xoron

joined 1 year ago
sorted by: new top controversial old
ReactJS-like Framework with Web Components in c/[email protected]
[–] [email protected] 1 points 1 week ago

https://positive-intentions.com/blog/async-state-management/ https://positive-intentions.com/blog/bottom-up-storage/

the state management with the useStore hook seem tricky to explain and can be a whole separate dicussion. i try to explain a bit in those posts. im still working on it more and while it isnt document anywhere, but im also investigating having it store data encrypted-at-rest.

ReactJS-like Framework with Web Components in c/[email protected]
[–] [email protected] 1 points 1 week ago (1 children)

thanks. thats what id like to aim for and i dont think its far off. the build script there is mainly for the storybook statics (as seen in the link provided for "website").

couple things i hope to do soon, remove lit as a dependency - i use this right now because its useful for template rendering and lifecycle methods. webcomponents have a an ugly approach to this which Lit makes easier, and so i pushed it back, but its still on the todo.

after that i should be able to have a more vanilla web dx.

4
ReactJS-like Framework with Web Components (dim.positive-intentions.com)
 

Introducing Dim – a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

🔗 Project: https://github.com/positive-intentions/dim

🔗 Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

📚 Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

8
ReactJS-like Framework with Web Components (dim.positive-intentions.com)
 

Introducing Dim – a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

🔗 Project: https://github.com/positive-intentions/dim

🔗 Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

📚 Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

2
ReactJS-like Framework with Web Components (dim.positive-intentions.com)
 

Introducing Dim – a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

🔗 Project: https://github.com/positive-intentions/dim

🔗 Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

📚 Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

13
ReactJS-like Framework with Web Components (dim.positive-intentions.com)
 

Introducing Dim – a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

🔗 Project: https://github.com/positive-intentions/dim

🔗 Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

📚 Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

I have a fairly unique architecture where i have actively tried to make it as "browser-based" as possible. in c/[email protected]
[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago)

Thanks!

https://www.reddit.com/r/cryptography/comments/1cint8h/what_are_your_thoughts_on_subtlecrypto_vs_wasm/

Tldr; I had that question before myself. It doesn't seem to introduce any improvement over WebCrypto API which itself should have gone through peer-review and auditing. ("Choose your browser wisely" could be considered the advice here.)

I'd like to still look into wasm for several other details of the project, but it seems the built-in browser cryptography functions are performant and generally pretty good if used correctly.

8
I have a fairly unique architecture where i have actively tried to make it as "browser-based" as possible. (positive-intentions.com)
 

https://positive-intentions.com/blog/decentralised-architecture

Creating webapps is easy enough, but in my app, im kinda going against the "best-practices".

For example, im using browser-based cryptography exclusively. while it can be easy advice to suggest to consider using a server to generate keys, i want to contrast it against a webapp that would be sandboxed within the browser.

I'd appriciate if you would be interested to share your thoughts on the approach. I'm aiming for this project to be the foundation towards the most frickin' secure messaging app in the universe. It might be too ambitious, but I'd like to set the bar high.

5
I have a fairly unique architecture where i have actively tried to make it as "browser-based" as possible. (positive-intentions.com)
 

https://positive-intentions.com/blog/decentralised-architecture

Creating webapps is easy enough, but in my app, im kinda going against the "best-practices".

For example, im using browser-based cryptography exclusively. while it can be easy advice to suggest to consider using a server to generate keys, i want to contrast it against a webapp that would be sandboxed within the browser.

I'd appriciate if you would be interested to share your thoughts on the approach. I'm aiming for this project to be the foundation towards the most frickin' secure messaging app in the universe. It might be too ambitious, but I'd like to set the bar high.

8
I want to add configurable TURN/STUN servers to my app. What should be the default config? (programming.dev)
 

im using peerJS and its configurable as described here: https://peerjs.com/docs/#peer-options-config

in my app, the peerjs-server used as the connection-broker is configurable (on the landing page). id also like to introduce configurable ice-servers.

i often notice difficulties connecting when not on the same wifi. i think introducing things like turn/stun servers would help.

which of the options makes sense:

  1. a text input to specify your own turn server url

  2. same as option 1 along with some default set of turn servers as a default redundency (because most users wont care about this)

  3. same as option 2 with all the servers togglable.

  4. ???

i understand there are a few free public ones available out there, but i dont know the privacy and security implications of using those. id like to think there is a set of trustable turn/stun servers i can use for option 2. this way, the app connection could be more stable and resiliant. but i'd need to investigate more about any set of servers i introduce into my project.

