1·
12 days agoWhat other effective solutions are being explored by the government? Let’s platform those.
- 0 Posts
- 14 Comments
Joined 25 days ago
Cake day: March 19th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Not good enough is a stepping stone to good enough and a great starting point for done.
Reward what works, disengage what doesn’t, and promote ideas that can grow.
Sceptism is important, dissent is healthy, but recognizing what will progress society and putting effort into that is what’s needed now.
Absolutely this. Bill Clinton was Reagan lite and it wasn’t until Obama’s grass roots campaign that the centrist Democrats were challenged. Hillary thought she could do what Bill did and appeal to “moderate Republicans” and that backfired because she alienated the left of the party and Bernie picked up that thread and ran with it.
7·16 days agoSorry to break it to you but that’s a Blue Horizon rocket.
Yes and… the 2016 DNC fuckup was when it escalated. But the momentum started with Reagan and nobody took their foot off the gas until Obama. Centrist dems definitely overcorrected and we ended up with Trump the first time.
I think that’s by design and the nature of the setup. Anyone with the URL can communicate.
If your other comms method is compromised this doesn’t have much use. Which is a different problem all together. I think this would work great as something like a deadrop so two completely faceless people can communicate. I like it a lot.
I don’t know yet. It’s more a thought experiment than anything else.
https://github.com/muke1908/chat-e2ee
Looks like the URL is part of the seed and salt which is cool.
Proving who you are is done in another stream. Like MFA.
You do a one time pad, generate the URL with that. Communicate what’s needed, then the URL dies.
I’m still noodling with it.
I still don’t see how
swap to a modified JS that exfiltrates the e2ee key
or
add additional keys
Wouldn’t significantly change the recieved hash and break the stream thus ending comms. Also unless you’re hosting and building it yourself you have to trust the recipient and the cloud host.
I agree if an attacker owns the server comms can be compromised. I thought that was the benefit of the ephemeral nature. It’s for quick relay of information. Best practices would probably include another cypher within the messages themselves like a one time pad or some such.
https://www.itstactical.com/intellicom/tradecraft/uncrackable-diy-pencil-and-paper-encryption/
It has. Strangely enough they posted a code of conduct after that feedback and started weilding the ban hammer. However I cannot speak to outside forums like XDA or Reddit or even comms here. I tend to stick to their forums or github
Fragility is by design as it’s ephemeral comms. Swapping the js decryption doesn’t make sense as wouldn’t the client just fail or refuse the message stream as the decrypt/encrypt changed? It’s an interesting problem. Thanks for giving me something to noodle on.
Can you expand more on the key management? I thought https://chat-e2ee-2.azurewebsites.net/ passes a PSK Through the header and sets that as a cookie in the browser to sign further comms. I could be mistaken of course.
1·24 days agoFedora based actually
I don’t see anywhere where I can see the source code of that build. Not saying it’s a bad project just that I’d like more transparency.
I’m more trusting of the debloat scripts that I can read and inspect. https://github.com/Raphire/Win11Debloat