The Lemmy Club

Johny 5

https://github.com/positive-intentions/chat

probably not... Because I'm comparing it to everything... but id like to share some details about how my app works so you can tell me what im missing. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify... but i want to understand why?

im not a cyber security expert. im sure there are many gaps in my knowlege of this domain.

using javascript, i created a chat app. it is using peerjs-server to create an encrypted webrtc connection. this is then used to exchange additional encryption keys from cryptography functions built into browsers to add a redundent layer of encryption. the key exchange is done like diffie-helman over webrtc (which can be considered secure when exchanged over public channels)

• i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have opened sourced my cryptography module. its basically a thin wrapper around vanilla crypto functions of a browser. a prev post on the matter.

• another concern for my kind of app (PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for selfhosting. selhosting this app has some unique features. unlike many other selfhosted projects, this app can be hosted on github-pages for free and instructions are provided. im also working on introducing a way that users can selfhost federated modules. a prev post on the matter.

• to prevent things like browser extensions, the app uses strict CSP headers to prevent unauthorised code from running. selfhosting users should take note of this when setting up their own instance.

• i often get touted things like the Signal/Simplex protocol is amazing and great, etc. id like to compare that opinion to the observation in how my todo app demo works. (the work is all experimental work-in-progress and far from finished). the demo shows a simple functionality for a basic decentralized todo list. this should already be reasonably secure. i could add a few extra endpoints for exchanging keys diffie-helman style. which at this point is relatively trivial to implement. I think it's simplicity could be a security feature.

i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the frontend and the peerjs-server to be hosted independently, im on track for creating a chat system with the "fewest moving parts". im hope you will agree this is true p2p and i hope i can use this as a step towards true privacy and security. security might be further improved by using a trusted VPN.

i created a threat-model for the app in hopes that i could get a pro-bono security assessment, but understandable the project is too complicated for pro-bono work.

i created a decentralized todo list demo using the p2p framework used in the chat app. this is to demonstrate the bare-minimum functionality of decentralised messaging and state management.

while there are several similar apps out there like mine. i think mine is distinctly a different approach so its hard to find best practices for the functionalities i want to achieve. in particular security practices to use when using p2p technology.

Steamlyannaya Hamonika (1968) depicts the isolation and brutalization of humans in modern bourgeois society. Although being broadly in line with other art-as-propaganda of the era, censors felt it could easily be read as a criticism of the party, leaving this subversive short as the only animated film to be banned in the Soviet Union.

source: https://youtu.be/yVmw3ZhdzEs (https://piped.video/watch?v=yVmw3ZhdzEs)

De nieuwe eigenaar van een kantoorpand in Best heeft daar gistermiddag een groot, werkend drugslab op de vijfde verdieping ontdekt. De politie ruimt het laboratorium momenteel op. Daarbij wordt een hoogwerker ingezet, omdat de vaten en andere apparatuur te groot zijn om met de lift naar beneden te [...]

Chinese windmolenbedrijven willen dolgraag de Europese markt betreden, maar stuiten daar op argwaan en kritiek. Zhang Qiying, directeur van een van de grootste windturbinemakers ter wereld, wil zich graag verdedigen. ‘We zijn een privébedrijf, geen staatsbedrijf.’

cross-posted from: https://lemmy.world/post/18004980

We Won’t Have To Vote Again

We Won’t Have To Vote Again

Right away, the data clearly showed that cash helped people spend more on their basic needs. Those who received $1,000 monthly spent $67 more per month than the lower-paid group on food, $52 more on rent and $50 more on transportation. They also spent about 26 percent more financially supporting others, typically family members or children, suggesting that the beneficiaries of guaranteed income programs extend beyond the actual participants.

Some of the volunteers told the researchers that the money allowed them to stop living paycheck to paycheck and start imagining what they could do if they had more financial breathing room. Karina Dotson, OpenResearch’s research and insights manager, often heard participants talk about the cash giving them a “sense of self.” She said it “gave them head space to dream, to believe, to hope, to imagine a future they couldn’t imagine before.” Other research has found similar outcomes.

Those who received $1,000 monthly were 5 percent more likely to report having a budget, spending an average of 20 minutes more a month on finances than the group that received $50 monthly. The money also affected how much medical care people sought, how much they considered entrepreneurship or additional schooling and even the kinds of jobs they took. Those choices varied widely from person to person.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/animemes by /u/Jepington on 2024-07-27 10:52:15+00:00.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/animemes by /u/Suma_OwO on 2024-07-27 10:11:19+00:00.

Original Title: :l

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/animemes by /u/Oversama on 2024-07-27 10:01:13+00:00.

HHe wants to be a dictator

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/animemes by /u/Oversama on 2024-07-27 09:57:28+00:00.

With all federal and state policies on the books as of June 2024, we estimate the US is on track to reduce its GHG emissions by 38-56% below 2005 levels in 2035, representing at least a doubling—and potentially as much as a four-times increase—from the pace of annual emissions abatement from 2005 to 2023. On the way to 2035, we find the US could reduce its emissions by 32-43% below 2005 levels in 2030. These emissions reductions under current policy are a measurable acceleration in mitigation even compared to our Taking Stock 2022 edition from just before the passage of the IRA, in which we found the US on track for a 24-35% reduction below 2005 levels in 2030. But they are not enough for the US to achieve its 2030 climate commitment under the Paris Agreement of a 50-52% reduction by 2030, or deep decarbonization by mid-century.

Honden met rugzakken vol zaadjes gaan helpen met het herstellen van de natuur in een natuurgebied in Engeland. Ze gaan de zaadjes al wandelend verspreiden en doen zo ongeveer hetzelfde als wat wolven vroeger deden.