overview for xoron

5

javascript encrypted persistance (self.programming)

submitted 2 weeks ago* (last edited 2 weeks ago) by xoron to c/programming

0 comments fedilink

im working on a javascript UI framework for personal projects and im trying to create something like a React-hook that handles "encrypted at rest".

the react-hook is described in more detail here. id like to extend its functionality to have encrypted persistant data. my approach is the following and it would be great if you could follow along and let me know if im doing something wrong. all advice is apprciated.

im using indexedDB to store the data. i created some basic functionality to automatically persist and rehydrate data. im now investigating password-encrypting the data with javascript using the browser cryptography api.

i have a PR here you can test out on codespaces or clone, but tldr: i encrypt before saving and decrypt when loading. this seems to be working as expected. i will also encrypt/decrypt the event listeners im using and this should keep it safe from anything like browser extensions from listening to events.

the password is something the user will have to put in themselves at part of some init() process. i havent created an input for this yet, so its hardcoded. this is then used to encrypt/decrypt the data.

i would persist the unencrypted salt to indexedDB because this is then used to generate the key.

i think i am almost done with this functionality, but id like advice on anything ive overlooked or things too keep-in-mind. id like to make the storage as secure as possible.

2

javascript encrypted persistance (self.webdev)

submitted 2 weeks ago* (last edited 2 weeks ago) by xoron to c/webdev

0 comments fedilink

im working on a javascript UI framework for personal projects and im trying to create something like a React-hook that handles "encrypted at rest".

the react-hook is described in more detail here. id like to extend its functionality to have encrypted persistant data. my approach is the following and it would be great if you could follow along and let me know if im doing something wrong. all advice is apprciated.

im using indexedDB to store the data. i created some basic functionality to automatically persist and rehydrate data. im now investigating password-encrypting the data with javascript using the browser cryptography api.

i have a PR here you can test out on codespaces or clone, but tldr: i encrypt before saving and decrypt when loading. this seems to be working as expected. i will also encrypt/decrypt the event listeners im using and this should keep it safe from anything like browser extensions from listening to events.

the password is something the user will have to put in themselves at part of some init() process. i havent created an input for this yet, so its hardcoded. this is then used to encrypt/decrypt the data.

i would persist the unencrypted salt to indexedDB because this is then used to generate the key.

i think i am almost done with this functionality, but id like advice on anything ive overlooked or things too keep-in-mind. id like to make the storage as secure as possible.

5

javascript encrypted persistance (self.javascript)

submitted 2 weeks ago* (last edited 2 weeks ago) by xoron to c/javascript

0 comments fedilink

im working on a javascript UI framework for personal projects and im trying to create something like a React-hook that handles "encrypted at rest".

the react-hook is described in more detail here. id like to extend its functionality to have encrypted persistant data. my approach is the following and it would be great if you could follow along and let me know if im doing something wrong. all advice is apprciated.

im using indexedDB to store the data. i created some basic functionality to automatically persist and rehydrate data. im now investigating password-encrypting the data with javascript using the browser cryptography api.

i have a PR here you can test out on codespaces or clone, but tldr: i encrypt before saving and decrypt when loading. this seems to be working as expected. i will also encrypt/decrypt the event listeners im using and this should keep it safe from anything like browser extensions from listening to events.

the password is something the user will have to put in themselves at part of some init() process. i havent created an input for this yet, so its hardcoded. this is then used to encrypt/decrypt the data.

i would persist the unencrypted salt to indexedDB because this is then used to generate the key.

i think i am almost done with this functionality, but id like advice on anything ive overlooked or things too keep-in-mind. id like to make the storage as secure as possible.

4

Async Javascript State Management (positive-intentions.com)

submitted 1 month ago by xoron to c/javascript

0 comments fedilink

0

Async Javascript State Management (positive-intentions.com)

submitted 1 month ago by xoron to c/webdev

0 comments fedilink

11

Async Javascript State Management (positive-intentions.com)

submitted 1 month ago by xoron to c/programming

1 comments fedilink

Creating QR Codes with Javascript to use as a Data Channel in c/programming

[–] xoron 2 points 1 month ago

Interesting idea!

