mutual_ayed @ mutual_ayed @sh.itjust.works Posts 0Comments 73Joined 6 days ago
I don't know yet. It's more a thought experiment than anything else.
https://github.com/muke1908/chat-e2ee
Looks like the URL is part of the seed and salt which is cool.
Proving who you are is done in another stream. Like MFA.
You do a one time pad, generate the URL with that. Communicate what's needed, then the URL dies.
I'm still noodling with it.
Just because I and my family benefit now, doesn't mean it'll stay that way. Also again, I don't want to support or platform an app that charges others, who are not me, to share their own collection.
If they want to charge for the Plex TV or Plex Movies they host, and leave the app free of cost for a person's own personal collection to be shared. That's fine.
I have no confidence that'll happen though.
The more people that short the stock....the better for everyone.
Hell is other people especially in FOSS.
I still don't see how
swap to a modified JS that exfiltrates the e2ee key
or
add additional keys
Wouldn't significantly change the recieved hash and break the stream thus ending comms. Also unless you're hosting and building it yourself you have to trust the recipient and the cloud host.
I agree if an attacker owns the server comms can be compromised. I thought that was the benefit of the ephemeral nature. It's for quick relay of information. Best practices would probably include another cypher within the messages themselves like a one time pad or some such.
https://www.itstactical.com/intellicom/tradecraft/uncrackable-diy-pencil-and-paper-encryption/
What's going on over there?
https://www.theregister.com/2025/02/13/ashai_linux_head_quits/
https://marcan.st/2025/02/resigning-as-asahi-linux-project-lead/
I just wanna run fedora on an M4 already
Edit: I hope she feels safe and is able to put whatever it was behind her. She's a brilliant engineer.
https://asahilinux.org/2022/12/gpu-drivers-now-in-asahi-linux/
Cool, now they can correct the "mistake" made regarding Army Maj. Gen. Charles C. Rogers ....
Recouping losses from stagnant inventory by burning cars may lead to a short term bounce. However, and I say this with my full chest. Fuck Musk.
Yes, that's great for me and mine, but not for others. I don't like to support or platform/promote applications that require a subscription for any access at all.
The problem is Plex aren't Netflix in my usecase. I'm sharing my library with my friends.
Now if they'd like to charge for the content they host. Great more power to 'em, but I feel icky with a payment or subscription model that charges to deliver my collection to my friends and family.
So, like I said. I'll likely start migrating to jellyfin and start the conversation with people in how to get the jellyfin app on whatever device they have.
It has. Strangely enough they posted a code of conduct after that feedback and started weilding the ban hammer. However I cannot speak to outside forums like XDA or Reddit or even comms here. I tend to stick to their forums or github
Fragility is by design as it's ephemeral comms. Swapping the js decryption doesn't make sense as wouldn't the client just fail or refuse the message stream as the decrypt/encrypt changed? It's an interesting problem. Thanks for giving me something to noodle on.
Fuck your pipeline
Also. there were demonstrations against DAP in 2008 way before Greenpeace got there.
Can you expand more on the key management? I thought https://chat-e2ee-2.azurewebsites.net/ passes a PSK Through the header and sets that as a cookie in the browser to sign further comms. I could be mistaken of course.
A lot of flatpaks early on wouldn't survive a major point release upgrade or worst case would hold on to dependencies and the user would end up with an unbootable mess after an upgrade.
I haven't seen that recently though.
However I regularly run appimages on my fedora silverblue system so take what I say with a grain of salt.
IMPORTANT NOTE FOR CURRENT PLEX PASS HOLDERS: For users who have an active Plex Pass subscription, remote playback will continue to be available to you without interruption from any Plex Media Server, after these changes go into effect. When running your own Plex Media Server as a subscriber, other users to whom you have granted access can also stream from the server (whether local or remote), without ANY additional charge—not even a mobile activation fee. More on that later in this update.
I guess that's something.
Gonna be a long slow explanation to my family and friends how to switch to jellyfin. Hopefully there's an app ecosystem there as well. I was lucky to get a lifetime pass way back in 2009 when I did some work for them. It's very different now.
I shorted the stock last month and I'm shorting again. Gotta lit candle at $170 for May that I hope pays off.
Sidenote: don't gamble....
Fedora based actually
Install using the debian net installer. Only add a GUI/Desktop Environment through command line and apt. Don't use tasksel.
https://www.debian.org/CD/netinst/
Do this on a laptop that's not mission critical. Barring that, use Tails on a USB drive
Plex/jellyfin
If I could do it all over I'd pick jellyfin however plex is on more devices and easier for people to setup.....for now.
However you may also be interested in the arr stack. For reasons.