thats sounds like a great idea. i'll investigate the options.
Browser-Based P2P File Transfer With WebRTC
hey,
i created a browser-based tool for p2p file transfer where it doesnt use any backend for storage. instead, it relies on storage provided by the browser.
https://file.positive-intentions.com
its still a work in progress, but id like to know your thoughts. it isnt open source, but its largely based off another project which does P2P messaging (its just called "chat"). my intentions with this new app, is that i will aim for this to be a B2B SaaS product, but until i set up login+subscription, its free-to-use. id love to get feedback on features you would find useful.
i have some documentation, but im also sure that it isnt very clear. so feel free to ask any questions about how it works.
the landing page is also largely based off the "chat" project. https://positive-intentions.com/docs/file . i will try to make more time to improve the landing page experience.
thanks for your questions. i have a few links to share i hope will help answer your questions. but i will also try to answer them here. i think there is much to say, but i will try to keep it brief.
-
How is it hosted? What is the network topology? Which Trent must be trusted?
- https://positive-intentions.com/blog/statics-as-a-chat-app-infrastructure/
- https://positive-intentions.com/blog/decentralised-architecture/
- the app is hosted from me on AWS S3. the app is predominantly emphesising on browser-based client-side functionality for things like data storage, webrtc and cryptography.
- same app is also hosted on github pages to show how users can take more control over their version of the chat app.
- id like to make more time into investigating resiliancy by having federated modules hosted on multiple cloud providers. (currently its only on s3 and gh-pages)
-
Has the cryptography been audited? What are the primitives and protocols used? What kinds of guarantees, aside from basic privacy, are actually established?
- https://positive-intentions.com/docs/research/threat-model/
- https://github.com/positive-intentions/cryptography
- the cryptography is a federated modules as seen above. its intended to be a thin wrapper over the cryptography offering from a typical browsers as described here: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto
- im actively looking for feedback on the cryptography and would like to have it audited by a professionals. im currently in the process for asking for support from https://www.opentech.fund/labs/security-lab
- as a sideproject, i dont want to undermine the efforts ive put into it, but i dont know what i can say for what i can guarantee. making the project open source is a big step towards clarity in how it works. at this early stage in development. i expect there will be breaking changes as i make changes and improvements. its important to note this project is a work in progress.
-
What happens during a disaster? Am I easy to dox, track, etc.? What bad things happen if somebody takes my phone from me?
- https://github.com/positive-intentions/chat?tab=readme-ov-file#security-and-privacy-recommendations
- maybe the threat model i linked previously can help answer that.
- there is not registration database to hack so nothing traditionally centralized to be hacked. on the website im using google analytics. on the app itself is using nlevel-analytics.
- a user profile in the context of the app is entirely browser-based and can be removed as simply as clearing site-data on any modern browser.
- the user profiles can also be exported an imported. this functionality in the app is a bit flaky at the moment but it is intended to be a feature. ive tested it out enough to know its works. i would like to make it more robust.
- im separately investigating having data encrypted at rest in the browser: https://programming.dev/post/21417459 (this investigation is far from finished, but is something i would like to introduce to this app)
“P2P encrypted” doesn’t sound like actual security
here is a previous post i made on the matter: https://www.reddit.com/r/crypto/comments/1fmoykr/secure_and_private_encrypted_p2p_chat_in
i hope this answers your questions. please feel free to ask more questions for clarity. i will do my best to answer them.
Selfhosted P2P File Transfer & Messaging PWA
App: https://chat.positive-intentions.com
A p2p encrypted file transfer and messaging app. Here are some features below:
- Open Source
- Cross platform
- PWA
- iOS, Android, Desktop (self compile)
- App store, Play store (coming soon)
- Desktop
- Windows, Macos, Linux (self compile)
- run
index.htmlon any modern browser
- Decentralized
- Secure
- No cookies
- P2P encrypted
- No registration
- No installing
- Messaging
- Group Messaging (coming soon)
- Text Messaging
- Multimedia Messaging
- Screensharing (on desktop browsers)
- Offline Messaging (in research phase)
- File Transfer
- Video Calls
- Data Ownership
- Self Hosting
- GitHub pages Hosting
- Local-Only storage
Check it out!
