Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: A note-taking web app that won't ever betray you (noteto.me)
156 points by heathjohns 6 months ago | hide | past | web | favorite | 74 comments

This assumes that edsu will never betray you.

Given the broad meaning of betray used, that seems unlikely. If edsu gets big it will have to pay for all that storage somehow. Like all things edsu will one day come to an end, and like most websites/companies/endeavors it will probably come to an end before I do.

While I'm just hearing about this Edsu project and am not in any position to vouch for it re: future betrayal, I think the specific concern you raised is solved by Edsu by using local storage rather than a centralized repository.

A few clicks in, the first line of https://edclave.com/ is:

"Edsu makes life better for both developers and users of Online Open Source Software (OOSS). Instead of the developer having to hold on to your data, you do. It gives you more control, and gives them less to worry about."

Local storage feels really quite volatile. It lives on a local disk inside your browser. May as well just use notepad and a file.

It seems the data stays in sync with other places you're signed in, so supposedly you could get redundancy by signing in on more devices/browsers. In that sense, it's better than a crappy text editor on your computer.

You're right about the sync part, but it's an old skool client-server sync, not a peer-to-peer one.

Hmmm, a p2p version that uses local storage on each device you have could have some interesting applications. As a client-server architecture it's a tad complex for a lot of users to set up, but with a good UI it could become a viable alternative storage method, as well as allowing for potential app cross-compatibility. You would have to make sure at devices had a chance to sync - perhaps have a web service there? - and I'm unsure how you would deal with conflict resolution, but the idea definitely seems to have a lot of potential.

I'll need to think about this.

It's possible and there has been research in this area, see http://archagon.net/blog/2018/03/24/data-laced-with-history/ for details about conflict resolution.

The main problem is garbage collection - to guarantee that you can sync across all devices for all time, your data structure must be append-only, so your document can only grow. A long living document will eventually grow very very large. You could let the user decide when to collect garbage/establish a new baseline doc; maybe like 5 years. But this means that if you edited the document on a laptop, didn't sync it with another client, and then closed the laptop for 5 years you would lose the ability for the changes you made on that laptop to be resolved automatically.

Just use a CRDT

That's what I'm suggesting, but I'm pointing out the fact that CRDTs are generally append only data structures and it's possible to run into space issues with them eventually for some users.

A lot of CRDTs are append-only.

But not all! Quite a few that are state-based, auto-compacting, space-saving, small & efficient!

More info in a discussion on this: https://twitter.com/marknadal/status/1008610024875122688

A CRDT which models edits of arbitrary text with essentially unbounded revision history (required for merging) almost certainly can only grow (monotonically?) in size. Maybe you can be smart about compression, but I don't think it can ever shrink. Someone smarter than me can probably formally prove this with an argument about entropy while considering a series of particularly pathological edits.

But you're right that I'm wrong when I say "[all] CRDTs are generally append only structures." I meant to say "text-revision CRDTs are generally append only data structures."

...I just described a subsection of git... although with better UX.

But let’s say for example your phone and your computer are clients, and your computer has latest version of your data. When you open your phone, if your computer is not on the internet, you won’t be able to get latest. So, would this be practically useful for a terribly trivial use case like this?

Have a server be just another peer, not privileged in any way, but always online and available.

Maybe do the routing through a distributed hash table like we use for finding torrent peers (perhaps even the exact "mainline" DHT torrents use), which would mean that even with the server being down you could still sync with your other online clients.

Look at the WebTorrent project!

You can run an Edsu server locally, but I wouldn't. It's meant to be run on an internet-accessible server - a $2.50/month VPS would do, or if you don't want to run your own there's at least one provider that will do it for you.

Notepad++ and Dropbox work quite well together.

Good point, and you're right: the buck has to stop somewhere.

However, Edsu is a federated protocol with an open source implementation. So it only disappears when the last person to care about it stops keeping it up to date with the compiler. That's about as good a guarantee as you can get, I think (e.g. telnet is still around after 49 years).

Edsu seems to rely on federated services.

Email, similarly, unfortunately fell to convenience - GMail, with Google selling your data.

The parent brings up a good point, how do we know Edsu won't betray its users? Or that it won't become dominated by a centralized provider?

I'd love to hear an answer.

For me, our team decided to take a route that cannot be compromised - your identity belongs to you, fully decentralized (https://gun.eco/docs/Todo-Dapp), yet can do 0-server password resets and other conveniences.

I know I'm a bit of a broken record, but a <noscript> notice that JS is required is always appreciated rather than a blank page.

