 --- a/build-staging/it/developing/category/building-a-cwtch-app/index.html +++ b/build-staging/it/developing/category/building-a-cwtch-app/index.html @@ -12,13 +12,13 @@ - +

Building a Cwtch App

- + \ No newline at end of file diff --git a/build-staging/it/developing/intro/index.html b/build-staging/it/developing/intro/index.html index b93ad417..8f8a9bb8 100644 --- a/build-staging/it/developing/intro/index.html +++ b/build-staging/it/developing/intro/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/developing/release/index.html b/build-staging/it/developing/release/index.html index ad972fa3..cd4910cd 100644 --- a/build-staging/it/developing/release/index.html +++ b/build-staging/it/developing/release/index.html @@ -12,13 +12,13 @@ - +

Release and Packaging Process

Cwtch builds are automatically constructed via Drone. In order to be built the tasks must be approved by a project team member.

Automated Testing

Drone carries out a suite of automated tests at various stages of the release pipeline.

Test SuiteRepositoryNotes
Integration Testcwtch.im/cwtchA full exercise of peer-to-peer and group messaging
File Sharing Testcwtch.im/cwtchTests that file sharing and image downloading work as expected
Automated Download Testcwtch.im/cwtchTests that automated image downloading (e.g. profile pictures) work as expected
UI Integration Testcwtch.im/cwtch-uiA suite of Gherkin tests to exercise various UI flows like Creating / Deleting profiles and changing settings

Cwtch Autobindings

Drone produces the following build artifacts for all Cwtch autobindings builds.

Build ArtifactPlatformNotes
android/cwtch-sources.jarAndroidgomobile derived source code for the Android Cwtch library
android/cwtch.aarAndroidAndroid Cwtch library. Supports arm, arm64, and amd64.
linux/libCwtch.hLinuxC header file
linux/libCwtch.soLinuxx64 shared library
windows/libCwtch.hWindowsC header file
windows/libCwtch.dllWindowsx64 bit shared library
macos/libCwtch.arm64.dylibMacOSArm64 shared library
macos/libCwtch.x64.dylibMacOSx64 shared library

UI Nightly Builds

We make unreleased versions of Cwtch available for testing as Cwtch Nightlies.

Each nightly build folder contains a collection of build artifacts e.g. (APK files for Android, installer executables for Android) in single convenient folder. A full list of build artifacts currently produced is as follows:

Build ArtifactPlatformNotes
cwtch-VERSION.apkAndroidSupports arm, arm64, and amd64. Can be sideloaded.
cwtch-VERSION.aabAndroidAndroid App Bundle for publishing to appstores
Cwtch-VERSION.dmgMacOS
cwtch-VERSION.tar.gzLinuxContains the code, libs, and assets in addition to install scripts for various devices
cwtch-VERSION.zipWindows
cwtch-installer-VERSION.exeWindowsNSIS powered installation wizard

Nightly builds are regularly purged from the system

Official Releases

The Cwtch Team meets on a regular basis and reaches consensus based on nightly testing feedback and project roadmaps.

When the decision is made to cut a release build, a nightly version is built with a new git tag reflecting the release version e.g. v.1.12.0. The build artifacts are then copied to the Cwtch release website to a dedicated versioned folder.

Reproducible Builds

We use repliqate to provide reproducible build scripts for Cwtch.

We update the repliqate-scripts repository with scripts for all official releases. Currently only Cwtch bindings are reproducible

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/appearance/index.html b/build-staging/it/docs/category/appearance/index.html index 3aee0c07..632ebe30 100644 --- a/build-staging/it/docs/category/appearance/index.html +++ b/build-staging/it/docs/category/appearance/index.html @@ -12,13 +12,13 @@ - +

Aspetto

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/behaviour/index.html b/build-staging/it/docs/category/behaviour/index.html index 3bef53d4..7a3edee6 100644 --- a/build-staging/it/docs/category/behaviour/index.html +++ b/build-staging/it/docs/category/behaviour/index.html @@ -12,13 +12,13 @@ - +

Comportamento

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/contribute/index.html b/build-staging/it/docs/category/contribute/index.html index 5551b694..a0563336 100644 --- a/build-staging/it/docs/category/contribute/index.html +++ b/build-staging/it/docs/category/contribute/index.html @@ -12,13 +12,13 @@ - +

Contribuisci

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/conversations/index.html b/build-staging/it/docs/category/conversations/index.html index 37a3fff6..a2edc025 100644 --- a/build-staging/it/docs/category/conversations/index.html +++ b/build-staging/it/docs/category/conversations/index.html @@ -12,13 +12,13 @@ - +

Conversations

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/experiments/index.html b/build-staging/it/docs/category/experiments/index.html index d99b48e4..326ffd35 100644 --- a/build-staging/it/docs/category/experiments/index.html +++ b/build-staging/it/docs/category/experiments/index.html @@ -12,13 +12,13 @@ - +

Experiments

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/getting-started/index.html b/build-staging/it/docs/category/getting-started/index.html index 9e4ec077..4953c09a 100644 --- a/build-staging/it/docs/category/getting-started/index.html +++ b/build-staging/it/docs/category/getting-started/index.html @@ -12,13 +12,13 @@ - +

Getting started

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/groups/index.html b/build-staging/it/docs/category/groups/index.html index bdb6ad87..c9d12531 100644 --- a/build-staging/it/docs/category/groups/index.html +++ b/build-staging/it/docs/category/groups/index.html @@ -12,13 +12,13 @@ - +

Groups

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/platforms/index.html b/build-staging/it/docs/category/platforms/index.html index fd119246..d6b38cb2 100644 --- a/build-staging/it/docs/category/platforms/index.html +++ b/build-staging/it/docs/category/platforms/index.html @@ -12,13 +12,13 @@ - +

Platforms

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/profiles/index.html b/build-staging/it/docs/category/profiles/index.html index 2663eb89..a7fabb3c 100644 --- a/build-staging/it/docs/category/profiles/index.html +++ b/build-staging/it/docs/category/profiles/index.html @@ -12,13 +12,13 @@ - +

Profili

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/servers/index.html b/build-staging/it/docs/category/servers/index.html index d7c16a5e..3c6d0f8a 100644 --- a/build-staging/it/docs/category/servers/index.html +++ b/build-staging/it/docs/category/servers/index.html @@ -12,13 +12,13 @@ - +

Servers

- + \ No newline at end of file diff --git a/build-staging/it/docs/category/settings/index.html b/build-staging/it/docs/category/settings/index.html index 9864767f..70bd3fc0 100644 --- a/build-staging/it/docs/category/settings/index.html +++ b/build-staging/it/docs/category/settings/index.html @@ -12,13 +12,13 @@ - +

Impostazioni

- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/accept-deny-new-conversation/index.html b/build-staging/it/docs/chat/accept-deny-new-conversation/index.html index 158ec8af..b01dd701 100644 --- a/build-staging/it/docs/chat/accept-deny-new-conversation/index.html +++ b/build-staging/it/docs/chat/accept-deny-new-conversation/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/add-contact/index.html b/build-staging/it/docs/chat/add-contact/index.html index 6a2c0db9..80064e67 100644 --- a/build-staging/it/docs/chat/add-contact/index.html +++ b/build-staging/it/docs/chat/add-contact/index.html @@ -12,13 +12,13 @@ - +

Starting a New Conversation

  1. Seleziona un profilo
  2. Clicca sul pulsante "Aggiungi"
  3. Scegli "Aggiungi contatto"
  4. Incolla un indirizzo Cwtch
  5. Il contatto verrà aggiunto alla tua lista contatti
info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/block-contact/index.html b/build-staging/it/docs/chat/block-contact/index.html index f53d9ebc..b3a1571e 100644 --- a/build-staging/it/docs/chat/block-contact/index.html +++ b/build-staging/it/docs/chat/block-contact/index.html @@ -12,13 +12,13 @@ - +

Bloccare un contatto

  1. Dalla finestra di una conversazione
  2. Vai su "Impostazioni"
  3. Scorri verso il basso fino a "Blocca il contatto"
  4. Sposta l'interruttore su "Blocca contatto"
info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/conversation-settings/index.html b/build-staging/it/docs/chat/conversation-settings/index.html index 6c952deb..b296b501 100644 --- a/build-staging/it/docs/chat/conversation-settings/index.html +++ b/build-staging/it/docs/chat/conversation-settings/index.html @@ -12,13 +12,13 @@ - +

Accessing Conversation Settings

In a conversation window, click on the Settings icon in the top bar.

This action will open up a new screen where you can view and manage the contact.

- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/delete-contact/index.html b/build-staging/it/docs/chat/delete-contact/index.html index 26a68eb2..ac655bbb 100644 --- a/build-staging/it/docs/chat/delete-contact/index.html +++ b/build-staging/it/docs/chat/delete-contact/index.html @@ -12,13 +12,13 @@ - +

Removing a Conversation

danger

This feature will result in irreversible deletion. This cannot be undone.

  • In a chat with a contact, go to the conversation settings on the top right
  • Scroll to the leave this conversation button, and press it.
  • You will be prompted to confirm if you want to leave the conversation. This action cannot be undone.
info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/introduction/index.html b/build-staging/it/docs/chat/introduction/index.html index 339b1d73..dbf4eec9 100644 --- a/build-staging/it/docs/chat/introduction/index.html +++ b/build-staging/it/docs/chat/introduction/index.html @@ -12,13 +12,13 @@ - +

Un'introduzione alla chat p2p di Cwtch

Cwtch utilizza i servizi onion di Tor v3 per stabilire connessioni anonime, peer-to-peer tra profili.

Come funziona la chat p2p internamente

Per interagire con una persona tra i tuoi contatti in una conversazione peer-to-peer entrambi dovete essere online.

Dopo che la connessione ha successo, entrambe le parti sono coinvolte in un protocollo di autenticazione che:

  • Si assicura che ogni parte abbia accesso alla chiave privata associata alla propria identità pubblica.
  • Genera una chiave di sessione effimera utilizzata per cifrare tutte le comunicazioni successive durante la sessione.

Questo scambio (documentato in dettaglio nel protocollo di autenticazione) è negabile offline, ovvero è possibile per qualsiasi parte forgiare trascrizioni di questo protocollo di scambio a posteriori, e di conseguenza - a fatto avvenuto - è impossibile dimostrare definitivamente che lo scambio è avvenuto davvero.

Una volta che il processo di autenticazione è riuscito, potete comunicare con l'altra persona indisturbatamente, con la sicurezza che nessun altro può apprendere nulla sui contenuti o i metadati della conversazione.

- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/message-formatting/index.html b/build-staging/it/docs/chat/message-formatting/index.html index 0940cf6d..6644bec0 100644 --- a/build-staging/it/docs/chat/message-formatting/index.html +++ b/build-staging/it/docs/chat/message-formatting/index.html @@ -12,13 +12,13 @@ - +

Formattazione messaggio

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l'Esperimento di formattazione messaggio attivato.

Come opzione ulteriore, puoi abilitare Link cliccabili per rendere gli URL nei messaggi cliccabili in Cwtch.

:::

Cwtch attualmente supporta la seguente formattazione markdown per i messaggi:

  • **grassetto** che risulterà in grassetto
  • *corsivo* che risulterà in corsivo
  • < code > codice < /code > (senza spazi) che risulterà in codice
  • ^apice^ che risulterà in apice
  • ^pedice^ che risulterà in pedice
  • ~~barrato~~ che risulterà in barrato
- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/reply-to-message/index.html b/build-staging/it/docs/chat/reply-to-message/index.html index be56bbef..c5af4c90 100644 --- a/build-staging/it/docs/chat/reply-to-message/index.html +++ b/build-staging/it/docs/chat/reply-to-message/index.html @@ -12,13 +12,13 @@ - +

Rispondere a un messaggio

  1. Seleziona un messaggio a cui desideri rispondere
  2. Trascinalo a destra
  3. Scrivi una risposta al messaggio ora citato
  4. Clicca su "Invio"
- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/save-conversation-history/index.html b/build-staging/it/docs/chat/save-conversation-history/index.html index b7a1e3f0..e126d9df 100644 --- a/build-staging/it/docs/chat/save-conversation-history/index.html +++ b/build-staging/it/docs/chat/save-conversation-history/index.html @@ -12,13 +12,13 @@ - +

Salvare la cronologia delle conversazioni

Come impostazione predefinita, per la privacy, Cwtch non conserva la cronologia delle conversazioni tra diverse sessioni.

Per abilitare la cronologia per una specifica conversazione:

  1. Nella finestra della conversazione vai su "Impostazioni"
  2. Vai a "Salva cronologia"
  3. Clicca sul menu a tendina
  4. Scegli "Salva cronologia"
  5. Ora la tua cronologia verrà salvata

La cronologia della conversazione può essere disattivata in qualsiasi momento selezionando "Elimina cronologia" dal menu a discesa.

- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/share-address-with-friends/index.html b/build-staging/it/docs/chat/share-address-with-friends/index.html index bd0cf249..8ab97593 100644 --- a/build-staging/it/docs/chat/share-address-with-friends/index.html +++ b/build-staging/it/docs/chat/share-address-with-friends/index.html @@ -12,13 +12,13 @@ - +

Sharing Cwtch Addresses

There are many ways to share a Cwtch address.

Sharing Your Cwtch Address

  1. Vai al tuo profilo
  2. Fare clic sull'icona della copia indirizzo

Ora è possibile condividere questo indirizzo. Le persone con questo indirizzo saranno in grado di aggiungerti come un contatto Cwtch.

Per informazioni su come bloccare connessioni da persone che non conosci vedi Impostazioni: Blocca connessioni sconosciute

Sharing A Friends Cwtch Address

Inside of Cwtch there is another mechanism for exchanging Cwtch addresses.

info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/share-file/index.html b/build-staging/it/docs/chat/share-file/index.html index 15356118..e35b47bb 100644 --- a/build-staging/it/docs/chat/share-file/index.html +++ b/build-staging/it/docs/chat/share-file/index.html @@ -12,13 +12,13 @@ - +

Condividere un file

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l'Esperimento di condivisione file attivato.

Optionally, you can enable Image Previews and Profile Pictures to see display shared image previews in the conversation window.

:::

In una conversazione,

  1. Clicca sull'icona dell'allegato
  2. Trova il file che vuoi inviare
  3. Conferma che vuoi inviarlo

Come funziona la condivisione file con i gruppi? I miei file sono salvati su un server da qualche parte?

I file vengono inviati tramite le connessioni Cwtch onion-to-onion direttamente dalla persona che offre il file alla persona che lo riceve. L'offerta iniziale per inviare un file è pubblicata come una conversazione standard in Cwtch / un normale messaggio in sovraimpressione. Per i gruppi, ciò significa che l'offerta iniziale (contenente il nome del file, la dimensione, l'hash e un nonce) è pubblicata sul server del gruppo, ma poi ogni destinatario si connette al mittente individualmente per ricevere effettivamente il contenuto del file.

Questo significa che devo essere online per inviare un file?

Si. Se la persona che offre il file va offline, dovrai aspettare che sia di nuovo online per riprendere il trasferimento del file. Il protocollo sottostante divide i file in pezzi verificabili e che possono essere richiesti individualmente, in modo tale che in un futura versione sarà possibile "riospitare" un file pubblicato in un gruppo, e anche scaricare da più host contemporaneamente (come una sorta di bittorrent).

Perché ci sono dei nuovi contatti che appaiono nella mia lista?

Ciò è dovuto al modo in cui Cwtch gestisce attualmente le connessioni da indirizzi sconosciuti. Dato che pubblicare un file in un gruppo implica che i membri del gruppo si connettono a te direttamente, alcuni di questi membri potrebbero non essere già nella tua lista contatti, e quindi la loro connessione a te per il download apparirà nella tua lista come una richiesta di contatto.

Che cosa è "SHA512"?

SHA512 è un hash crittografico che può essere utilizzato per verificare che il file scaricato sia una copia corretta del file offerto. Cwtch fa questa verifica per te automaticamente, ma puoi anche provare a fare la tua propria verifica indipendentemente! Nota che includiamo anche un nonce casuale con le offerte di file, cosicché le persone non possano semplicemente richiederti qualsiasi hash casuale che potresti avere, o file di conversazioni di cui non fanno parte.

C'è un limite alla dimensione dei file?

Il limite attuale è di 10 gigabyte per file.

Che cosa sono questi file .manifest?

I file .manifest vengono utilizzati durante il download di un file per verificare che i singoli pezzi siano ricevuti correttamente, e supportare il ripristino di trasferimenti interrotti. Essi contengono anche le informazioni provenienti dall'offerta del file originale. Puoi eliminarli senza problemi una volta completato il download. Su Android, i manifesti vengono memorizzati nella cache dell'app e possono essere cancellati attraverso le impostazioni di sistema.

E i metadati dei file?

Inviamo il nome del file come suggerimento e per aiutare a distinguerlo dalle offerte di altri file. Il percorso completo viene rimosso prima di inviare l'offerta. Bisogna fare attenzione ai metadati nascosti che potrebbero essere memorizzati nel file stesso, cosa che varia a seconda del formato del file. Ad esempio, le immagini potrebbero contenere informazioni sulla geo-localizzazione e informazioni sulla fotocamera che le ha catturate, e i file PDF sono noti per contenere informazioni nascoste come il nome dell'autore o il dispositivo su cui sono stati creati. In generale, si dovrebbe inviare/ricevere file solo a/da persone di cui ci si fida.

