So this basically runs key derivation by taking the password, SHA-256 hashing it, and feeding the result to a SecureRandom. Then XORs the output of SecureRandom with the plaintext in CBC mode with a block size of 1 byte... CBC meant this isn't protected against tampering, since the encryption mode isn't authenticated. And the blocksize of 1 byte, means you can attack each character of the ciphertext one at a time.

This is a woefully inadequate key derivation, and the actual encryption seems fairly flawed. I only have a basic Cryptography 101 course under my belt, and while I don't have the skill to obviously break it, it absolutely makes the hair on my neck stand up...

Discounting any weaknesses in the actual crypto, the heaviest part of this algorithm is the actual SHA-256 hash, and with some tweaking, I'm sure someone determined could modify hashcat to attack this encryption directly. I just had a look at some Hashcat benchmark on an AWS p5en.48xlarge instance, which has 8x Nvidia H100 GPUs. These together can churn out 126.9 Giga-hashes per second on SHA-256. Which means it can try ALL alpha-numeric passwords with 12 characters in just around 0.59 nanoseconds. This instance isn't cheap, as it costs around $64 per hour to run, but at that speed you don't have to run it for very long anyway.

So even at the worst-case, of having to brute-force your XOR encryption algorithm, breaking it will be trivial.

Please don't roll your own crypto... Or if you do, please make it very clear to anyone that it's your own hobby project, and that it shouldn't be relied upon for actual security.

EDIT: apparently I can't operate a calculator

This ain't AI... This is the haphazardly thrown together product photos you see on amazon, which just plasters a few stock photos together with the product.

Cat's claws are for hunting, fighting and climbing. They are extremely sharp, and can rip your skin and make you bleed without even trying.

Dog's claws are for traction and digging. Usually dogs claws are dull, they might still cause a big of damage to the top most layer of your skin, but they have to make an effort to draw blood. Dogs hunt and fight with their teeth instead of their claws.

Holy shit... This is so incredibly out of touch... I can't even...

The Basics That Blow Minds

Lol no... yt-dlp is a bit nifty, but everything else here is utterly expected of any media solution... Exactly zero minds were blown here...

No transcoding

Damn that sucks when the destination device isn't capable of hardware decoding the media file, and too slow to software decode it... (also, you do know that you can just disable transcoding in Plex/Jellyfin, right?)

No server

SMB and NFS are both servers.

Send someone an SMB/NFS share to your media

Jesus, are you directly exposing SMB and NFS to the Internet? NFS is entirely unencrypted, and SMB has super scary vulnerabilities regularly...

Zero server maintenance

I really hope you are patching the OS, to avoid vulnerabilities in SMB and NFS which you are exposing to the Internet...

Plays literally any codec without setup

Sure, provided the device supports hardware decoding the codec or is fast enough to software decode it...

Works offline/online seamlessly

So does both Jellyfin and Plex (plex needs a one liner config change, though, to be fair)

cross-platform

How about TVs? How about Mobile?

Or just... teach them? play movie.mkv isn't rocket science.

My mom has needed to call me and be guided over the phone 100% of the times that she has needed to scan a document... How do you think teaching her to navigate a file structure in a terminal is going to go?

My daughter still needs us to spell out the cheat codes for her The Sims game... Do you think she'll remember the terminal commands.

If I forced any of my friends and family to use the command line to play media, they would just watch something else from a streaming service that actually offers some User Experience... Or do something else entirely.

write a simple script or just... remember what you watched?

Dunno... That seems like a hassle when it's a built in feature in Plex/Jellyfin

It's literally a config file. If you can set up Jellyfin, you can handle this.

No... It's a config file per device, and SMB/NFS mounts per device. Now you need to handle syncing that config file, and any other user of the server will need their own config files...

... And what about other features...

• How do you browse metadata for your movies and series? I often like to read a summary about a movie to know a bit about what to expect. I also like being able to search for an actor, and see the cover art.
• How do you group your movies with the extra features for that movie?
• How do you stream your media to your TV?
• How do you easily fetch subtitles for a movie that didn't come with any subtitles?
• When you are away from home on a heavily bandwidth constrained connection, how do you watch your nice high-quality movies?