Apologies, yeah, the site has an interactive coding tutorial that teaches you to write and run your JS. <noscript> would be good - make a PR? https://github.com/gundb/gun-site/blob/master/docs/src/index...

I absolutely sympathize with the concern - but I don't believe it's an a priori solvable problem.

Bitcoin is theoretically fully decentralized, but when I sold mine off it took 2 days to sync the chain - I get why people use Coinbase. I'd still be running my own email server right now if it weren't for spam.

My point is that I think there's inflection points - when weaknesses in design or implementation become apparent - where centralization can get a foothold, and I don't think it's inevitable which course things take at those points. HTTP hosting, for example, has some big players, but it's still very much a commodity.

I realize that this is a crowded field, with lots of contenders, like yours. I think it's an important enough problem that it warrants parallel attempts, so that at least one of them sticks. Edsu picks a very specific strategy, which is that it's a compromise - it's not like, say, IPFS in its level of decentralization. For an app platform, I think there's challenges enough at any level of decentralization, and Edsu tries to b-line it straight there by being very orthodox and old-skool in nearly every other way. I thought it was a good bet, but only time will tell.

Props for the password resets, BTW. The importance of that feature is underappreciated :)

I admire that.

Don't let any counter argument ever stop you. Parallel experiments are critical for success.

With that said, can't we say that the federated experiment has already played out? Particularly, in email?

What new innovation or changes do you think will make the story play out differently this time around, versus outright P2P/decentralization?


(Oh man, sorry, this ended up being an essay!)

Take, for instance, statically-hosted HTTP: if I'm, say, hosting at AWS and I want to switch to Netlify, it's trivial - I just change the place I upload my files to and switch the DNS. To me that's a complete success in decentralization - there's no hassle, no compatibility problems, no one other than me even knows that I've made the change.

So I don't see it as federated being a lost cause, I see it as a protocol needing to be an HTTP not an email.

For Edsu, it's something that I've considered at every design choice. For instance, the data storage format fully specified and trivial, and hopefully therefore trivially transferable. And there's features like transparent proxying/forwarding of usernames. But I'll absolutely admit I've not been able to completely mitigate it, aside from urging people to BYOD (Bring Your Own Domain).

However, a lot of it comes down factors that aren't the protocol itself. I'm hoping that Edsu's userbase is mostly just the open source community, with its consolidation-hostile "herding cats" nature. When Facebook first showed up, it struck me as a home page for people who didn't want to deal with HTML. So in a way, it was a bifurcation of HTML users, with the technical and non-technical people each going their own way. And in the technical people's world, HTML stayed a commodity.

SSH is another successful federated protocol - but only in the technical community. My family members don't use SSH, and that's just fine with me. That's one big advantage relative to alternatives that focus on social networking - Edsu is useful even if only a minority of people use it. And even email had 22 years before Gmail happened - if we've got 2 decades before we need to come up with a better thing than Edsu because the eternal September boat finally docked, I think that's fine.

So for sure, the gestalt at the moment is that full decentralization is the way to go. Edsu is a hedge - a bet against that. Federated is the devil we know, and there's successful examples of it avoiding its biggest problem. On the other hand, I think full decentralization's challenges are still unknown, and so A) it's unclear if it's any more resistant to centralization (a la Coinbase), and B) it might have other emergent bugbears that are an even bigger problem.

I think only time will tell.

Hey, great stuff here.

Well stated, kindly argued.

I really look forward to what you build now, 6months, 2 years+ from now. :)

Very nice of you to say. Thanks for your interest, and best of luck :)

From a five-second glance at their website, the main selling point is that you can self-host it.

This is my first time reading about Edsu, it seems very similar to the Solid Platform in one important aspect: it keeps data in the control of the user, separate from applications.

I like how low-level and simplified the protocol is, being limited to only 9 types of messages. Compared to Solid which carries baggage from RDF, this seems far easier for third parties to implement.

The note-taking app is really under-selling the protocol beneath it. What could help sell it better is by doing something better than a centralized platform can.

Thanks! One of the goals of Edsu is that it's simple enough that you can "telnet" in and just talk directly to the server like you can with HTTP or SMTP. It can seem like a trivial feature, but I've found that being able to speak a subset of a protocol from any language after just an hour or two of duct-tape hacking ends up being a big unsung feature.

And itgoon has it right - this was the most useful thing I could think to write that only took a single day (I had an self-imposed deadline to hit earlier this week).

