its advertising that it’s secure e2e even behind firewall/etc but that’s not true because webrtc will fallback to using TURN server to relay when other methods fail which will break the encryption, just fyi.

WebRTC won’t use TURN unless it’s explicitly configured with a TURN server. Even if it did use a TURN server webrtc is still e2e encrypted.

You need to trust the signalling server though.

This library seems to do a few other things, which maybe reduces the trust in the signalling server, but I didn’t really read it in enough detail to comment on it.

Connection is E2E encrypted when using TURN. Using TURN has no negative impact on security.

The TURN server can see the size/src/dst so that has a privacy implication!

You can pass configuration to disable ICE entirely.

Looks like it's using PeerJS, which defaults to a config of using a Google STUN server and no TURN servers. Not sure if using a STUN server compromises the E2E in some way?

Why would STUN compromise e2e? STUN just returns your IP

I just didn't want to speculate, as I'm not familiar with the security considerations here.

But, thinking about it a bit, couldn't a compromised STUN server establish a MITM by lying to you about your IP, and then relaying to you? This old HN comment describes it: https://news.ycombinator.com/item?id=11192610

I don't know if this would break the E2EE here (although if it wouldn't, I'm not sure how a TURN server would either, as that's just a baked in MITM).

i was wrong actually, it doesn’t weaken security as long as the data is encrypted either using DLTS or application layer encryption, please ignore my comment lol.

Yea I came here to say this, actually I was able to transpile a few typescript files from my project into assembly using GPT just for fun and it actually worked pretty well. If someone simply implements a strict typescript-like linter that is a subset of javascript and typescript that transpiles into assemblyscript, I think that would work better for AOT because then you can have more critical portions of the application in AOT and other parts that are non-critical in JIT and you get best of both worlds or something like that. making js backwards compatible and AOT sounds way too complicated.

i want phone that’s part of my brain so i don’t have to interface with 3rd parties.

Just wait until they find a way to do this and promptly bake ads right into it

Check out the YA book "Feed", it tackles that issue.

doesn’t “jailbreaking” make the model inherently smarter because it has a bigger context?

This personality type tends to hate PHP as well. This is the asshole who still shows up in PHP threads linking to "A Fractal of Bad Design" and snarking about mysql_query.

hmm…i do mainly web stuff but i read in some blog somewhere that the v8 runtime compiler optimizes the code better than writing the same thing in assembly script when working directly on top of typed buffer arrays, is this true?

I think the real question here is identifying a problem are you trying to solve for the world and figuring out if it’s actually a real problem that needs solving, past that it’s finding the right foundation and tools, whether it’s building on top of open ai or some other llm - that’s fine. if it requires a more tailored ai, then one could delve more into the research in R&D. why compete with another solution that already exists? just build on top or find another problem to solve?

One could theoretically replace traditional web interfaces with LLMs… that code the JavaScript of the web page on the fly!

Finished it for you.

why is it that they want to always group and divide along their own boundaries? lol