3

Not to poke at React or any of the other popular frameworks, I'm sure they're suitable for Cybersecurity projects. They surely go through things like reviews and audits.

I'm asking from the perspective that web components are native to the browser and thus reducing what I think is called supply chain attacks (like if "npm install" introduces something it shouldn't).

Maybe the frameworks don't matter and depends on the browser/os/device it's run on?


Context: I have a p2p messaging app created with ReactJS and a separate project for a UI framework based on Lit. Both these projects can be a whole separate discussion. I was wondering if there could be any advantages to refactoring (or starting from scratch) the messaging-app to be based on the webcomponent ui framework.

Same question on Reddit with comments here. I have an answer there, but posting here in-case anything is being overlooked.

3

Not to poke at React or any of the other popular frameworks, I'm sure they're suitable for Cybersecurity projects. They surely go through things like reviews and audits.

I'm asking from the perspective that web components are native to the browser and thus reducing what I think is called supply chain attacks (like if "npm install" introduces something it shouldn't).

Maybe the frameworks don't matter and depends on the browser/os/device it's run on?


Context: I have a p2p messaging app created with ReactJS and a separate project for a UI framework based on Lit. Both these projects can be a whole separate discussion. I was wondering if there could be any advantages to refactoring (or starting from scratch) the messaging-app to be based on the webcomponent ui framework.

Same question on r/ExperiencedDevs with comments here. I have an answer there, but posting here in-case anything is being overlooked.

8
ReactJS-like Framework with Web Components (dim.positive-intentions.com)

Introducing Dim โ€“ a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

๐Ÿ”— Project: https://github.com/positive-intentions/dim

๐Ÿ”— Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

๐Ÿ“š Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

2
ReactJS-like Framework with Web Components (dim.positive-intentions.com)

Introducing Dim โ€“ a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

๐Ÿ”— Project: https://github.com/positive-intentions/dim

๐Ÿ”— Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

๐Ÿ“š Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

13
ReactJS-like Framework with Web Components (dim.positive-intentions.com)

Introducing Dim โ€“ a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

๐Ÿ”— Project: https://github.com/positive-intentions/dim

๐Ÿ”— Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

๐Ÿ“š Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

9

https://positive-intentions.com/blog/decentralised-architecture

Creating webapps is easy enough, but in my app, im kinda going against the "best-practices".

For example, im using browser-based cryptography exclusively. while it can be easy advice to suggest to consider using a server to generate keys, i want to contrast it against a webapp that would be sandboxed within the browser.

I'd appriciate if you would be interested to share your thoughts on the approach. I'm aiming for this project to be the foundation towards the most frickin' secure messaging app in the universe. It might be too ambitious, but I'd like to set the bar high.

6

https://positive-intentions.com/blog/decentralised-architecture

Creating webapps is easy enough, but in my app, im kinda going against the "best-practices".

For example, im using browser-based cryptography exclusively. while it can be easy advice to suggest to consider using a server to generate keys, i want to contrast it against a webapp that would be sandboxed within the browser.

I'd appriciate if you would be interested to share your thoughts on the approach. I'm aiming for this project to be the foundation towards the most frickin' secure messaging app in the universe. It might be too ambitious, but I'd like to set the bar high.

8

im using peerJS and its configurable as described here: https://peerjs.com/docs/#peer-options-config

in my app, the peerjs-server used as the connection-broker is configurable (on the landing page). id also like to introduce configurable ice-servers.

i often notice difficulties connecting when not on the same wifi. i think introducing things like turn/stun servers would help.

which of the options makes sense:

  1. a text input to specify your own turn server url

  2. same as option 1 along with some default set of turn servers as a default redundency (because most users wont care about this)

  3. same as option 2 with all the servers togglable.

  4. ???

i understand there are a few free public ones available out there, but i dont know the privacy and security implications of using those. id like to think there is a set of trustable turn/stun servers i can use for option 2. this way, the app connection could be more stable and resiliant. but i'd need to investigate more about any set of servers i introduce into my project.

23
GNU Taler for payments? (programming.dev)
submitted 2 months ago* (last edited 2 months ago) by xoron@programming.dev to c/opensource@programming.dev

https://www.taler.net/

"privacy friendly online transactions"

I came across this and it's looks interesting it seems to have been out for a while and seems to work well in the demo.

it sounds a bit like Blockchain, but it doesn't seem to be. which i would think makes it more appealing because the setup was easy... but i can't find any examples of it being used in the wild.

i was expecting to see more cases that used it when i saw there is funding for it from https://nlnet.nl/

i think this could be good to add into my app. but i wonder if it might not be a good idea if it hasnt established itself as reliable in the wild.