Send files privately. No cloud. No trace. in c/[email protected]
[–] [email protected] 2 points 1 month ago

no-installation. easy to get started without registration. can share with any device with a browser.

as a PWA, there is no need for you or your peer to already be part of the ecosystem.

Send files privately. No cloud. No trace. in c/[email protected]
[–] [email protected] 4 points 1 month ago

the difference with my approach is that there is no registration or installation. as a webapp its easier for users to get started.

localsend is a good approach and my project isnt anywhere near the quality seen there (or several other examples). i hope to be able to create something competative in the space.

(i am investigating providing the app natively for various platforms for better reach, but the core requirement for my app is to have a modern browser)

Send files privately. No cloud. No trace. in c/[email protected]
[–] [email protected] 2 points 1 month ago* (last edited 1 month ago)

the implementation is based on WebRTC which mandates encryption as part of the spec browsers have to confirm to.

in the app i have a concept of "contacts" in the app. when establishing a new contact, i use that webrtc channel to do a diffie-helman key-exchange (with RSA asymmetric keys used to exchange to AES symmetric keys). (im using vanilla os/browser cryptography tools as seen here: https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx)

https://positive-intentions.com/docs/research/authentication

in my setup, all data that is being sent over webrtc, is already encrypted specific to a recipient. that encryption is a redundency over the WebRTC offering.

there is a performance hit with this redundency, but then allows me to have things like a way to verify public keys with a peer to prevent MITM vulnerbilities.

https://positive-intentions.com/blog/security-privacy-authentication

Send files privately. No cloud. No trace. in c/[email protected]
[–] [email protected] 1 points 1 month ago

"file-transfer" as a capability is demonstrated in the chat app. the chat and file app are a GUI for peerjs-server.

Send files privately. No cloud. No trace. in c/[email protected]
[–] [email protected] 0 points 1 month ago* (last edited 1 month ago) (3 children)

thanks for your thoughts and reply!

i'll try my best to answer, feel free to ask for clarity on anything i miss.

I would rather use Magic Wormhole if I have to have an intermediate server operated by somebody else.

completely understandable. its worth noting, what you see is a GUI for peerjs-server. under the hood its using peerjs. im working towards making it so that the backend is configurable to point to your own instance. it currently points to the public peerjs-server as a way for users to easily get started. this functionality is already available in the positive-intentions/chat app. (i will also be adding the ability to specify stun/turn servers).

ensuring that references to files are unforgeable and copyable

it seems i need to better understand the concept of capabilities as you mentioned for me to be able to reply on that. im not sure if this answers the particular concern, but i'll try explain what is happening in a sequence.

  1. user uses html input to select file from device. this requires the user to grant permissions.
  2. file loaded into into os/browser/js memory-space.
  3. this file is base64 encoded and sent to peer (base64 encoded to make the data serializable for network transfer)
  4. peer recieves file in base64 which can then be converted back into a file.

i notice things like the file is sent incompressed without modifications. for file-types like images, i am able to do things like remove exif data, but this isnt implemented.

The terms of service are unacceptable and I won’t be trying out the product

this is fair. i dont know much about creating terms but i previsouly asked about if i can remove them entirely. i recieved strong feedback to keep it: https://www.reddit.com/r/startup/comments/1jerkyb/do_i_need_to_have_terms_and_conditions_in_an_app/

i think i should speak more broadly about the terms and condition. i was aiming to have something generic so i dont have to talk to a lawyer. i certainly dont have a lawyer on-call. i had the terms checked by a professional lawyer who i think advised correctly. the aim for the terms was to be something of a cover-all so that i dont have to worry about being personally liable. (its the same as used in the chat app.)

telemetry

im happy to consider flexibility on this. i was thinking that if i can check the domain isnt the one im using, then to disable telemetry. but the whole selfhosting-angle to this project needs a lot of consideration.

