• 2 Posts
  • 123 Comments
Joined 3 years ago
cake
Cake day: July 7th, 2023

help-circle

  • Wait…so you’re looking for a solution with zero problems because of…clout or something? I don’t get it.

    If you like Debian, just stay with Debian. Especially if you’re not familiar with what running Arch really means in the deeper sense. Mostly that the guardrails are off, in a sense.

    CachyOS puts a ton of work into adding UX helpers that makes it pretty user friendly, but it’s still going to have a lot of manual intervention required, but that’s a feature to some.

    If you have an AMD laptop, maybe look into installing SteamOS and Kodi as a non-steam app. That could be your sweet spot.










  • Unless there is a mapping between a UID of a user across many different machines (something like a domain controller), you’re not going to be able to set proper permissions by user. You need to use a generic group, or provide global read access at a minimum.

    I’m not 100% sure why you’ve chosen this route, but there are MUCH simpler ways of doing this that don’t involve VMs and NTFS volumes.

    At this point, you’re butting up against 3 levels of nested permissions, including the VM. My suggestion would be to make sure all the files on the NTFS volume have global read access, then go into the VM and attempt to set NTFS permissions on the files (they are different). If that becomes too tedious, you could just try setting 777 on all shared files. It’s unsafe, but may get you through until you find a more…workable solution for what you’re doing here.

    I think the overall solution is to just not need this Windows VM, so look at moving these sites off to Nginx or something ASAP.




  • The clients (apps) enforce key symmetry for your own keys, server identity, and the exchanged with the other person part of a conversation. Constantly. There is no way to MITM that.

    The clients are open source, and audited regularly, and yes, builds are binary reproduceable and fingerprinted on release.

    That’s not to say someone can’t build a malicious copy that does dumb stuff and put it in your phone to replace the other copy, but the server would catch and reject it if it’s fingerprints don’t match the previously known good copy, or a public version.

    Now you’re just coming up with weird things to justify the paranoia. None of this has anything to do with Signal itself, which is as secure as it gets.