Skip Navigation

xoron

@ xoron @programming.dev

Posts
102
Comments
144
Joined
2 yr. ago

  • Send files privately. No cloud. No trace.

    Jump

  • Thanks!

    Here is the foss equivalent of this project: https://github.com/positive-intentions/chat

    Unfortunately, open source isn't sustainable. I'm investigating close-source as a way to create something competitive. My plan is to try to sell it on the Play store.

    As for pairdrop, their approach to peer discovery relies on knowing the network you're connected to. This makes it easy to find peers in cases where you use the same WiFi network. In mine I'm using WebRTC to allow connections over the internet. Peer discovery is achieved by using crypto-random IDs exchanged as a link or QR code.

    Ultimately it's worth noting my app is a work in progress. I hope I can update the UX to make the functionality as seamless as pairdrop.

  • Send files privately. No cloud. No trace.

    Jump

  • This is using the WebRTC protocol. As a webapp it's immediately good to go, there isn't a need to run something like a FTP server.

    Of course limitations apply like sending larger files nukes my ram... But I after it's sent, it seems to settle down.

  • Send files privately. No cloud. No trace.

    Jump

  • Send files privately. No cloud. No trace.

    Jump

  • Send files privately. No cloud. No trace.

    Jump

  • Functional JSX-Syntax for Webcomponents.

    Jump

  • Interesting. I'll investigate this further. Thanks for pointing it out.

  • Functional JSX-Syntax for Webcomponents.

    Jump

  • thanks! ikr. i had the same exp which im sure imspired this approach.

    the functional approach makes it easier for readability and debugging.

  • My website is starting to rank higher in a few search-engines, but i dont know what to do with it.

    Jump

  • thanks for the tip!

    i havent tried affiliate marketing before. it seems NordVPN is poplar. i'll investigate the options.

  • Browser-Based P2P File Transfer With WebRTC

    Jump

  • yeah its very similar. mine is presented as a webapp for the extra convienience. im also in the process of getting it in the play store, but i dont have any idea of when it could be ready for that.

  • Browser-Based P2P File Transfer With WebRTC

    Jump

  • thats sounds like a great idea. i'll investigate the options.

  • Selfhosted P2P File Transfer & Messaging PWA

    Jump

  • thanks for your questions. i have a few links to share i hope will help answer your questions. but i will also try to answer them here. i think there is much to say, but i will try to keep it brief.

    • How is it hosted? What is the network topology? Which Trent must be trusted?

    • Has the cryptography been audited? What are the primitives and protocols used? What kinds of guarantees, aside from basic privacy, are actually established?

    • What happens during a disaster? Am I easy to dox, track, etc.? What bad things happen if somebody takes my phone from me?

      • https://github.com/positive-intentions/chat?tab=readme-ov-file#security-and-privacy-recommendations
      • maybe the threat model i linked previously can help answer that.
      • there is not registration database to hack so nothing traditionally centralized to be hacked. on the website im using google analytics. on the app itself is using nlevel-analytics.
      • a user profile in the context of the app is entirely browser-based and can be removed as simply as clearing site-data on any modern browser.
      • the user profiles can also be exported an imported. this functionality in the app is a bit flaky at the moment but it is intended to be a feature. ive tested it out enough to know its works. i would like to make it more robust.
      • im separately investigating having data encrypted at rest in the browser: https://programming.dev/post/21417459 (this investigation is far from finished, but is something i would like to introduce to this app)

    “P2P encrypted” doesn’t sound like actual security

    here is a previous post i made on the matter: https://www.reddit.com/r/crypto/comments/1fmoykr/secure_and_private_encrypted_p2p_chat_in

    i hope this answers your questions. please feel free to ask more questions for clarity. i will do my best to answer them.

  • How do i ask for contributors to my open source projects?