- App: https://chat.positive-intentions.com/
- More info: https://positive-intentions.com/blog/introducing-decentralized-chat
- GitHub: https://github.com/positive-intentions/chat
Selfhosted P2P File Transfer & Messaging PWA
App: https://chat.positive-intentions.com
A p2p encrypted file transfer and messaging app. Here are some features below:
- Open Source
- Cross platform
- PWA
- iOS, Android, Desktop (self compile)
- App store, Play store (coming soon)
- Desktop
- Windows, Macos, Linux (self compile)
- run
index.htmlon any modern browser
- Decentralized
- Secure
- No cookies
- P2P encrypted
- No registration
- No installing
- Messaging
- Group Messaging (coming soon)
- Text Messaging
- Multimedia Messaging
- Screensharing (on desktop browsers)
- Offline Messaging (in research phase)
- File Transfer
- Video Calls
- Data Ownership
- Self Hosting
- GitHub pages Hosting
- Local-Only storage
Check it out!
- App: https://chat.positive-intentions.com/
- More info: https://positive-intentions.com/blog/introducing-decentralized-chat
- GitHub: https://github.com/positive-intentions/chat
Selfhosted P2P File Transfer & Messaging PWA
App: https://chat.positive-intentions.com
A p2p encrypted file transfer and messaging app. Here are some features below:
- Open Source
- Cross platform
- PWA
- iOS, Android, Desktop (self compile)
- App store, Play store (coming soon)
- Desktop
- Windows, Macos, Linux (self compile)
- run
index.htmlon any modern browser
- Decentralized
- Secure
- No cookies
- P2P encrypted
- No registration
- No installing
- Messaging
- Group Messaging (coming soon)
- Text Messaging
- Multimedia Messaging
- Screensharing (on desktop browsers)
- Offline Messaging (in research phase)
- File Transfer
- Video Calls
- Data Ownership
- Self Hosting
- GitHub pages Hosting
- Local-Only storage
Check it out!
- App: https://chat.positive-intentions.com/
- More info: https://positive-intentions.com/blog/introducing-decentralized-chat
- GitHub: https://github.com/positive-intentions/chat
thanks for the tip. youre right i think i need to do more housekeeping there. i dont give it much attention, because as a solo project, id mostly just be doing it to myself with admin stuff.
i previsously made an attempt for things like issues, but it doesnt seem to have made any different and is just an additional overhead that im ignoring: https://github.com/positive-intentions/chat/issues
i used to pay more attention to it, but its only my time being wasted if nobody else is interested (thats fine... but it results in the amount of attention i give it. and i have a lot of things to do already when i dont have enough time for it)
thanks for your thoughts!
a scenario so that people who aren’t immediately familiar ‘get’ what it is you’re achieving
i think the ability to tell a story is important here and id like to put more time to learn how to frame it. its a very secure chat implementation from what i understand about what ive created. im keen to be challenged on if its the most secure chat app out there, but this typically seen as confrontational and seems to hurt public opnion of the project (and thus i dial it down).
here is an attempt to try explain it as "more secure than mainstream solutions": https://www.reddit.com/r/cryptography/comments/1evdby4/is_this_a_secure_messaging_app
while i think i have a point about the security implementation. im also aware that the project is not very user friendly and full of bugs which makes for a very unappealing product.
its worth noting, that im trying to communicate about the project to cybersecurity professionals at the moment to see if the theory hold up and i think it does. i iteratively improved the UI in an attempt to gain traction. as a webdeveloper i know that i can spend more time on the UI that everything else combined, but that wouldnt be a good use of my time compared to some under-the-hood changes for stability and fixes.
i took a brief look. this looks like a really good read! thanks for pointing me to it!
thanks! i'll make those changes when i can.
completely understandable conclusion.
it started off as a curiosity, but i think there is something to it. I’m aiming for something that looks and behaves like react, but without the overhead of the react tooling for transpiling.
im not trying to take a share of that market, i come across this solution as pf of the chat app project. id like to build up this ui framework well enough to rebuild the chat proct with it... the chat app is made with react and material UI. with this framework, i am aiming to create a more simplified version of the chat app where the "no need to transpile" is a feature for its transparency. perhaps it doesnt make sense right now without the ability to effectively demonstrate it.
thanks. i think then i should continue as im going and see where i end up.
thanks for you thoughts.
i previously didnt have the "unstable" warning. this results is people saying that i should make it more clear. i think the project is in its early enough stages for it to be sensible to include there. im already planning on breaking changes which could make things worse so this is something i hope make it clear to users about the status of the project. before i had that notice, i would get complains from people that the app is terrible and doesnt work (which was basically true because it still is a work in progress and full of bugs.). i added a bit of a polish on it so it leads people to think its a finished product.
im looking for contributors on the dim repo because there part things i would like to do (and tried), but reached the limits of what i understand. i can learn and figure it out if i pour more time into it, but i have already poured time into it. im hoping someone with relevent experience would want to help.
