• 24 Posts
  • 2.26K Comments
Joined 3 years ago
cake
Cake day: July 7th, 2023

help-circle







  • Unless there is a mapping between a UID of a user across many different machines (something like a domain controller), you’re not going to be able to set proper permissions by user. You need to use a generic group, or provide global read access at a minimum.

    I’m not 100% sure why you’ve chosen this route, but there are MUCH simpler ways of doing this that don’t involve VMs and NTFS volumes.

    At this point, you’re butting up against 3 levels of nested permissions, including the VM. My suggestion would be to make sure all the files on the NTFS volume have global read access, then go into the VM and attempt to set NTFS permissions on the files (they are different). If that becomes too tedious, you could just try setting 777 on all shared files. It’s unsafe, but may get you through until you find a more…workable solution for what you’re doing here.

    I think the overall solution is to just not need this Windows VM, so look at moving these sites off to Nginx or something ASAP.





  • The clients (apps) enforce key symmetry for your own keys, server identity, and the exchanged with the other person part of a conversation. Constantly. There is no way to MITM that.

    The clients are open source, and audited regularly, and yes, builds are binary reproduceable and fingerprinted on release.

    That’s not to say someone can’t build a malicious copy that does dumb stuff and put it in your phone to replace the other copy, but the server would catch and reject it if it’s fingerprints don’t match the previously known good copy, or a public version.

    Now you’re just coming up with weird things to justify the paranoia. None of this has anything to do with Signal itself, which is as secure as it gets.