can please someone build a iphone+ android app which does conveniently what cimbar (cimbar.org) does? than we do need much less of those filesharing activities, because videos go up to a few mb, and bigger than that.. well you can encrypt, share key via such an app and then upload to whereever.

> The real lesson here: If you're successful, don't skimp on security/software! Also, don't abandon software/firmware security support for your products so quickly.

Why? Microsoft and Cisco also skimp on security.

The real lesson is don't skimp on your political payoffs/tribute/bribes.

to be honest, i am kinda wondering, why mailserver do not publish on some http service:

- whom the accept mails from under which conditions - who's blocked and why - perhaps hashed-and-salted-email-addresses for verification - how much spam (as the receiver understands it) happened from where - that you produce tokens with hashcash, so you unknown senders can verify themselves with that per mail/receiver

i just hope, this is really a thin service and not again running with javascript and also works over tor..

i though this uses coqui which is not really opensource?

1. i wish syncthing also would implement this 2. is it already postquantum secure?

(to all the quantum-computer-will-never-come-people: i like to be prepared in CASE it comes, otherwise no one will prepare and users are in the dust, once it is there)

I am not a cryptographer, but can explain that Magic Wormhole uses SPAKE2 to negotiate a shared secret (RFC9382 claims equivalent to gap Diffie-Hellman), and then uses NaCl SecretBox to symmetrically encrypt all data between the peers.

(If using the newer Dilation protocol -- which is true for many of the non-file-transfer tools like ShWiM, Git-WithMe or Fowl -- peer traffic uses this shared secret with Noise, specifically "Noise_NNpsk0_25519_ChaChaPoly_BLAKE2s")

One tool that does now use Magic Wormhole for "introduction" like this is EtherSync: https://ethersync.github.io/ethersync/

as long as we can convert the OCI to an bootable VM image, i am fine with that. But i also think, there's an size limit

There are still growing pains, but https://github.com/osbuild/bootc-image-builder exists and is likely to become exactly that in the general case (as it already is for the redhat family).

Oh those size limits are pushed plenty by AI images, no worries. I recently had a good laugh when I found a docker image that was 2 - 3 times as big as the OS partition of a lot of our smaller servers.

And our OS image build order would reuse layers better than those.

No doubt, I've regularly encountered ~2TB container images with enough layers to make one weep. SISO, slop in/slop out (sorry).

Time to find out if one can make a dockerbomb image >:-)

I believe in you, 'fallocate' can be put into entrypoint :P This way the size is a surprise, not constant

i think it's already been done with bootable containers.

redhat has recently GA bootable container as well.

how complex is this to understand for auditors? i fear of the ever increasing complexity of protocols which are security-relevant...

i am still of the opinion, if they would extend sieve quite a bit and standardize markdown/reST/asciidoc as rendered in emailreaders, we could probably get much more usage of mail again

(sieve would need additional features of sending/processing mails and reencrypting imho)

but mail is still less broken then mobile phone networks.

Yes. And we'd also need people to stop demanding non-semantic hard wrapping at 79/80 chars.

You know what's quite more important?

* Performant and safe standard library. * batteries included * a good way to actually care about managing dependencies, during build and runtime.

Okay, you got your stuff, please everyone now let's care about the standard library and that it really good.