im hoping to get a following on lemmy, mastodon, reddit in order to get traction on the projects. as it stand its just me and so its a bit of an uphill to get traction on something like the chat project. what you might be interpreting as ego, is a mannerism i have to adopt if i want to actively promote it as being a "secure chat system". otherwise, feedback is a lot more dismissive about the project. that would surely sink the project immidiately.
im a developer not a sales person... but since working on these project ive learnt to moderate how cautious my tone should be to balance the communication of technical details as well as promoting something. i dont think i do the best job of it, but im still in the learning process.
ive tried several variations in how to communicate about it.
with blog link/with repo link/with a mix
https://programming.dev/post/21417457
it seems my projects are well recieved, but i guess it just isnt interesting for the minority of developers that would consider contributing. i also dont explicitly ask for contribution. this post this the first time im doing that to see what it could yield.
https://github.com/positive-intentions/chat https://github.com/positive-intentions/dim
i dont think my documentation is as clear as it could be, but i dont think its unclear: https://positive-intentions.com/blog/dim-functional-webcomponents
i think i have put efforts towards a good landing page, readme, documentation etc. id appriciate if you critique those.
thanks. maybe i havent reached the point at which people are using my projects enough for them to to improve a part of it.
thanks for the tips.
i typically mention the git repo's involved.
i'll give it a go with something like contribution welcome. my projects are on github and i think i have something setup for issues tracking.
i suspect my projects might be a bit complicated and so unappealing to a random contributor.
its further described by this previous post: https://programming.dev/post/23381812 ... to put it simply, its a javascript UI framework.
i have another project https://github.com/positive-intentions/chat ... but that project is very complicated. too complicated for me to easily explain how it works.
How do i ask for contributors to my open source projects?
id like to ask if there is some guideline/advice for asking for open source contributions.
initially i thought i could just have open source code, documentation and communicate about it, but that doesnt seem to work for gaining contributors.
maybe there is something else im overlooking?
contributors would be using their own valuable time and effort so it could just be that my projects are not interesting enough. it might be worth concluding that i should proceed on this solo.
Thanks for input. I think it could still work without js-painting given that it's using the customElement.define().
I'm aiming for something that looks and behaves like react, but without the overhead of the react tooling for transpiling.
Functional Webcomponents
I'm creating a JavaScript UI framework for my own projects. It's a learning journey and I'd like to share my progress.
I've written some blog posts about my progress so far:
- Functional Web Components - https://positive-intentions.com/blog/dim-functional-webcomponents
- Functional Todo App - https://positive-intentions.com/blog/dim-todo-list
- Async State Management - https://positive-intentions.com/blog/async-state-management
- Bottom-up Browser Storage - https://positive-intentions.com/blog/bottom-up-storage
Note: The UI framework is far from finished. I want to share progress to see if there are any outstanding issues I'm overlooking.
Bottom-up Javascript Storage Management
i wanted to see if we can create asynchronous bottom-up state management, we have the basics to put together a state management system. State management solutions in apps typically have ways to persist data.
I wanted to explore if there are any benefits to define and manage state in webcomponents with a bottom-up approach. I wanted to see if it could give a greater flexibility in developing a UI and not having to worry about persisted storage management.
https://positive-intentions.com/blog/bottom-up-storage
Bottom-up Javascript Storage Management
i wanted to see if we can create asynchronous bottom-up state management, we have the basics to put together a state management system. State management solutions in apps typically have ways to persist data.
I wanted to explore if there are any benefits to define and manage state in webcomponents with a bottom-up approach. I wanted to see if it could give a greater flexibility in developing a UI and not having to worry about persisted storage management.
https://positive-intentions.com/blog/bottom-up-storage
Bottom-up Javascript Storage Management
i wanted to see if we can create asynchronous bottom-up state management, we have the basics to put together a state management system. State management solutions in apps typically have ways to persist data.
I wanted to explore if there are any benefits to define and manage state in webcomponents with a bottom-up approach. I wanted to see if it could give a greater flexibility in developing a UI and not having to worry about persisted storage management.
https://positive-intentions.com/blog/bottom-up-storage
javascript encrypted persistance
im working on a javascript UI framework for personal projects and im trying to create something like a React-hook that handles "encrypted at rest".
the react-hook is described in more detail here. id like to extend its functionality to have encrypted persistant data. my approach is the following and it would be great if you could follow along and let me know if im doing something wrong. all advice is apprciated.
im using indexedDB to store the data. i created some basic functionality to automatically persist and rehydrate data. im now investigating password-encrypting the data with javascript using the browser cryptography api.
i have a PR here you can test out on codespaces or clone, but tldr: i encrypt before saving and decrypt when loading. this seems to be working as expected. i will also encrypt/decrypt the event listeners im using and this should keep it safe from anything like browser extensions from listening to events.