    Jump

  • thanks for the tip. youre right i think i need to do more housekeeping there. i dont give it much attention, because as a solo project, id mostly just be doing it to myself with admin stuff.

    i previsously made an attempt for things like issues, but it doesnt seem to have made any different and is just an additional overhead that im ignoring: https://github.com/positive-intentions/chat/issues

    i used to pay more attention to it, but its only my time being wasted if nobody else is interested (thats fine... but it results in the amount of attention i give it. and i have a lot of things to do already when i dont have enough time for it)

  • How do i ask for contributors to my open source projects?

    Jump

  • thanks for your thoughts!

    a scenario so that people who aren’t immediately familiar ‘get’ what it is you’re achieving

    i think the ability to tell a story is important here and id like to put more time to learn how to frame it. its a very secure chat implementation from what i understand about what ive created. im keen to be challenged on if its the most secure chat app out there, but this typically seen as confrontational and seems to hurt public opnion of the project (and thus i dial it down).

    here is an attempt to try explain it as "more secure than mainstream solutions": https://www.reddit.com/r/cryptography/comments/1evdby4/is_this_a_secure_messaging_app

    while i think i have a point about the security implementation. im also aware that the project is not very user friendly and full of bugs which makes for a very unappealing product.

    its worth noting, that im trying to communicate about the project to cybersecurity professionals at the moment to see if the theory hold up and i think it does. i iteratively improved the UI in an attempt to gain traction. as a webdeveloper i know that i can spend more time on the UI that everything else combined, but that wouldnt be a good use of my time compared to some under-the-hood changes for stability and fixes.

  • How do i ask for contributors to my open source projects?

    Jump

  • thanks! i'll make time to create those.

  • How do i ask for contributors to my open source projects?

    Jump

  • i took a brief look. this looks like a really good read! thanks for pointing me to it!

  • How do i ask for contributors to my open source projects?

    Jump

  • thanks! i'll make those changes when i can.

  • How do i ask for contributors to my open source projects?

    Jump

  • completely understandable conclusion.

    it started off as a curiosity, but i think there is something to it. I’m aiming for something that looks and behaves like react, but without the overhead of the react tooling for transpiling.

    im not trying to take a share of that market, i come across this solution as pf of the chat app project. id like to build up this ui framework well enough to rebuild the chat proct with it... the chat app is made with react and material UI. with this framework, i am aiming to create a more simplified version of the chat app where the "no need to transpile" is a feature for its transparency. perhaps it doesnt make sense right now without the ability to effectively demonstrate it.

  • How do i ask for contributors to my open source projects?

    Jump

  • thanks. i think then i should continue as im going and see where i end up.

  • How do i ask for contributors to my open source projects?

    Jump

  • thanks for you thoughts.

    i previously didnt have the "unstable" warning. this results is people saying that i should make it more clear. i think the project is in its early enough stages for it to be sensible to include there. im already planning on breaking changes which could make things worse so this is something i hope make it clear to users about the status of the project. before i had that notice, i would get complains from people that the app is terrible and doesnt work (which was basically true because it still is a work in progress and full of bugs.). i added a bit of a polish on it so it leads people to think its a finished product.

    im looking for contributors on the dim repo because there part things i would like to do (and tried), but reached the limits of what i understand. i can learn and figure it out if i pour more time into it, but i have already poured time into it. im hoping someone with relevent experience would want to help.

    im hoping to get a following on lemmy, mastodon, reddit in order to get traction on the projects. as it stand its just me and so its a bit of an uphill to get traction on something like the chat project. what you might be interpreting as ego, is a mannerism i have to adopt if i want to actively promote it as being a "secure chat system". otherwise, feedback is a lot more dismissive about the project. that would surely sink the project immidiately.

    im a developer not a sales person... but since working on these project ive learnt to moderate how cautious my tone should be to balance the communication of technical details as well as promoting something. i dont think i do the best job of it, but im still in the learning process.

  • Opensource @programming.dev
    xoron @programming.dev

    Encrypted P2P Chat

    chat.positive-intentions.com