Posso scaricare file automaticamente?

If the Image Previews and Profile Pictures experiment is enabled then Cwtch will automatically download images from accepted conversations

- + \ No newline at end of file diff --git a/build-staging/it/docs/chat/unblock-contact/index.html b/build-staging/it/docs/chat/unblock-contact/index.html index b48f9b6d..217fa066 100644 --- a/build-staging/it/docs/chat/unblock-contact/index.html +++ b/build-staging/it/docs/chat/unblock-contact/index.html @@ -12,13 +12,13 @@ - +

Sbloccare un contatto

  1. Seleziona il contatto nella tua lista conversazioni. I contatti bloccati vengono spostati in fondo alla lista.
  2. Vai alle Impostazioni della conversazione
  3. Scorri verso il basso fino a "Blocca il contatto"
  4. Sposta l'interruttore su "Sblocca il contatto"
info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/it/docs/contribute/developing/index.html b/build-staging/it/docs/contribute/developing/index.html index de8ce5a7..45191e59 100644 --- a/build-staging/it/docs/contribute/developing/index.html +++ b/build-staging/it/docs/contribute/developing/index.html @@ -12,13 +12,13 @@ - +

Developing Cwtch

This section documents some ways to get started with Cwtch Development.

Cwtch Issues Tracking Process

All Cwtch issues are tracked from the cwtch-ui git repository, even if the bug/feature originates in an upstream library. This allows us to keep everything in one place.

Issues are generally divided into 4 distinct categories:

  • Unprocessed - These are new issues that have not been discussed by the Cwtch team.
  • Scheduled - These issues have been planned for an upcoming release. They are usually tagged with the release they are expected to be fixed in e.g. cwtch-1.11. A core Cwtch team member is likely working on the issue, or is expecting to work on the issue in the coming weeks.
  • Desired - These are issues that we would like to fix but for some reason we are unable to schedule. This might be because the feature is large and requires a lot of effort, or because there is some blocker (e.g. a missing feature in Flutter or some other library) that prevents work on the feature.
  • Help Wanted - These are generally small issues that we would like to fix but that have been designated low priority. These are ideal first issues for volunteers.

If you would like to work on an open bug/feature, please comment on the issue and a member of the Cwtch team will follow up with advice on where to go from there. This helps us keep track of who is working on what problems, and reduces the amount of duplicate work. We aim to answer most queries within 24 hours, feel free to "bump" an issue if it takes longer than that.

note

Due to an issue with our email provider, we are currently unable to consistently send email from our gitea instance. Please regularly check open issues / pull-requests for updates (or subscribe to the repository's RSS feeds)

Cwtch Pull-Request Process

All pull-requests must be reviewed and approved by a core Cwtch team member prior to merging. Sarah reviews all new and active pull requests multiple times a week.

Build Bot

All Cwtch projects are set up with automated builds and testing. Every pull request is expected to be able to pass through these pipelines prior to being merged. If buildbot reports a failure then Sarah will work with you to determine the issue, and any necessary fixes.

Buildbot can fail for reasons beyond your control e.g. many of our integration tests rely setting up Tor connections, these can be brittle on occasion and result in timeouts and failures. Always confirm the root cause of a test failure before deciding what to do next.

Useful Resources

note

All contributions are eligible for stickers

- + \ No newline at end of file diff --git a/build-staging/it/docs/contribute/documentation/index.html b/build-staging/it/docs/contribute/documentation/index.html index 5dd4739d..310b2b1e 100644 --- a/build-staging/it/docs/contribute/documentation/index.html +++ b/build-staging/it/docs/contribute/documentation/index.html @@ -12,13 +12,13 @@ - +

Documentation Style Guide

This section documents the expected structure and quality of Cwtch documentation.

Screenshots and Cast of Characters

Most Cwtch documentation should feature at least one screenshot or animated image. Screenshots of the Cwtch application should be focused on the feature being described by the documentation.

To ensure consistency between screenshots we suggest that the profile involved should serve particular, constant, roles.

  • Alice - used to represent the primary profile.
  • Bob - the primary contact, useful when demonstrating peer-to-peer features
  • Carol - a secondary contact, useful when demonstrating group features
  • Mallory - representing a malicious peer (to be used when demonstrating blocking functionality)

Dialogue and Content

Where screenshots and demonstrations show dialogue, conversations, and/or images please keep the conversations short, on a casual topic. Examples include:

  • Organizing a picnic
  • Sharing photos from a vacation
  • Sending a document for review

Experiments

All features that rely on an experiment being enabled should all this out prominently at the top of the page e.g.:

Experiments Required

This feature requires Experiments Enabled and the Example Experiment turned on.

Risks

If a feature might result in destruction of key material or permanent deletion of state, then these should also be called out at the top of the documentation e.g.:

danger

This feature will result in irreversible deletion of key material. This cannot be undone.

- + \ No newline at end of file diff --git a/build-staging/it/docs/contribute/stickers/index.html b/build-staging/it/docs/contribute/stickers/index.html index ca0731b9..77d1a5e8 100644 --- a/build-staging/it/docs/contribute/stickers/index.html +++ b/build-staging/it/docs/contribute/stickers/index.html @@ -12,13 +12,13 @@ - +

Stickers

All contributions are eligible for stickers. If you are contributing to bug, feature, testing, or language, or have contributed significantly in the past then please email erinn@openprivacy.ca with details and an address for us to mail stickers to.

A Photo of Cwtch Stickers

- + \ No newline at end of file diff --git a/build-staging/it/docs/contribute/testing/index.html b/build-staging/it/docs/contribute/testing/index.html index 2c4b10da..8872cb9a 100644 --- a/build-staging/it/docs/contribute/testing/index.html +++ b/build-staging/it/docs/contribute/testing/index.html @@ -12,13 +12,13 @@ - +

Testare Cwtch

Questa sezione documenta alcuni modi per iniziare a testare Cwtch.

Far girare Fuzzbot

FuzzBot è il nostro bot di test di sviluppo. Puoi aggiungere FuzzBot come contatto: cwtch:4y2hxlxqzautabituedksnh2ulcgm2coqbure6wvfpg4gi2ci25ta5ad.

:::Info Aiuto FuzzBot

L'invio a FuzzBot del messaggio aiuto lo attiverà ad inviare una risposta con tutti i comandi di test attualmente disponibili.

:::

Per maggiori informazioni su FuzzBot consulta il nostro blog sullo sviluppo Discreet Log.

Unisciti al gruppo dei tester delle versioni di Cwtch candidate alla pubblicazione ufficiale

L'invio a Fuzzbot del comando testgroup-invite farà sì che FuzzBot ti inviti al gruppo di tester di Cwtch! Lì puoi fare domande, inviare segnalazioni di bug e offrire feedback.

Cwtch Nightlies

Cwtch Nightly build sono build di sviluppo che contengono nuove funzionalità che sono pronte per essere testate.

Le versioni di sviluppo più recenti di Cwtch sono disponibili dal nostro build server.

Non raccomandiamo che i tester si tengano sempre aggiornati con l'ultimo nightly build. Invece, pubblicheremo un messaggio sul gruppo Tester di versioni di Cwtch candidate al rilascio quando sarà disponibile un nightly build significativa. Un nightly build è considerato significativo se contiene una nuova funzione o un fix a un bug serio.

note

All contributions are eligible for stickers

Submitting Feedback

There are three main ways of submitting testing feedback to the team:

  • Via Cwtch: Either via the Release Candidate Testers Group or directly to a Cwtch team member.
  • Via Gitea: Please open an issue in https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues - please do not worry about duplicate issues, we will de-duplicate as part of our triage process.
  • Via Email: Email team@cwtch.im with the bug report and one of our team will look into it.
note

Due to an issue with our email provider, we are currently unable to consistently send email from our gitea instance. Please regularly check open issues / pull-requests for updates (or subscribe to the repository's RSS feeds)

- + \ No newline at end of file diff --git a/build-staging/it/docs/contribute/translate/index.html b/build-staging/it/docs/contribute/translate/index.html index ff0543b0..5196a065 100644 --- a/build-staging/it/docs/contribute/translate/index.html +++ b/build-staging/it/docs/contribute/translate/index.html @@ -12,13 +12,13 @@ - +

Translating Cwtch

Se vuoi contribuire con delle traduzioni all'applicazione di Cwtch o a questo manuale, ecco come fare

Contributing Translations to the Cwtch Application

There are two ways to contribute to Cwtch applications.

Join our Lokalise Team

We use Lokalise for managing translations for the Cwtch application.

  1. Sign up for a Lokalise account
  2. Email team@cwtch.im with the language you are interested in translating and an email we can use to invite you to our Lokalise team.

Directly via Git

For new translations, you can make a copy of https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/l10n/intl_en.arb and begin translating - you can then either submit pull requests or directly send updates to us (team@cwtch.im) and we will merge them in.

For adding to existing translations you can make pull requests directly on any file in https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/lib/l10n/ and we will review and merge them in.

Manuale utente di Cwtch

This handbook is translated through Crowdin.

To join our Crowdin project:

  1. Sign up for an account on Crowdin.
  2. Join the cwtch-users-handbook project.

We bundle up changes to the documentation in batches and sync them with the Crowdin project on a regular basis.

note

All contributions are eligible for stickers

- + \ No newline at end of file diff --git a/build-staging/it/docs/getting-started/supported_platforms/index.html b/build-staging/it/docs/getting-started/supported_platforms/index.html index 9beece05..5f51164e 100644 --- a/build-staging/it/docs/getting-started/supported_platforms/index.html +++ b/build-staging/it/docs/getting-started/supported_platforms/index.html @@ -12,13 +12,13 @@ - +

Supported Platforms

The table below represents our current understanding of Cwtch support across various operating systems and architectures (as of Cwtch 1.10 and January 2023).

In many cases we are looking for testers to confirm that various functionality works. If you are interested in testing Cwtch on a specific platform, or want to volunteer to help us official support a platform not listed here, then check out Contibuting to Cwtch.

Legend:

  • ✅: Officially Supported. Cwtch should work on these platforms without issue. Regressions are treated as high priority.
  • 🟡: Best Effort Support. Cwtch should work on these platforms but there may be documented or unknown issues. Testing may be needed. Some features may require additional work. Volunteer effort is appreciated.
  • ❌: Not Supported. Cwtch is unlikely to work on these systems. We will probably not accept bug reports for these systems.
PlatformOfficial Cwtch BuildsSource SupportNotes
Windows 1164-bit amd64 only.
Windows 1064-bit amd64 only. Not officially supported, but official builds may work.
Windows 8 and below🟡Not supported. Dedicated builds from source may work. Testing Needed.
OSX 10 and below🟡64-bit Only. Official builds have been reported to work on Catalina but not High Sierra
OSX 1164-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1264-bit Only. Official builds supports both arm64 and x86 architectures.
OSX 1364-bit Only. Official builds supports both arm64 and x86 architectures.
Debian 1164-bit amd64 Only.
Debian 10🟡64-bit amd64 Only.
Debian 9 and below🟡64-bit amd64 Only. Builds from source should work, but official builds may be incompatible with installed dependencies.
Ubuntu 22.0464-bit amd64 Only.
Other Ubuntu🟡64-bit Only. Testing needed. Builds from source should work, but official builds may be incompatible with installed dependencies.
CentOS🟡🟡Testing Needed.
Gentoo🟡🟡Testing Needed.
Arch🟡🟡Testing Needed.
Whonix🟡🟡Known Issues. Specific changes to Cwtch are required for support.
Raspian (arm64)🟡Builds from source work.
Other Linux Distributions🟡🟡Testing Needed.
Android 9 and below🟡🟡Official builds may work.
Android 10Official SDK supprts arm, arm64, and amd64 architectures.
Android 11Official SDK supprts arm, arm64, and amd64 architectures.
Android 12Official SDK supprts arm, arm64, and amd64 architectures.
Android 13Official SDK supprts arm, arm64, and amd64 architectures.
LineageOSOfficial SDK supprts arm, arm64, and amd64 architectures.
Other Android Distributions🟡🟡Testing Needed.
- + \ No newline at end of file diff --git a/build-staging/it/docs/groups/accept-group-invite/index.html b/build-staging/it/docs/groups/accept-group-invite/index.html index 3682a1d2..15869fac 100644 --- a/build-staging/it/docs/groups/accept-group-invite/index.html +++ b/build-staging/it/docs/groups/accept-group-invite/index.html @@ -12,13 +12,13 @@ - +

Accettare un Invito a un gruppo

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l'Esperimento Gruppi attivato.

:::

  1. Se qualcuno ti invia una richiesta di partecipazione a un gruppo
  2. Scegli se vuoi o meno unirti a questo gruppo
  3. Ora il gruppo è nella tua lista dei contatti
- + \ No newline at end of file diff --git a/build-staging/it/docs/groups/create-group/index.html b/build-staging/it/docs/groups/create-group/index.html index e252ede6..4eb4c330 100644 --- a/build-staging/it/docs/groups/create-group/index.html +++ b/build-staging/it/docs/groups/create-group/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/groups/edit-group-name/index.html b/build-staging/it/docs/groups/edit-group-name/index.html index c9d201b0..0614cde8 100644 --- a/build-staging/it/docs/groups/edit-group-name/index.html +++ b/build-staging/it/docs/groups/edit-group-name/index.html @@ -12,13 +12,13 @@ - +

Modificare il nome di un gruppo

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l'Esperimento Gruppi attivato.

:::

I nomi dei gruppi sono locali, personali e privati, non saranno condivisi.

  1. Nel pannello della chat vai alle impostazioni
  2. Cambia il nome del gruppo
  3. Clicca su "Salva"
  4. Ora il tuo gruppo ha un nuovo nome
- + \ No newline at end of file diff --git a/build-staging/it/docs/groups/introduction/index.html b/build-staging/it/docs/groups/introduction/index.html index c303ea85..aeb96dde 100644 --- a/build-staging/it/docs/groups/introduction/index.html +++ b/build-staging/it/docs/groups/introduction/index.html @@ -12,13 +12,13 @@ - +

Un'introduzione ai gruppi di Cwtch

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l'Esperimento Gruppi attivato.

:::

Nota: la comunicazione di gruppo resistente ai metadati è ancora un'area di ricerca attiva e ciò che è documentato qui probabilmente cambierà in futuro.

Per impostazione predefinita, Cwtch supporta solo chat peer-to-peer e online. Per supportare le conversazioni con più parti e il recapito offline, è necessaria una terza parte (non fidata). Chiamiamo queste entità terze "server".

Questi server possono essere creati da chiunque e sono pensati per essere sempre online. Il punto fondamentale è che tutte le comunicazioni con un server sono progettate in modo tale che il server abbia il meno possibile informazioni sui contenuti o metadati.

Per molti aspetti la comunicazione con un server è identica a quella con un normale peer Cwtch, comprende tutti gli stessi passi, tuttavia il server agisce sempre come peer in entrata, e il peer in uscita utilizza sempre una coppia di chiavi effimera appena generata - in modo che ogni sessione del server sia disconnessa.

Di conseguenza, le conversazioni peer-server differiscono solo nei tipi di messaggi inviati tra le due parti, con il server che memorizza tutti i messaggi che riceve e quindi permette a qualsiasi client di ripescare i messaggi più vecchi.

The risk model associated with servers is more complicated that peer-to-peer communication, as such we currently require people who want to use servers within Cwtch to opt-in to the Group Chat experiment in order to add, manage and create groups on untrusted servers.

Come funzionano i gruppi sotto il coperchio

Quando una persona vuole iniziare una conversazione di gruppo, in primo luogo genera casualmente una Chiave di gruppo segreta. Tutte le comunicazioni del gruppo verranno cifrate utilizzando questa chiave.

Insieme alla Chiave di gruppo, il creatore del gruppo decide anche il Server Cwtch da utilizzare come host del gruppo. Per ulteriori informazioni su come i Server autenticano se stessi si vedano i pacchetti di chiavi.

Un Identificatore di gruppo è generato utilizzando la chiave di gruppo e il server di gruppo e questi tre elementi sono raggruppati in un invito che può essere inviato ai potenziali membri del gruppo (per esempio tramite connessioni peer-to-peer esistenti).

Per inviare un messaggio al gruppo, un profilo si collega al server che ospita il gruppo (vedi sotto), e crittografa il proprio messaggio con la Chiave di gruppo e genera una firma crittografica sotto l'Identificatore di gruppo, il Server di gruppo e il messaggio decriptato (vedi formati di trasmissione per ulteriori informazioni).

Per ricevere un messaggio dal gruppo, un profilo deve essere collegato al server che ospita il gruppo e scaricare tutti i messaggi (dall'ultima connessione precedente). I profili tentano quindi di decifrare ogni messaggio utilizzando la Chiave di gruppo e in caso di successo cercano di verificare la firma (vedi Server di Cwtch, Gruppi di Cwtch per una panoramica degli attacchi e delle mitigazioni).

