This is all actually very good feedback and a lot to take in and think about, I have no problems in admitting that something can be done in a better way and go back to the drawing board, I’ll admit, I don’t have much experience with neither of the methods you suggested, but a quick Google showed me a world of learning, so I have a lot of reading to do ♥️

P.s. I did read everything that was linked by u/litchralee btw and it was a very good read indeed

Now, onto the why I went for asymmetric encryption is due to the nature of the notes being files on a system rather than stored in a database, my thinking process being "I can use whatever public key I need for whatever note and decrypt them using the right private key at a later time.

Regarding the sharing, you can indeed share encrypted notes… my thinking was “you give me a public key, I use it to encrypt the note, share it with you - privately or publicly - and you can use your private key to decrypt it”. Which is why there’s always an option to encrypt with a different public key than the one stored for yourself, I was imagining it just like encrypted emails work frankly. I may have gone a bit too much for overkill lol

I’ll see to implement additional encryption methods, if anything I’m all for choice and letting people decide what to use. There’s also the very selfish answer to your question btw being that… I like PGP and I made jotty mainly for myself hahahaa

Edit

Sorry forgot to address the signing feedback, you are correct, I am not letting user sign when encrypting, I made a judgement call in favour of user experience, I will be adding an optional checkbox to sign it with passphrase and custom/stored private key when using pgp and look into implementing alternative encryption methods, if anything this conversation got me all excited to code more lol

https://github.com/fccview/jotty/issues/265 ♥️

Hi! These are all very valid questions!

The protection boils down to your level of comfort, really, the way I built this is very modular, you can

• Simply generate a key pair by clicking on a simple button (for non power users)
• Import your own keys (if you feel comfortable enough to do it)
• Or simply encrypt with a public key and use your private key when prompted for decryption, this way keys are never stored on the server and all operations happen offline on the browser :)

When exporting notes, if one is encrypted it’ll stay encrypted, of course.

Lastly, the simple answer is because I know the tech fairly well and understand it enough to comfortably implement it, I wouldn’t want to half ass something, PGP is an extremely valid form of encryption anyway, and can be very user friendly when implemented properly (as explained above there’s various levels of complexity in place)

Very valid feedback, makes me wonder if I should give people multiple choices of encryption algorithms in future updates ♥️

That is so sweet, I’m glad it’s of help to you! I’m about to open another post about the latest updates so keep an eye out for it <3

I don’t claim it to be common practice, just saying that it exists. That said, it may be “niche” in the grand scheme of things, but by no means do I think it’s small and insignificant. If anything, such codebases are typically foundational libraries in the giant stack of cards most other software engineers build.

That’s indeed very valid! As I said, I may have been a bit too harsh on the comment rule, definitely one to review properly <3

Hey! Yeah you are right, I may remove the >20% comments to line of code resulting in the code being 100% AI driven

That said, you are obviously referencing a very niche sector, the vast majority of software engineering doesn’t require that absurd amount of comments… I can’t stress enough how verbose a ratio of 20% comments to lines of code actually is lol

Happy to say as of today encryption is present in Jotty ♥️

Hi! I just randomly stumbled across this as I was searching for an old Jotty post I made (jotty developer here)

This is such a nice feedback to read, thank you! Not sure if you still use Jotty or not but funnily enough I literally went live with pgp encryption today ♥️

Aw thank you for the kindness ♥️ There’s nothing wrong in verbosity btw, I may have been a bit too harsh on my parameters, I’ll tweak it a little :)

Regulation is absolutely needed, anyone saying otherwise is just deluded at this point 😅

100% it would! I think the biggest issue around the AI hate is a total misunderstand of how it works, paired with people using it for the dumbest reasons, actually draining important resources when there’s absolutely no need for it.

I think eventually it’ll be inevitably regulated as the actual shortage of water we’re seeing in the US is unmanageable, and once it does get regulated things will start working way better

p.s. i’m not talking about local models, I doubt these would ever be regulated and they SHOULDN’T, I’m talking about how many resources a company that allows AI usage should be able to utilise, mostly.

Hi, yeah! For sure! Indeed the world is not black and white! But even with weight, take everything with a pinch of salt <3

Hey! Thank you for testing it out, I think in my head, even the most verbose of dev wouldn’t leave >20% of comments in their codebase. The percentage works on a ratio of (commentsCount / linesOfCode) * 100 so it doesn’t just flag “a lot of comments”, it mostly checks for “too many comments”, that said, the “use common sense” at the top needs to be taken quite seriously, for example if there’s a majority of comments but none of the comments feel like written by AI, it’s clearly just the developer being verbose :)

p.s. I find AI is pretty damn good at making docker compose files, it’s probably gonna work just fine <3

Thank you! ❤

hahaha! I had totally missed this reply 🤣 That is indeed adorable, can’t say that’s where the name comes from but… it also works!!

Hey! I am Italian indeed :)

Glad you like it <3 remember is a beta, keep it private for now, next release sorts out some security concerns I have and should be fairly solid from that point on!

Hey thanks, I was properly looking into WebDAV yesterday, should be simple enough to implement, just making sure I don’t add features for the sake of it, once I’m certain it’s the right way to go I’ll implement it properly, for now my biggest aim is to get the tool as stable as possible ♥️

Thank you so much! Let me know how you get on!

Thank you, this is awesome! I’ll have a proper investigation and decide what route to go to, I don’t know enough about WebDAV and I like to make studied choices, you gave me a lot to think about and that’s great!🙌

Hey! Yeah as long as you set the folder to the right permissions :) And I am a bit torn between WebDAV or straight websocket as it already allows file manipulation straight from the UI, so may be easier to have a socket server for collaborations

Glad you like it ♥️

Oh wow, that definitely threw me off lol anyhow, I don’t think I am more knowledgeable than you at all, I just know the tool I built more, so I can help figure out the nuances of it…

I have a feeling nsenter is not liking your nas for some reason, I wanna try a workaround and if it works for you I’ll go through the code and sort it out so we can use a proper env variable for this

add this env variable for now and tell me if it sorts you out <3

environment:
  - PATH=/usr/bin:/bin:/usr/local/bin:/usr/sbin:/sbin:$PATH