xoron

Im investigating an idea i had about React-like syntax for webcomponents after some experience with Lit.

Lit is a nice lightweight UI framework, but i didnt like that it was using class-based components. It's an acquired taste I haven't acquired.

Vue has a nice approach but i prefer working with the syntax that React uses. I find it more intuitive for debugging and deterministic rendering. I wondered if with webcomponents, i could create a UI framework that didnt need to be transpiled.

• How its built
• Checkout the code
• Storybook demo

(My intentions with this framework is to get to a reasonable level of stability, to then replace React on some of my existing projects.)

IMPORTANT: Dont be misled by it being open-source. Im not trying to promote "yet another ui framework", this is my own investigation to see what is possible. You should not use this framework in your own code. It is not production-ready. It is not on NPM. It is intended for myself on my own projects. This project is far from finished. I am sharing because it might be interesting/educational for someone. Feel free to reach out for clarity if you have any questions.

im working on a decentralized messaging app and generally up until recently i thought in such a system, if a peer is offline, you cant send a message... it wouldnt be "decentralized" if there was some central queue of messages.

it took embarassingly long, but then it hit me... git... just regular git is a decentralized database.

in my setup i need the ability for others to be abe to read and only i should be able to write to it. that functionality is out-the-box in git.

git is also pretty standardized so there are many providers if users want to move away from Github.

the storage requirements for my project are fairly small. typically small text messages. the data itself thats publicly readable would be encrypted.

Im investigating an idea i had about React-like syntax for webcomponents after some experience with Lit.

Lit is a nice lightweight UI framework, but i didnt like that it was using class-based components.

Vue has a nice approach but i prefer working with the syntax that React uses. I find it more intuitive for debugging and deterministic rendering. I wondered if with webcomponents, i could create a UI framework that didnt need to be transpiled.

• How its built
• Checkout the code
• Storybook demo

(My intentions with this framework is to get to a reasonable level of stability, to then replace React on some of my existing projects.)

IMPORTANT: Dont be misled by it being open-source. Im not trying to push "yet another ui framework", this is an investigation to see what is possible. You should not use this framework in your own code. It is not production-ready. It is intended for myself on my own projects. This project is far from finished. I am sharing because it might be interesting/educational for someone. Feel free to reach out for clarity if you have any questions.

Im investigating an idea i had about JSX for webcomponents after some experience with Lit.

Lit is a nice lightweight UI framework, but i didnt like that it was using class-based components.

Vue has a nice approach but i prefer working with the syntax that React uses. I find it more intuitive for debugging and deterministic rendering. I wondered if with webcomponents, i could create a UI framework that didnt need to be transpiled.

• Read the docs
• Checkout the code
• Storybook demo

(My intentions with this framework is to get to a reasonable level of stability, to then replace React on some of my existing projects.)

IMPORTANT: Im not trying to push "yet another ui framework", this is an investigation to see what is possible. You should not use this framework in your own code. It is not production-ready. It is intended for myself on my own projects. This project is far from finished. I am sharing because it might be interesting for someone. Feel free to reach out for clarity if you have any questions.

Im investigating an idea i had about JSX for webcomponents after some experience with Lit.

Lit is a nice lightweight UI framework, but i didnt like that it was using class-based components.

Vue has a nice approach but i prefer working with the syntax that React uses. I find it more intuitive for debugging and deterministic rendering. I wondered if with webcomponents, i could create a UI framework that didnt need to be transpiled.

• Read the docs
• Checkout the code
• Storybook demo

(My intentions with this framework is to get to a reasonable level of stability, to then replace React on some of my existing projects.)

IMPORTANT: Im not trying to push "yet another ui framework", this is an investigation to see what is possible. You should not use this framework in your own code. It is not production-ready. It is intended for myself on my own projects. This project is far from finished. I am sharing because it might be interesting for someone. Feel free to reach out for clarity if you have any questions.

This is hardly an alternative to Signal (or any other secure messaging app). It's a work in progress and "secure and private" is the general goal. Feel free to reach out for clarity instead of diving into the docs/code.

• Whitepaper
• Protocol spec

This is a technical/concept demo of a fairly unique approach using a browser-based, local-first and webrtc.

App demo: Enkrypted.Chat

This is intended to introduce a new paradigm in client-side managed secure cryptography. We can avoid registration of any sort.

