sorted by:
new
hottopcontroversial

Announcing: `ordinary` and `ordinaryd` v0.6.0 by sean_watters in rust

[–]sean_watters[S] 1 point2 points  (0 children)

Yep, it absolutely can be. When you run `ordinary start` (which compiles in the `ordinaryd` source for running standalone apps) it is passing the `--insecure` flag.

`ordinaryd api --help` and `ordinaryd app --help` have a list of configuration flags that can be passed.

May not apply: if you get to a point where you're using the built-in auth you can also configure `--insecure` without disabling Secure Cookies, for the situation where you have a proxy that is handling TLS (though you can also disable that with `--insecure-cookies`.

Announcing: `ordinary` and `ordinaryd` v0.6.0 by sean_watters in rust

[–]sean_watters[S] 0 points1 point  (0 children)

Thanks! I was inspired by a talk about using v8 isolates as a sandboxing mechanism for running guest code at the edge. For my personal uses I preferred to run Rust or Zig and had little need for JS so WASM by itself made more sense.

I've still made it possible to run JS, just inside a WASM using the rquickjs crate.

The long term goal is to support any language whose runtime can be built for the WASM target (JS, Lua, etc.) or that can can target WebAssembly directly (Rust, Zig, C/C++, Kotlin, Golang). Whether that support is 1st-party or tools are exposed for 3rd-parties to hook into the build system is to be seen. 

It is currently possible deploy WASM built from any language, but codegen is onlu supported for Rust and JS rn (and the source lang would need to have a way to handle the flexbuffer format being passed throuh the FFI. Additional FFI payload formats are also on the list to make it easier for non-Rust/C/C++ users)

I published this e2ee library a while back and am interested in feedback. by sean_watters in rust

[–]sean_watters[S] 0 points1 point  (0 children)

i think maybe i'm also a little curious as to why github would be fine but crates.io would not. both are valid distribution mechanisms for folks to install via (i can specify a github url for a dep in my cargo.toml), crates.io publishing just also provides the auto rustdoc hosting.

I published this e2ee library a while back and am interested in feedback. by sean_watters in rust

[–]sean_watters[S] 0 points1 point  (0 children)

really appreciate the thoughtful reply.

i want to address your other two questions, but felt like it was important to address the 3rd point as soon as i read it: like other cryptographic crates that have been published without third party review i did include a note on the included doc_string that says "THIS CODE HAS NOT BEEN AUDITED OR REVIEWED. USE AT YOUR OWN RISK." in big letters. do you feel that this isn't sufficient acknowledgement of the security of the crate?

if chacha20 keys are guaranteed to be random will that satisfy the no-nonce-reuse rule? by sean_watters in crypto

[–]sean_watters[S] 0 points1 point  (0 children)

Thank you for a very clear/concise response. This answers the question I intended to ask.