Prerequisites

• Internet-facing web server with reverse proxy and domain name (preferably SSL of course)
• Server behind the reverse proxy with Rust environment

Installation

• Don't bother downloading the source code to your server; installing it that way gives you a big debug executable
• Instead just cargo install mollysocket
• Move the mollysocket executable if desired
• Run mollysocket once so that it will emit the default config

Configuration

• Fish the config file out of .config/mollysocket/default-config.toml and copy it somewhere.

config.toml

• In the new file, replace the allowed_endpoints line with allowed_endpoints = ['*']. The default 0.0.0.0 config appears to be a bug; this setting controls access to endpoints within the app, not IPs from outside. Leaving the original value causes mollysocket to reject everything.
• Put a proper path in the db = './mollysocket.db' line rather than just having it land wherever you're sitting.
• Delete the mollysocket.db that was created on first run (even if it's already where you're intending to put it). This is just to make sure the web server creates it and has the correct permissions.

Run script

• The environment variable ROCKET_PORT must be set or the server will sit and do nothing. It's best to create all of the environment variables mentioned in the README, whether that is in a user profile script or in a shell script that wraps startup. You can change any of these values, but they must exist.

• export ROCKET_PORT=8020
  export RUST_LOG=info
  export MOLLY_CONF=/path/to/your/config.toml
  

Proxy server

• You'll need to proxy everything from / to your mollysocket server and ROCKET_PORT.
• Exclude anything that you may need served from your web server, such as .well-known.

Things to know

• I get this warning on startup: "Forced shutdown is disabled. Runtime settings may be suboptimal."
• I also can't stop my server with any sane signal; only SIGKILL brings it down.
• Some discussion here: https://github.com/SergioBenitez/Rocket/discussions/1880

in the settings if you change notification method from websocket to unified push, the UP settings come up, including a server address (which is what they intend to be used) or some air gap mode that i can't find documented

so per wikipedia and confirmed at MDN, firefox is the only major browser line not to consider certificate transparency at all. and yet it's the only one that has given me occasional maddening SSL errors that have blocked site access (not always little sites, it's happened with amazon).

i don't understand how firefox can be simultaneously the least picky about certificates and the most likely to spuriously decide they're invalid.

well i feel stupid now for not doing the obvious. but…

Blocked Page

Your organization has blocked access to this page or website.

on the PPA box, this is what it showed me (meanwhile it was attempting to connect to incoming.telemetry.mozilla.org). another symptom of displaying respect for enterprise policies but in fact ignoring them. (as i had mentioned, on this box all of the settings look locked down as they should be, but it's still attempting to send telemetry.)

an interesting oddity: on my non-rooted xperia, signal thinks that i don't have play services and so it falls back to… polling. every five minutes. killing my battery and my logs.

i had to put signal into the restricted battery group, which means no notifications. i anxiously await the new molly, as i already have a unified push environment. it looks like the migration will be a bit delicate.

imo magic earth is a navigation app, full stop. it does that amazingly well, including live traffic, but i wouldn't use it for anything else. organic maps is a better general-purpose map but isn't a patch on magic earth for nav.

i have wired sennheiser momentum 2s. the momentum line is on 4th generation now, and they look to all be bluetooth.

mine are great for use on the train, or the plane, or in bed for not getting hit with a pillow. fed from a phone, they're a little weak in the bottom end — probably an impedance thing — but fed from a headphone amp they're ace. (though it then becomes possible to leak enough sound to get hit.)

they're not active noise-cancelling and they're not sold for high isolation, but they keep enough in and out for any of my needs. and impedance matching isn't an issue when fed by bluetooth, though then they'll need to be kept charged.

i made the same migration from markor (files in a folder) to logseq. there's a lot to be gained - always-preview alone is a game changer - but on mobile the visibility of the keyboard can be fiddly. once in a while you'll feel like you're in vi, it has such a mind of its own. but i'm not planning to go back

looks great! the catch for me is that my current host doesn't have docker support. your dependencies don't look crazy so in theory i could burst it and install directly to the host environment, but at that point i'm giving myself grocy-level headaches.

reading about docker-capable hosts, i was surprised to see them starting at 1GB RAM - i couldn't run pac-man in that. what would be a reasonable expectation for kitchenowl?

appimages just got less easy…

i don't know which update did it - i think it must have been os-level (i run pop_os, derived from ubuntu) - but appimages silently stopped working. double-click, nothing. finally i looked in the log out of desparation, which said 'appimages require fuse'.

more accurately, appimages require fuse 2 and the os had just upgraded to fuse 3. the fix is to heat-seek libfuse2, and don't mess with any other fuse-related package as things can start wrecking themselves:

sudo apt install libfuse2

originally seen on an omgubuntu post

that tripped me up too - but it's just the web demo. if you install it, your browser doesn't matter

on android, i have three.

• the default browser is an f-droid rarity called 'privacy browser'. it is configured to allow scripting but reject practically everything else (storage, cookies). this will break lots of things, but i feel safer with this as the initial offer. it's wired to a searxng instance for search. i have a personal hosted homepage that it uses for home.
• if i am opening something myself, i use an app shortcut that opens my home page on mull. mull itself doesn't believe in home pages, so i have to use a shortcut. it uses a searxng instance for search. it's configured to discard all data on quit. if something breaks on privacy browser, i share it into mull.
• for sites in which i need a persistent login, i use duckduckgo browser, again with an app shortcut since it doesn't believe in home pages. i don't open links in ddg, instead sharing them to one of the other two. i don't search here since you can only use ddg.

on desktop (all platforms), i use brave with a lot of stuff turned off, homed normally and pointed to the same search instance. i have cookie autodelete to burn cookies as i browse. i spend a lot of time manually deleting local storage.

i don't love this flow. what i really would like is one browser that would:

• load my home page when i click its icon
• burn all cookies and local storage on exit, except from domains i designate

i haven't found an answer for that yet, would love ideas.

i have previously used and discarded, for various reasons: vivaldi, firefox, firefox focus, chromium, librewolf. i carry some of these for occasional use, either for 'let it through' or 'fuzz all the things' threat models.