- + \ No newline at end of file diff --git a/build-staging/it/docs/groups/leave-group/index.html b/build-staging/it/docs/groups/leave-group/index.html index e9f3c66b..8cdfdd46 100644 --- a/build-staging/it/docs/groups/leave-group/index.html +++ b/build-staging/it/docs/groups/leave-group/index.html @@ -12,13 +12,13 @@ - +

Come lasciare un gruppo

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l'Esperimento Gruppi attivato.

:::

:::avviso

Questa funzione comporterà la cancellazione irreversibile di materiale chiave. Non può essere annullata.

:::

  1. Nel pannello della chat vai alle impostazioni
  2. Scorri verso il basso fino alla fine del pannello
  3. Clicca su "lascia la conversazione"
  4. Conferma che vuoi lasciare
- + \ No newline at end of file diff --git a/build-staging/it/docs/groups/manage-known-servers/index.html b/build-staging/it/docs/groups/manage-known-servers/index.html index ac151c08..28d878e7 100644 --- a/build-staging/it/docs/groups/manage-known-servers/index.html +++ b/build-staging/it/docs/groups/manage-known-servers/index.html @@ -12,13 +12,13 @@ - +

Gestire i server

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l'Esperimento Gruppi attivato.

:::

I gruppi Cwtch sono ospitati da server non affidabili. Se vuoi vedere i server di cui sei a conoscenza, il loro stato e i gruppi da essi ospitati:

  1. Nel pannello dei tuoi contatti
  2. Vai all'icona di gestione dei server

Importa un server ospitato localmente

  1. Per importare un server ospitato localmente, clicca su "seleziona server locale"
  2. Seleziona il server che desideri
- + \ No newline at end of file diff --git a/build-staging/it/docs/groups/send-invite/index.html b/build-staging/it/docs/groups/send-invite/index.html index 72129965..1d1e9a84 100644 --- a/build-staging/it/docs/groups/send-invite/index.html +++ b/build-staging/it/docs/groups/send-invite/index.html @@ -12,13 +12,13 @@ - +

Inviare inviti a un gruppo

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l'Esperimento Gruppi attivato.

:::

  1. Vai a una conversazione con un contatto
  2. Clicca sull'icona dell'invito
  3. Seleziona il gruppo in cui vuoi invitare la persona
  4. Seleziona "Invita"
  5. Hai inviato un invito
- + \ No newline at end of file diff --git a/build-staging/it/docs/intro/index.html b/build-staging/it/docs/intro/index.html index 2dc23b67..d1d841fa 100644 --- a/build-staging/it/docs/intro/index.html +++ b/build-staging/it/docs/intro/index.html @@ -12,13 +12,13 @@ - +

Che cos’è Cwtch?

Cwtch (/kʊtʃ/ - una parola gallese che si traduce approssimativamente in “un abbraccio che crea un luogo sicuro”) è un'applicazione di messaggistica decentralizzata, rispettosa della privacy e resistente ai metadati.

  • Decentralizzata e aperta: non c'è alcun “servizio Cwtch” o “rete Cwtch”. I partecipanti a Cwtch possono ospitare i propri spazi sicuri, o prestare la loro infrastruttura ad altri che cercano uno spazio sicuro. Il protocollo Cwtch è aperto, e chiunque è libero di creare bot, servizi e interfacce utente, e di integrare e interagire con Cwtch.
  • Rispettosa della privacy: Tutta la comunicazione in Cwtch è crittografata end-to-end e si svolge attraverso i servizi onion di Tor v3.
  • Resistente ai metadati: Cwtch è stata progettata in modo tale che nessuna informazione venga scambiata o resa disponibile a qualcuno senza il suo esplicito consenso, inclusi i messaggi on-the-wire e i metadati del protocollo.

Sicurezza e Crittografia

Per uno sguardo più approfondito alla sicurezza, alla privacy e alla sottostante tecnologia di crittografia utilizzata in Cwtch, consulta il nostro Manuale sulla sicurezza

Come iniziare

Puoi scaricare l'ultima versione di Cwtch da https://cwtch.im/download/

- + \ No newline at end of file diff --git a/build-staging/it/docs/platforms/tails/index.html b/build-staging/it/docs/platforms/tails/index.html index ee8e6ce8..8ded41d0 100644 --- a/build-staging/it/docs/platforms/tails/index.html +++ b/build-staging/it/docs/platforms/tails/index.html @@ -12,13 +12,13 @@ - +

Running Cwtch on Tails

New Feature

New in Cwtch 1.12

This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.

The following steps require that Tails has been launched with an Administration Password.

Tails uses Onion Grater to guard access to the control port. We have packaged an oniongrater configuration cwtch-tails.yml and setup script (install-tails.sh) with Cwtch on Linux.

The tails-specific part of the script is reproduced below:

    # Tails needs to be have been setup up with an Administration account
    # 
    # Make Auth Cookie Readable
    sudo chmod o+r /var/run/tor/control.authcookie
    # Copy Onion Grater Config
    sudo cp cwtch.yml /etc/onion-grater.d/cwtch.yml
    # Restart Onion Grater so the Config Takes effect
    sudo systemctl restart onion-grater.service

When launching, Cwtch on Tails should be passed the CWTCH_TAILS=true environment variable to automatically configure Cwtch for running in a Tails-like environment:

exec env CWTCH_TAILS=true LD_LIBRARY_PATH=~/.local/lib/cwtch/:~/.local/lib/cwtch/Tor ~/.local/lib/cwtch/cwtch

Install Location

The above command, and the below onion grater configuration assume that Cwtch was installed in ~/.local/lib/cwtch/cwtch - if Cwtch was installed somewhere else (or if you are running directly from the download folder) then you will need to adjust the commands.

Onion Grater Configuration

The oniongrater configuration cwtch-tails.yml is reproduced below. As noted this configuration is can likely be restricted much further. 

    ---
    # TODO: This can likely be restricted even further, especially in regards to the ADD_ONION pattern

    - apparmor-profiles:
        - '/home/amnesia/.local/lib/cwtch/cwtch'
      users:

        - 'amnesia'
      commands:
        AUTHCHALLENGE:

          - 'SAFECOOKIE .*'
        SETEVENTS:

          - 'CIRC WARN ERR'
          - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
        GETINFO:

          - '.*'
        GETCONF:

          - 'DisableNetwork'
        SETCONF:

          - 'DisableNetwork.*'
        ADD_ONION:

          - '.*'
        DEL_ONION:

          - '.+'
        HSFETCH:

          - '.+'
      events:
        CIRC:
          suppress: true
        ORCONN:
          suppress: true
        INFO:
          suppress: true
        NOTICE:
          suppress: true
        WARN:
          suppress: true
        ERR:
          suppress: true
        HS_DESC:
          response:

        - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
          replacement: '650 HS_DESC CREATED {} {} {} redacted {}'

        - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
          replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'

        - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
          replacement: '650 HS_DESC UPLOADED {} {} redacted'

        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH'
          replacement: '650 HS_DESC REQUESTED {} NO_AUTH'

        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
          replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'

        - pattern:     '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
          replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'

        - pattern:     '.*'
          replacement: ''
        HS_DESC_CONTENT:
          suppress: true

Persistence

By default, Cwtch creates $HOME/.cwtch and saves all encrypted profiles and settings files there. In order to save any profiles/conversations in Cwtch on Tails you will have to backup this folder to a non-volatile home.

See the Tails documentation for setting up persistent storage

- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/availability-status/index.html b/build-staging/it/docs/profiles/availability-status/index.html index 6bcfee03..40311ac9 100644 --- a/build-staging/it/docs/profiles/availability-status/index.html +++ b/build-staging/it/docs/profiles/availability-status/index.html @@ -12,13 +12,13 @@ - +

Setting Availability Status

New Feature

New in Cwtch 1.12

This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.

On the conversations pane click the Status icon next to your profile picture.

A drop-down menu will appear with various options e.g. Available, Away, and Busy

When you select Away or Busy as a status the border of your profile picture will change to reflect the status

Contacts will see this change reflected in their conversations pane.

- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/change-name/index.html b/build-staging/it/docs/profiles/change-name/index.html index 3824742c..9c2cfdda 100644 --- a/build-staging/it/docs/profiles/change-name/index.html +++ b/build-staging/it/docs/profiles/change-name/index.html @@ -12,13 +12,13 @@ - +

Cambiare il tuo nome visualizzato

  1. Nel menú Gestisci profili, premi la matita accanto al profilo che vuoi modificare
  2. Modifica il tuo nome
  3. Clicca su salva il profilo
- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/change-password/index.html b/build-staging/it/docs/profiles/change-password/index.html index c8d0442e..efda04c1 100644 --- a/build-staging/it/docs/profiles/change-password/index.html +++ b/build-staging/it/docs/profiles/change-password/index.html @@ -12,13 +12,13 @@ - +

Modificare la tua password

  1. Clicca sulla matita accanto al profilo che vuoi modificare
  2. Vai a "password corrente" e inseriscila
  3. Vai a "nuova password" e inserisci la tua nuova password
  4. Inserisci la nuova password una seconda volta
  5. Clicca su salva il profilo
- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/change-profile-image/index.html b/build-staging/it/docs/profiles/change-profile-image/index.html index 3adabe12..1aae7bbd 100644 --- a/build-staging/it/docs/profiles/change-profile-image/index.html +++ b/build-staging/it/docs/profiles/change-profile-image/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/create-a-profile/index.html b/build-staging/it/docs/profiles/create-a-profile/index.html index 4f464d32..eb71e4b3 100644 --- a/build-staging/it/docs/profiles/create-a-profile/index.html +++ b/build-staging/it/docs/profiles/create-a-profile/index.html @@ -12,13 +12,13 @@ - +

Creare un nuovo profilo

  1. Clicca sul pulsante di azione "+" nell'angolo in basso a destra e seleziona "Nuovo profilo"
  2. Seleziona un nome da visualizzare
  3. Seleziona se vuoi proteggere questo profilo localmente con crittografia avanzata:
    • Password: il tuo account è protetto da altre persone che potrebbero utilizzare questo dispositivo
    • Nessuna password: chiunque abbia accesso a questo dispositivo ha la possibilità di accedere a questo profilo
  4. Inserisci nuovamente la tua password
  5. Clicca su aggiungi nuovo profilo

Una nota sui profili protetti da password (crittografati)

I profili sono memorizzati localmente sul disco e crittografati utilizzando una chiave derivata dalla password conosciuta dall'utente (tramite pbkdf2).

Note that, once encrypted and stored on disk, the only way to recover a profile is by rederiving the key from the password - as such it isn't possible to provide a full list of profiles a user might have access to until they enter a password.

Vedi anche: Manuale sulla sicurezza di Cwtch: Crittografia del profilo & spazio di archiviazione

- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/delete-profile/index.html b/build-staging/it/docs/profiles/delete-profile/index.html index 5fe1fe37..28b59117 100644 --- a/build-staging/it/docs/profiles/delete-profile/index.html +++ b/build-staging/it/docs/profiles/delete-profile/index.html @@ -12,13 +12,13 @@ - +

Eliminare un profilo

:::avviso

Questa funzione comporterà la cancellazione irreversibile di materiale chiave. Non può essere annullata.

:::

  1. Clicca sulla matita accanto al profilo che vuoi modificare
  2. Scorri verso il basso fino alla fine del menú
  3. Clicca su elimina
  4. Clicca su elimina definitivamente il profilo
- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/exporting-profile/index.html b/build-staging/it/docs/profiles/exporting-profile/index.html index 45093820..582c8d97 100644 --- a/build-staging/it/docs/profiles/exporting-profile/index.html +++ b/build-staging/it/docs/profiles/exporting-profile/index.html @@ -12,13 +12,13 @@ - +

Backup o esportazione di un profilo

Nella schermata di Gestione del profilo:

  1. Seleziona la matita accanto al profilo che vuoi modificare
  2. Scorri verso il basso fino alla fine del menú
  3. Seleziona "Esporta profilo"
  4. Scegli una posizione e un nome per il file
  5. Conferma

Una volta confermato, Cwtch inserirà una copia del profilo alla posizione indicata. Questo file viene crittografato allo stesso livello del profilo. Vedi Una nota sui profili protetti da password (crittografati) per ulteriori informazioni sui profili crittografati.

Questo file può essere importato in un'altra istanza di Cwtch su qualsiasi dispositivo.

- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/importing-a-profile/index.html b/build-staging/it/docs/profiles/importing-a-profile/index.html index 6bd4623b..87ce9357 100644 --- a/build-staging/it/docs/profiles/importing-a-profile/index.html +++ b/build-staging/it/docs/profiles/importing-a-profile/index.html @@ -12,13 +12,13 @@ - +

Importare un profilo

  1. Clicca sul pulsante di azione "+" nell'angolo in basso a destra e seleziona "Importa profilo"
  2. Seleziona il file di un profilo Cwtch esportato da importare
  3. Inserisci la password associata al profilo e conferma.

Una volta confermato, Cwtch tenterà di decifrare il file fornito utilizzando una chiave derivata dalla password fornita. Se l'operazione ha successo il profilo verrà visualizzato nella schermata Gestione profilo e sarà pronto per l'uso.

:::nota

Mentre un profilo può essere importato su più dispositivi, attualmente si puó avere una sola versione di un profilo in uso su tutti i dispositivi ad un dato momento.

Tentativi di utilizzare lo stesso profilo su più dispositivi possono causare problemi di disponibilità e errori di messaggistica.

:::

- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/introduction/index.html b/build-staging/it/docs/profiles/introduction/index.html index 7a010fd4..a99e786d 100644 --- a/build-staging/it/docs/profiles/introduction/index.html +++ b/build-staging/it/docs/profiles/introduction/index.html @@ -12,13 +12,13 @@ - +

Un'introduzione ai profili di Cwtch

Su Cwtch puoi creare uno o piú Profili. Ogni profilo genera una coppia di chiavi ed25519 casuale compatibile con la rete Tor.

Questo è l'identificatore che puoi fornire ad altre persone e che possono usare per contattarti tramite Cwtch.

Cwtch ti permette di creare e gestire multipli profili separati. Ogni profilo è associato a una diversa coppia di chiavi che lancia un diverso servizio "onion".

Gestire i profili

All'avvio Cwtch avvierà la schermata Gestione Profili. Da questa schermata è possibile:

- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/profile-info/index.html b/build-staging/it/docs/profiles/profile-info/index.html index db521a76..221fb78b 100644 --- a/build-staging/it/docs/profiles/profile-info/index.html +++ b/build-staging/it/docs/profiles/profile-info/index.html @@ -12,13 +12,13 @@ - +

Setting Profile Attributes

New Feature

New in Cwtch 1.12

This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.

On the profile management pane there are three free-form text fields below your profile picture.

You can fill these fields with any information your would like potential contacts to know. This information is public - do not put any information in here that you do not want to share with everyone.

Contacts will be able to see this information in conversation settings

- + \ No newline at end of file diff --git a/build-staging/it/docs/profiles/unlock-profile/index.html b/build-staging/it/docs/profiles/unlock-profile/index.html index e575a85f..28eaba38 100644 --- a/build-staging/it/docs/profiles/unlock-profile/index.html +++ b/build-staging/it/docs/profiles/unlock-profile/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/servers/create-server/index.html b/build-staging/it/docs/servers/create-server/index.html index f36ae61c..1b9307d9 100644 --- a/build-staging/it/docs/servers/create-server/index.html +++ b/build-staging/it/docs/servers/create-server/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/servers/delete-server/index.html b/build-staging/it/docs/servers/delete-server/index.html index 23b89640..82fce988 100644 --- a/build-staging/it/docs/servers/delete-server/index.html +++ b/build-staging/it/docs/servers/delete-server/index.html @@ -12,13 +12,13 @@ - +

Come eliminare un server

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l' Esperimento di server hosting attivato.

:::

  1. Vai all'icona del server
  2. Seleziona il server che vuoi eliminare
  3. Clicca sull'icona della matita
  4. Scorri verso il basso e inserisci la tua password
  5. Clicca su elimina
  6. Clicca su elimina definitivamente
  7. Il tuo server è stato eliminato
- + \ No newline at end of file diff --git a/build-staging/it/docs/servers/edit-server/index.html b/build-staging/it/docs/servers/edit-server/index.html index af1b37fb..d8bf0b5e 100644 --- a/build-staging/it/docs/servers/edit-server/index.html +++ b/build-staging/it/docs/servers/edit-server/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/servers/introduction/index.html b/build-staging/it/docs/servers/introduction/index.html index 060becf8..a5c2b828 100644 --- a/build-staging/it/docs/servers/introduction/index.html +++ b/build-staging/it/docs/servers/introduction/index.html @@ -12,13 +12,13 @@ - +

Introduzione ai server

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l' Esperimento di server hosting attivato.

:::

La chat Cwtch da contatto a contatto è completamente peer to peer, il che significa se un peer è offline, non si può chattare, e non c'è alcun meccanismo per chat tra più persone.

