Glad to help!

Yeah, self-hosting often means trading more control for less convenience, some times more than others. Either way, I hope this setup works for you!

Note: For Material files, and most file managers really, nextcloud might not show up by default (“security” or something), but you can “add external storage” and give it permissions.

CF = content framework, android somehow decided that users shall not see and interact with “real” files and instead, have apps like nextcloud act like content providers and expose a file-like API …whatever, it is what it is, but in the end it works.

I’m currently using Material Files, but even android’s default file manager, bundled with the OS, shows Nextcloud in the left sidebar (your mileage may vary on this one, as each phone vendor tend to customize it a bit).

As for my setup, there’s really not much to it: I selfhost nextcloud, have KeePassDX and the Nextcloud app, and when you setup KeePassDX, select “Open existing vault” and in the sidebar you should be able to select Nextcloud and pick files from there.

I see where you’re coming from. I also really wanted that in my early days of android and nextcloud. Turns out, nowadays you don’t really need that for most use cases, and definitely not for KeePass syncing. Nextcloud app for android exposes all the files via content framework and KeePassDX can sync two ways via that. Other apps like Keepass2Android even have direct nextcloud support via WebDAV, though these days I prefer KeePassDX a little bit more for unrelated reasons.

I recommend you try either KeePassDX or Keepass2Android and see for yourself.

Also, most file managers support CF and will show you your nextcloud files as if they were real files on the device, even without “real” two way sync, and most other apps will be able to save & open files directly from nextcloud.

I use KeepassDX syncing via Nextcloud, works flawlessly. I also used to use Keepass2Android, also works very well.

Can you elaborate on the “nextcloud doesn’t support 2-way syncing on android” statement? I can sync my Keepass database back and forth without issues.

Signed developer certificates protect you from MITM attacks, it does not protect you from the sources themselves being compromised.

Very true, and that’s why f-droid building from source can only guarantee the apk matches the source, but you still need to trust someone else (or yourself) to study the source and confirm nothing shady is going on, which of course isn’t something most people would do for any open source app they install.

Still, for “high profile” cases it just take one (independent) person to go through the source and publish their findings.

Yes, I understand the situation is shady and f-droid maybe didn’t handle it the best way on a human level, and that is important when evaluating trustworthiness.

What I was focusing on was more on the technical side: As long as I can:

• trust f-droid to actually build from source and only publish something guaranteed to match the source, and
• read the source code myself, or trust an independent researcher to study it, and confirm there’s no malware,

then I don’t need to trust the maintainer of the project at all, and I can ignore all the drama, being assured with a high degree of certainty there is no malware

I can also ignore any drama involving f-droid as long as I still trust them to build from source. This can also be verified by independent researchers by buulding themselves ans comparing, once again filtering out the drama and noise, though most people probably won’t go this far.

I don’t use syncthing (anymore) and didn’t know the story behind this, but one thing I know is, f-droid builds the apk from source and signs it with their keys, or if reproducible builds are available, it verifies the signed apk provided by the maintainer to match bit-for-bit with the source code, so at least even if one doesn’t trust the new maintainer, they should be able to trust f-droid that the apk matches the source, so e.g. no spyware or malware was added for example. Sure, someone still needs to review the source, of course.

Nair’s name was on an email sent by publicist Peggy Siegal to the late pedophile Epstein about an afterparty in 2009 for the film Amelia, which Nair had directed. The email alleges no wrongdoing and simply records attendance.

Nothingburger but anything for those precious clicks

According to the mayor, while federal agents in violation of the order would not be arrested by Chicago police, the city will take the federal government to court if necessary.

So yeah… nope, they’re not going to enforce it.

Bold-faced has been used at least since the late 1900s https://www.merriam-webster.com/grammar/is-that-lie-bald-faced-or-bold-faced-or-barefaced

With Newsom’s signature, now it’s up to the voters to decide whether to temporarily sidestep the state’s independent redistricting commission

How temporary is “temporary”? I can’t find it in the article