Features:

• P2P
• End to end encryption
• Signal protocol
• Post-Quantum cryptography
• File transfer
• Local-first
• No registration
• No installation
• No database
• TURN server

Some open source versions of the core concepts.

IMPORTANT: While this is aiming to provide a secure experience, it isnt audited or reviewed. Shared for testing, feedback and demo purposes only. This isn't ready to replace any app or service. Please use responsibly.

This is a technical demo of a fairly unique approach using a browser-based, local-first and webrtc approach.

Enkrypted.Chat

This is intended to introduce a new paradigm in client-side managed secure cryptography. We can avoid registration of any sort.

Features:

• PWA
• P2P
• End to end encryption
• Signal protocol
• Post-Quantum cryptography
• Multimedia
• File transfer
• Video calls
• Local-first
• No registration
• No installation
• No database
• TURN server

Some open source versions of the core concepts.

• Chat
  • Code: https://github.com/positive-intentions/chat
  • Demo: https://chat.positive-intentions.com/
• File
  • Code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js
  • Demo: https://dim.positive-intentions.com/?path=%2Fdocs%2Fusefs--docs
• Signal Protocol
  • Code: https://github.com/positive-intentions/signal-protocol
  • Demo: https://signal.positive-intentions.com/

Feel free to reach out for clarity instead of diving into the docs. Please use responsibly.

IMPORTANT: Caution should always be used for projects like this. While this is aiming to provide a secure experience, it isnt audited or reviewed. Shared for testing, feedback and demo purposes only. If youre unsure, this isnt for you.

Enkrypted.Chat

This is intended to introduce a new paradigm in client-side managed secure cryptography. We can avoid registration of any sort. A fairly unique offering in the cybersecurity space.

No need for things like phone numbers or registering to any app stores. There are no databases to be hacked. Allowing users to send E2EE messages and files; no cloud, no trace.

Features:

• PWA
• P2P
• End to end encryption
• Signal protocol
• Post-Quantum cryptography
• Multimedia
• File transfer
• Video calls
• Local-first
• No registration
• No installation
• No database
• TURN server

I started off with some open source versions of the core concepts.

• Chat
  • Code: https://github.com/positive-intentions/chat
  • Demo: https://chat.positive-intentions.com/
• File
  • Code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js
  • Demo: https://dim.positive-intentions.com/?path=%2Fdocs%2Fusefs--docs
• Crypto
  • Code: https://github.com/positive-intentions/cryptography
  • Demo: https://cryptography.positive-intentions.com/

Open source isnt sustainable. So im taking the Enkrypted.Chat project in a different direction.

To get started, you can take a look here: https://positive-intentions.com/docs/projects/enkrypted-chat/getting-started

To learn more or you want to do a deep-dive: https://positive-intentions.com/blog/introducing-enkrypted-chat

If you really want something to chew on, these are the bleeding-edge docs: https://positive-intentions.com/docs/technical

The docs may answer some questions, but feel free to reach out for clarity instead of reading all that slop.

IMPORTANT: Caution should be used for any unfamiliar project, especially this. I'd like to be clear that I am Al-slop-maxxing at scale. If youre looking for good code, clear docs or best-practices; you should look away now. While this is aiming to provide secure experience, it isnt audited or reviewed. I'm sharing for testing, feedback and demo purposes only. This is a technical demo of a unique concept. Please use responsibly.

(Note: Im actively in the process of rebranding from "positive-intentions" to "Enkrypted Chat". The wording may be inconsistent throughout the docs.)

Been banned for AI-Slop on a few subs here on Lemmy as well as on Reddit.

I always provide a good amount of technical detail in my posts and i try to be as transparant and communicative about the details. My projects are very complicated and I try to document them well.

my project is pretty cryptography-heavy... the act of me sharing my efforts in an attempt to show transparency... but it is used against my project by calling it AI-slop (undermining Kerkhoff's principles).

It's 2026 and most developers are using AI. I have used it to create things like formal proof and verification.

my project is aimed to be a secure messaging app. i have all the bells-and-whistles there along with documentation.... but if the conversation cant move past "its AI-generated"... then it seems the cryptography/cybersecurity/privacy community isnt aligned with the fact that using AI is now common practice for developers of all levels.

AI is a tool. you cant (and shouldnt) "trust" AI to do anything without oversight. AI does not replace the due-diligence that has always been needed. i dont "trust" my hammer to bash in a nail... i "use" the hammer. AI is not different in how you need to be responsible for how its used.

i've busted my ass on my project for it to be called AI slop. i think its completely fine when it comes from folks in the community. cryptography is a serious subject and my ideas and implementation SHOULD/MUST be scrutinised... but its simply ignorant if mods are banning me for the quality of my work considering the the level of transparency and my engagement on discussions about it.