Per supportare la chat di gruppo (e il recapito offline) abbiamo creato server Cwtch non affidabili che possono ospitare messaggi per un gruppo. I messaggi sono cifrati con la chiave di gruppo e recuperati tramite servizi "onion" effimeri, in modo che il server non ha modo di sapere di quali messaggi per quali gruppi potrebbe essere in possesso, o chi sta accedendo.

Attualmente fare girare dei server nell'app di Cwtch è supportato solo nella versione Desktop in quanto i dispositivi di telefonia mobile hanno connessione internet e configurazione troppo instabili o inadatte ad ospitare un server.

- + \ No newline at end of file diff --git a/build-staging/it/docs/servers/share-key/index.html b/build-staging/it/docs/servers/share-key/index.html index 1199b945..b8eaafd2 100644 --- a/build-staging/it/docs/servers/share-key/index.html +++ b/build-staging/it/docs/servers/share-key/index.html @@ -12,13 +12,13 @@ - +

Come condividere il tuo pacchetto di chiavi del server

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l' Esperimento di server hosting attivato.

:::

Il pacchetto di chiavi del server è il pacchetto di dati di cui un'app Cwtch ha bisogno per poter usare un server. Se vuoi solo far conoscere agli altri utenti Cwtch il tuo server, puoi condividere questo pacchetto con loro. Chi riceve il pacchetto avrà a quel punto la capacità di creare i propri gruppi sul server.

  1. Vai all'icona del server
  2. Seleziona il server desiderato
  3. Utilizza l'icona di "copia indirizzo" per copiare le chiavi del server
  4. Non condividere le chiavi con persone di cui non ti fidi
- + \ No newline at end of file diff --git a/build-staging/it/docs/servers/unlock-server/index.html b/build-staging/it/docs/servers/unlock-server/index.html index 1b50f0b4..11422723 100644 --- a/build-staging/it/docs/servers/unlock-server/index.html +++ b/build-staging/it/docs/servers/unlock-server/index.html @@ -12,13 +12,13 @@ - +

Come sbloccare un server

:::attenzione Esperimenti necessari

Questa funzione richiede Esperimenti abilitati e l' Esperimento di server hosting attivato.

:::

Se hai protetto il tuo server con una password, dovrà essere sbloccato ogni volta che riavvii l'applicazione.

  1. Vai all'icona del server
  2. Clicca sull'icona di sblocco rosa
  3. Inserisci la password del tuo server
  4. Premi Sblocca
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/appearance/change-language/index.html b/build-staging/it/docs/settings/appearance/change-language/index.html index 8122c78e..3654015d 100644 --- a/build-staging/it/docs/settings/appearance/change-language/index.html +++ b/build-staging/it/docs/settings/appearance/change-language/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/appearance/light-dark-mode/index.html b/build-staging/it/docs/settings/appearance/light-dark-mode/index.html index 1f2eed5c..604c37be 100644 --- a/build-staging/it/docs/settings/appearance/light-dark-mode/index.html +++ b/build-staging/it/docs/settings/appearance/light-dark-mode/index.html @@ -12,13 +12,13 @@ - +

Modalità chiara/scura e scomposizione dei temi

  1. Clicca sull'icona impostazione
  2. Puoi scegliere un tema chiaro o scuro interagendo con l'interruttore "usa temi chiari"
  3. Utilizzando il menu a tendina “tema colori”, scegli un tema che ti piace
    1. Cwtch: toni di viola
    2. Fantasma: toni di grigio
    3. Sirena: toni di turchese e viola
    4. Mezzanotte: toni neri e grigi
    5. Neon 1: toni viola e rosa
    6. Neon 2: toni viola e turchese
    7. Zucca: toni viola e arancione
    8. Strega: toni verdi e rosa
    9. Vampiro: toni viola e rossi
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/appearance/streamer-mode/index.html b/build-staging/it/docs/settings/appearance/streamer-mode/index.html index 52029efd..ffcfe7a5 100644 --- a/build-staging/it/docs/settings/appearance/streamer-mode/index.html +++ b/build-staging/it/docs/settings/appearance/streamer-mode/index.html @@ -12,13 +12,13 @@ - +

Modalità Streamer/Presentazione

La modalità Streamer/Presentazione rende l'applicazione visivamente più privata. In this mode, Cwtch will not display auxiliary information like Cwtch addresses and other sensitive information on the main screens.

Questo è utile quando si catturano screenshot o in altro modo si mostra Cwtch più "pubblicamente".

  1. Clicca sull'icona impostazione
  2. Imposta la "Modalità Streamer" su On
  3. Controlla che funzioni guardando il tuo profilo la tua lista di contatti
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/appearance/ui-columns/index.html b/build-staging/it/docs/settings/appearance/ui-columns/index.html index 5bdf2169..0d27d52e 100644 --- a/build-staging/it/docs/settings/appearance/ui-columns/index.html +++ b/build-staging/it/docs/settings/appearance/ui-columns/index.html @@ -12,13 +12,13 @@ - +

Colonne dell' IU (Interfaccia Utente)

  1. Clicca sull'icona impostazione
  2. Clicca su singola
  3. Seleziona la configurazione delle colonne che vuoi usare
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/behaviour/block-unknown-connections/index.html b/build-staging/it/docs/settings/behaviour/block-unknown-connections/index.html index 01732811..2ab83fd7 100644 --- a/build-staging/it/docs/settings/behaviour/block-unknown-connections/index.html +++ b/build-staging/it/docs/settings/behaviour/block-unknown-connections/index.html @@ -12,13 +12,13 @@ - +

Blocca connessioni sconosciute

By default, Cwtch interprets connections from unknown Cwtch addresses as Contact Requests. È possibile modificare questo comportamento tramite l'impostazione "Blocco connessioni sconosciute".

Se abilitata, Cwtch chiuderà automaticamente tutte le connessioni dagli indirizzi Cwtch che non hai aggiunto al tuo elenco delle conversazioni. This will prevent people who have your Cwtch address from contacting you unless you also add them.

Per abilitare:

  1. Vai su "Impostazioni"
  2. Attiva/Disattiva "Blocco contatti sconosciuti"
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/behaviour/notification-content/index.html b/build-staging/it/docs/settings/behaviour/notification-content/index.html index 1e6cd4bc..12ac29dd 100644 --- a/build-staging/it/docs/settings/behaviour/notification-content/index.html +++ b/build-staging/it/docs/settings/behaviour/notification-content/index.html @@ -12,13 +12,13 @@ - +

Contenuto notifica

  1. Vai alle impostazioni
  2. Scorri fino a "comportamento"
  3. Il contenuto notifica controlla il contenuto delle notifiche
    1. Evento semplice: solo "Nuovo messaggio"
    2. Informazioni sulla conversazione: "Nuovo messaggio da XXXXX"
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/behaviour/notification-policy/index.html b/build-staging/it/docs/settings/behaviour/notification-policy/index.html index b2a57129..2292e21b 100644 --- a/build-staging/it/docs/settings/behaviour/notification-policy/index.html +++ b/build-staging/it/docs/settings/behaviour/notification-policy/index.html @@ -12,13 +12,13 @@ - +

Policy di notifica

  1. Vai alle impostazioni
  2. Scorri fino a "comportamento"
  3. La policy di notifica controlla il comportamento delle notifiche
  4. Clicca su "Predefinita" per modificare il comportamento per attivare o per disabilitare tutte le notifiche
  5. Scegli la tua policy di notifica preferita
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/experiments/clickable-links/index.html b/build-staging/it/docs/settings/experiments/clickable-links/index.html index e8521fa6..339a39ec 100644 --- a/build-staging/it/docs/settings/experiments/clickable-links/index.html +++ b/build-staging/it/docs/settings/experiments/clickable-links/index.html @@ -12,13 +12,13 @@ - +

Esperimento Link cliccabili

:::pericolo

Questa funzione, se abilitata, presenta un rischio di deanonimizzazione.

Non aprire URL provenienti da persone di cui non ti fidi. I link inviati tramite Cwtch vengono aperti tramite il browser predefinito del sistema. La maggior parte dei browser non può fornire anonimato.

:::

Abilita l'Esperimento Link cliccabili

I link cliccabili non sono abilitati come impostazione predefinita. Per consentire a Cwtch di aprire i link nei messaggi:

  1. Vai su "Impostazioni"
  2. Abilita "Esperimenti"
  3. Abilita l'Esperimento Link cliccabili

Rischi

Avere link cliccabili nei messaggi é molto utile, tuttavia ci sono rischi di cui devi essere consapevole se scegli di abilitare questa funzione.

Per evitare l'attivazione accidentale, dopo aver cliccato su un link in un messaggio, Cwtch aprirà prima un prompt aggiuntivo con due opzioni:

  1. Copia l'URL negli appunti
  2. Apri l'URL nel web browser predefinito

È possibile utilizzare il pulsante indietro sul dispositivo, o cliccare fuori da questo prompt per evitare di selezionare una delle due opzioni.

Cwtch non può proteggerti se apri link maligni.

L'URL viene aperto nel web browser predefinito che probabilmente, come minimo, esporrá il tuo indirizzo IP al server che ospita l'URL. Le pagine web possono anche utilizzare altre vulnerabilità del browser per raccogliere altre informazioni, o attaccare il tuo computer con ulteriori exploit.

- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/experiments/file-sharing/index.html b/build-staging/it/docs/settings/experiments/file-sharing/index.html index e139ef76..4790fc2d 100644 --- a/build-staging/it/docs/settings/experiments/file-sharing/index.html +++ b/build-staging/it/docs/settings/experiments/file-sharing/index.html @@ -12,13 +12,13 @@ - +

Condivisione file

These setting enables Cwtch filesharing functionality. This reveals the "Share File" option in the conversation pane, and allows you to download files from conversations.

Optionally, you can enable Image Previews and Profile Pictures to download image files automatically, view image previews in the conversation window, and enable the Profile Pictures feature;

info

This documentation page is a stub. You can help by expanding it.

- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/experiments/group-experiment/index.html b/build-staging/it/docs/settings/experiments/group-experiment/index.html index 01b25101..28af03fd 100644 --- a/build-staging/it/docs/settings/experiments/group-experiment/index.html +++ b/build-staging/it/docs/settings/experiments/group-experiment/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/experiments/image-previews-and-profile-pictures/index.html b/build-staging/it/docs/settings/experiments/image-previews-and-profile-pictures/index.html index c94026db..ef791af0 100644 --- a/build-staging/it/docs/settings/experiments/image-previews-and-profile-pictures/index.html +++ b/build-staging/it/docs/settings/experiments/image-previews-and-profile-pictures/index.html @@ -12,13 +12,13 @@ - +

Anteprime immagine e immagini del profilo

caution

This experiment requires the File Sharing experiment enabled.

When enabled, Cwtch will download image files automatically, display image previews in the conversation window, and enable the Profile Pictures feature;

On Desktop, enabling this experiment will allow access to an additional setting "Download Folder` which can be changed to tell Cwtch where to (automatically) download pictures.

- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/experiments/message-formatting/index.html b/build-staging/it/docs/settings/experiments/message-formatting/index.html index 9295076f..e5198153 100644 --- a/build-staging/it/docs/settings/experiments/message-formatting/index.html +++ b/build-staging/it/docs/settings/experiments/message-formatting/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/experiments/qrcodes/index.html b/build-staging/it/docs/settings/experiments/qrcodes/index.html index b1f457e0..3d262ff9 100644 --- a/build-staging/it/docs/settings/experiments/qrcodes/index.html +++ b/build-staging/it/docs/settings/experiments/qrcodes/index.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/experiments/server-hosting/index.html b/build-staging/it/docs/settings/experiments/server-hosting/index.html index e0baeb44..4f12c12c 100644 --- a/build-staging/it/docs/settings/experiments/server-hosting/index.html +++ b/build-staging/it/docs/settings/experiments/server-hosting/index.html @@ -12,13 +12,13 @@ - +

Hosting di un server

L'hosting di un server è attualmente una funzione sperimentale in Cwtch, non è tra le impostazioni predefinite.

  1. Vai su "Impostazioni"
  2. Abilita "Esperimenti"
  3. Abilita l'Esperimento di server hosting
  4. Probabilmente vorrai anche abilitare l'Esperimento Gruppi se vuoi partecipare a un gruppo ospitato sul tuo server
- + \ No newline at end of file diff --git a/build-staging/it/docs/settings/introduction/index.html b/build-staging/it/docs/settings/introduction/index.html index 4490c554..09ed4256 100644 --- a/build-staging/it/docs/settings/introduction/index.html +++ b/build-staging/it/docs/settings/introduction/index.html @@ -12,13 +12,13 @@ - +

Un'introduzione alle impostazioni dell'app di Cwtch

Aspetto

These are settings which effect how Cwtch looks, including themes and localization.

Comportamento

These settings impact how Cwtch responds to certain events e.g. notifications for new messages, or requests from unknown public addresses.

Esperimenti

Ci sono molte funzionalitá in Cwtch che sono desiderabili ma la cui implementazione richiede metadati aggiuntivi, o un certo rischio, oltre il minimo che Cwtch richiede per le operazioni di base.

Di conseguenza, sotto Esperimenti troverete un certo numero di impostazioni opzionali che, quando abilitate, forniscono funzionalità aggiuntive come conversazioni di gruppo, condivisione di file o formattazione dei messaggi.

Rifletti attentamente sui nuovi rischi che potrebbero essere coinvolti quando abiliti queste funzionalitá, e chiediti se sei a tuo agio o meno nel momento in cui acconsenti a correre quei rischi. Per molti i vantaggi della condivisione di file, le anteprime dell'immagine e la chat di gruppo superano di gran lunga i potenziali danni - ma per tener conto e rispettare altre esigenze richiediamo a tutti di dare un consenso esplicito a queste funzionalità.

Puoi ritirare il tuo consensoin qualsiasi momento, tutte le funzionalità sono implementate localmente all'interno dell'app Cwtch.

- + \ No newline at end of file diff --git a/build-staging/it/docs/tor/index.html b/build-staging/it/docs/tor/index.html index d53ce31b..b20202f0 100644 --- a/build-staging/it/docs/tor/index.html +++ b/build-staging/it/docs/tor/index.html @@ -12,13 +12,13 @@ - +

Tor

Cwtch utilizza Tor per routing e connessioni. L'utilizzo dei servizi nascosti di Tor per ospitare profili e connessioni "effimere" generate al volo durante la creazione di una connessione fornisce forti garanzie di anonimato agli utenti di Cwtch.

Pannello Tor

Dato che stiamo aggiungendo un ulteriore livello di rete a Cwtch, forniamo un pannello per visualizzare lo stato della rete Tor e apportare modifiche. Per accedervi

  1. dal pannello Elenco profili, fare clic sull'icona Tor icona di tor
  2. Visualizza lo stato della rete tor
Stato Tor: Online
Versione Tor: 0.4.6.9

Resetta Tor

La rete Tor stessa può occasionalmente avere connessioni obsolete che non vengono rilevate immediatamente da essa o da Cwtch (cerchiamo continuamente di introdurre miglioramenti a riguardo). A volte un utente può trovare contatti o gruppi visualizzati offline che ritiene dovrebbero invece essere online. Se vuoi riavviare tutte le connessioni di rete in Cwtch, forniamo un meccanismo per riavviare tor dall'interno dell'app. Il pulsante reset riavvierà Tor dall'interno dell'applicazione Cwtch.

Abilita la cache del Consenso Tor

Come impostazione predefinita, avviamo un nuovo processo Tor ogni volta che l'app si avvia, e ció richiede il download di un qualche stato di rete Tor prima che possa iniziare. Questo processo non è istantaneo. Se vuoi velocizzare gli avvii futuri di Cwtch, puoi abilitare la memorizzazione nella cache del Consenso Tor. Se riscontri un problema di avvio in cui i dati sono obsoleti o danneggiati e Cwtch segnala che non è possibile avviare Tor, disabilita questa funzione e resetta tor nuovamente, e dovrebbe funzionare.

Configurazione avanzata di Tor

Offriamo anche la possibilità di fornire opzioni di configurazione Tor avanzate in questa sezione consentendoti di

  • specificare una porta SOCKS personalizzata per connettersi a un processo Tor esistente
  • specificare una porta Controllo personalizzata per connettersi a un processo Tor esistente
  • specificare ulteriori opzioni inserendo torrc opzioni personalizzate
- + \ No newline at end of file diff --git a/build-staging/it/index.html b/build-staging/it/index.html index 9c4e2a13..37ba6433 100644 --- a/build-staging/it/index.html +++ b/build-staging/it/index.html @@ -12,13 +12,13 @@ - +

The Cwtch Handbook

Your Guide to setting up, and using, Surveillance Resistant Infrastructure

Get Started With Cwtch
- + \ No newline at end of file diff --git a/build-staging/it/security/category/connectivity--tor/index.html b/build-staging/it/security/category/connectivity--tor/index.html index 15c641b0..f3c866fb 100644 --- a/build-staging/it/security/category/connectivity--tor/index.html +++ b/build-staging/it/security/category/connectivity--tor/index.html @@ -12,13 +12,13 @@ - +

Connectivity & Tor

- + \ No newline at end of file diff --git a/build-staging/it/security/category/cwtch-components/index.html b/build-staging/it/security/category/cwtch-components/index.html index 0c4adb47..92d58be5 100644 --- a/build-staging/it/security/category/cwtch-components/index.html +++ b/build-staging/it/security/category/cwtch-components/index.html @@ -12,13 +12,13 @@ - +

Cwtch Components

- + \ No newline at end of file diff --git a/build-staging/it/security/category/cwtch-ui/index.html b/build-staging/it/security/category/cwtch-ui/index.html index 3fc30215..36ed6523 100644 --- a/build-staging/it/security/category/cwtch-ui/index.html +++ b/build-staging/it/security/category/cwtch-ui/index.html @@ -12,13 +12,13 @@ - +

Cwtch UI

📄️ Image Previews

Built on the back of filesharing in Cwtch 1.3, image previews are keyed by the suggested filename’s extension (and no, we’re not interested in using MIME types or magic numbers) and advertised size. If enabled, the preview system will automatically download shared images to a configured downloads folder and display them as part of the message itself. (Due to limitations on Android, they’ll go to the app’s private storage cache, and give you the option to save them elsewhere later instead.) The file size limit is TBD but will obviously be much lower than the overall filesharing size limit, which is currently 10 gigabytes.

