xoron

Not to poke at React or any of the other popular frameworks, I'm sure they're suitable for Cybersecurity projects. They surely go through things like reviews and audits.

I'm asking from the perspective that web components are native to the browser and thus reducing what I think is called supply chain attacks (like if "npm install" introduces something it shouldn't).

Maybe the frameworks don't matter and depends on the browser/os/device it's run on?

Context: I have a p2p messaging app created with ReactJS and a separate project for a UI framework based on Lit. Both these projects can be a whole separate discussion. I was wondering if there could be any advantages to refactoring (or starting from scratch) the messaging-app to be based on the webcomponent ui framework.

Same question on Reddit with comments here. I have an answer there, but posting here in-case anything is being overlooked.

Not to poke at React or any of the other popular frameworks, I'm sure they're suitable for Cybersecurity projects. They surely go through things like reviews and audits.

I'm asking from the perspective that web components are native to the browser and thus reducing what I think is called supply chain attacks (like if "npm install" introduces something it shouldn't).

Maybe the frameworks don't matter and depends on the browser/os/device it's run on?

Context: I have a p2p messaging app created with ReactJS and a separate project for a UI framework based on Lit. Both these projects can be a whole separate discussion. I was wondering if there could be any advantages to refactoring (or starting from scratch) the messaging-app to be based on the webcomponent ui framework.

Same question on r/ExperiencedDevs with comments here. I have an answer there, but posting here in-case anything is being overlooked.

Introducing Dim – a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

🔗 Project: https://github.com/positive-intentions/dim

🔗 Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

📚 Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

Introducing Dim – a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

🔗 Project: https://github.com/positive-intentions/dim

🔗 Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

📚 Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

Introducing Dim – a new framework that brings React-like functional JSX-syntax with JS. Check it out here:

🔗 Project: https://github.com/positive-intentions/dim

🔗 Website: https://dim.positive-intentions.com/

My journey with web components started with Lit, and while I appreciated its native browser support (less tooling!), coming from ReactJS, the class components felt like a step backward. The functional approach in React significantly improved my developer experience and debugging flow.

So, I set out to build a thin, functional wrapper around Lit, and Dim is the result! It's a proof-of-concept right now, with "main" hooks similar to React, plus some custom ones like useStore for encryption-at-rest. (Note: state management for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore passwordless options like WebAuthn/Passkeys).

You can dive deeper into the documentation and see how it works here:

📚 Dim Docs: https://positive-intentions.com/docs/category/dim

This project is still in its early stages and very unstable, so expect breaking changes. I've already received valuable feedback on some functions regarding security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

https://positive-intentions.com/blog/decentralised-architecture

Creating webapps is easy enough, but in my app, im kinda going against the "best-practices".

For example, im using browser-based cryptography exclusively. while it can be easy advice to suggest to consider using a server to generate keys, i want to contrast it against a webapp that would be sandboxed within the browser.

I'd appriciate if you would be interested to share your thoughts on the approach. I'm aiming for this project to be the foundation towards the most frickin' secure messaging app in the universe. It might be too ambitious, but I'd like to set the bar high.

https://positive-intentions.com/blog/decentralised-architecture

Creating webapps is easy enough, but in my app, im kinda going against the "best-practices".

For example, im using browser-based cryptography exclusively. while it can be easy advice to suggest to consider using a server to generate keys, i want to contrast it against a webapp that would be sandboxed within the browser.

I'd appriciate if you would be interested to share your thoughts on the approach. I'm aiming for this project to be the foundation towards the most frickin' secure messaging app in the universe. It might be too ambitious, but I'd like to set the bar high.

im using peerJS and its configurable as described here: https://peerjs.com/docs/#peer-options-config

in my app, the peerjs-server used as the connection-broker is configurable (on the landing page). id also like to introduce configurable ice-servers.

i often notice difficulties connecting when not on the same wifi. i think introducing things like turn/stun servers would help.

which of the options makes sense:

1. a text input to specify your own turn server url

2. same as option 1 along with some default set of turn servers as a default redundency (because most users wont care about this)

3. same as option 2 with all the servers togglable.

4. ???

i understand there are a few free public ones available out there, but i dont know the privacy and security implications of using those. id like to think there is a set of trustable turn/stun servers i can use for option 2. this way, the app connection could be more stable and resiliant. but i'd need to investigate more about any set of servers i introduce into my project.

glitr.io

I'm working towards something for secure/private/simple P2P file transfer. It isnt as "simple" as it could be, im still working on it, but ive got it down to:

• Zero-installation as a PWA
• Zero-registration by using local-only storage
• P2P-authentication using WebCrypto API
• Fast data-transfer using WebRTC

It's far from finished, but i think ive got it "usable" enough to ask for feedback on it.

I'm aware there are things like SFTP and several other established protocols and tools. I started doing this because I was learning about WebRTC and it seems suprisingly capable. This isnt ready to replace any existing apps or services.

(Note: I know you guys on lemmy are interested in open-source code. this project is a spin-off from a bigger project: https://github.com/positive-intentions/chat)

Let me know what you think about the app, features and experience you would expect from a tool like this.

I made something to try out for "funtional webcomponents" with vanillaJs. I'm working towards a UI framework for my personal projects. It's far from finished but i thought it might be an interesting concept to share.

i created a blog and website to help get traction on my project.

its called positive-intentions.com i originally got it because it was a cheap domain and was/is a placeholder for my poject before i make time to do something like branding.

when i previously searched "positive intentions", my site was listed on something like page 4 of google. most of the results were things related to mental health, meditation, etc. i took a look the other day and i notice it now on the first-ish page of search-engines. i guess this is a result of my talking about my app mainly on reddit but a few other platforms.

id like to know how i can take advantage of this. i previously had google ads on the website, but i disabled it because i think it deterred users when they saw tracking scripts in the website. i now have a reasonable approach where i can provide the app with/without external scripts. so id like to reconsider re-enabling ads.

however i dont think google ads is good to use. it took me ages (several months) to get £2.30 and google cashes out at £60... at the current rate, i guess i wont see anything for several years.

ive read around, and i hope im interpreting something correct when it seems blogs really start have a kickback when they sell something. with my open source project, ive branched out to create something i can sell in the play-store. it still isnt on the play store yet, but that is one approach im trying.

another aproach im considering is adding something like mediavine because it seems bettter regarded compared to google ads.

i can make more time to update content throughout for clarity. i previsouly stopped doing that because it didnt seem worth the effort when adsense was generating about 1p per day.

note: i dont know much about blogging, seo, analytics, etc; so any and all advice is appriciated.

App: https://chat.positive-intentions.com/

A p2p encrypted file transfer and messaging app. Here are some features below:

• Open Source
• Cross platform
  • PWA
  • iOS, Android, Desktop (self compile)
  • App store, Play store (coming soon)
  • Desktop
    • Windows, Macos, Linux (self compile)
    • run index.html on any modern browser
  • Decentralized
• Secure
  • No cookies
  • P2P encrypted
  • No registration
  • No installing
• Messaging
  • Group Messaging (coming soon)
  • Text Messaging
  • Multimedia Messaging
  • Screensharing (on desktop browsers)
  • Offline Messaging (in research phase)
  • File Transfer
  • Video Calls
• Data Ownership
  • Self Hosting
  • GitHub pages Hosting
  • Local-Only storage

Check it out!

• App: https://chat.positive-intentions.com/
• More info: https://positive-intentions.com/blog/introducing-decentralized-chat
• GitHub: https://github.com/positive-intentions/chat