for fans of tmux, I'm partial towards tmate[0], instant tmux session sharing over ssh, optionally through a relay
refs: [0]https://tmate.io
I like to use SSH and GNU screen(1) to do follow-the-leader sharing of a screen session. There's probably a tmux equivalent.
https://www.endpoint.com/blog/2009/09/24/gnu-screen-follow-l...
Back in my day we used to use kibitz (from the expect package)...
https://linux.die.net/man/1/kibitz
https://opensource.apple.com/source/tcl/tcl-20/tcl_ext/expec...
Not bad for 415 lines of code.
Is it really E2EE if you could compromise the server to serve a compromised web-app? Same issue with ProtonMail.
How does this compare to the feature for sharing terminals within VS Code? Is it a similar technique or totally different implementation?
Project devs: Consider using CPACE (a password-authenticated key exchange) which is in the process of being standardized by IETF.
How is that different from screen -x?
I realize the browser is the target audience here, but... I prefer tmux, esp. because it does NOT bypass local access control.
This looks cool, but if the author is here, I wish they would actually explain the security rather than just citing AES-GCM, which doesn't really explain the security design.
How is the key material established, exactly? How is it rotated? How is it protected when stored? The answers to these questions are a lot more relevant to understanding the security of this application than citing which encryption mode is being used.