- + \ No newline at end of file diff --git a/build-staging/it/security/category/cwtch/index.html b/build-staging/it/security/category/cwtch/index.html index e87b9120..b797312f 100644 --- a/build-staging/it/security/category/cwtch/index.html +++ b/build-staging/it/security/category/cwtch/index.html @@ -12,13 +12,13 @@ - +

Cwtch

- + \ No newline at end of file diff --git a/build-staging/it/security/category/tapir/index.html b/build-staging/it/security/category/tapir/index.html index 6d959ea9..aa844124 100644 --- a/build-staging/it/security/category/tapir/index.html +++ b/build-staging/it/security/category/tapir/index.html @@ -12,13 +12,13 @@ - +

Tapir

- + \ No newline at end of file diff --git a/build-staging/it/security/components/connectivity/intro/index.html b/build-staging/it/security/components/connectivity/intro/index.html index 6dbe78dd..5f86b444 100644 --- a/build-staging/it/security/components/connectivity/intro/index.html +++ b/build-staging/it/security/components/connectivity/intro/index.html @@ -12,13 +12,13 @@ - +

Connectivity

Cwtch makes use of Tor Onion Services (v3) for all inter-node communication.

We provide the openprivacy/connectivity package for managing the Tor daemon and setting up and tearing down onion services through Tor.

Known Risks

Private Key Exposure to the Tor Process

Status: Partially Mitigated (Requires Physical Access or Privilege Escalation to exploit)

We must pass the private key of any onion service we wish to set up to the connectivity library, through the Listen interface (and thus to the Tor process). This is one of the most critical areas that is outside of our control. Any binding to a rouge tor process or binary will result in compromise of the Onion private key.

Mitigations

Connectivity attempt to bind to the system-provided Tor process as the default, only when it has been provided with an authentication token.

Otherwise connectivity always attempts to deploy its own Tor process using a known good binary packaged with the system (outside of the scope of the connectivity package)

In the long term we hope an integrated library will become available and allow direct management through an in-process interface to prevent the private key from leaving the process boundary (or other alternative paths that allow us to maintain full control over the private key in-memory.)

Tor Process Management

Status: Partially Mitigated (Requires Physical Access or Privilege Escalation to exploit)

Many issues can arise from the management of a separate process, including the need to restart, exit and otherwise ensure appropriate management.

The ACN interface provides Restart, Close and GetBootstrapStatus interfaces to allow applications to manage the underlying Tor process. In addition the SetStatusCallback method can be used to allow an application to be notified when the status of the Tor process changes.

However, if sufficiently-privileged users wish they can interfere with this mechanism, and as such the Tor process is a more brittle component interaction than others.

Testing Status

Current connectivity has limited unit testing capabilities and none of these are run during pull requests or merges. There is no integration testing.

It is worth noting that connectivity is used by both Tapir and Cwtch in their integration tests (and so despite the lack of package level testing, it is exposed to system-wide test conditions)

- + \ No newline at end of file diff --git a/build-staging/it/security/components/cwtch/groups/index.html b/build-staging/it/security/components/cwtch/groups/index.html index 88fc18b5..591982e9 100644 --- a/build-staging/it/security/components/cwtch/groups/index.html +++ b/build-staging/it/security/components/cwtch/groups/index.html @@ -12,13 +12,13 @@ - +

Groups

For the most part the Cwtch risk model for groups is split into two distinct profiles:

  • Groups made up of mutually trusted participants where peers are assumed honest.
  • Groups consisting of strangers where peers are assumed to be potentially malicious.

Most of the mitigations described in this section relate to the latter case, but naturally also impact the former. Even if assumed honest peers later turn malicious there are mechanisms that can detect such malice and prevent it from happening in the future.

Risk Overview: Key Derivation

In the ideal case we would use a protocol like OTR, the limitations preventing us from doing so right now are:

  • Offline messages are not guaranteed to reach all peers, and as such any metadata relating to key material might get lost. We need a key derivation process which is robust to missing messages or incomplete broadcast.

Risk: Malicious Peer Leaks Group Key and/or Conversation

Status: Partially Mitigated (but impossible to mitigate fully)

Whether dealing with trusted smaller groups or partially-public larger groups there is always the possibility that a malicious actor will leak group messages.

We plan to make it easy for peers to fork groups to mitigate the same key being used to encrypt lots of sensitive information and provide some level of forward secrecy for past group conversations.

Risk: Active Attacks by Group Members

Status: Partially Mitigated

Group members, who have access to the key material of the group, can conspire with a server or other group members to break transcript consistency.

While we cannot directly prevent censorship given this kind of active collusion, we have a number of mechanisms in place that should reveal the presence of censorship to honest members of the group.

Mitigations:

  • Because each message is signed by the peers public key, it should not be possible (within the cryptographic assumptions of the underlying cryptography) for one group member to imitate another.
  • Each message contains a unique identifier derived from the contents and the previous message hash - making it impossible for collaborators to include messages from non-colluding members without revealing an implicit message chain (which if they were attempting to censor other messages would reveal such censorship)

Finally: We are actively working on adding non-repudiation to Cwtch servers such that they themselves are restricted in what they can censor efficiently.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/cwtch/key_bundles/index.html b/build-staging/it/security/components/cwtch/key_bundles/index.html index 5b80c4fd..06482f44 100644 --- a/build-staging/it/security/components/cwtch/key_bundles/index.html +++ b/build-staging/it/security/components/cwtch/key_bundles/index.html @@ -12,13 +12,13 @@ - +

Key Bundles

Cwtch servers identify themselves through signed key bundles. These key bundles contain a list of keys necessary to make Cwtch group communication secure and metadata resistant.

At the time of writing, key bundles are expected to contain 3 keys:

  1. A Tor v3 Onion Service Public Key for the Token Board (ed25519)- used to connect to the service over Tor to post and receive messages.
  2. A Tor v3 Onion Service Public Key for the Token Service (ed25519) - used to acquire tokens to post on the service via a small proof-of-work exercise.
  3. A Privacy Pass Public Key - used in the token acquisition process (a ristretto curve point) . See: OPTR2019-01

The key bundle is signed and can be verified via the first v3 onion service key, thus binding it to that particular oninon address.

Verifying Key Bundles

Profiles who import server key bundles verify them using the following trust-on-first-use (TOFU) algorithm:

  1. Verify the attached signature using the v3 onion address of the server. (If this fails, the import process is halted)
  2. Check that every key type exists. (If this fails, the import process is halted)
  3. If the profile has imported the server key bundle previously, assert that all the keys are the same. (If this fails, the import process is halted)
  4. Save the keys to the servers contact entry.

In the future this algorithm will likely be altered to allow the addition of new public keys (e.g. to allow tokens to be acquired via a Zcash address.)

Technically, at steps (2) and (3() the server can be assumed to be malicious, having signed a valid key bundle that does not conform to the specifications. When groups are moved from "experimental" to "stable" such an action will result in a warning being communicated to the profile.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/cwtch/message_formats/index.html b/build-staging/it/security/components/cwtch/message_formats/index.html index 60ee6069..d6036c70 100644 --- a/build-staging/it/security/components/cwtch/message_formats/index.html +++ b/build-staging/it/security/components/cwtch/message_formats/index.html @@ -12,13 +12,13 @@ - +

Message Formats

Peer to Peer Messages

PeerMessage {
    ID      string // A unique Message ID (primarily used for acknowledgments)
    Context string // A unique context identifier i.e. im.cwtch.chat
    Data    []byte // The context-dependent serialized data packet.
}

Context Identifiers

  • im.cwtch.raw - Data contains a plain text chat message (see: overlays for more information)

  • im.cwtch.acknowledgement - Data is empty and ID references a previously sent message

  • im.cwtch.getVal and im.cwtch.retVal - Used for requesting / returning specific information about a peer. Data contains a serialized peerGetVal structure and peerRetVal respectively.

      peerGetVal struct {
              Scope string
              Path string
      }

      type peerRetVal struct {
          Val    string // Serialized path-dependent value
          Exists bool
      }

Plaintext / Decrypted Group Messages

type DecryptedGroupMessage struct {
    Text      string // plaintext of the message
    Onion     string // The Cwtch address of the sender
    Timestamp uint64 // A user specified timestamp
    // NOTE: SignedGroupID is now a misnomer, the only way this is signed is indirectly via the signed encrypted group messages
    // We now treat GroupID as binding to a server/key rather than an "owner" - additional validation logic (to e.g.
    // respect particular group constitutions) can be built on top of group messages, but the underlying groups are
    // now agnostic to those models.
    SignedGroupID      []byte 
    PreviousMessageSig []byte // A reference to a previous message
    Padding            []byte // random bytes of length = 1800 - len(Text)
}

DecryptedGroupMessage contains random padding to a fixed size that is equal to the length of all fixed length fields + 1800. This ensures that all encrypted group messages are equal length.

Encrypted Group Messages

// EncryptedGroupMessage provides an encapsulation of the encrypted group message stored on the server
type EncryptedGroupMessage struct {
    Ciphertext []byte
    Signature  []byte // Sign(groupID + group.GroupServer + base64(decrypted group message)) using the senders Cwtch key
}

Calculating the signature requires knowing the groupID of the message, the server the group is associated with and the decrypted group message (and thus, the Group Key). It is (ed25519) signed by the sender of the message, and can be verified using their public Cwtch address key.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/cwtch/server/index.html b/build-staging/it/security/components/cwtch/server/index.html index e3a84c42..5bd74867 100644 --- a/build-staging/it/security/components/cwtch/server/index.html +++ b/build-staging/it/security/components/cwtch/server/index.html @@ -12,13 +12,13 @@ - +

Cwtch Server

The goal of the Cwtch protocol is to enable group communication through Untrusted Infrastructure.

Unlike in relay-based schemes where the groups assign a leader, set of leaders, or a trusted third party server to ensure that every member of the group can send and receive messages in a timely manner (even if members are offline) - untrusted infrastructure has a goal of realizing those properties without the assumption of trust.

The original Cwtch paper defined a set of properties that Cwtch Servers were expected to provide:

  • Cwtch Server may be used by multiple groups or just one.
  • A Cwtch Server, without collaboration of a group member, should never learn the identity of participants within a group.
  • A Cwtch Server should never learn the content of any communication.
  • A Cwtch Server should never be able to distinguish messages as belonging to a particular group.

We note here that these properties are a superset of the design aims of Private Information Retrieval structures.

Malicious Servers

We expect the presence of malicious entities within the Cwtch ecosystem.

We also prioritize decentralization and permissionless entry into the ecosystem and as such we do not base any security claims on the following:

  • Any non-collusion assumptions between a set of Cwtch servers
  • Any third-party defined verification process

Peers themselves are encouraged to set up and run Cwtch servers where they can guarantee more efficient properties by relaxing trust and security assumptions - however, by default, we design the protocol to be secure without these assumptions - sacrificing efficiency where necessary.

Detectable Faults

  • If a Cwtch server fails to relay a specific message to a subset of group members then there will be a detectable gap in the message tree of certain peers that can be discovered through peer-to-peer gossip.
  • A Cwtch server cannot modify any message without the key material known to the group (any attempt to do so for a subset of group members will result in identical behavior to failing to relay a message).
  • While a server can duplicate messages, these will have no impact on the group message tree (because of encryption, nonces and message identities) - the source of the duplication is not knowable to a peer.

Efficiency

As of writing, only 1 protocol is known for achieving the desired properties, naive PIR or "the server sends everything, and the peers sift through it".

This has an obvious impact on bandwidth efficiency, especially for peers using mobile devices, as such we are actively developing new protocols in which the privacy and efficiency guarantees can be traded-off in different ways.

As of writing, the servers allow both a complete download of all stored messages, and a request to download messages from a certain specified message.

All peers when they first join a group on a new server download all messages from the server, and from then on download only new messages.

Note: This behaviour does permit a mild form of metadata analysis. The server can new messages for each suspected unique profile, and then use these unique message signatures to track unique sessions over time ( via requests for new messages).

This is mitigated by 2 confounding factors:

  1. Profiles can refresh their connections at any time - resulting in fresh server session.
  2. Profiles can "resync" from a server at any time - resulting in a new call to download all messages. The most common usecase for this behaviour is to fetch older messages from a group.

In combination, these 2 mitigations place bounds on what the server is able to infer however we still cannot provide full metadata-resistance.

For potential future solutions to this problem see Niwl

Protecting the Server from Malicious Peers

The main risk to servers come in the form of spam generated by peers. In the prototype of Cwtch a spamguard mechanism was put in place that required peers to conduct some arbitrary proof of work given a server-specified parameter.

This is not a robust solution in the presence of a determined adversary with a significant amount of resources, and thus one of the main external risks to the Cwtch system becomes censorship-via-resource exhaustion.

We have outlined a potential solution to this in token based services but note that this also requires further development.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/ecosystem-overview/index.html b/build-staging/it/security/components/ecosystem-overview/index.html index 0d9f1ac2..93a9316a 100644 --- a/build-staging/it/security/components/ecosystem-overview/index.html +++ b/build-staging/it/security/components/ecosystem-overview/index.html @@ -12,13 +12,13 @@ - +

Component Ecosystem Overview

Cwtch is made up of several smaller component libraries. This chapter will provide a brief overview of each component and how it relates to the wider Cwtch ecosystem.

openprivacy/connectivity

Summary: A library providing an ACN (Anonymous Communication Network ) networking abstraction.

The goal of connectivity is to abstract away the underlying libraries/software needed to communicate with a specific ACN. Right now we only support Tor and so the job of connectivity is to:

  • Start and Stop the Tor Process
  • Provide configuration to the Tor process
  • Allow raw connections to endpoints via the Tor process (e.g. connect to onion services)
  • Host endpoints via the Tor process (e.g. host onion services)
  • Provide status updates about the underlying Tor process

For more information see connectivity

cwtch.im/tapir

Summary: Tapir is a small library for building p2p applications over anonymous communication systems.

The goal of tapir is to abstract away applications over a particular ACN. Tapir supports:

For more information see tapir

cwtch.im/cwtch

Summary: Cwtch is the main library for implementing the Cwtch protocol / system.

The goal of Cwtch is to provide implementations for cwtch-specific applications e.g. message sending, groups, and file sharing(implemented as Tapir applications), provide interfaces for managing and storing Cwtch profiles, provide an event bus for subsystem splutting and building plugins with new functionality, in addition to managing other core functionality.

The Cwtch library is also responsible for maintaining canonical model representations for wire formats and overlays.

cwtch.im/libcwtch-go

Summary: libcwtch-go provides C (including Android) bindings for Cwtch for use in UI implementations.

The goal of libcwtch-go is to bridge the gap between the backend Cwtch library and any front end systems which may be written in a different language.

The API provided by libcwtch is much more restricted than the one provided by Cwtch directly, each libcwtch API typically packages up several calls to Cwtch.

libcwtch-go is also responsible for managing UI settings and experimental gating. It is also often used as a staging ground for experimental features and code that may eventually end up in Cwtch.

cwtch-ui

Summary: A flutter based UI for Cwtch.

Cwtch UI uses libcwtch-go to provide a complete UI for Cwtch, allowing people to create and manage profiles, add contacts and groups, message people, share files (coming soon) and more.

The UI is also responsible for managing localization and translations.

For more information see Cwtch UI

Auxiliary Components

Occasionally, Open Privacy will factor out parts of Cwtch into standalone libraries that are not Cwtch specific. These are briefly summarized here:

openprivacy/log

An Open Privacy specific logging framework that is used throughout Cwtch packages.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/intro/index.html b/build-staging/it/security/components/intro/index.html index 61d052c1..8a1402a5 100644 --- a/build-staging/it/security/components/intro/index.html +++ b/build-staging/it/security/components/intro/index.html @@ -12,13 +12,13 @@ - +

Cwtch Technical Basics

This page presents a brief technical overview of the Cwtch protocol.

A Cwtch Profile

Users can create one of more Cwtch Profiles. Each profile generates a random ed25519 keypair compatible with Tor.

