📨🚕
Disclaimer: This service is in alpha state, see below . Please do not share this post, or 📨🚕 on link aggregation platforms just yet. The server infrastructure will not be able to handle a sudden traffic spike and besides, 📨🚕 is way too undercooked for the average HN user/lobster/redditor/etc. atm. Thank you for your understanding. For a long time, I’ve been using Pushover for various tasks, such as infrastructure monitoring, and I even contributed to its ecosystem . However, as I transitioned towards more freedom-respecting software , my needs changed, and Pushover no longer met them. I ended up building my own near drop-in replacement and migrated to it. This allowed me to use the clients I preferred to receive notifications, rather than being locked into a closed-source app that doesn’t work outside of Apple’s and Google’s ( GSF ) walled gardens. I’ve been running Overpush for myself for quite some time now, and it’s grown into a reliable open-source tool that anyone can easily set up on their own server. One challenge, though, has been the integration of target platforms. For example, if someone wanted Overpush to send notifications to XMPP, they’d have to find a reliable host, create a dedicated account, configure it in their file, and set up their target user account. While not overly complicated, it’s a tedious process that becomes more cumbersome with multiple platforms. Since I’ve been successfully hosting Overpush for myself, I thought I could turn it into a service for others. The service is based on a single, relatively lightweight Go binary, which doesn’t require heavy hardware. However, to support new users and dynamically configure their applications (where an application defines an endpoint-to-target-service route), I needed to extend Overpush to use a database, replacing the simple TOML file. I also had to build a web interface for user sign-ups and account management. Ideally, I wanted a clean landing page with essential documentation to help people get started. A few months ago, I began working on these updates, and I’m excited to announce that the first version of the hosted Overpush service is now live! Although I originally named the open-source project Overpush , I wanted to move away from its legacy of being a mere replacement for Pushover and focus on the future. That’s why I’m calling the hosted service 📨🚕, or MSG.TAXI , which is now available at the domain: https://msg.taxi As described in the introductory post on the 📨🚕 blog , MSG.TAXI is a multi-protocol push notification router. You send data to it via a webhook URL, and it routes that data to your configured targets (e.g. XMPP, Matrix, Telegram, and more coming soon). It’s the missing link between your code and your notification channels, whether that’s your smart home, CI pipeline, RPG guild’s Matrix room, or just your phone at 3 AM when your server crashes (again). 📨🚕 is push notifications from anything, to anything . :-) You can check out Overpush for a detailed breakdown of how the service works, but in short, 📨🚕 lets you sign up and create what are called applications . Each application is assigned a custom webhook URL and can route the data it receives to a single target platform (for example, XMPP) at the moment. Depending on the target platform you choose for an application , you’ll need to configure a destination , typically your user ID or username on that platform. For XMPP, this would be your JID . Once that’s set up, you can start posting webhooks to the application -specific URL, and 📨🚕 will process and forward them to your target. As of right now 📨🚕 supports the following target platforms: I’m working to make more target platforms available on 📨🚕. If you’re interested to use the service let me know which platforms you need ! One thing that’s particularly important to me is privacy , which is often overlooked in hosted services. With 📨🚕, I’m striving to do better. Currently, none of the target platforms support native E2EE implementations. For example, notifications routed via XMPP won’t be encrypted with OMEMO. There are a few reasons for this: Even if I were to implement native E2EE for each platform, it would be a half-hearted solution. The content of your notifications would be sent in plain text within 📨🚕 and encrypted only when it leaves the service. This would mean you’d have to trust 📨🚕 to not inspect your data. I don’t want you to have to trust 📨🚕. So instead of dealing with this overhead, my focus is on the “ends” in “end-to-end” . My long-term goal is to offer E2EE that’s modern and independent of the target platform. To achieve this, I’m developing a lightweight and portable 📨🚕 CLI client that allows you to post encrypted webhooks to the service. On the receiving end, the challenge is greater, as a client would need to be available on various platforms, including mobile. For now, there’s a manual method for implementing E2EE, at least on Android. I briefly documented it here . Essentially, you would use GPG to encrypt the content before submitting it to 📨🚕, and then use OpenKeychain on your Android device to decrypt the messages. You’d forward the encrypted message from e.g. Conversations , Element , Telegram , or whichever target platform’s client you’re using, via the system’s share dialog. (usually by long-tapping the received message, tapping “Share with” and choosing OpenKeychain ) I recommend using this method for confidential information. If for some reason you can’t encrypt the message at the source, 📨🚕 natively integrates age encryption. However, this isn’t true E2EE, as encryption happens after the webhook is accepted by 📨🚕 and processed by an internal worker . One future improvement is to move this encryption step to the moment the post hits the webhook, so the content remains encrypted throughout 📨🚕’s internal systems. I will also be adding integrated GPG support soon. Another key privacy concern is data storage. 📨🚕 does not store copies of the notifications you route through the service, with one exception: Each application allows you to debug the payload it receives via webhooks. Think of it like a debug output for the notifications. If you enable this debugging feature, 📨🚕 will store a copy of the latest webhook content in its database so you can view it in the web console. However, once a new webhook hits the endpoint, the previously stored content is overwritten. 📨🚕 does not maintain a historical timeline of your webhooks. That said, if you keep debugging enabled, it’s important to note that backups are taken periodically to prevent data loss in case of server failure. These backups will contain the latest webhook received at the time of backup. This means that if debugging is left on, the data might end up being stored in backups, even if it’s not part of the active database. In summary, if privacy is important to you, I recommend disabling webhook logging once you’ve verified that your application is working as expected. As mentioned in the blog post, the current version of 📨🚕 is more like an alpha release. While it should work smoothly, occasional hiccups are possible. I’ll do my best to ensure a seamless experience, but please bear with me if things don’t work perfectly right away. If you run into any issues, feel free to reach out . If you think 📨🚕 could be useful to your workflow, I invite you to give it a try. You’re also welcome to share it with anyone who might find it useful, but I kindly ask that you do not share this post, or 📨🚕 on link aggregation platforms just yet. The server infrastructure will not be able to handle a sudden traffic spike and besides, 📨🚕 is way too undercooked for the average HN user/lobster/Redditor atm. I’d prefer the platform to grow slowly and organically so I can actively engage with users, resolve issues, fix bugs, and eventually make it a really great service. I’m looking forward to hearing from you if you decide to give 📨🚕 a try!
DevOps
Open Source
Go
Programming
Career
Python