TL;DW from my vague memories:

Oracle got the trademark for JavaScript because they bought the company who made it. Now they have no involvement in the JavaScript ecosystem aside from making a library that barely anyone is using. The JavaScript standard has to refer to JavaScript as ECMAScript because Oracle doesn’t want anything to do with it and won’t allow other people to use the JavaScript name.

The Node.JS/Done guy says that’s stupid and had been requesting Oracle to release the trademark into the public domain for years which Oracle had always ignored/refused. More recently, Node.JS/Deno guy took Oracle to court for holding onto the JavaScript copyright with no intention of doing anything with it which ended in failure with Oracle claiming they’re involved in the ecosystem thanks to that one library they made.

The guy who created JavaScript agrees that’s stupid but can’t help.

IIRC I had to keep xsettingsd running in the background for my system GTK theme to be applied to Flatpak apps so maybe that’s what you need?

I’ve tried both and ~/.local/bin tends to be used by a bunch of tools to install their own binaries/scripts so depending on what you use it can become very messy (which did happen in my case). I used to have a ~/Documents/Scripts directory in my $PATH and that was much cleaner than my current setup so that’s what I’d recommend, especially if you want to use Git with it! :)

Sometimes it’s plug-n-play and everything works great. Sometimes you press the update Nvidia drivers button on your Ubuntu work computer and then need to tell IT you bricked your OS. YMMV

No worries Mickey Mice! Hopefully you won’t face any more big hardware issues after that ^^’

Good luck in your Linux journey! :)

21:00.0 Network controller: Broadcom Inc. and subsidiaries BCM4352 802.11ac Dual Band Wireless Network Adapter (rev 03)

It’s probably related to this recent issue

In my experience Broadcom on Linux is a bad omen, second only to Nvidia. If you can, I’d recommend switching your Wi-Fi card for one that has better Linux support (e.g. “TP-Link Archer TX3000E” or anything that uses an Intel chip inside really since support for them is handled directly by Intel and integrated into Linux’s source code). Good luck! :)

Damn already working on an app? That’s so cool! Starting E2EE there is definitely a good idea then!

MeroChat is such a nice project, thank you for working on it <3

The server might always send a modified script that just uploads the plaintext private key.

Yeah, you’d need a way to validate the client code before it’s executed to solve that issue

Section “2. Client application security” of MEGA’s Security Whitepaper discusses this exact problem. Their best solution to that issue is to just cram the whole frontend in a signed web extension and not serve any code to the user when the extension is active, which is not very user friendly but works for those who want an extra layer of protection

I just can’t find a good user-friendly implementation, sorry for not being of more help. The web just isn’t E2EE-friendly ig :/

Yeah, I’m not used to E2EE in the browser either and StackExchange seems to agree that there’s no nice solution :/

The sanest option in terms of user practicality to me appears to be storing the private key on the server, maybe encrypted with the user’s password, and sending it to the user on successful login where it would be decrypted client side. It seems like it’s more or less what MEGA is doing since they have a similar issue

If the server having temporary access to the user’s password is an issue maybe the password could be partially pre-hashed before being sent?

It’s be interesting to talk about it with someone with more experience, especially since implementing all of that will be a pain so it can’t be redone every Thursday

I know Matrix has E2EE with some public documentation on its implementation. Maybe it could help you? Idk how familiar you’re with E2EE or what kind of implementation you’d want, anything will have drawbacks :/

It would also be prone to recreating the SEO mess that we can see today

I think federation should solve that though?

Ah, yeah you’re probably right my bad. Big data isn’t my speciality so I can’t say much about that :/

No. If you want to run an algorithm you should run it on your computer and not on somebody else’s.

Ignoring the fact that having a proper recommendation AI for every single user would be environmentally disastrous, it would also place much more burden on the ones hosting instances. Keep in mind that most instances are hosted by people who do not earn anything from them and that many bigger instances already had to rent bigger servers because of the influx of people. Adding computationally expansive algorithms in the mix would just increase the cost for the volunteers on top of signing the death of some smaller instances run on a tight budget.

It would also be prone to recreating the SEO mess that we can see today on social medias like youtube where, if you want to grow your community, satisfying the algorithm becomes more important than the actual content of your posts.

However, I would have no issues with an algorithm that a user of an instance could run on their devices and tweak to their liking. This solution would probably be less convenient but would avoid most of the mess.

EDIT: Sorry if my comment came out as too aggressive and thank you for making this post. I think that’s an important issue to discuss and, as thanks for bringing it up, you have my upvote :)