In addition to the cryptographic material, a profile also contains a list of Contacts (other Cwtch profile public keys + associated data about that profile like nickname and (optionally) historical messages), a list of Groups (containing the group cryptographic material in addition to other associated data like the group nickname and historical messages).

2-party conversions: Peer to Peer

For 2 parties to engage in a peer-to-peer conversation both must be online, but only one needs to be reachable via their onion service. For the sake of clarity we often label one party the "inbound peer" (the one who hosts the onion service) and the other party the "outbound peer" (the one that connects to the onion service).

After connection both parties engage in an authentication protocol which:

  • Asserts that each party has access to the private key associated with their public identity.
  • Generates an ephemeral session key used to encrypt all further communication during the session.

This exchange (documented in further detail in authentication protocol) is offline deniable i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the fact - it is impossible to definitely prove that the exchange happened at all.

After, the authentication protocol the two parties may exchange messages with each other freely.

Multi-party conversations: Groups and Peer to Server Communication

Note: Metadata Resistant Group Communication is still an active research area and what is documented here will likely change in the future.

When a person wants to start a group conversation they first randomly generate a secret Group Key. All group communication will be encrypted using this key.

Along with the Group Key, the group creator also decides on a Cwtch Server to use as the host of the group. For more information on how Servers authenticate themselves see key bundles.

A Group Identifier is generated using the group key and the group server and these three elements are packaged up into an invite that can be sent to potential group members (e.g. over existing peer-to-peer connections).

To send a message to the group, a profile connects to the server hosting the group (see below), and encrypts their message using the Group Key and generates a cryptographic signature over the Group Id, Group Server and the decrypted message (see: wire formats for more information).

To receive message from the group, a profile connected to the server hosting the group and downloads all messages (since their previous connection). Profiles then attempt to decrypt each message using the Group Key and if successful attempt to verify the signature (see Cwtch Servers Cwtch Groups for an overview of attacks and mitigations).

Servers are Peers

In many respects communication with a server is identical to communication with a regular Cwtch peer, all the same steps above are taken however the server always acts as the inbound peer, and the outbound peer always uses newly generated ephemeral keypair as their "longterm identity".

As such peer-server conversations only differ in the kinds of messages that are sent between the two parties, with the server relaying all messages that it receives and also allowing any client to query for older messages.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/tapir/authentication_protocol/index.html b/build-staging/it/security/components/tapir/authentication_protocol/index.html index eab8057b..60706cd4 100644 --- a/build-staging/it/security/components/tapir/authentication_protocol/index.html +++ b/build-staging/it/security/components/tapir/authentication_protocol/index.html @@ -12,13 +12,13 @@ - +

Authentication Protocol

Each peer, given an open connection CC:

I=InitializeIdentity()Ie=InitializeEphemeralIdentity()I,IeCP,PeCk=KDF(Pei+Pie+Peie)c=E(k,transcript.Commit())cCcpCD(k,cp)=?transcript.LatestCommit()I = \mathrm{InitializeIdentity()} \\ I_e = \mathrm{InitializeEphemeralIdentity()} \\ I,I_e \rightarrow C \\ P,P_e \leftarrow C \\ k = \mathrm{KDF}({P_e}^{i} + {P}^{i_e} + {P_e}^{i_e}) \\ c = \mathrm{E}(k, transcript.Commit()) \\ c \rightarrow C \\ c_p \leftarrow C\\ \mathrm{D}(k, c_p) \stackrel{?}{=} transcript.LatestCommit()

The above represents a sketch protocol, in reality there are a few implementation details worth pointing out:

Once derived from the key derivation function (KDF\mathrm{KDF}) the key (kk) is set on the connection, meaning the authentication app doesn't do the encryption or decryption explicitly.

The concatenation of parts of the 3DH exchange is strictly ordered:

  • DH of the Long term identity of the outbound connection by the ephemeral key of the inbound connection.
  • DH of the Long term identity of the inbound connection by the ephemeral key of the outbound connection.
  • DH of the two ephemeral identities of the inbound and outbound connections.

This strict ordering ensures both sides of the connection derive the same session key.

Cryptographic Properties

During an online-session, all messages encrypted with the session key can be authenticated by the peers as having come from their peer (or at least, someone with possession of their peers secret key as it related to their onion address).

Once the session has ended, a transcript containing the long term and ephemeral public keys, a derived session key and all encrypted messages in the session cannot be proven to be authentic i.e. this protocol provides message & participant repudiation (offline deniable) in addition to message unlinkability (offline deniable) in the case where someone is satisfied that a single message in the transcript must have originated from a peer, there is no way of linking any other message to the session.

Intuition for the above: the only cryptographic material related to the transcript is the derived session key - if the session key is made public it can be used to forge new messages in the transcript - and as such, any standalone transcript is subject to forgery and thus cannot be used to cryptographically tie a peer to a conversation.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/tapir/packet_format/index.html b/build-staging/it/security/components/tapir/packet_format/index.html index cad4cd53..f52bad27 100644 --- a/build-staging/it/security/components/tapir/packet_format/index.html +++ b/build-staging/it/security/components/tapir/packet_format/index.html @@ -12,13 +12,13 @@ - +

Packet Format

All tapir packets are fixed length (8192 bytes) with the first 2 bytes indicated the actual length of the message, len bytes of data, and the rest zero padded:

| len (2 bytes) | data (len bytes) | paddding (8190-len bytes)|

Once encrypted, the entire 8192 byte data packet is encrypted using libsodium secretbox using the standard structure ( note in this case the actual usable size of the data packet is 8190-14 to accommodate the nonce included by secret box)

For information on how the secret key is derived see the authentication protocol

- + \ No newline at end of file diff --git a/build-staging/it/security/components/ui/android/index.html b/build-staging/it/security/components/ui/android/index.html index ca32a47f..94005b99 100644 --- a/build-staging/it/security/components/ui/android/index.html +++ b/build-staging/it/security/components/ui/android/index.html @@ -12,13 +12,13 @@ - +

Android Service

Adapted from: Discreet Log #11: Integrating FFI processes with Android services

In addition to needing to make plain ol’ method calls into the Cwtch library, we also need to be able to communicate with (and receive events from) long-running Cwtch goroutines that keep the Tor process running in the background, manage connection and conversation state for all your contacts, and handle a few other monitoring and upkeep tasks as well. This isn’t really a problem on traditionally multitasking desktop operating systems, but on mobile devices running Android we have to contend with shorter sessions, frequent unloads, and network and power restrictions that can vary over time. As Cwtch is intended to be metadata resistant and privacy-centric, we also want to provide notifications without using the Google push notification service.

The solution for long-running network apps like Cwtch is to put our FFI code into an Android Foreground Service. (And no, it’s not lost on me that the code for our backend is placed in something called a ForegroundService.) With a big of finagling, the WorkManager API allows us to create and manage various types of services including ForegroundServices. This turned out to be a great choice for us, as our gomobile FFI handler happened to already be written in Kotlin, and WorkManager allows us to specify a Kotlin coroutine to be invoked as the service.

If you’d like to follow along, our WorkManager specifications are created in the handleCwtch() method of MainActivity.kt, and the workers themselves are defined in FlwtchWorker.kt.

Our plain ol’ method calls to FFI routines are also upgraded to be made as WorkManager work requests, which allows us to conveniently pass the return values back via the result callback.

One initial call (aptly named Start) gets hijacked by FlwtchWorker to become our eventbus loop. Since FlwtchWorker is a coroutine, it’s easy for it to yield and resume as necessary while waiting for events to be generated. Cwtch’s goroutines can then emit events, which will be picked up by FlwtchWorker and dispatched appropriately.

FlwtchWorker’s eventbus loop is not just a boring forwarder. It needs to check for certain message types that affect the Android state; for example, new message events should typically display notifications that the user can click to go to the appropriate conversation window, even when the app isn’t running in the foreground. When the time does come to forward the event to the app, we use LocalBroadcastManager to get the notification to MainActivity.onIntent. From there, we in turn use Flutter MethodChannels to forward the event data from Kotlin into the frontend’s Flutter engine, where the event finally gets parsed by Dart code that updates the UI as necessary.

Messages and other permanent state are stored on disk by the service, so the frontend doesn’t need to be updated if the app isnt open. However, some things (like dates and unread messages) can then lead to desyncs between the front and back ends, so we check for this at app launch/resume to see if we need to reinitialize Cwtch and/or resync the UI state.

Finally, while implementing these services on Android we observed that WorkManager is very good at persisting old enqueued work, to the point that old workers were even being resumed after app reinstalls! Adding calls to pruneWork() helps mitigate this, as long as the app was shut down gracefully and old jobs were properly canceled. This frequently isn’t the case on Android, however, so as an additional mitigation we found it useful to tag the work with the native library directory name:

private fun getNativeLibDir(): String {
    val ainfo = this.applicationContext.packageManager.getApplicationInfo(
            "im.cwtch.flwtch", // Must be app name
            PackageManager.GET_SHARED_LIBRARY_FILES)
    return ainfo.nativeLibraryDir
}

…then, whenever the app is launched, we cancel any jobs that aren’t tagged with the correct current library directory. Since this directory name changes between app installs, this technique prevents us from accidentally resuming with an outdated service worker.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/ui/image_previews/index.html b/build-staging/it/security/components/ui/image_previews/index.html index bc12261e..17a1bc2f 100644 --- a/build-staging/it/security/components/ui/image_previews/index.html +++ b/build-staging/it/security/components/ui/image_previews/index.html @@ -12,13 +12,13 @@ - +

Image Previews

Built on the back of filesharing in Cwtch 1.3, image previews are keyed by the suggested filename’s extension (and no, we’re not interested in using MIME types or magic numbers) and advertised size. If enabled, the preview system will automatically download shared images to a configured downloads folder and display them as part of the message itself. (Due to limitations on Android, they’ll go to the app’s private storage cache, and give you the option to save them elsewhere later instead.) The file size limit is TBD but will obviously be much lower than the overall filesharing size limit, which is currently 10 gigabytes.

For now, we only support single-image messages, and any image editing/cropping will have to be done in a separate application. As we mention in the filesharing FAQ, image files also frequently contain significant hidden metadata, and you should only share them with people you trust.

KnownRisks

Other Applications and/or the OS Inferring Information from Images

Images must be stored somewhere, and for now we have chosen to store them unencrypted on the file system. We have done this for 2 reasons:

  1. In order to support more powerful file sharing schemes like rehosting we require the ability to efficiently scan files and deliver chunks - doing this through an encrypted database layer would harm performance.
  2. This information always has to transit the application boundary (either via display drivers, or storing and viewing the file in an external application) - there is nothing that Cwtch can do after that point in any case.

Malicious Images Crashing or otherwise Compromising Cwtch

Flutter uses Skia to render Images. While the underlying code is memory unsafe, it is extensively fuzzed as part of regular development.

We also conduct our own fuzz testing of Cwtch components. In that analysis we found a single crash bug related to a malformed GIF file that caused the renderer to allocate a ridiculous amount of memory (and eventually be refused by the kernel). To prevent this from impacting Cwtch we have adopted the policy of always enabling a maximum cacheWidth and/or cacheHeight for Image widgets.

Malicious Images Rendering Differently on Different Platforms, Potentially Exposing Metadata

Recently a bug was found in Apple's png parser which would cause an image to render differently on Apple devices as it would on non-Apple devices.

We conducted a few tests on our Mac builds and could not replicate this issue for Flutter (because all Flutter builds use Skia for rendering), however we will continue to include such cases in our testing corpus.

For now image previews will remain experimental and opt-in.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/ui/input/index.html b/build-staging/it/security/components/ui/input/index.html index 079c9ada..efb4490d 100644 --- a/build-staging/it/security/components/ui/input/index.html +++ b/build-staging/it/security/components/ui/input/index.html @@ -12,13 +12,13 @@ - +

Input

Risk: Interception of Cwtch content or metadata through an IME on Mobile Devices

Status: Partially Mitigated

Any component that has the potential to intercept data between a person, and the Cwtch app is a potential security risk.

One of the most likely interceptors is a 3rd party IME (Input Method Editor) commonly used by people to generate characters not natively supported by their device.

Even benign and stock IME apps may unintentionally leak information about the contents of a persons message e.g. through cloud synchronization, cloud translation or personal dictionaries.

Ultimately, this problem cannot be solved by Cwtch alone, and is a wider risk impacting the entire mobile ecosystem.

A similar risk exists on desktop through the use of similar input applications (in addition to software keyloggers), however we consider that fully outside the scope of Cwtch risk assessment (in line with other attacks on the security of the underlying operating system itself).

This is partially mitigated in Cwtch 1.2 through the use of enableIMEPersonalizedLearning: false. See this PR for more information.

- + \ No newline at end of file diff --git a/build-staging/it/security/components/ui/overlays/index.html b/build-staging/it/security/components/ui/overlays/index.html index 18b6b837..60e39720 100644 --- a/build-staging/it/security/components/ui/overlays/index.html +++ b/build-staging/it/security/components/ui/overlays/index.html @@ -12,13 +12,13 @@ - +

Message Overlays

Adapted from: Discreet Log #8: Notes on the Cwtch Chat API

Note: This section covers overlay protocols on-top of the Cwtch protcol. For information on the Cwtch Protocol messages themselves please see Message Formats

We envision Cwtch as a platform for providing an authenticated transport layer to higher-level applications. Developers are free to make their own choices about what application layer protocols to use, whether they want bespoke binary message formats or just want to throw an HTTP library on top and call it a day. Cwtch can generate new keypairs for you (which become onion addresses; no need for any DNS registrations!) and you can REST assured that any data your application receives from the (anonymous communication) network has been authenticated already.

For our current stack, messages are wrapped in a minimal JSON frame that adds some contextual information about the message type. And because serialised JSON objects are just dictionaries, we can easily add more metadata later on as needed.

Chat overlays, lists, and bulletins

The original Cwtch alpha demoed "overlays": different ways of interpreting the same data channel, depending on the structure of the atomic data itself. We included simple checklists and BBS/classified ads as overlays that could be viewed and shared with any Cwtch contact, be it a single peer or a group. The wire format looked like this:

{o:1,d:"hey there!"}
{o:2,d:"bread",l:"groceries"}
{o:3,d:"garage sale",p:"[parent message signature]"}

Overlay field o determined if it was a chat (1), list (2), or bulletin (3) message. The data field d is overloaded, and lists/bulletins need additional information about what group/post they belong to. (We use message signatures in place of IDs to avoid things like message ordering problems and maliciously crafted IDs. This is also how the Cwtch protocol communicates to the front end which message is being acked.)

Data structure

Implementing tree-structured data on top of a sequential message store comes with obvious performance disadvantages. For example, consider the message view, which loads most-recent-messages first and only goes back far enough to fetch enough messages to fill the current viewport, in comparison with a (somewhat pathological) forum where almost every message is a child of the very first message in the history, which could have been gigs and gigs of data-ago. If the UI only displays top-level posts until the user expands them, we have to parse the entire history before we get enough info to display anything at all.

Another problem is that multiplexing all these overlays into one data store creates "holes" in the data that confuse lazy-loaded listviews and scrollbars. The message count may indicate there is a ton more information to display if the user simply scrolls, but when it actually gets fetched and parsed we might realize that none of it is relevant to the current overlay.

None of these problems are insurmountable, but they demonstrate a flaw in our initial assumptions about the nature of collaborative message flows and how we should be handling that data.

Overlay Types

As stated above, overlays are specified in a very simple JSON format with the following structure:

type ChatMessage struct {
    O int    `json:"o"`
    D string `json:"d"`
}

Where O stands for Overlay with the current supported overlays documented below:

1: data is a chat string
2: data is a list state/delta
3: data is a bulletin state/delta
100: contact suggestion; data is a peer onion address
101: contact suggestion; data is a group invite string

Chat Messages (Overlay 1)

The most simple over is a chat message which simply contains raw, unprocessed chat message information.

{o:1,d:"got milk?"}

Invitations (Overlays 100 and 101)

Instead of receiving the invite as an incoming contact request at the profile level, new inline invites are shared with a particular contact/group, where they can be viewed and/or accepted later, even if they were initially rejected (potentially by accident).

The wire format for these are equally simple:

{o:100,d:"u4ypg7yyyrrvf2aceeclq5dgwtkirzletltbqofnb6km7u542qqk4jyd"}
{o:101,d:"torv3eyJHcm91cElEIjoiOWY3MWExYmFhNDkzNTAzMzAyZDFmODRhMzI2ODY2OWUiLCJHcm91cE5hbWUiOiI5ZjcxYTFiYWE0OTM1MDMzMDJkMWY4NGEzMjY4NjY5ZSIsIlNpZ25lZEdyb3VwSUQiOiJyVGY0dlJKRkQ2LzFDZjFwb2JQR0xHYzdMNXBKTGJTelBLRnRvc3lvWkx6R2ZUd2Jld0phWllLUWR5SGNqcnlmdXVRcjk3ckJ2RE9od0NpYndKbCtCZz09IiwiVGltZXN0YW1wIjowLCJTaGFyZWRLZXkiOiJmZVVVQS9OaEM3bHNzSE9lSm5zdDVjNFRBYThvMVJVOStPall2UzI1WUpJPSIsIlNlcnZlckhvc3QiOiJ1cjMzZWRid3ZiZXZjbHM1dWU2anBrb3ViZHB0Z2tnbDViZWR6ZnlhdTJpYmY1Mjc2bHlwNHVpZCJ9"}

This represents a departure from our original "overlays" thinking to a more action-oriented representation. The chat "overlay" can communicate that someone did something, even if it's paraphrased down to "added an item to a list," and the lists and bulletins and other beautifully chaotic data can have their state precomputed and stored separately.

