I have a Raspberry Pi with a Wireguard VPN on it. So on my android phone, I connect to the Wireguard VPN, and then I use this app to trigger the WakeOnLan:

https://play.google.com/store/apps/details?id=com.bitklog.wolon

Holy shit… This is so incredibly out of touch… I can’t even…

The Basics That Blow Minds

Lol no… yt-dlp is a bit nifty, but everything else here is utterly expected of any media solution… Exactly zero minds were blown here…

No transcoding

Damn that sucks when the destination device isn’t capable of hardware decoding the media file, and too slow to software decode it… (also, you do know that you can just disable transcoding in Plex/Jellyfin, right?)

No server

SMB and NFS are both servers.

Send someone an SMB/NFS share to your media

Jesus, are you directly exposing SMB and NFS to the Internet? NFS is entirely unencrypted, and SMB has super scary vulnerabilities regularly…

Zero server maintenance

I really hope you are patching the OS, to avoid vulnerabilities in SMB and NFS which you are exposing to the Internet…

Plays literally any codec without setup

Sure, provided the device supports hardware decoding the codec or is fast enough to software decode it…

Works offline/online seamlessly

So does both Jellyfin and Plex (plex needs a one liner config change, though, to be fair)

cross-platform

How about TVs? How about Mobile?

Or just… teach them? play movie.mkv isn’t rocket science.

My mom has needed to call me and be guided over the phone 100% of the times that she has needed to scan a document… How do you think teaching her to navigate a file structure in a terminal is going to go?

My daughter still needs us to spell out the cheat codes for her The Sims game… Do you think she’ll remember the terminal commands.

If I forced any of my friends and family to use the command line to play media, they would just watch something else from a streaming service that actually offers some User Experience… Or do something else entirely.

write a simple script or just… remember what you watched?

Dunno… That seems like a hassle when it’s a built in feature in Plex/Jellyfin

It’s literally a config file. If you can set up Jellyfin, you can handle this.

No… It’s a config file per device, and SMB/NFS mounts per device. Now you need to handle syncing that config file, and any other user of the server will need their own config files…

… And what about other features…

• How do you browse metadata for your movies and series? I often like to read a summary about a movie to know a bit about what to expect. I also like being able to search for an actor, and see the cover art.
• How do you group your movies with the extra features for that movie?
• How do you stream your media to your TV?
• How do you easily fetch subtitles for a movie that didn’t come with any subtitles?
• When you are away from home on a heavily bandwidth constrained connection, how do you watch your nice high-quality movies?

Back when I lived alone, attaching my media drive directly to my desktop computer made perfect sense, it was the only screen I owned that I wanted to watch anything on… And I didn’t need to share anything with anyone… And I could easily use mpv or vlc to watch anything I want…

But now that other people are in the mix, and I like the convenience of using whichever screen I’m currently near, a simple network share + mpv falls so far short it isn’t even funny.

Is there any reason you are not just calling your ISP and asking them to put their box into bridge mode and then setting your own router up behind it?

You control everything from the router and into your local network.

If you can’t trust your ISPs “modem” in bridge mode, then you also can’t trust the infrastructure beyond the modem, and in that case you would need to set up a privacy respecting VPN service directly on your router to encrypt the traffic your ISP sees.

Why not just write your YAML files in JSON syntax?

JSON is a valid subset of YAML

Yes, the WD Red line used to be for NAS use, but suddenly they started including SMR drives in their WD Red lineup, people got pissed because SMR isn’t a good fit for RAID setups which NASes usually are.

WD continued the practice, but introduced the WD Red Pro line. So now regular WD Reds could be either CMR or SMR, but WD Red Pro are guaranteed to be CMR.

In my opinion it’s still misleading to even brand the regular WD Red line as suitable for NAS use, but at least now you can specifically pick a drive that fits your needs.

Ubuntu works just fine. But Canonical has an iffy track record.

Some years ago they bundled an Amazon app with the plain install. For a while it also integrated with the system search by default. So if you searched for a file on your machine, then your search query would also be sent directly to Amazon. You could opt-out but it was enabled by default. Later it was changed to be an opt-in, and I believe it’s entirely removed today.

Besides that they often push technologies that isn’t really fostering the community. When Wayland was slowly gaining traction, Canonical suddenly announced and aggressively pushed Mir, instead of collaborating on Wayland, the preferred making their own alternative.

These days they are pushing their Snaps pretty hard. So back in the day if you apt-get install firefoxyou would get a regular native Firefox install. Today if you do the same it will instead install a Snap of Firefox. Snaps are also a bit funny… Flatpak was gaining traction, and suddenly Canonical decides to build their own alternative instead of contributing to Flatpak.