Here's a discussion of more interested projects and how Edsu could be used in each (and its advantages and disadvantages):


Edsu seems to have some similarities to https://remotestorage.io . Can someone summarize the main differences?

From a quick look through remoteStorage, it looks to me like it's is focused on storage (and so appropriately named!), while Edsu is more explicitly a foundation for applications.

One place this shows up is that Edsu has a permissions model where other people can read and interact with what you've stored (within very tightly defined parameters), which is the basis for writing multi-user apps like, say, a distributed Reddit or Slack.

They both have the same model regarding the ownership of data though. The biggest difference there is that Edsu uses a Merkle tree as the storage, like IPFS and git, which has a lot of consequences in terms of how it gets used.

This is the first I've heard of Edsu as well, but when I checked out NoteToMe, the first thing I noted is that you should create an account first. It's probably not inherent to the protocol, but the nice thing about RemoteStorage is that the default library already starts with localStorage first, and allows you to only sync that data to an account later.

Compare https://litewrite.net, a RemoteStorage app presumably similar to NoteToMe. You can start writing immediately, and sign in with a RemoteStorage account only if you want that data to be available elsewhere as well.

I agree, the protocol looks pretty neat. I wonder what the hold up is on Linux support. I love me some FreeBSD, but Linux is better supported.

The note-taking app seems more like a proof of concept than any kind of category-killer, though.

I'll be keeping an eye on that protocol, though.

It's only because FreeBSD is my desktop OS, and so I used kqueue during dev. I understand that there's a compatibility shim for Linux, so theoretically a port should be quite easy. The bulk of the code is in Rust, and that shouldn't need porting at all.

And thanks for the kind words :)

yey another note taking app... The digital equivalent of making ashtrays in pottery class.

Yet it's not too easy to make one that matters.

I thought that was Todo lists? The hello world equivalent of web apps.

The technology improved a bit.

"Write some text - it'll be here when you get back.... I can promise all this because NoteToMe is an Edsu app. It means I don't have to store your data, you do ...."

The same is true of the text file I've been adding to for decades. After learning the hard way (several times) NEVER to trust someone else's prog/assume they'll be around for more than 6 months. Multiple backups sync'd religiously.

And ... no website needed! Not even a net connection! Just a 'personal computer'!

"You do have to sign up for an Edsu account...."

Whoops ... there it is.

Hi, edsu seems very interesting. I've looked through examples and read docs. Question: is it possible to make an app and allow user to set permissions. E.g. lets say I have writing app. I want initially to create writings as `private` and then promote them to `public`.

I don't see if it's possible. I see that scope is fixed for now in the name like that `prv.app.edsu-org.hello-world.storage`. So I assume `token` only works for `prv.app.edsu-org.hello-world.storage` but wouldn't work for `pub.app.edsu-org.hello-world.storage` or would it?

Thanks for reading!

If an app wanted to be able to switch something from public to private or back, it'd get a token with write permissions for two names, one with the prv.* prefix, and one with the pub.* prefix. And that's a good thing: it makes it clear to the user that the app is requesting the ability to make the things that they write public.

It's still just one grant request, it's just that there'd be two line items instead of one. Also, names are simple pointers to blocks of data, so, for instance, if both names happen to be pointing to the same written piece, there's no duplication of data.

And another question. It's not possible to list all the keys under some namespace, right? `prv.app.edsu-org.prefernces-app.preferences` - I can't see what are the subkeys?

And I see that there is no multi-get request. So how would you implement your notes app if you have multiple notes, not one. Would you have a document which would store hashes of all notes and then fetch in parallel all of them (making n calls, 1 call per note)?

Names are big chunky things - you want to use them as sparingly as possible, and in general they should be "well known" - meaning a list function (which does exist as pub.srv.edsu.listings.names, though it's currently not something you can request permissions to) goes pretty hard against the grain of the protocol.

Essentially, you'd only want more than one name if there's different visibility requirements for different parts of your data, or you specifically want to disconnect the state of some of data from others. All of your structure (e.g. lists, trees, lookup tables, etc.) you want to keep in the blocks.

So in your case of having multiple notes, you'd likely want the name block to keep track of the block hash of each one (so, yes, exactly as you say). And correct, if you wanted all of them you'd need to do N block-get calls. However, due to pipelining and chaining, that's not as costly as it might sound: in terms of latency it should be costless, and in terms of bandwidth the overhead is a fraction of a percent if you're using full blocks (i.e. what you'd be doing if you're concerned about bandwidth).