Lists / Bulletin Boards

Note: Expected to be Defined in Cwtch Beta 1.5

- + \ No newline at end of file diff --git a/build-staging/it/security/deployment/index.html b/build-staging/it/security/deployment/index.html index cc850e48..08230c41 100644 --- a/build-staging/it/security/deployment/index.html +++ b/build-staging/it/security/deployment/index.html @@ -12,13 +12,13 @@ - +

Deployment

Risk: Binaries are replaced on the website with malicious ones

Status: Partially-mitigated

While this process is now mostly automated, should this automation ever be compromised then there is nothing in our current process that would detect this.

We need:

  • Reproducible Builds - we currently use public docker containers for all builds which should allow anyone to compare distributed builds with ones built from source.
  • Signed Releases - Open Privacy does not yet maintain a public record of staff public keys. This is likely a necessity for signing released builds and creating an audit chain backed by the organization. This process must be manual by definition.
- + \ No newline at end of file diff --git a/build-staging/it/security/development/index.html b/build-staging/it/security/development/index.html index 632e8a03..c4d17fdf 100644 --- a/build-staging/it/security/development/index.html +++ b/build-staging/it/security/development/index.html @@ -12,13 +12,13 @@ - +

Development

The main process to counter malicious actors in development of Cwtch is the openness of the process.

To enhance this openness, automated builds, testing and packaging are defined as part of the repositories - improving te robustness of the code base at every stage.

While individual tests aren't perfect, and all processes have gaps, we should be committed to make it as easy as possible to contribute to Cwtch while also building pipelines and processes that catch errors (unintential or malicious) as soon as possible.

Risk: Developer Directly Pushes Malicious Code

Status: Mitigated

trunk is currently locked and only 3 Open Privacy staff members have permission to override it, in addition the responsibility of monitoring changes.

Further every new pull request and merge triggered automated builds & tests which trigger emails and audit logs.

The code is also open source and inspectable by anyone.

Risk: Code Regressions

Status: Partially Mitigated (See individual project entries in this handbook for more information)

Our automated pipelines have the ability to catch regressions when that behaviour is detectable.

The greatest challenge is in defining how such regressions are detected for the ui - where behaviour isn't as strictly defined as it is for the individual libraries.

- + \ No newline at end of file diff --git a/build-staging/it/security/intro/index.html b/build-staging/it/security/intro/index.html index 8c17f6fc..79a2510f 100644 --- a/build-staging/it/security/intro/index.html +++ b/build-staging/it/security/intro/index.html @@ -12,13 +12,13 @@ - +

Cwtch Security Handbook

Welcome to the Cwtch Secure Development Handbook! The purpose of this handbook is to provide a guide to the various components of the Cwtch ecosystem, to document the known risks and mitigations, and to enable discussion about improvements and updates to Cwtch secure development processes.

What is Cwtch?

Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, multi-party messaging protocol that can be used to build metadata resistant applications.

  • Decentralized and Open: There is no “Cwtch service” or “Cwtch network”. Participants in Cwtch can host their own safe spaces, or lend their infrastructure to others seeking a safe space. The Cwtch protocol is open, and anyone is free to build bots, services and user interfaces and integrate and interact with Cwtch.
  • Privacy Preserving: All communication in Cwtch is end-to-end encrypted and takes place over Tor v3 onion services.
  • Metadata Resistant: Cwtch has been designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata.

A (Brief) History of Metadata Resistant Chat

In recent years, public awareness of the need and benefits of end-to-end encrypted solutions has increased with applications like Signal, Whatsapp and Wire now providing users with secure communications.

However, these tools require various levels of metadata exposure to function, and much of this metadata can be used to gain details about how and why a person is using a tool to communicate. [rottermanner2015privacy].

One tool that did seek to reduce metadata is Ricochet first released in 2014. Ricochet used Tor v2 onion services to provide secure end-to-end encrypted communication, and to protect the metadata of communications.

There were no centralized servers that assist in routing Ricochet conversations. No one other than the parties involved in a conversation could know that such a conversation is taking place.

Ricochet wasn't without limitations; there was no multi-device support, nor is there a mechanism for supporting group communication or for a user to send messages while a contact is offline.

This made adoption of Ricochet a difficult proposition; with even those in environments that would be served best by metadata resistance unaware that it exists [ermoshina2017can] [renaud2014doesn].

Additionally, any solution to decentralized, metadata resistant communication faces fundamental problems when it comes to efficiency, privacy and group security (as defined by transcript consensus and consistency).

Modern alternatives to Ricochet include Briar, Zbay and Ricochet Refresh - each tool seeks to optimize for a different set of trade-offs e.g. Briar seeks to allow people to communicate even when underlying network infrastructure is down while providing resistant to metadata surveillance.

The Cwtch project began in 2017 as an extension protocol for Ricochet providing group conversations via untrusted servers, with an eye to enabling decentralized, metadata resistant applications (like shared lists and bulletin board)

An alpha version of Cwtch was was launched in February 2019, and since then the Cwtch team (run by the Open Privacy Research Society) has conducted research and development into Cwtch and the underlying protocols and libraries and problem spaces.

- + \ No newline at end of file diff --git a/build-staging/it/security/references/index.html b/build-staging/it/security/references/index.html index c907dc89..345adb8f 100644 --- a/build-staging/it/security/references/index.html +++ b/build-staging/it/security/references/index.html @@ -12,13 +12,13 @@ - +

References

  • Atwater, Erinn, and Sarah Jamie Lewis. "Token Based Services-Differences from Privacy Pass."

  • Brooks, John. Ricochet: Anonymous instant messaging for real privacy. https://ricochet.im. Accessed: 2018-03-10

  • Ermoshina K, Halpin H, Musiani F. Can johnny build a protocol? co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols. In European Workshop on Usable Security 2017.

  • Ermoshina, K., Musiani, F. and Halpin, H., 2016, September. End-to-end encrypted messaging protocols: An overview. In International Conference on Internet Science (pp. 244-254). Springer, Cham.

  • Farb, M., Lin, Y.H., Kim, T.H.J., McCune, J. and Perrig, A., 2013, September. Safeslinger: easy-to-use and secure public-key exchange. In Proceedings of the 19th annual international conference on Mobile computing & networking (pp. 417-428).

  • Greschbach, B., Kreitz, G. and Buchegger, S., 2012, March. The devil is in the metadata—New privacy challenges in Decentralised Online Social Networks. In 2012 IEEE international conference on pervasive computing and communications workshops (pp. 333-339). IEEE.

  • Langley, Adam. Pond. https://github.com/agl/pond. Accessed: 2018-05-21.

  • Le Blond, S., Zhang, C., Legout, A., Ross, K. and Dabbous, W., 2011, November. I know where you are and what you are sharing: exploiting p2p communications to invade users' privacy. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference (pp. 45-60).

  • Lewis, Sarah Jamie. "Cwtch: Privacy Preserving Infrastructure for Asynchronous, Decentralized, Multi-Party and Metadata Resistant Applications." (2018).

  • Kalysch, A., Bove, D. and Müller, T., 2018, November. How Android's UI Security is Undermined by Accessibility. In Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium (pp. 1-10).

  • Renaud, K., Volkamer, M. and Renkema-Padmos, A., 2014, July. Why doesn’t Jane protect her privacy?. In International Symposium on Privacy Enhancing Technologies Symposium (pp. 244-262). Springer, Cham.

  • Rottermanner, C., Kieseberg, P., Huber, M., Schmiedecker, M. and Schrittwieser, S., 2015, December. Privacy and data protection in smartphone messengers. In Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (pp. 1-10).

  • Unger, Nik et al. “SoK: secure messaging”. In: Security and Privacy (SP ), 2015 IEEE Sympo-sium on. IEEE. 2015, pp. 232–249 link

- + \ No newline at end of file diff --git a/build-staging/it/security/risk/index.html b/build-staging/it/security/risk/index.html index ea36d6b2..a2787967 100644 --- a/build-staging/it/security/risk/index.html +++ b/build-staging/it/security/risk/index.html @@ -12,13 +12,13 @@ - +

Risk Model

Communications metadata is known to be exploited by various adversaries to undermine the security of systems, to track victims and to conduct large scale social network analysis to feed mass surveillance. Metadata resistant tools are in their infancy and research into the construction and user experience of such tools is lacking.

Cwtch was originally conceived as an extension of the metadata resistant protocol Ricochet to support asynchronous, multi-peer group communications through the use of discardable, untrusted, anonymous infrastructure.

Since then, Cwtch has evolved into a protocol in its own right, this section will outline the various known risks that Cwtch attempts to mitigate and will be heavily referenced throughout the rest of the document when discussing the various sub-components of the Cwtch Architecture.

Threat Model

It is important to identify and understand that metadata is ubiquitous in communication protocols, it is indeed necessary for such protocols to function efficiently and at scale. However, information that is useful to facilitating peers and servers is also highly relevant to adversaries wishing to exploit such information.

For our problem definition, we will assume that the content of a communication is encrypted in such a way that an adversary is practically unable to break (see tapir and cwtch for details on the encryption that we use, a and as such we will focus to the context to the communication metadata.

We seek to protect the following communication contexts:

  • Who is involved in a communication? It may be possible to identify people or simply device or network identifiers. E.g., “this communication involves Alice, a journalist, and Bob a government employee.”.
  • Where are the participants of the conversation? E.g., “during this communication Alice was in France and Bob was in Canada.”
  • When did a conversation take place? The timing and length of communication can reveal a large amount about the nature of a call, e.g., “Bob a government employee, talked to Alice on the phone for an hour yesterday evening. This is the first time they have communicated.” *How was the conversation mediated? Whether a conversation took place over an encrypted or unencrypted email can provide useful intelligence. E.g., “Alice sent an encrypted email to Bob yesterday, whereas they usually only send plaintext emails to each other.”
  • What is the conversation about? Even if the content of the communication is encrypted it is sometimes possible to derive a probable context of a conversation without knowing exactly what is said, e.g. “a person called a pizza store at dinner time” or “someone called a known suicide hotline number at 3am.”

Beyond individual conversations, we also seek to defend against context correlation attacks, whereby multiple conversations are analyzed to derive higher level information:

  • Relationships: Discovering social relationships between a pair of entities by analyzing the frequency and length of their communications over a period of time. E.g. Carol and Eve call each other every single day for multiple hours at a time.
  • Cliques: Discovering social relationships between a group of entities that all interact with each other. E.g. Alice, Bob and Eve all communicate with each other.
  • Loosely Connected Cliques and Bridge Individuals: Discovering groups that communicate to each other through intermediaries by analyzing communication chains (e.g. everytime Alice talks to Bob she talks to Carol almost immediately after; Bob and Carol never communicate.)
  • Pattern of Life: Discovering which communications are cyclical and predictable. E.g. Alice calls Eve every Monday evening for around an hour.

Active Attacks

Misrepresentation Attacks

Cwtch provides no global display name registry, and as such people using Cwtch are more vulnerable to attacks based around misrepresentation i.e. people pretending to be other people:

A basic flow of one of these attacks is as follows, although other flows also exist:

  • Alice has a friend named Bob and another called Eve
  • Eve finds out Alice has a friend named Bob
  • Eve creates thousands of new accounts to find one that has a similar picture / public key to Bob (won't be identical but might fool someone for a few minutes)
  • Eve calls this new account "Eve New Account" and adds Alice as a friend.
  • Eve then changes her name on "Eve New Account" to "Bob"
  • Alice sends messages intended for "Bob" to Eve's fake Bob account

Because misrepresentation attacks are inherently about trust and verification the only absolute way of preventing them is for users to absolutely validate the public key. This is obviously not-ideal and in many cases simply won't-happen.

As such we aim to provide some user-experience hints in the ui to guide people in making choices around whether to trust accounts and/or to distinguish accounts that may be attempting to represent themselves as other users.

A note on Physical Attacks

Cwtch does not consider attacks that require physical access (or equivalent) to the users machine as practically defendable. However, in the interests of good security engineering, throughout this document we will still refer to attacks or conditions that require such privilege and point out where any mitigations we have put in place will fail.

- + \ No newline at end of file diff --git a/build-staging/security/category/connectivity--tor/index.html b/build-staging/security/category/connectivity--tor/index.html index 71dd92ee..c6a00c7e 100644 --- a/build-staging/security/category/connectivity--tor/index.html +++ b/build-staging/security/category/connectivity--tor/index.html @@ -12,13 +12,13 @@ - +

Connectivity & Tor

- + \ No newline at end of file diff --git a/build-staging/security/category/cwtch-components/index.html b/build-staging/security/category/cwtch-components/index.html index 74addfd1..64096e05 100644 --- a/build-staging/security/category/cwtch-components/index.html +++ b/build-staging/security/category/cwtch-components/index.html @@ -12,13 +12,13 @@ - +

Cwtch Components

- + \ No newline at end of file diff --git a/build-staging/security/category/cwtch-ui/index.html b/build-staging/security/category/cwtch-ui/index.html index f5485a00..67ac55fc 100644 --- a/build-staging/security/category/cwtch-ui/index.html +++ b/build-staging/security/category/cwtch-ui/index.html @@ -12,13 +12,13 @@ - +

Cwtch UI

📄️ Image Previews

Built on the back of filesharing in Cwtch 1.3, image previews are keyed by the suggested filename’s extension (and no, we’re not interested in using MIME types or magic numbers) and advertised size. If enabled, the preview system will automatically download shared images to a configured downloads folder and display them as part of the message itself. (Due to limitations on Android, they’ll go to the app’s private storage cache, and give you the option to save them elsewhere later instead.) The file size limit is TBD but will obviously be much lower than the overall filesharing size limit, which is currently 10 gigabytes.

- + \ No newline at end of file diff --git a/build-staging/security/category/cwtch/index.html b/build-staging/security/category/cwtch/index.html index 8cf6e4ec..eb1aeedc 100644 --- a/build-staging/security/category/cwtch/index.html +++ b/build-staging/security/category/cwtch/index.html @@ -12,13 +12,13 @@ - +

Cwtch

- + \ No newline at end of file diff --git a/build-staging/security/category/tapir/index.html b/build-staging/security/category/tapir/index.html index a3f408c0..8d46b0dd 100644 --- a/build-staging/security/category/tapir/index.html +++ b/build-staging/security/category/tapir/index.html @@ -12,13 +12,13 @@ - +

Tapir

- + \ No newline at end of file diff --git a/build-staging/security/components/connectivity/intro/index.html b/build-staging/security/components/connectivity/intro/index.html index 226179df..1ff16532 100644 --- a/build-staging/security/components/connectivity/intro/index.html +++ b/build-staging/security/components/connectivity/intro/index.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ interaction than others.

Previous
Connectivity & Tor
Next
Tapir

- + \ No newline at end of file diff --git a/build-staging/security/components/cwtch/groups/index.html b/build-staging/security/components/cwtch/groups/index.html index bc339eb0..e34b431e 100644 --- a/build-staging/security/components/cwtch/groups/index.html +++ b/build-staging/security/components/cwtch/groups/index.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ chain (which if they were attempting to censor other messages would reveal such censorship)

Finally: We are actively working on adding non-repudiation to Cwtch servers such that they themselves are restricted in what they can censor efficiently.

- + \ No newline at end of file diff --git a/build-staging/security/components/cwtch/key_bundles/index.html b/build-staging/security/components/cwtch/key_bundles/index.html index cf0f8e1f..e905f5ec 100644 --- a/build-staging/security/components/cwtch/key_bundles/index.html +++ b/build-staging/security/components/cwtch/key_bundles/index.html @@ -12,7 +12,7 @@ - + @@ -25,7 +25,7 @@ address.

Previous
Message Formats
Next
Groups

- + \ No newline at end of file diff --git a/build-staging/security/components/cwtch/message_formats/index.html b/build-staging/security/components/cwtch/message_formats/index.html index 41cdf70f..1db9c65a 100644 --- a/build-staging/security/components/cwtch/message_formats/index.html +++ b/build-staging/security/components/cwtch/message_formats/index.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ contains a serialized peerGetVal structure and peerRetVal

Encrypted Group Messages

// EncryptedGroupMessage provides an encapsulation of the encrypted group message stored on the server
type EncryptedGroupMessage struct {
    Ciphertext []byte
    Signature  []byte // Sign(groupID + group.GroupServer + base64(decrypted group message)) using the senders Cwtch key
}

Calculating the signature requires knowing the groupID of the message, the server the group is associated with and the decrypted group message (and thus, the Group Key). It is (ed25519) signed by the sender of the message, and can be verified using their public Cwtch address key.