4

Creating QR Codes with Javascript to use as a Data Channel (positive-intentions.com)

submitted 1 month ago by xoron to c/javascript

0 comments fedilink

https://positive-intentions.com/blog/qr-codes-as-a%20data-channel

QR Codes as a Data Channel

the demo in the blog article is a bit cluncky. here is a better link for it: https://chat.positive-intentions.com/#/qr

4

Creating QR Codes with Javascript to use as a Data Channel (positive-intentions.com)

submitted 1 month ago by xoron to c/webdev

0 comments fedilink

https://positive-intentions.com/blog/qr-codes-as-a%20data-channel

QR Codes as a Data Channel

the demo in the blog article is a bit cluncky. here is a better link for it: https://chat.positive-intentions.com/#/qr

26

Creating QR Codes with Javascript to use as a Data Channel (positive-intentions.com)

submitted 1 month ago by xoron to c/programming

3 comments fedilink

https://positive-intentions.com/blog/qr-codes-as-a%20data-channel

QR Codes as a Data Channel

the demo in the blog article is a bit cluncky. here is a better link for it: https://chat.positive-intentions.com/#/qr

React-Like Functional Web Components in c/programming

[–] xoron 1 points 1 month ago

thanks!

when i started, the attempt was to try to create this functionality without using any dependencies (including Lit). the Lit html function is well done and makes things very convenient for handling things like the lifecycle methods and caching states.

i would like to revisit that attempt, but i found that Lit does it very well and for me to create something from scratch would take much more consideration and i expect i would overlook some nuanced detail. i'll see what i can make of it in future changes.

while im sure Lit users could benefit from this, as for contributing to the Lit ecosystem, im not really sure what steps to take for this. similarly, React 19 also introduces "support" for web components.

React-Like Functional Web Components in c/programming

[–] xoron 7 points 1 month ago (4 children)

no. it isnt better or more stable than React. its all an experimental proof-of-concept.

its an idea im trying out. i thought maybe others might find it interesting.

im aiming to see if i can get something that looks and behaves like React, but works natively in a browser without the need to build or transpile. i think in theory it could work.

18

React-Like Functional Web Components (positive-intentions.com)

submitted 1 month ago by xoron to c/programming

6 comments fedilink

Functional Web Components

https://positive-intentions.com/blog/dim-todo-list

Github: https://github.com/positive-intentions/dim

Demo: https://dim.positive-intentions.com

7

React-Like Functional Web Components (positive-intentions.com)

submitted 1 month ago by xoron to c/webdev

0 comments fedilink

Functional Web Components

https://positive-intentions.com/blog/dim-todo-list

Github: https://github.com/positive-intentions/dim

Demo: https://dim.positive-intentions.com

6

React-Like Functional Web Components (positive-intentions.com)

submitted 1 month ago by xoron to c/javascript

0 comments fedilink

Functional Web Components

https://positive-intentions.com/blog/dim-todo-list

Github: https://github.com/positive-intentions/dim

Demo: https://dim.positive-intentions.com

How to create functional webcomponents in c/javascript

[–] xoron 3 points 2 months ago* (last edited 2 months ago) (1 children)

thanks for the info. i'll take a look later, it sounds like an interesting idea.

I created a blog for my app. Roast my blog. in c/blogging

[–] xoron 1 points 2 months ago

Thanks!

I created a blog for my app. Roast my blog. in c/opensource

[–] xoron 1 points 2 months ago

thanks!

I created a blog for my app. Roast my blog. in c/opensource

[–] xoron 2 points 2 months ago

thanks!

I created a blog for my app. Roast my blog. in c/opensource

[–] xoron 3 points 2 months ago (2 children)

thanks for the tip!

can i just copy-paste that into the blog for free? if you want, and if you have github, i could list you as one of the authors.

ive tried hacker news (a prev post). its been mentioned before that its good for technical discussions. to me it seems pretty dry and unappealing to maintain a presence there (similar case for mastodon and discord). im faily new to lemmy and so far seems to yield the "most useful" feedback.

I created a blog for my app. Roast my blog. in c/opensource

[–] xoron 1 points 2 months ago (1 children)

thanks for the tip. i think its to hard to find the balance. im banking on it improving with practice.

i'll try make an update for better intros to articles. i think i go in a bit too technical from the start.

I created a blog for my app. Roast my blog. in c/opensource

[–] xoron 3 points 2 months ago

im faily new to blogging. that was added for setting up google ads. can you tell me what you mean by your comment?

WebRTC IP Leaking in c/javascript

[–] xoron 1 points 4 months ago

“connect to expressvpn and run the test”… is that actually what you were doing?

i tried with a different VPN provider but yeah. understandable for people to not go to an unknown websites like the demo i posted, so a link to the code on github is provided.

IMO you simply can’t do anything reasonably useful here

i agree... im stretching the definition of what is "reasonable". id settle some something clunky likes a popup for the user to remind them to be on VPN. its important to understand im putting efforts in determining what the safest and securest way is to use my app. i think it has the potential to be a private and secure chat app. the app works with webrtc, the key attack-surface is individuals and their peers not applying good security practices.

in traditional centralized chat system the central server will typically take responsibility for proxying request and consequently, the personal IP addresses are not needed to be shared. so having something like a toggle for "enforce VPN" might do nothing more than remind the user to turn on their VPN. but sometimes a reminder is what someone needs to use good security practices.

WebRTC IP Leaking in c/javascript

[–] xoron 1 points 4 months ago (1 children)

Thanks for the clear info! I'll investigate this further within the demo.