Back when I lived alone, attaching my media drive directly to my desktop computer made perfect sense, it was the only screen I owned that I wanted to watch anything on... And I didn't need to share anything with anyone... And I could easily use mpv or vlc to watch anything I want...

But now that other people are in the mix, and I like the convenience of using whichever screen I'm currently near, a simple network share + mpv falls so far short it isn't even funny.

I think the key word here is "unknowingly"... I don't think Trump will get us into WWIII "unknowingly"...

"intentionally" seems like a more fitting word for what Trump is up to.

https://knowyourmeme.com/memes/breasted-boobily

I love LocalSend, the only downside is that both devices must be on the same network. So it won't work for sending a file to someone else at a bar.

Damn... The more I hear about stuff like this the more I like the Danish police and traffic laws... They certainly aren't perfect, but man is most of the rest of the world a shit show when it comes to that.

In Denmark 3 km/h above the limit can get you a ticket. 30% above will get you a "point" to your drivers license and a much larger fine. 60% above and you will immediately lose your license and a large fine or potentially prison.

A "point" stays on your license for 3 years, and it you get 6 cuts, you lose your license.

I haven't heard of anyone keeping their license "because they needed it"... You just have to bike, or take public transport.

You also get a point for many other offenses, such as using a handheld phone, crossing on red, tailgating, driving the wrong way, or many other things.

The first 3 years after getting your license, the limit is lower at 4 points, and if you lose your license and get a new license the limit is only 3 points.

Yeah... I tried to ask it in Danish, and this is what it came up with...

I've assembled a few plugs myself... And this certain isn't quite how I did it...

EDIT: This was actually Gemini 2.5 Pro... But it's not very "pro"

Nope. If you pick the Linux version on a desktop Linux it doesn't even have a binary, so the game can't launch. On normal Linux you have to pick the Proton version. The Linux binary only downloads on Steam Deck.

EDIT: This is no longer true. If you simply disable the compatibility modes, the native steam deck now downloads nicely on Linux, and it runs straight out of the box for me, and with much less stuttering

The short answer is basically everywhere they can find data.

But sometimes the government even wants to give them all the data they have on every citizen in their country, including medical history, financial information, and much much more. So the police can "Minority Report" terrorism before it happens

I used to be a software engineer, but moved into infrastructure instead, so I haven't really been programming much for few years. But all the vibe coding I see around me is making me yearn for coding the old-school way. And I've been searching a bit for something to apply that drive to...

I'm currently reading Men at Arms (Terry Pratchett), and it's delightful!

I'm roughly 1/3 of the way through all of the Discworld books.

Thank you for taking proactive measures. I hope it gets resolved soon.

Are there any information around the nature of the vulnerability or the status of a fix?

Outer Wilds - The way this game uses music and ambient sound to foster a sense of wonder, dread, excitement, sorrow, and much more is nothing short of incredible. Probably the best game I have ever played.

Subnautica - Equally impressive use of music as Outer Wilds, many of the same feelings, but a much much different vibe and genre.

Return of the Obra Dinn - A grim game where the soundtrack with church bells and heavy string instruments really underscore the mood.

All the flash games are still there, ready and waiting for you to play them. You just have to choose to play them:

https://flashpointarchive.org/

• Andrew S. Tannenbaum

https://www.comaps.app/ is a community led fork of Organic Maps, which was made as a response to the controversy.

That's not correct. Under the GDPR, the data that Facebook collects on you, makes them the Data Controller. Any partners they share data with would be considered Data Processors. When you invoke your right to be forgotten under the GDPR, then both Data Controllers and Data Processors must delete your data. So if Facebook partners isn't deleting your data after you filed a request to Facebook, then they are violating the GDPR.

That said Facebook is certainly violating the GDPR left and right. For example with their "Pay or Consent" model...

Is there any reason you are not just calling your ISP and asking them to put their box into bridge mode and then setting your own router up behind it?

You control everything from the router and into your local network.

If you can't trust your ISPs "modem" in bridge mode, then you also can't trust the infrastructure beyond the modem, and in that case you would need to set up a privacy respecting VPN service directly on your router to encrypt the traffic your ISP sees.