Just don’t collect user data

im not collecting user data. it seems a unique approach and i dont fully understand how to articulate it. its why i mention about it being zero-registration. its local-only storage for everything. there are no databases. its a GUI for peerjs-server. i selected to use nlevelanalytics because they provided something that i consider reasonably secure because i can interact with an api (in contrast, all other tools wanted me to add some remote script in the , which is where i draw the line.). on nlevelanalytics the UI is faily basic. i see dots on a map. i dont think its enough to pinpoint individuals, but it give me county+city combo. im sure fingerprinting on network requests can still be done as much as any other tool. hopefully introducing ways to disable telemetry can be more relieving. but i dont particularly want to have a lawyer on-retainer frequently updating those terms.

somebody accused of misbehavior gets their local data exfiltrated too

there much to consider about a sensitive implementation for this. its an old post and i havent made much progress on it, but the question still stands: https://www.reddit.com/r/darknetplan/comments/16qw24o/on_my_decentralized_chat_app_i_want_some_kind_of/ ... what is worded in the terms, is to allow flexibility on the implementation when it comes to implementing something for the purpose of "reporting users". i actively discuss about the details and implementation of my project on reddit and details around exfiltrating data from users is clearly important to discuss.

ultimately, i often mention that the project is far from finished. your points are important to consider but also the tip-of-iceberg in all the things to consider. im no expert in anything and this is a learning experience to create something. i hope that by discussing it in posts like this, i can get to something more agreeable.

22
Send files privately. No cloud. No trace. (glitr.io)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
14 comments fedilink
 

glitr.io

I'm working towards something for secure/private/simple P2P file transfer. It isnt as "simple" as it could be, im still working on it, but ive got it down to:

  • Zero-installation as a PWA
  • Zero-registration by using local-only storage
  • P2P-authentication using WebCrypto API
  • Fast data-transfer using WebRTC

It's far from finished, but i think ive got it "usable" enough to ask for feedback on it.

I'm aware there are things like SFTP and several other established protocols and tools. I started doing this because I was learning about WebRTC and it seems suprisingly capable. This isnt ready to replace any existing apps or services.

(Note: I know you guys on lemmy are interested in open-source code. this project is a spin-off from a bigger project: https://github.com/positive-intentions/chat)

Let me know what you think about the app, features and experience you would expect from a tool like this.

GNU Taler for payments? in c/[email protected]
[–] [email protected] 1 points 1 month ago (1 children)

thanks for the clarity!

do you have any links to share about it?

23
GNU Taler for payments? (programming.dev)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
17 comments fedilink
 

https://www.taler.net/

"privacy friendly online transactions"

I came across this and it's looks interesting it seems to have been out for a while and seems to work well in the demo.

it sounds a bit like Blockchain, but it doesn't seem to be. which i would think makes it more appealing because the setup was easy... but i can't find any examples of it being used in the wild.

i was expecting to see more cases that used it when i saw there is funding for it from https://nlnet.nl/

i think this could be good to add into my app. but i wonder if it might not be a good idea if it hasnt established itself as reliable in the wild.

Send files privately. No cloud. No trace. in c/[email protected]
[–] [email protected] 1 points 1 month ago

By feature, do you mean "foss"? (Wondering if you're replying to the correct thread)

If so, then it's unfortunate I'm investigating this direction, it seems nessesary.

Otherwise feel free to let me know of a critical feature missing (if "foss" is not the feature you meant.)

Send files privately. No cloud. No trace. in c/[email protected]
[–] [email protected] 1 points 1 month ago

No. When I type with "correct capitals", it's because I'm doing it from my phone. I otherwise generally might sound like chatgpt.

Send files privately. No cloud. No trace. in c/[email protected]
[–] [email protected] -1 points 1 month ago

I'm no expert on the matter of licences either. I made the open source code some bsd licence because some of the dependencies called for it.

I created some code and made some open source. I don't have to apply that to all my projects.

146
Send files privately. No cloud. No trace. (glitr.io)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
59 comments fedilink
 

glitr.io

im working on a p2p file transfer app. at the moment its a close-source webapp, but i hope to work towards some selfhosted options as seen on my other projects.

the storage is local-only from your browser/device. so like "the cloud", but the cloud storage capacity is made up of your devices.

ive recently updated the landing page and i hope ive got it as simple as possible to transfer a file from one device to another.

im looking for feedback on the experience.

(Note 1: its still a work in progress. if there is an issue, you can usually refresh the browser and try again)

(Note 2: it seems important to mention: this app is not libre software. This needs more consideration to see if I can align to this. For information and open-source examples of the code in action, take a look at the docs and github for decentralized chat)

9
Functional JSX-Syntax for Webcomponents. (positive-intentions.com)
 

I made something to try out for "funtional webcomponents" with vanillaJs. I'm working towards a UI framework for my personal projects. It's far from finished but i thought it might be an interesting concept to share.

11
Functional JSX-Syntax for Webcomponents. (positive-intentions.com)
 

I made something to try out for "funtional webcomponents" with vanillaJs. I'm working towards a UI framework for my personal projects. It's far from finished but i thought it might be an interesting concept to share.

view more: next ›