cyph
upspin
Our great sponsors
cyph | upspin | |
---|---|---|
7 | 20 | |
365 | 6,225 | |
0.0% | 0.3% | |
9.3 | 6.0 | |
about 1 month ago | 10 days ago | |
TypeScript | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cyph
-
Ask HN: Why no browser-based E2E encryption?
[where this model breaks down] -- Alice and Bob go to your website and have a conversation. Eve hacks into the website and modifies the E2EE code. She can switch between serving the normal webapp and the malicious non-E2EE webapp. There's no good way to detect it. There are people out there who really like end to end security, but don't like browser-based e2ee because it doesn't have end to end security.
Note: https://www.cyph.com/ is a bbE2EE chat system.
-
E2EE on the web: is the web that bad?
If we do care about the delta in security model between the web and other platforms, then we could build some kind of code bundling and signing mechanism for web applications, perhaps with some kind of transparency layer on top to make the code publicly auditable and make it harder to target specific users with malicious code. A bundling/signing/transparency solution for the web could probably be built out of some of a collection of mechanisms that already exist or have at least been explored. Related ideas include Subresource Integrity, Isolated Web Apps, Signed Exchanges and Web Packaging, Meta’s Code Verify extension, and source code and supply chain transparency proposals.
Incidentally, I've actually just recently developed a solution to this exact problem: https://www.websign.app.
WebSign started a while back as an internal framework used by the Cyph E2EE messenger (https://www.cyph.com), and @eganist and I gave a talk that covered part of the architecture at Black Hat and DEF CON. Now we have a static web hosting service built around it for others to use, which takes care of bundling and code signing during deployment.
If anyone here has a use case for it, we're looking for pilot customers now. Just shoot me an email at [email protected].
- r/crypto - Cyph - Encrypted Messenger
- Cyph - Encrypted Messenger
-
Graph of Keybase commits pre and post Zoom acquisition
https://github.com/cyph/cyph
It would be wasteful to throw away the Web of Trust (people with handles to keys) that everyone entered into Keybase. Hopefully, Zoom will consider opening up the remaining pieces of Keybase if not just spinning the product back out to a separate entity?
W3C DIDs and https://blockcerts
From https://news.ycombinator.com/item?id=19185998 https://westurner.github.io/hnlog/#comment-19185998 :
> There's also "Web Key Directory"; which hosts GPG keys over HTTPS from a .well-known URL for a given user@domain identifier: https://wiki.gnupg.org/WKD
> GPG presumes secure key distribution
> Compared to existing PGP/GPG keyservers [HKP], WKD does rely upon HTTPS.
Blockcerts can be signed when granted to a particular identity entity:
> Here are the open sources of blockchain-certificates/cert-issuer and blockchain-certificates/cert-verifier-js: https://github.com/blockchain-certificates
upspin
-
I Moved My Blog from IPFS to a Server
Super intriguing. Thanks for sharing!
It reminds me a bit of an early Go project called Upspin [1]. And also a bit of Solid [2]. Did you get any inspiration from them?
What excites me about your project is that you're addressing the elephant in the room when it comes to data sovereignty (~nobody wants to self-host a personal database but their personal devices aren't publicly accessible) in an elegant way.
By storing the data on my personal device and (presumably?) paying for a managed relay (and maybe an encrypted backup), I can keep my data in my physical possession, but I won't have to host anything on my own. Is that the idea?
https://upspin.io/
-
Educational Codebases
There are a few Go projects meant to be learned from:
- https://github.com/pion/opus for to learn audio
- https://github.com/benbjohnson/wtf for overall production quality
- https://github.com/upspin/upspin difficult to explain, personally I'm not a fan of the errors
-
Fundamentals to Learn
You could also take a look at some real-world open-source projects. I like upspin for its idiomatic approach.
- Examples of Good Go Repos
- Examples of an idiomatic API project
-
Best practices of validation on web apps?
For example, Rob Pike's upspin places all its validations in the separate package. Do you agree with that approach? Which yet proven options there are?
- Is there a good example of an open source non-trivial (DB connection, authentication, authorization, data validation, tests, etc...) Go API?
-
Ask HN: What Are You Working on This Year?
Just a few projects that could perhaps interest you in terms of design of your own solution :
Upspin: https://upspin.io/
- Upspin: A framework for naming everyone's everything.
-
proposal: Go 2: error handling: try statement with handler
The early error wrapping work which emerged out of the Upspin project, that eventually made its way into the errors package, included stack traces in the wrap error. This would provide exactly what it appears you seek.
What are some alternatives?
client - Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
ytcast - cast YouTube videos to your smart TV from command-line
Rundeck - Enable Self-Service Operations: Give specific users access to your existing tools, services, and scripts
mitchellh/cli - A Go library for implementing command-line interfaces.
Peergos - A p2p, secure file storage, social network and application protocol
ivy - The Unified AI Framework
golang-gin-realworld-example-app - Exemplary real world application built with Golang + Gin
fiber-boilerplate - This is the go boilerplate on the top of fiber web framework. With simple setup you can use many features out of the box
nes - NES emulator written in Go.
exposure-notifications-server - Exposure Notification Reference Server | Covid-19 Exposure Notifications