A lot of this stuff is quite low level (think almost SCSI kind of low level) - it's meant to be abstracted away by libraries like basic-storage.js. In that case, having multiple notes is trivial - you put each note under a different storage key, and the library sorts out how to retrieve them efficiently and update them independently, even though they're all be under the same name.

In case you haven't run into it yet, I talk a little bit more about why names are meant to be used sparingly at https://edsu.org/use-cases/storage/

Perfect! Makes sense

I like the concept of decoupling storage from the editor app. I wish more SAAS providers recognized this as an important product feature. It would allow deployment of hosted services in much wider range of scenarios, where privacy and data ownership is a big concern.

It's not really clear to me how the data is stored. Is it confined to the Edsu server I use akin to Diaspora and applications connect to it? How do I migrate my data or switch providers? Is it lost if the server or my localStorage goes down?

Thanks for your interest!

It is indeed stored on an Edsu server. The data format is trivial and completely specified, so switching providers should be straightforward (an Edsu app to do the data transfer would be easy to write, and I plan on writing one). If you're using your own domain (which is encouraged), from there you'd just update an A record to complete the transition, if not, you'd set up a transparent redirect on your old host to keep all your old links/permissions alive.

It's pretty old school in that if your provider loses a server and they're not doing replication/backups then there can be data loss. If they are, then a failover should work fine, with minimal loss and no corruption (the important stuff is atomic).

With localStorage, how it's used is up to the app (generally it'd only be used for keeping a token and maybe a block cache), so I wouldn't expect a loss of that to matter in most cases.

Thanks for the helpful reply! I brought up local storage because people were talking about some kind of sync and it sounded like the browser's storage would be used

I actually found that using special directory for notes and git and grep is actually convenient. The only thing I'm missing is fuzzy search features of grep, like build on word2vec models.

Funnily enough, Edsu and git's data stores are very similar in that they're both Merkle trees. It means that they both have similar benefits of trivial checkpointing, automatically deduplicating revision histories, etc.

So if you squint enough, Edsu is kind of an "APIized" version of your setup :) So in addition to text files, it can also be structured application data.

Can we call this the Dropbox syndrome where people boasts they have a better solution with combination of cli tools instead of a service?

That is an interesting Hacker News type of phenomenon, but I personally enjoy reading the alternative solutions to a presented problem.

And sometimes it turns out that the SASS product is simply a wrapper around a cli tool... for example the product [1] Mole, which is a wrapper around ssh to make it easier... but not really necessary...

[1] https://news.ycombinator.com/item?id=18236125

I prefer the 'combo of CLI tools' to a service where ever possible because those solutions are almost always simpler, easier to understand, portable, and easier to maintain.

That seems a very uncharitable reading of your parent post.

If you are privacy focused it is a better solution.

Only if we can say that SaaS obsessives have Cloud Syndrome

fzf can probably help you with fuzzy searching.

It's interesting, a few months ago I asked HN about how websites can let users maintain control of their own data, and I never heard of Edsu. This looks pretty good!

It launched a few days ago AFAICT.

I don't get this, is the data stored client-side or server-side?

If it's client-side, why would I need a service provider: https://edclave.com/sign-up/

It's stored on the server.

Doesn’t save for me. After signing up and getting edclave address, signing in an granting access, changing the text and reloading doesn’t save. Nor does changing and navigating away and back - always get the “erase me..” text.

iOS safari

Sorry about that, and thanks for the bug report! I haven't been able to test with an iOS device yet - I'll get on that.

Have you heard of Scuttlebutt? https://www.scuttlebutt.nz/ How does EDSU compare?

Similar in that you get to keep your own data.

Different in that it's lower level - it's not a social networking protocol - it's something you can build a social networking protocol on.

Oh the irony. I clicked through to edsu.org to learn more about the backend of this note taking app, and the error I got was:

“Safari cannot open the connection because the network connection was lost.”

I think edsu could be nice for "serverless" apps, eg static web apps. Should make it work offline. And edsu should keep a copy of the data on the client. Then sync once the client is online.

Edsu's data store is content-addressed - i.e. everything is hashed and immutable from a storage perspective.

A great thing about this is it makes a lot of caching problems simply go away. So while there's no explicit support for local caches disconnecting and then re-connecting later, the underlying protocol gives any library wanting to implement this feature a lot of support for it.

A frozen banana that won’t make you sick and kill you!

if this used gun.js, you wouldn't even need a third party provider.

(not affiliated with the gun.js team, just think it's a powerful P2P platform).

how goes it compare to Standard notes

doesnt work with private browsing...

like chrome incognito? i tried and it does


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact