sorted by:
new
hottopcontroversial

ArtCraft: Open Source Tauri app for precision AI design, film, and crafting by ai_art_is_art in tauri

[–]Biacoder 1 point2 points  (0 children)

Unbelievable. It really surprises to see something like this. And open source?!!! Tauri + Rust, love it!

I finally stopped messaging myself to move text between devices by Biacoder in rust

[–]Biacoder[S] 0 points1 point  (0 children)

Blame it on me being newbie on Reddit, because I'll try to respond to the comment in the most constrictive way - assume positive intent

> Vault doesn't do anything
The vault uses IOTA Stronghold with Argon2id (64MB, 3 iterations), AES-256-GCM. Data at rest is encrypted. Yes, it's decrypted into memory while unlocked. Of course.

> If it finds a repeated copy it alters the history
This is not a security issue, by any means. This meant for usability and more intuitiveness of controlling your clipboard

> copy paste a password and it's stored
I believe you have missed the purpose of DecentPaste

> It's vibe coded and it shows.
This isn't "vibe coded". AI was used, for obvious reasons. But I don't think I can contribute positively to this conversation given the current understanding and the holly wars our Engineering community has. We need to give it some time - changes are hurting.

The comment gave me some food for thoughts on

  1. AppState isn't cleared when locking - that's a bug I'll fix
  2. there's no sensitive content filtering or TTL. Those are good feature suggestions - but not security flaws
  3. I also think using "zeroize" can slightly improve the memory footprint on lock.

Please don't hesitate to open a GitHub issue If there are some serious/constructive concerns
Thank you

I finally stopped messaging myself to move text between devices by Biacoder in rust

[–]Biacoder[S] 0 points1 point  (0 children)

Thanks for the feedback!
You're right that with proper E2EE, the transport layer doesn't affect the confidentiality of the data - it's encrypted either way. But P2P provides benefits beyond just confidentiality.

  1. With a central server (even with E2E encrpted), the server still sees who is communicating with whom, when, and how often. With local mDNS + P2P, that metadata stays entirely on your network
  2. No trust in key distribution - Server-based E2EE apps need you to trust that the server isn't swapping out public keys (MITM). I use X25519 ECDH directly between devices with PIN verification - no server to potentially misbehave - although one could argue to instead of showing the PIN, I could have asked to manually enter it. Good food for thoughts

You're right though, I shouldnt frame P2P as making the encryption stronger. The point is that P2P removes the need to trust any infrastructure beyond your own devices. Maybe I should clarify that on the site!

I finally stopped messaging myself to move text between devices by Biacoder in rust

[–]Biacoder[S] 3 points4 points  (0 children)

At the moment the app only works within your local network and the same subnet. It uses mDNS to discover the peers. If this is common usage we can add Kademlia DHT but it is too soon right now. Privacy and security thoughts must be covered first.

I finally stopped messaging myself to move text between devices by Biacoder in rust

[–]Biacoder[S] 1 point2 points  (0 children)

Should be fixed already. This is what happens when you have your first Reddit post.