[-] xoron@programming.dev 6 points 2 months ago

Just to be clear, my own open source code. Yes.

[-] xoron@programming.dev 11 points 2 months ago

Thanks!

Perhaps you'd like to give feedback on a separate but similar foss project: https://github.com/positive-intentions/chat

150
submitted 2 months ago* (last edited 2 months ago) by xoron@programming.dev to c/privacy@lemmy.ml

glitr.io

im working on a p2p file transfer app. at the moment its a close-source webapp, but i hope to work towards some selfhosted options as seen on my other projects.

the storage is local-only from your browser/device. so like "the cloud", but the cloud storage capacity is made up of your devices.

ive recently updated the landing page and i hope ive got it as simple as possible to transfer a file from one device to another.

im looking for feedback on the experience.

(Note 1: its still a work in progress. if there is an issue, you can usually refresh the browser and try again)

(Note 2: it seems important to mention: this app is not libre software. This needs more consideration to see if I can align to this. For information and open-source examples of the code in action, take a look at the docs and github for decentralized chat)

9

I made something to try out for "funtional webcomponents" with vanillaJs. I'm working towards a UI framework for my personal projects. It's far from finished but i thought it might be an interesting concept to share.

11

I made something to try out for "funtional webcomponents" with vanillaJs. I'm working towards a UI framework for my personal projects. It's far from finished but i thought it might be an interesting concept to share.

[-] xoron@programming.dev 6 points 6 months ago

thanks! i'll make time to create those.

[-] xoron@programming.dev 3 points 6 months ago

i took a brief look. this looks like a really good read! thanks for pointing me to it!

[-] xoron@programming.dev 3 points 6 months ago

completely understandable conclusion.

it started off as a curiosity, but i think there is something to it. Iโ€™m aiming for something that looks and behaves like react, but without the overhead of the react tooling for transpiling.

im not trying to take a share of that market, i come across this solution as pf of the chat app project. id like to build up this ui framework well enough to rebuild the chat proct with it... the chat app is made with react and material UI. with this framework, i am aiming to create a more simplified version of the chat app where the "no need to transpile" is a feature for its transparency. perhaps it doesnt make sense right now without the ability to effectively demonstrate it.

[-] xoron@programming.dev 5 points 6 months ago* (last edited 6 months ago)

ive tried several variations in how to communicate about it.

with blog link/with repo link/with a mix

https://programming.dev/post/21417457

it seems my projects are well recieved, but i guess it just isnt interesting for the minority of developers that would consider contributing. i also dont explicitly ask for contribution. this post this the first time im doing that to see what it could yield.

[-] xoron@programming.dev 4 points 6 months ago

thanks. maybe i havent reached the point at which people are using my projects enough for them to to improve a part of it.

[-] xoron@programming.dev 5 points 6 months ago

thanks for the tips.

i typically mention the git repo's involved.

i'll give it a go with something like contribution welcome. my projects are on github and i think i have something setup for issues tracking.

i suspect my projects might be a bit complicated and so unappealing to a random contributor.

[-] xoron@programming.dev 3 points 6 months ago

Thanks for input. I think it could still work without js-painting given that it's using the customElement.define().

I'm aiming for something that looks and behaves like react, but without the overhead of the react tooling for transpiling.

[-] xoron@programming.dev 7 points 9 months ago

no. it isnt better or more stable than React. its all an experimental proof-of-concept.

its an idea im trying out. i thought maybe others might find it interesting.

im aiming to see if i can get something that looks and behaves like React, but works natively in a browser without the need to build or transpile. i think in theory it could work.

[-] xoron@programming.dev 3 points 10 months ago

im faily new to blogging. that was added for setting up google ads. can you tell me what you mean by your comment?

[-] xoron@programming.dev 3 points 1 year ago* (last edited 1 year ago)

its open souce but understandably complex to understand.

im using a thin wrapper around browser-based cryptography functions. im using webpack 5 module federation to import that file at runtime.

https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx

those functions are used to create a kind-of decentralised authentication as described here: https://positive-intentions.com/docs/research/authentication

the app uses peerjs to send encrypted messages. i have the checkbox only for the user to confirm this is for testing purposes only. it is also worded throughout the docs that users should be responsible for what data they share. the app doesnt need any personal detail to work (ip address - as per requirement of webrtc). im all ears for ideas on a previous post: https://www.reddit.com/r/darknetplan/comments/16qw24o/on_my_decentralized_chat_app_i_want_some_kind_of/

pardon my art skills. i drew it on my phone. i was going for a "whale". a simple logo was enough. i dont expect version 2 to be any better. as for the domain, it was cheap. i would like to do rebranding at some point but i dont know enough to make any time for it.

view more: next โ€บ

xoron

joined 1 year ago