- + \ No newline at end of file diff --git a/build-staging/security/components/cwtch/server/index.html b/build-staging/security/components/cwtch/server/index.html index 694bcbbe..0d59d6da 100644 --- a/build-staging/security/components/cwtch/server/index.html +++ b/build-staging/security/components/cwtch/server/index.html @@ -12,7 +12,7 @@ - + @@ -55,7 +55,7 @@ a significant amount of resources, and thus one of the main external risks to the Cwtch system becomes censorship-via-resource exhaustion.

We have outlined a potential solution to this in token based services but note that this also requires further development.

- + \ No newline at end of file diff --git a/build-staging/security/components/ecosystem-overview/index.html b/build-staging/security/components/ecosystem-overview/index.html index 02f2a612..80081023 100644 --- a/build-staging/security/components/ecosystem-overview/index.html +++ b/build-staging/security/components/ecosystem-overview/index.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ packages up several calls to Cwtch.

libcwtch-go is also responsible for ma for experimental features and code that may eventually end up in Cwtch.

cwtch-ui

Summary: A flutter based UI for Cwtch.

Cwtch UI uses libcwtch-go to provide a complete UI for Cwtch, allowing people to create and manage profiles, add contacts and groups, message people, share files (coming soon) and more.

The UI is also responsible for managing localization and translations.

For more information see Cwtch UI

Auxiliary Components

Occasionally, Open Privacy will factor out parts of Cwtch into standalone libraries that are not Cwtch specific. These are briefly summarized here:

openprivacy/log

An Open Privacy specific logging framework that is used throughout Cwtch packages.

- + \ No newline at end of file diff --git a/build-staging/security/components/intro/index.html b/build-staging/security/components/intro/index.html index eb429708..8736d94d 100644 --- a/build-staging/security/components/intro/index.html +++ b/build-staging/security/components/intro/index.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ to verify the signature (see Cwtch S all the same steps above are taken however the server always acts as the inbound peer, and the outbound peer always uses newly generated ephemeral keypair as their "longterm identity".

As such peer-server conversations only differ in the kinds of messages that are sent between the two parties, with the server relaying all messages that it receives and also allowing any client to query for older messages.

- + \ No newline at end of file diff --git a/build-staging/security/components/tapir/authentication_protocol/index.html b/build-staging/security/components/tapir/authentication_protocol/index.html index 17a8291e..c6d5b3b8 100644 --- a/build-staging/security/components/tapir/authentication_protocol/index.html +++ b/build-staging/security/components/tapir/authentication_protocol/index.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ that a single message in the transcript must have originated from a peer, there the session.

Intuition for the above: the only cryptographic material related to the transcript is the derived session key - if the session key is made public it can be used to forge new messages in the transcript - and as such, any standalone transcript is subject to forgery and thus cannot be used to cryptographically tie a peer to a conversation.

- + \ No newline at end of file diff --git a/build-staging/security/components/tapir/packet_format/index.html b/build-staging/security/components/tapir/packet_format/index.html index ad7680ea..b8ffcccd 100644 --- a/build-staging/security/components/tapir/packet_format/index.html +++ b/build-staging/security/components/tapir/packet_format/index.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Packet Format

All tapir packets are fixed length (8192 bytes) with the first 2 bytes indicated the actual length of the message, len bytes of data, and the rest zero padded:

| len (2 bytes) | data (len bytes) | paddding (8190-len bytes)|

Once encrypted, the entire 8192 byte data packet is encrypted using libsodium secretbox using the standard structure ( note in this case the actual usable size of the data packet is 8190-14 to accommodate the nonce included by secret box)

For information on how the secret key is derived see the authentication protocol

- + \ No newline at end of file diff --git a/build-staging/security/components/ui/android/index.html b/build-staging/security/components/ui/android/index.html index 23e6af4f..670a64a1 100644 --- a/build-staging/security/components/ui/android/index.html +++ b/build-staging/security/components/ui/android/index.html @@ -12,13 +12,13 @@ - +

Android Service

Adapted from: Discreet Log #11: Integrating FFI processes with Android services

In addition to needing to make plain ol’ method calls into the Cwtch library, we also need to be able to communicate with (and receive events from) long-running Cwtch goroutines that keep the Tor process running in the background, manage connection and conversation state for all your contacts, and handle a few other monitoring and upkeep tasks as well. This isn’t really a problem on traditionally multitasking desktop operating systems, but on mobile devices running Android we have to contend with shorter sessions, frequent unloads, and network and power restrictions that can vary over time. As Cwtch is intended to be metadata resistant and privacy-centric, we also want to provide notifications without using the Google push notification service.

The solution for long-running network apps like Cwtch is to put our FFI code into an Android Foreground Service. (And no, it’s not lost on me that the code for our backend is placed in something called a ForegroundService.) With a big of finagling, the WorkManager API allows us to create and manage various types of services including ForegroundServices. This turned out to be a great choice for us, as our gomobile FFI handler happened to already be written in Kotlin, and WorkManager allows us to specify a Kotlin coroutine to be invoked as the service.

If you’d like to follow along, our WorkManager specifications are created in the handleCwtch() method of MainActivity.kt, and the workers themselves are defined in FlwtchWorker.kt.

Our plain ol’ method calls to FFI routines are also upgraded to be made as WorkManager work requests, which allows us to conveniently pass the return values back via the result callback.

One initial call (aptly named Start) gets hijacked by FlwtchWorker to become our eventbus loop. Since FlwtchWorker is a coroutine, it’s easy for it to yield and resume as necessary while waiting for events to be generated. Cwtch’s goroutines can then emit events, which will be picked up by FlwtchWorker and dispatched appropriately.

FlwtchWorker’s eventbus loop is not just a boring forwarder. It needs to check for certain message types that affect the Android state; for example, new message events should typically display notifications that the user can click to go to the appropriate conversation window, even when the app isn’t running in the foreground. When the time does come to forward the event to the app, we use LocalBroadcastManager to get the notification to MainActivity.onIntent. From there, we in turn use Flutter MethodChannels to forward the event data from Kotlin into the frontend’s Flutter engine, where the event finally gets parsed by Dart code that updates the UI as necessary.

Messages and other permanent state are stored on disk by the service, so the frontend doesn’t need to be updated if the app isnt open. However, some things (like dates and unread messages) can then lead to desyncs between the front and back ends, so we check for this at app launch/resume to see if we need to reinitialize Cwtch and/or resync the UI state.

Finally, while implementing these services on Android we observed that WorkManager is very good at persisting old enqueued work, to the point that old workers were even being resumed after app reinstalls! Adding calls to pruneWork() helps mitigate this, as long as the app was shut down gracefully and old jobs were properly canceled. This frequently isn’t the case on Android, however, so as an additional mitigation we found it useful to tag the work with the native library directory name:

private fun getNativeLibDir(): String {
    val ainfo = this.applicationContext.packageManager.getApplicationInfo(
            "im.cwtch.flwtch", // Must be app name
            PackageManager.GET_SHARED_LIBRARY_FILES)
    return ainfo.nativeLibraryDir
}

…then, whenever the app is launched, we cancel any jobs that aren’t tagged with the correct current library directory. Since this directory name changes between app installs, this technique prevents us from accidentally resuming with an outdated service worker.

- + \ No newline at end of file diff --git a/build-staging/security/components/ui/image_previews/index.html b/build-staging/security/components/ui/image_previews/index.html index 9c773846..95208a55 100644 --- a/build-staging/security/components/ui/image_previews/index.html +++ b/build-staging/security/components/ui/image_previews/index.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ the file in an external application) - there is nothing that Cwtch can do after to a malformed GIF file that caused the renderer to allocate a ridiculous amount of memory (and eventually be refused by the kernel). To prevent this from impacting Cwtch we have adopted the policy of always enabling a maximum cacheWidth and/or cacheHeight for Image widgets.

Malicious Images Rendering Differently on Different Platforms, Potentially Exposing Metadata

Recently a bug was found in Apple's png parser which would cause an image to render differently on Apple devices as it would on non-Apple devices.

We conducted a few tests on our Mac builds and could not replicate this issue for Flutter (because all Flutter builds use Skia for rendering), however we will continue to include such cases in our testing corpus.

For now image previews will remain experimental and opt-in.

- + \ No newline at end of file diff --git a/build-staging/security/components/ui/input/index.html b/build-staging/security/components/ui/input/index.html index cfb2a9e8..2d6c92eb 100644 --- a/build-staging/security/components/ui/input/index.html +++ b/build-staging/security/components/ui/input/index.html @@ -12,7 +12,7 @@ - + @@ -25,7 +25,7 @@ ecosystem.

A similar risk exists on desktop through the use of similar inp however we consider that fully outside the scope of Cwtch risk assessment (in line with other attacks on the security of the underlying operating system itself).

This is partially mitigated in Cwtch 1.2 through the use of enableIMEPersonalizedLearning: false. See this PR for more information.

- + \ No newline at end of file diff --git a/build-staging/security/components/ui/overlays/index.html b/build-staging/security/components/ui/overlays/index.html index 599dda9c..7f6d0137 100644 --- a/build-staging/security/components/ui/overlays/index.html +++ b/build-staging/security/components/ui/overlays/index.html @@ -12,7 +12,7 @@ - + @@ -33,7 +33,7 @@ group/post they belong to. (We use message signatures in place of IDs to avoid t ordering problems and maliciously crafted IDs. This is also how the Cwtch protocol communicates to the front end which message is being acked.)

Data structure

Implementing tree-structured data on top of a sequential message store comes with obvious performance disadvantages. For example, consider the message view, which loads most-recent-messages first and only goes back far enough to fetch enough messages to fill the current viewport, in comparison with a (somewhat pathological) forum where almost every message is a child of the very first message in the history, which could have been gigs and gigs of data-ago. If the UI only displays top-level posts until the user expands them, we have to parse the entire history before we get enough info to display anything at all.

Another problem is that multiplexing all these overlays into one data store creates "holes" in the data that confuse lazy-loaded listviews and scrollbars. The message count may indicate there is a ton more information to display if the user simply scrolls, but when it actually gets fetched and parsed we might realize that none of it is relevant to the current overlay.

None of these problems are insurmountable, but they demonstrate a flaw in our initial assumptions about the nature of collaborative message flows and how we should be handling that data.

Overlay Types

As stated above, overlays are specified in a very simple JSON format with the following structure:

type ChatMessage struct {
    O int    `json:"o"`
    D string `json:"d"`
}

Where O stands for Overlay with the current supported overlays documented below:

1: data is a chat string
2: data is a list state/delta
3: data is a bulletin state/delta
100: contact suggestion; data is a peer onion address
101: contact suggestion; data is a group invite string

Chat Messages (Overlay 1)

The most simple over is a chat message which simply contains raw, unprocessed chat message information.

{o:1,d:"got milk?"}

Invitations (Overlays 100 and 101)

Instead of receiving the invite as an incoming contact request at the profile level, new inline invites are shared with a particular contact/group, where they can be viewed and/or accepted later, even if they were initially rejected (potentially by accident).

The wire format for these are equally simple:

{o:100,d:"u4ypg7yyyrrvf2aceeclq5dgwtkirzletltbqofnb6km7u542qqk4jyd"}
{o:101,d:"torv3eyJHcm91cElEIjoiOWY3MWExYmFhNDkzNTAzMzAyZDFmODRhMzI2ODY2OWUiLCJHcm91cE5hbWUiOiI5ZjcxYTFiYWE0OTM1MDMzMDJkMWY4NGEzMjY4NjY5ZSIsIlNpZ25lZEdyb3VwSUQiOiJyVGY0dlJKRkQ2LzFDZjFwb2JQR0xHYzdMNXBKTGJTelBLRnRvc3lvWkx6R2ZUd2Jld0phWllLUWR5SGNqcnlmdXVRcjk3ckJ2RE9od0NpYndKbCtCZz09IiwiVGltZXN0YW1wIjowLCJTaGFyZWRLZXkiOiJmZVVVQS9OaEM3bHNzSE9lSm5zdDVjNFRBYThvMVJVOStPall2UzI1WUpJPSIsIlNlcnZlckhvc3QiOiJ1cjMzZWRid3ZiZXZjbHM1dWU2anBrb3ViZHB0Z2tnbDViZWR6ZnlhdTJpYmY1Mjc2bHlwNHVpZCJ9"}

This represents a departure from our original "overlays" thinking to a more action-oriented representation. The chat "overlay" can communicate that someone did something, even if it's paraphrased down to "added an item to a list," and the lists and bulletins and other beautifully chaotic data can have their state precomputed and stored separately.

Lists / Bulletin Boards

Note: Expected to be Defined in Cwtch Beta 1.5

- + \ No newline at end of file diff --git a/build-staging/security/deployment/index.html b/build-staging/security/deployment/index.html index e72ba5ea..4fb25987 100644 --- a/build-staging/security/deployment/index.html +++ b/build-staging/security/deployment/index.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ which should allow anyone to compare distributed builds with ones built from sou public keys. This is likely a necessity for signing released builds and creating an audit chain backed by the organization. This process must be manual by definition.
- + \ No newline at end of file diff --git a/build-staging/security/development/index.html b/build-staging/security/development/index.html index 01e871de..57d90eae 100644 --- a/build-staging/security/development/index.html +++ b/build-staging/security/development/index.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ handbook for more information)

Our automated pipelines have the ability to behaviour is detectable.

The greatest challenge is in defining how such regressions are detected for the ui - where behaviour isn't as strictly defined as it is for the individual libraries.

- + \ No newline at end of file diff --git a/build-staging/security/intro/index.html b/build-staging/security/intro/index.html index 2a993cce..3e02dfc8 100644 --- a/build-staging/security/intro/index.html +++ b/build-staging/security/intro/index.html @@ -12,7 +12,7 @@ - + @@ -44,7 +44,7 @@ untrusted servers, with an eye to enabling decentralized, metadata resistant app and bulletin board)

An alpha version of Cwtch was was launched in February 2019, and since then the Cwtch team (run by the Open Privacy Research Society) has conducted research and development into Cwtch and the underlying protocols and libraries and problem spaces.

- + \ No newline at end of file diff --git a/build-staging/security/references/index.html b/build-staging/security/references/index.html index 6a788543..54de30e6 100644 --- a/build-staging/security/references/index.html +++ b/build-staging/security/references/index.html @@ -12,14 +12,14 @@ - +

References

  • Atwater, Erinn, and Sarah Jamie Lewis. "Token Based Services-Differences from Privacy Pass."

  • Brooks, John. Ricochet: Anonymous instant messaging for real privacy. https://ricochet.im. Accessed: 2018-03-10

  • Ermoshina K, Halpin H, Musiani F. Can johnny build a protocol? co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols. In European Workshop on Usable Security 2017.

  • Ermoshina, K., Musiani, F. and Halpin, H., 2016, September. End-to-end encrypted messaging protocols: An overview. In International Conference on Internet Science (pp. 244-254). Springer, Cham.

  • Farb, M., Lin, Y.H., Kim, T.H.J., McCune, J. and Perrig, A., 2013, September. Safeslinger: easy-to-use and secure public-key exchange. In Proceedings of the 19th annual international conference on Mobile computing & networking (pp. 417-428).

  • Greschbach, B., Kreitz, G. and Buchegger, S., 2012, March. The devil is in the metadata—New privacy challenges in Decentralised Online Social Networks. In 2012 IEEE international conference on pervasive computing and communications workshops (pp. 333-339). IEEE.

  • Langley, Adam. Pond. https://github.com/agl/pond. Accessed: 2018-05-21.

  • Le Blond, S., Zhang, C., Legout, A., Ross, K. and Dabbous, W., 2011, November. I know where you are and what you are sharing: exploiting p2p communications to invade users' privacy. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference (pp. 45-60).

  • Lewis, Sarah Jamie. "Cwtch: Privacy Preserving Infrastructure for Asynchronous, Decentralized, Multi-Party and Metadata Resistant Applications." (2018).

  • Kalysch, A., Bove, D. and Müller, T., 2018, November. How Android's UI Security is Undermined by Accessibility. In Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium (pp. 1-10).

  • Renaud, K., Volkamer, M. and Renkema-Padmos, A., 2014, July. Why doesn’t Jane protect her privacy?. In International Symposium on Privacy Enhancing Technologies Symposium (pp. 244-262). Springer, Cham.

  • Rottermanner, C., Kieseberg, P., Huber, M., Schmiedecker, M. and Schrittwieser, S., 2015, December. Privacy and data protection in smartphone messengers. In Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (pp. 1-10).

  • Unger, Nik et al. “SoK: secure messaging”. In: Security and Privacy (SP ), 2015 IEEE Sympo-sium on. IEEE. 2015, pp. 232–249 link

- + \ No newline at end of file diff --git a/build-staging/security/risk/index.html b/build-staging/security/risk/index.html index cc567e36..6adfcff0 100644 --- a/build-staging/security/risk/index.html +++ b/build-staging/security/risk/index.html @@ -12,7 +12,7 @@ - + @@ -52,7 +52,7 @@ the users machine as practically defendable. However, in the interests of good security engineering, throughout this document we will still refer to attacks or conditions that require such privilege and point out where any mitigations we have put in place will fail.

- + \ No newline at end of file