the password is something the user will have to put in themselves at part of some init() process. i havent created an input for this yet, so its hardcoded. this is then used to encrypt/decrypt the data.
i would persist the unencrypted salt to indexedDB because this is then used to generate the key.
i think i am almost done with this functionality, but id like advice on anything ive overlooked or things too keep-in-mind. id like to make the storage as secure as possible.
javascript encrypted persistance
im working on a javascript UI framework for personal projects and im trying to create something like a React-hook that handles "encrypted at rest".
the react-hook is described in more detail here. id like to extend its functionality to have encrypted persistant data. my approach is the following and it would be great if you could follow along and let me know if im doing something wrong. all advice is apprciated.
im using indexedDB to store the data. i created some basic functionality to automatically persist and rehydrate data. im now investigating password-encrypting the data with javascript using the browser cryptography api.
i have a PR here you can test out on codespaces or clone, but tldr: i encrypt before saving and decrypt when loading. this seems to be working as expected. i will also encrypt/decrypt the event listeners im using and this should keep it safe from anything like browser extensions from listening to events.
the password is something the user will have to put in themselves at part of some init() process. i havent created an input for this yet, so its hardcoded. this is then used to encrypt/decrypt the data.
i would persist the unencrypted salt to indexedDB because this is then used to generate the key.
i think i am almost done with this functionality, but id like advice on anything ive overlooked or things too keep-in-mind. id like to make the storage as secure as possible.
Async Javascript State Management
I'm working on creating something I can call "functional web components".
Async Javascript State Management
I'm working on creating something I can call "functional web components".
Async Javascript State Management
I'm working on creating something I can call "functional web components".
Creating QR Codes with Javascript to use as a Data Channel
Explore the new "File Sharing by QR Code" feature in our decentralized chat app. Learn how we use JavaScript-based QR technology for offline data exchange and the innovative potential of this experimental approach.
https://positive-intentions.com/blog/qr-codes-as-a%20data-channel
QR Codes as a Data Channel
the demo in the blog article is a bit cluncky. here is a better link for it: https://chat.positive-intentions.com/#/qr
Creating QR Codes with Javascript to use as a Data Channel
Explore the new "File Sharing by QR Code" feature in our decentralized chat app. Learn how we use JavaScript-based QR technology for offline data exchange and the innovative potential of this experimental approach.
https://positive-intentions.com/blog/qr-codes-as-a%20data-channel
QR Codes as a Data Channel
the demo in the blog article is a bit cluncky. here is a better link for it: https://chat.positive-intentions.com/#/qr
thanks!
when i started, the attempt was to try to create this functionality without using any dependencies (including Lit). the Lit html function is well done and makes things very convenient for handling things like the lifecycle methods and caching states.
i would like to revisit that attempt, but i found that Lit does it very well and for me to create something from scratch would take much more consideration and i expect i would overlook some nuanced detail. i'll see what i can make of it in future changes.
while im sure Lit users could benefit from this, as for contributing to the Lit ecosystem, im not really sure what steps to take for this. similarly, React 19 also introduces "support" for web components.
no. it isnt better or more stable than React. its all an experimental proof-of-concept.
its an idea im trying out. i thought maybe others might find it interesting.
im aiming to see if i can get something that looks and behaves like React, but works natively in a browser without the need to build or transpile. i think in theory it could work.
React-Like Functional Web Components
I'm working on creating something I can call "functional web components".
Functional Web Components
https://positive-intentions.com/blog/dim-todo-list
Github: https://github.com/positive-intentions/dim
Demo: https://dim.positive-intentions.com
React-Like Functional Web Components
I'm working on creating something I can call "functional web components".
Functional Web Components
https://positive-intentions.com/blog/dim-todo-list
Github: https://github.com/positive-intentions/dim
Demo: https://dim.positive-intentions.com
React-Like Functional Web Components
I'm working on creating something I can call "functional web components".
Functional Web Components
https://positive-intentions.com/blog/dim-todo-list
Github: https://github.com/positive-intentions/dim
Demo: https://dim.positive-intentions.com
Am i using Google Keyword planner correctly?
ive only just discovered google keyword planner (GKP), but i dont know about blogging in general. for my "intro blog", GKP suggest the words to use as seen in this GKP export.
im making an attempt to integrate some of those suggestions in my blog. this is what i have so far.
am i doing this right? as for picking the words, im not sure what column i should filter/sort by to choose the words that get me the most clicks to my blog?
the page in questions is this: https://positive-intentions.com/blog/introducing-decentralized-chat
thanks for the info. i'll take a look later, it sounds like an interesting idea.