Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Reelya]

Yeah, I cobbled together my own system for splicing adverts out digital TV without using a video editor using

ffmpeg
mpv.io (as the viewer)
autohotkey (to extract frame positions into a file via keyboard bindings)
batch + js scripting to feed the correct info to ffmpeg

Mind you at the time I had to pay per mbyte of downloads since all my internet was tethered to my phone, but now they have unlimited mobile data plans fairly cheap so i don't bother with this anymore. The reason mpv.io was crucial here was the ability to override what's in the title bar so i could use autohotkey to extract that data.

I don't really do that with video anymore, however i mostly use ffmpeg now to batch convert downloaded music videos to mp3. The trick here is that i wrote some jscript that reads a specific folder, looks for videos then sends batches of commands to ffmpeg to convert them to mp3 in an output folder, and appends a .cnv ending onto the original file. The nice thing is that there's no screwing around with shitty video to mp3 software, i just put the files into the right folder and click a desktop shortcut and mp3s come put. That's kind of the holy grail for me, automating workflows for managing downloaded content.

[dragdeler]

Ok so, I want to gain final say over my GMAIL adresses, the idea: use IMAP. The issue: I'm very unclear how email actually works:

If I host an email service on a rasberry pi, it needs to be running 24/7 in order to be able to straight up receive mails right? Where do mails go when the server is offline? And, does that even matter if I use IMAP? Or can I basically start up my own mail server whenever I need access to any of the adresses via IMAP, see their contents, read emails, and send mails as any of the accounts? How does a mail server even know whatever name/domain I'm going to give the adress isn't taken, where does the password intervene? How secure is it to have a emailservice, say thunderbid, installed? I remember there is a password sniffer I used quite a few times to help people who had their system set up by a third person... Isn't it trivial to spy on a mailservice on a harddrive?

[wierd]

If your server is offline when a message is aimed at it, the sending system will not be able to do the transaction.

How this usually works (outside of using sendmail CLI to send a mail the old school way):

The sender's computer establishes wither a POP3 or IMAP connection with THEIR mail server, and they send the mail to that server. (Either using SMTP or IMAP, since this is an outgoing mail.)  That server then accepts the message, and then tries to deliver it.  Since your host (the destination) is offline, it cannot respond to the connection request.  The sending system will optionally try again, before creating an automated response that it cannot deliver the mail, and dropping it in the sending user's inbox.

(When using sendmail CLI, no such broker is used-- the user's computer creates and sends the message itself. Depending on what command line switches are invoked, it may or may not alert to the system log that the recipient failed to accept the message.)

This assumes you are running your very own email server, and are not using a service like GMAIL.


When using a service like GMAIL, you have 3 methods of interacting with their server farm.

1) POP3/SMTP.  This is the oldest, most legacy method.  The client uses these two protocols to get incoming mail and send outgoing mail, respectively.  Recent versions of these protocols allow for SSL encryption, which is one of the ways the password gets used.

2) IMAP.  This is the newer methodology used, and uses different port number. Not all mail services support IMAP.  It has better encryption support (as in, the transport is encrypted, not the actual message bodies.) support, and keeps messages on the mail server. (POP3 deletes the messages from the email server's inbox when it successfully pulls the messages into your mail client.)

3) The web interface. (GMAIL default, etc.)


Thunderbird does types 1 and 2.  It asks which set of protocols to use when you first set it up, and tries to look up what the public server names/IP/Ports are for common mail hosts (outlook, gmail, yahoo, and pals) when it notices you use an @hotmail,@outlook; @gmail; or @yahoo address, and fills in all the blanks for you.  Otherwise, it EXPECTS YOU TO KNOW.  In the past, you had to hunt this information down yourself.

Once set up, it works like any other mail client. (It has a decided eudora pro feeling to me.) You can then optionally set up actual message body encryption with Enigmail plugin.



Security wise,  If the handshake is set up to use SSL encryption, it at least does not send credentials in clear-text. (Otherwise, especially with POP3 and SMTP, if that option is NOT set, the user and pass *ARE* sent in clear text!!)  This is only marginally better than clear text though, because it is typically SSL 1.0, which is very much broken as an encryption cipher. The basic rule is not to consider email secure. End of discussion.

This is why message body encryption with something vastly more secure, like with a 4096 bit Elliptical Curve algo, (or stronger!) is important, especially in today's world.  even if somebody gets your user/pass, they cannot easily get ahold of your encryption keys, because those are kept local inside your computer, and are (if you are smart) never transmitted over an unsecured channel, and are not stored in the email server in an unencrypted form.  Even if somebody gains access to your email server though snooping your user and password, they cannot actually DO anything with your messages except download a copy of gibberish, or delete the message. They would need the encryption key (since Enigmail at least, uses digital signatures and authority trust checking, to verify both sender AND recipient) set to do anything else, like actually read your mail, or send adulterated messages as a man in the middle.

[dragdeler]

Thank you a lot. So IMAP isn't a bad plan all things considered?

What I still don't get: will IMAP just send a copy of every mail, or am I reading them on their server?

[Starver]

An IMAP-using mail client will track what mails exist on its server, request as few or as many of them as it is configured to do (e.g. only mails below a certain size, not invalidated by very basic spam-recognition rules as they apply to the headers) and perhaps inform you of the others for you to explicitly and manually request.

Or so it used to be, in the days when bandwidth was a prime concern. Probably absolutely everything is all dragged down, these days, without specific prohibitions.


The IMAP server that your initial question seems to suggest will indeed pull everything from upstream (or even be pushed to, if you ever published it/it becomes knowable, but therein lies more issues like potentially being subverted as a spam-repeater) and have everything locally. Unless set up to be selective, in its own way.

But, as I understand your designs, nothing will send your mails (push them) to either your client or server, but instead it'll be entirely up to your client/server to request a pull, with optional removal of what is there once a (more) local copy is gained - or when the message is passed upstream to no longer retain it.


Probably what you want is:
Internet ---> Gmail server --(IMAP)--> Your local client.
// for which you want a client that can handle and differentiate multiple mailbox identities

What you initially described seemed to me to be:
Internet --> Gmail server --> Your local IMAP server --(IMAP)--> Your local client
// for which you *still* need a client that can do all that, but also need to manage the local server.


If you are thinking of using IMAP to retain mails on the server (Google or Pi) such that 'Your local client' can be on your home network (the Pi, a desktop, any other device on your LAN) plus used on any additional device you take abroad (away from home, that is), or open to generic webmail access still, then you either want to:
a) Stick with Google being IMAPped to, and make sure none of your clients grab-and-delete anything you might want to access from other clients, but should be simple,
b) Set up your Pi server to be accessible from outside (NAT/VPN/whatever), likewise. (Won't support the webmail option at all unless you set up a local gateway.)


Hmmm, complicated reply. And hard to edit properly where I currently am, so maybe I tripped over my own attempted description.

[dragdeler]

I fully appreciate the level of detail you guys put in... It's a little overwhelming but I knew there were too many ways to do it to trust the first toturial that blows by. So this is perfect.


I oftentimes get bullied with two step authentification by google, they are litterally trying to lock me out unless I add phone number, secret question and all those stupid other entryways to the account. If I could have a local server, that just grabs a copy of every mail when I start it, but is mostly turned off, I would prefer that, because I want to avoid becoming reliant on another service, but if I understand it right, that might be entirely redundant so long as I set up my mail client to receive the mails via IMAP, is that correct? The goal would be to avoid any kind of login process, just receive "bulk data" whenever I request it, optionally being able to send out mails as any of the accounts is a big plus but it's not super necessary.

[Reelya]

Here's something I just heard about people may be interested in trying out, it's a version of the Windows 10 ISO with all the update features, telemetry etc stripped out of the base install
https://www.youtube.com/watch?v=nwkiU6GG-YU
https://ameliorated.info/

Spoiler (click to show/hide)

Windows 10 AME aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Spyware systems, which are abundant in Windows 10 by default, have not been disabled using group policy, registry entries or various other workarounds – they have been entirely removed and deleted from the system, on an executable-level. This includes Windows Update, and any related services intended to re-patch the system via what is essentially a universal backdoor. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications, have also been successfully eliminated. The total size of removed files is about 2 GB.

[Maximum Spin]

Here's something I just heard about people may be interested in trying out, it's a version of the Windows 10 ISO with all the update features, telemetry etc stripped out of the base install
https://www.youtube.com/watch?v=nwkiU6GG-YU
https://ameliorated.info/

Spoiler (click to show/hide)

Windows 10 AME aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Spyware systems, which are abundant in Windows 10 by default, have not been disabled using group policy, registry entries or various other workarounds – they have been entirely removed and deleted from the system, on an executable-level. This includes Windows Update, and any related services intended to re-patch the system via what is essentially a universal backdoor. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications, have also been successfully eliminated. The total size of removed files is about 2 GB.

I feel like I should probably point out that this is definitely 100% illegal to produce, download, use, and/or distribute..

[BigD145]

Here's something I just heard about people may be interested in trying out, it's a version of the Windows 10 ISO with all the update features, telemetry etc stripped out of the base install
https://www.youtube.com/watch?v=nwkiU6GG-YU
https://ameliorated.info/

Spoiler (click to show/hide)

Windows 10 AME aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Spyware systems, which are abundant in Windows 10 by default, have not been disabled using group policy, registry entries or various other workarounds – they have been entirely removed and deleted from the system, on an executable-level. This includes Windows Update, and any related services intended to re-patch the system via what is essentially a universal backdoor. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications, have also been successfully eliminated. The total size of removed files is about 2 GB.

I feel like I should probably point out that this is definitely 100% illegal to produce, download, use, and/or distribute..

Maybe legal in the EU. Don't know about other countries.

[Naturegirl1999]

Here's something I just heard about people may be interested in trying out, it's a version of the Windows 10 ISO with all the update features, telemetry etc stripped out of the base install
https://www.youtube.com/watch?v=nwkiU6GG-YU
https://ameliorated.info/

Spoiler (click to show/hide)

Windows 10 AME aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Spyware systems, which are abundant in Windows 10 by default, have not been disabled using group policy, registry entries or various other workarounds – they have been entirely removed and deleted from the system, on an executable-level. This includes Windows Update, and any related services intended to re-patch the system via what is essentially a universal backdoor. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications, have also been successfully eliminated. The total size of removed files is about 2 GB.

I feel like I should probably point out that this is definitely 100% illegal to produce, download, use, and/or distribute..

I didn’t know giving updates free of spyware was illegal, I would have thought spyware was illegal

[Reelya]

It's not illegal to download the scripts, and you can definitely grab the ISO straight from Microsoft. Now, Microsoft may write a sheet of terms and conditions that precludes you from modifying the ISO in that way, however courts have in fact ruled that things like software and website terms and conditions are not in fact legally enforceable under law.

Spyware isn't even really defined in law. There's no law against Microsoft sending telemetry data back to their servers. You're confusing right and wrong with actual law. Often "that's the wrong thing to do" is subjective and may not be easy to define. Companies like Microsoft get you to click Ok to their terms and conditions, and in the terms and conditions it includes what data they collect. This is to cover their asses legally, but, and this is the important part, there really aren't that many applicable laws here.

Turning it into an actually written down law is harder than you think. For example, if Microsoft, Google or Apple record data about when your device logged in, is that spyware that should be illegal? How about synchronizing your browsing history between devices etc? It's all gotta be stored somewhere, so having a strict "law" against spyware is not something that would be easy to define without also banning things like storing logins.

[wierd]

There *ARE* however, laws against contracts that are forced, with an unfair bargaining position.

Which, many "You agree to these terms as soon as you read this agreement" type shrinkwrap licenses *ARE*. (which is exactly why they care considered unenforceable.)


As long as you are not violating MS's copyrights, by downloading only from them (since they are the only ones authorized by law to distribute copies of their software), you are in the grey-maybe of legality when it comes to modifying their OS in this fashion.

I would say they need a better update mechanism.  Perhaps, something that scrapes the WU catalog website backstore, and pulls the discrete updates as hotpatch files with windows wget, then installs them as a batch?

(See for instance, this generic query for "Windows 10".  It gives straight up HTTP download links to individually packaged installers. The maintainers of this package just need to stub out enough of the windows update framework to be able to handle these stand-alone updates, and their patched version would be able to stay up to date.)

Additionally, all they really need to do to allow the network interface to know that you have internet connectivity, is replace the server being pinged from Microsoft.com, to the free DNS server 1.1.1.1 or something.

[Maximum Spin]

Here's something I just heard about people may be interested in trying out, it's a version of the Windows 10 ISO with all the update features, telemetry etc stripped out of the base install
https://www.youtube.com/watch?v=nwkiU6GG-YU
https://ameliorated.info/

Spoiler (click to show/hide)

Windows 10 AME aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Spyware systems, which are abundant in Windows 10 by default, have not been disabled using group policy, registry entries or various other workarounds – they have been entirely removed and deleted from the system, on an executable-level. This includes Windows Update, and any related services intended to re-patch the system via what is essentially a universal backdoor. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications, have also been successfully eliminated. The total size of removed files is about 2 GB.

I feel like I should probably point out that this is definitely 100% illegal to produce, download, use, and/or distribute..

I didn’t know giving updates free of spyware was illegal, I would have thought spyware was illegal

Spyware is not illegal, and modifying software which you don't own in contravention of the license under which you are allowed to use it is illegal, as is downloading, using, or distributing tools to do so.

you are in the grey-maybe of legality when it comes to modifying their OS in this fashion.

There is no such thing and whoever told you there is wants you to be sued. Software use licenses are, in fact, enforceable because you do not own the software: Microsoft does. It's like you've been given a company car and you think it's maybe legal to add a nitro booster. Car is not yours.

I don't even think this is a good law but it is, in fact, the actual law.

[wierd]

The issue is that the terms of their agreements are not legally enforceable; Not that user agreements are unenforceable en mass.

Learn to read please.


EG, I can make a license that requires you to self-castrate, and demonstrate proof within 30 days of purchase-- Such a condition is not legally enforceable.

It does not mean however, that I am unable to make contracts to use whatever software I might write.  Just that the terms of those contracts must be within the boundaries of enforceability, typically codified on some version of English Common Law, for most contracts in the US and the UK (and on whatever political rules are present for the rest of Europe.)

In the US at least, there are rules against forcing contractual terms from positions of unfair legal advantage that are unconscionable.   While "Contracts of adhesion" are enforceable, they are given a very dim view by the courts, and terms can be struck from them for being unenforceable by the court system, and this happens routinely.

https://www.universalclass.com/articles/law/contractual-situations-and-conditions-that-are-improper-and-unfair.htm

In my specific example, where I would demand that the end user castrate themselves and present proof, it falls clearly inside the exceptional cases of unconsionability and duress.

In terms of shrinkwrap licensing, this has had some time in court (but not nearly enough.)

basically, it has been found (and precedent established) that such shrinkwrap agreements CANNOT circumvent or remove federal rules governing copyright, which includes abilities to reverse engineer or produce compatible software.

http://euro.ecom.cmu.edu/program/law/08-732/Transactions/ShrinkwrapFenwick.pdf

Additionally, they cannot override or replace other agreements made explicitly with the creator of such software. (EG, if you are another company, and negotiate a separate licensing deal, the shrinkwrap license does not apply.)

There certainly is a grey area here-- However I would argue that the removal of the authorization framework constitutes a criminal offense under the DMCA's "No circumvention" verbiage.  There would, however, be exceptions to that under certain rare circumstances. (that end users are VERY unlikely to qualify for, unless they are a library or something.)


IF, however, you DO IN FACT have legal license to use the software (such as via being granted through a purchase transaction), the terms of the software license cannot forbid you to make these kinds of changes, as was ruled in the cited cases in the PDF.  In that framework, you are in fact allowed to modify the software in this fashion; Microsoft is just absolved from any fault or harm this may cause you.

[Maximum Spin]

There certainly is a grey area here-- However I would argue that the removal of the authorization framework constitutes a criminal offense under the DMCA's "No circumvention" verbiage.  There would, however, be exceptions to that under certain rare circumstances. (that end users are VERY unlikely to qualify for, unless they are a library or something.)

... so you agree that this specific licensing term, the only one I'm talking about, is enforceable. Okay. Glad we're in agreement.

I agree that courts are unlikely to support your hypothetical castration license unless you are unlucky and get a really castration-happy judge, which I have just realised probably exists somewhere in America. Hopefully if the judge orders specific performance you can get an injunction pending appeal.

("reverse-engineer or produce compatible software" would not include removing portions of the existing software in contravention of the license, to be clear. The whole point of my position is that this is not fair use, and therefore the company can tell you whether or not you are allowed to do it. You could run a decompiler or disassembler on it to help write compatible driver software, but by existing precedent not change the program to convince parts you don't like not to run.)

ETA: Something else I think you're forgetting is that the "shrinkwrap license" precedent is predicated on the assumption of licenses *literally inside the shrinkwrap on a CD jewel case* so that you don't know what you're agreeing to until after you've bought and opened it. That is why companies stopped doing that, and I don't even know if you can GET Windows 10 on a CD, I guess probably, but more importantly it's not being done here. The analogy just doesn't apply, and courts are capable of recognising this.