It's a bit reductive to call it slop. I think i try harder than most in providing links, code and documentation. Of course I used AI... and it's clearer for it. (you can find more detail on my profile)

i am of course sour from being banned, but am i wrong to think my code isnt AI slop? Some parts of my project are clearly lazy-ui... but im not sharing on some UI/UX/design sub. the cryptography module has unit tests and formal verification. if that is AI-slop and can result in me being banned, i simply dont have faith in that community to be objective on the reality of where AI can contribute.

while its understandable people dont want to review AI-slop... i think the cryptography/cybersecurity community needs to get on board with the idea of using AI to help in reviewing such code. am i wrong? is the future of cryptography is still people performing manual review of the breathtaking volumes of AI code?

TLDR; If you're looking for great engineering and best-practices... you should move away now. I'm creating a solution to a problem that nobody (including myself) has. I'm working with module federation between multiple cloud-providers to create an app that can use interoperable modules from multiple sources.

I have a webapp that I deploy with aws-cdk. It's a static webapp that I have on on S3.

AWS-cdk works as expected, but now id would like to investigate a multicloud deployment. Using something like pulumi or terraform (but not limited to those)

Most vendors have something like S3 and so I would like to have something that can deploy to multiple cloud vendors simultaneously.

In that approach, I would like an exhaustive number of vendor providers. I don't just want the top vendors like aws, gcloud, azure... But I'm looking for something that can also handle providers over seas like Alibaba cloud, Kamatera and I'm sure many I haven't heard of.

My project only needs something like S3 (static server) so I don't expect that being exhaustive in providers would be too expensive.

Im looking for something like terraform or pulumi, but I haven't user either enough to settle on one. When deploying to the S3 equivilent, i dont want it to deploy to either GCloud or Azure... i want it to be able to deploy to both.

(aws-cdk is handling things like the TLD so i think i'll have to stick with that setup.)

To provide more context about what I'm trying to do, I created a webapp that uses webpack module federation. (see my profile for more details)

The aim is for a resilient infrastructure. S3 is not expected to fail, but in a multicloud approach, if any cloud provider has issues, i want there to already be multiple redundancies in place.

I deploy the same app on gh-pages and aws-s3. Its set it up in a way that it can interoperate with statics from aws-s3 or gh-pages. It works as expected.

https://positive-intentions.com/blog/statics-as-a-chat-app-infrastructure#module-federation-in-action

I'd like to scale that up further, so the next level after that is to have something that can deploy to multiple cloud providers.

(Unrelated but worth mentioning: i will also be adding SRI on those imported static files to make sure they have a content-hash that matches expectations. I wont have to "trust" that the providers are serving the correct statics.)

• App: https://chat.positive-intentions.com/

• Code: https://github.com/positive-intentions/chat

• Mastodon: https://infosec.exchange/@xoron

• Reddit: https://www.reddit.com/r/positive_intentions

How it works: https://positive-intentions.com/docs/projects/chat

TLDR: im working on a p2p messaging webapp. webapps are generally not considered secure because of the nature of serving satics over the internet. this is correct, but not a limitation of this project. (selfhosting options: https://positive-intentions.com/blog/docker-ios-android-desktop).

as a webapp, i can provide the app with zero-installation and no-registration. the storage is local-only from your browser/device. so “the cloud”, but the cloud storage capacity is made up of your devices. this allows for things like p2p authentication: https://positive-intentions.com/blog/security-privacy-authentication.

Future: im aiming to create the most secure messaging app out there... (more than signal, simplex, etc). i know i have a have a long way to go to get there. the UI is fairly ugly for the average user, but i think the mechanics are working as expected. i think javascript is underrated in what you can do with it. i actively investigting improving the encryption approach further to align to how the signal protocol works (currently using the classic diffie-helman key-exchange).

Support: i would like to keep this project open source, but open-source funding is not working for me. i dont want your donations because it isnt sustainable for a long-term project. i have so far only experienced grant-funding rejections. i have no idea what im doing in trying to get funding for this project, so any support/advice is appriciated. in recognition of the project in its current state not able to get funding... (sorry) i will have to go close-source (which id like to avoid because it undemines several cybersecurity claims id like to make.)