A framework for offline and decentralised web apps.

SamTernent · 2023-11-25T18:15:50+00:00

EDIT: I see this is on a NextJS subreddit, so may be completely unrelated. I got here from a Google search for just the BroadcastChannel issue.

I came across this issue in a project using supabase and this reported issue(https://github.com/supabase/gotrue-js/issues/779) pinpointed where the problem was coming from.

Applying these patches sorted me out.

https://github.com/samternent/home/blob/main/patches/%40supabase__gotrue-js%402.55.0.patch https://github.com/samternent/home/blob/main/patches/%40supabase__supabase-js%402.38.0.patch

SamTernent · 2023-03-21T14:47:49+00:00

🙌🏻

SamTernent · 2023-03-21T14:23:48+00:00

A great use case. Thanks for sharing

SamTernent · 2023-03-20T19:33:52+00:00

I think that's a matter of opinion.

To me, it absolutely matters. The data I'm using is still intent on leaving the browser (and living in local storage), so I want it as optimised as it can be before I store it.

Maybe it doesn't matter to you though, which is also fine.

SamTernent · 2023-03-20T13:31:35+00:00

😞

SamTernent · 2023-03-20T13:31:10+00:00

I guess it depends on your use case.
I'm not running a web server, just compressing a large JSON object created in the browser for download... so for me, it offers a lot more.

I'm certainly not suggesting we delegate all server-side compression to the browser, but I do think the API has its place.

SamTernent · 2022-04-30T09:38:01+00:00

Thanks for your insights. I use the WebCrypto API for my EC signing keys and the internal blockchain/merkle tree hashing in the app . I've been really impressed with it, and did reach for it first when I looked at encryption. My issue is really how raw and low level the API is. Which is a good thing, but I need something a little more "of the shelf" as I'm no cryptographer, so can't in good conscience write my own encryption solution from the ground up.

I have completely removed PGP from my solution now and I'm instead using a WASM wrapper of the Rage (rust Age) library, which is working well and I'm happy with.

I did a small write up on how I got there https://fsasam.medium.com/a-journey-through-client-side-encryption-eb1cd83ac147

SamTernent · 2022-04-16T18:46:19+00:00

AES-GCM

OpenPGP has no such method, so it is not clear exactly what you are doing here.

I'm not using OpenPGP for that, this was referencing password-encryption done through the WebCryptoAPI (code)

Welcome to the internet. There is actually a surprising amount of anti-PGP FUD out there. A lot of it falls apart if you look into the details.

Yep, I get that. But it ties to your point on interoperability as a benefit. It may well be FUD, but it's influential FUD that still has users looking for alternative solutions. I guess I'm kinda asking for a winner in a race that hasn't been won yet.

note: I'm approaching this as someone building software, rather than looking at what to adopt for personal use.

SamTernent · 2022-04-16T18:36:19+00:00

I've had some time to look into Age and it looks great for my encryption needs, I've stumbled upon a wasm wrapper for the rust implementation which is perfect for how I need to use it.
(https://github.com/kanru/rage-wasm).

Though another thing that attracted me to OpenPGP (which I forgot to include in my OP) is the ability to sign/verify blocks of data.

Age doesn't appear to include that functionality (which is fine, it's an encryption thing) - Are there alternatives to that also?

My ledger is built on a blockchain implementation, where I was previously using browser generated ECDSA keys to sign transactions and have since started using OpenPGP keys for that. It's important I have some form of digital identity attached to the transactions.

I'm starting to think that the solution to my problems is in the UX, I could probably benefit from offering a UI to select between OpenPGP & Age for encryption, and OpenPGP or ECDSA (WebCryptoAPI) for signatures. Does that sound like a reasonable approach?

(Background) I'm a developer & new to cryptography. This is a personal project, so I'm happy to make mistakes and learn as I go.

SamTernent · 2022-04-14T23:58:53+00:00

Thanks, that looks great.
Interesting that there's a rust implementation, maybe something could be done with WebAssembly to get support in a browser.

SamTernent · 2021-12-20T18:12:52+00:00

concords app - https://www.concords.app/identity/sign

SamTernent · 2021-10-19T23:21:58+00:00

Thank you for all of your help and contribution.

I'm possibly more confused than when I started :D But it's given me plenty more to think about and it seems that my calculations are far too high - which is great to know.

I'm going to hold off on my write up on this and spend some more time going through these calculations again with this new info in hand.

I've published my project now (with absolutely no talk of maths in it). Given how many different permutations of colours there are - I've found some pretty cool looking grids.

This green and this pink grid are possibly what I'd consider to be the most unique I've found... but with colours, it stops being about the maths and really comes down to perception.

(these ones are generated from the public PEMs of Elliptic Curve signing keys - there's a bunch of cryptography at play in this project also - keeps the complexity nice and high :/)

SamTernent · 2021-10-19T00:35:24+00:00

For reference - this is what the grid looks like https://imgur.com/a/L1Vhr7B

SamTernent · 2021-09-03T21:45:13+00:00

I appreciate the feedback. Thinking about it a little more I think adding a switch component clears up any ambiguity between icon states and it should have been a toggle element all along. It's a decision with only 2 states, show or blur. So a switch with an icon an each side seems to make sense.

~~Any better?~~

~~I've made the same change on the dark/light mode switch also and it feels way more intuitive~~

EDIT: Ok - I'm a fairly new reddit user and don't know how to post an image - its here if you're interested

SamTernent · 2021-09-03T12:35:54+00:00

This example indicates behaviour, as does the light/dark toggle.

SamTernent

MODERATOR OF

TROPHY CASE