Document and App web has an underlying unified component -- message. Design a universal message format and exchange protocol, each only in one A4 page, that may be the foundation of New WEB.
PDF is more mainstream with more user-friendly tools. PDF supports transparency. PDF is (mostly) consistently rendered by all kinds of client applications. PDF is not a general purpose programming language (at least in its PDF/A subset) - and I’m considering that a feature rather than a limitation.
If privacy concerns you, you may want to take a look at:
https://twinkle.app/
macOS download is less than 10MB, so it should be a very quick evaluation.
Backspace had been invented; the problem is that on a printing terminal you end up with an illegible mess. So early Unix defaulted to erase '#' kill '@'. You can still see artifacts of that choice — ‘#’ being popular for things that start a line, like comments and C preprocessor commands, and ‘@’ being the only ASCII punctuation with no function in any common Unix tool.
When taking notes in class, nothing beats pen & paper. That being said, digitalizing your notes forces you to think hard about which ones are really worth the effort. And the work will pay off in the long run.
Since you have mentioned Niklas Luhmann's System , you may want to take a look at: https://twinkle.app/intro.html
> store and sync the sqlite database on any cloud storage service
It would be quite slow.
> a minimum of 1GBm
Our servers are quite dumb that if you are hosting your space with us, we need to reserve some storage space for you. That's a fixed cost for us even if you are not effectively using that storage.
Why would a notes database, that’s mostly (or all text) even take up a lot of space and make syncing the entire database slow? If someone is using just a few MBs of data, the speed of syncing that is immaterial.
Your servers not being able to account for smaller storage sizes is a technical limitation that you have built. You can take a look at tarsnap for inspiration on how to account for very small amounts of data. I’m not saying you should account for bytes, but even taking it at a fraction of what you’re currently doing would be better and fairer to paying customers. You would also discourage hoarders who thrive on utilizing a lot more and get subsidized by those who barely store much.
Thank you for digging into the code. This is why we are going open source. The encryption you are referring to is for encrypting a list of keys for your local notes storage, which is not exactly part of the end-to-end encrypted syncing. Since you have got this far, could you please have a look at:
I am wondering if that is necessary, because the hacker can't perform those attacks without the user's actively using the app at the same time. From what I learned, the attacking process requires the presence of key somewhere. If the attacker can get on user's device while one is using it, then it's almost a hopeless situation. Please educate me if I am wrong.
Yes, it is necessary. The IND security of Cipher Block Chaining (CBC) depends entirely on the IV being from a cryptographically secure random generator.
CBC mode requires unique and random IVs. CTR mode requires unique IVs (but can be predictable).
That's why we call the CTR input a nonce (number to be used once) and the CBC input an IV (initialization vector). Since they have different security requirements, we refer to them differently. Unfortunately, some cryptography libraries just name the parameter IV.
Is that distinction between nonce and IV held everywhere in the crypto community? For example, rfc8439 which defines the ChaCha-Poly AEAD does not require an unpredictable input nonce, and indeed calls it a "nonce", but many of the common implementations I've seen use "initialization vector" instead.
Loosely. The majority have given up on the public understanding of nuances and just phone it in with "just don't write crypto".
Because AES-CTR and ChaCha both refer to it as a nonce, and CBC calls it an initialization vector, the IV/nonce distinction does matter. But if you misuse the terms folks will know what you meant to say. Just don't mix it up when it comes time to implement.
Please don't ever stop this behavior. I'm just learning much of this in an applicable way and people like you make this not just easier but possible for those of us learning with little outside help.
The father I go down this rabbit hole the more I learn security should be like a religion of security (only one without dogma).