So all in all, Canonical is making some dodgy business partnerships. The add a good bit of bloat in their regular install, and they constantly build their own (inferior) alternatives to all sorts of stuff.

I’m all for having alternatives and choices, but in Canonical’s case, they generally don’t give you much choice, they just force you to use their alternative. This of course leads to fragmentation, which is unfortunate.

I agree that = for “not equal” is an abomination.

I have an education in compsci, and I have worked in software engineering and platform engineering for 8 years now… And I only know of one programming language that makes use of “=/=” which is Erlang. Every other language or scientific papers I know of make use different operators.

Prolog comes close with “==”, and Haskell too with “/=”, but every other language has either used “!=”, “~=” or “<>”. The papers I have read that go for a more pseudo-code or mathematical notation has always used “≠”.

To some extent the SQL syntax also kind of makes sense… It’s a combination of both “greater than” and “smaller than” operators, which is kind of a different way of saying something is not equal.

The “!=” comes from most programming languages using the “!” character for negation. Negating something is usually read and pronounced “not”. So it literally reads “not equal” if you are reading the symbols.

You are correct for regular hash functions, but a cryptographic hash function has stronger requirements.

MD5 was supposed be a cryptographic hash function, but it was found to be flawed all the way back in 1996, and has been discouraged ever since… Now it’s too weak to be used in a cryptographic setting, and too slow to be used in non-cryptographic settings.

This is why hashes like xxhash is considered a non-cryptographic hash function, while SHA-256 is considered a cryptographic hash function.

Oh shit! You are completely correct… I looked up my math, and apparently I put a mutiplication sign instead of a power-of sign…

That’s horrifically wrong, but as you mention, still not strong enough…

I have struck out the parts where I was wrong.

Cryptography is the practice of hiding and protecting information.

Modern cryptography is about computer algorithms.

These computer algorithms are notoriously hard to invent, and even just to implement.

Cryptography is a constant cat and mouse game. Some people will attempt to build new algorithms, and some people will be trying to break these algorithms. In some situations people are doing this benevolently, where researchers will look for weaknesses so they can be fixed. In other situations people are malicious and an looking for weaknesses to exploit them.

Inventing a new algorithm usually takes years, and then it’s researched for even more years to make sure there are no obvious weaknesses.

Then people implement these algorithms and these implementations are then again researched for long times to look for weaknesses.

Inventing a new algorithm is insanely hard, and only a rather small amount of people around the world has had decent success.

But even if you have a good algorithm that is theoretically secure, then when you try to implement it in actual code, it’s again incredibly easy to make mistakes that completely undermine the security.

What the OP did was to try to invent a new algorithm. OPs algorithm is very flawed and easily broken. Then OP wrapped it in a Web page that purported to allow you to securely encrypt something. And used words like “crazy strong encryption” which could lead others to think the service is safe and secure, and rely on it for something critical, only for their security to be utterly compromised.

The mantra in the security community is “Don’t roll your own crypt”, and OP rolled their own crypto, and failed, without giving a proper disclaimer.

So this basically runs key derivation by taking the password, SHA-256 hashing it, and feeding the result to a SecureRandom. Then XORs the output of SecureRandom with the plaintext in CBC mode with a block size of 1 byte… CBC meant this isn’t protected against tampering, since the encryption mode isn’t authenticated. And the blocksize of 1 byte, means you can attack each character of the ciphertext one at a time.

This is a woefully inadequate key derivation, and the actual encryption seems fairly flawed. I only have a basic Cryptography 101 course under my belt, and while I don’t have the skill to obviously break it, it absolutely makes the hair on my neck stand up…

Discounting any weaknesses in the actual crypto, the heaviest part of this algorithm is the actual SHA-256 hash, and with some tweaking, I’m sure someone determined could modify hashcat to attack this encryption directly. I just had a look at some Hashcat benchmark on an AWS p5en.48xlarge instance, which has 8x Nvidia H100 GPUs. These together can churn out 126.9 Giga-hashes per second on SHA-256. Which means it can try ALL alpha-numeric passwords with 12 characters in just around 0.59 nanoseconds. This instance isn’t cheap, as it costs around $64 per hour to run, but at that speed you don’t have to run it for very long anyway.

So even at the worst-case, of having to brute-force your XOR encryption algorithm, breaking it will be trivial.

Please don’t roll your own crypto… Or if you do, please make it very clear to anyone that it’s your own hobby project, and that it shouldn’t be relied upon for actual security.

EDIT: apparently I can’t operate a calculator