Forking Laverna

[daed]

So, wwebfor got back to me. He's done with the project.

He acknowledged that laverna doesn't solve issues with synchronization and multiple devices. He suggested that effort would be better spent focusing on other projects that do already. He also didn't give me access to the repo, so I can't do anything directly with it.

I think his concerns are valid, but I like laverna and I think it's worth trying to make something out of. I'm going to continue with my plan to fork it and develop it independent of the laverna organization.

I've spent the last few weeks trying to familiarize myself with the dev branch and working on minor bugs where I can. It's honestly not in very good shape right now:

• It looks like the project was in the middle of transitioning into more of a client/server model with the addition of the signal server and mongodb. That's not a bad model necessarily for hosting, but it becomes burdensome for standalone end-users who are syncing through dropbox (or not at all).
• The signal server appears to have been put together with a multi-user environment in mind, and there is the start of some useful features (like sharing between users) but that is incomplete, and I believe actually currently inhibits synchronizing across multiple devices.
• In spite of the above, https is not enabled by default.
• The electron-based desktop app version doesn't work.
• gulp is pretty broken in node 10 due to ancient dependencies. Supposedly this is getting fixed someday, though the current plan appears to be to force a newer version of the natives package, which is unsupported. I couldn't find an ETA.

[funilrys]

For those who are landing here, please report to https://github.com/encryptic-team/encryptic.

=========================

@daed For the desktop app which does not work I did wrote a patch (which is implemented when installing Laverna under Arch Linux) :

https://github.com/Laverna/laverna/issues/913#issuecomment-365572643

Hope it will help, I will follow your work and try to contribute if I have some spare time.

Let me know if you need something else :+1:

[glocalglocal]

Just one point, I think looking at Lastpass and Bitwarden (open source) more closely may be worth it. My understanding is that their db is stored encrypted on the server, and there is always a local copy (which may not be fully synced yet) in case there is no internet. Encryption/decryption is done client-side by the browser extension, a dedicated local client, or mobile app with the passphrase you supply, so they can't decrypt anything because they don't get the passphrase and they achieve zero-knowledge. This way you get a web interface, a browser extension, a desktop/mobile client, local caching and zero-knowledge. There are many similarities with Laverna in that Lastpass and Bitwarden store passwords and optional notes. Laverna only stores notes.

[daed]

@glocalglocal I didn't mean to come off was writing you off in the other issue, so I apologize if I sounded that way. I'm admittedly pretty ignorant on how those two work, but based on your explanation, I'll definitely look into them. I have a little knowledge about writing firefox extensions, but I'm not so sure about chrome/safari/edge, so there's going to be a learning gap there. I'll definitely add that to the list, but I'm not sure it's realistic for an initial re-release.

[glocalglocal]

@dead thanks for your efforts. IMV the extension is not the top priority. As a user, I was looking for a client-side encrypted notepad that syncs between a mobile app and a Windows/Linux client. Something like Turtl but better. For me cloud access would be welcome but not essential, and an extension would be a bonus (which personally I wouldn't use).

[daed]

I've dug into the code some more and I think I better understand now. The ui component stores private keys in your private storage. Node doesn't really seem to do much other than host the website. All the actual code appears to be client-side. You could probably extract it and put it on a static site and it would run just fine. That suggests that it could be run on a server as easily as in a client application, provided you configured it for https. I added a local wipe button so that you can easily remove your data from a public/shared computer if desired. I need to test how it interacts with syncing, but I would imagine that it would be safe.

The way the code is organized is very strange to me. It seems like there's a lot of layers that don't really add much of anything. I think it needs to be significantly refactored. That'll take me a while though.

[man-ahmad]

This thread has been quiet for around a month now. Is this project still open?

[funilrys]

@Crescive Open source software are built by awesome people when they have time ... (Unless you have sponsors, baker or other to finance the developer(s) or the features you develop) so it's normal that some thread or code are quiet ...

Developers have a life out of OSS ...

[daed]

Hi @Crescive.

I haven't abandoned the project. I've been in the middle of a lengthy effort at refactoring and, as a part of it, I'm working on upgrading a bunch of the dependencies to supported versions. It's been slow going as a lot of code needs to be changed in the process (particularly for openpgpjs).

Another thing I'm planning on doing is changing the name and the project location because I can't really do anything with the laverna repository. I've settled on the name "connote" and set up a team/repo at https://github.com/connote-team/connote though I haven't committed anything to it that's not already in my laverna fork. That will likely be where anything new I finish winds up going.

On a personal note, the last few weeks have been particularly busy at my day job, and my girlfriend and I are preparing to move in the next couple months, so I've had plenty of distractions from my hobby efforts. Having that been said, I've got some time set aside this weekend to work more on the project, so hopefully I will have an update out soon.

I've decided I'm going to be decoupling the signal server short term from the project for the time being so that it is a more practical (and much smaller) application for end users. The signal server will be an extremely useful component once it's fully implemented, but it's not doing anything useful for the time being and the notion of requiring a mongodb installation for features that don't even exist yet is something I can only describe as being "hostile toward users". Once I have dealt with maintenance/bugfixes enough that I can start working on new features, I'm definitely going to finish the note sharing functionality that it's supposed to provide. Long term I think I'll provide the option to set up your own as well as have an "official" one for the users to don't need/want a private one (which will hopefully be most of them).

I know there's still a lot of outstanding bug reports, but is there anything in particular you're awaiting in a new version? There's a lot I need to do still, but I could see about fixing something specific if it's a priority for someone.

[guilatrova]

@daed Improve the code quality and add some minimals docs, so I (and of course others) will be able to help :) a roadmap would be a good thing to add too.

The code right now is somewhat confusing to me. I'm interested in adding Google drive integration, but not sure how to start for example.

[HelpfulRock]

thanks for your effort in the project @daed . i was one of the users who tried it, dropbox didn't work for sync and switched to standard notes.

about the model bitwarden uses ( i wont mention lastpass since its not open source) - perhaps you can hit up the dev there, kyle, if you are thinking about the zero knowledge solutions @glocalglocal mentioned. i mean the difference between saving and syncing passwords and notes is not that big. you don't autofill notes so its even easier ;)

[daed]

I hadn't seen Standard Notes before. I just took a look at it, and it ticked all of my checkboxes until I got to the point where being able to use a markdown editor costs $50/year. It'd probably get my vote were it not for that. I'm a little bothered by the fact that they declare that they are "open source" and have no license I can find anywhere. Still, I like looking at that kind of stuff and seeing what's being done on the other side of the fence.

Right now my primary focus is to try to do something about the complexity of the code. Several people have commented about how they would like to help, but that the code is very confusing. I don't fully understand how it all works well enough yet to say that it's not confusing to me either, but the hope is to be able to get other people contributing to it again to get the project back up to speed.

[glocalglocal]

I agree with @MarcReckel that actually Connote is essentially very similar to Bitwarden (which incorporates notes) minus autofill. I think the description should refer to zero-knowledge, which is a major advantage over all other offerings: 'Consider it like open source, zero-knowledge alternative to Evernote.'

Incidentally, I downloaded the Windows version, unzipped it, and when I ran the .exe nothing happened.

[daed]

@glocalglocal I was looking at that a few days ago. I think something broke in node_modules. I've been trying to get it straightened out when I have a few spare moments here and there. If anyone has a time machine I can borrow... :)

[daed]

In the course of looking at the issue with the Windows version, I think I actually figured out a way to reduce the size of node_modules by about 17000 (!) files. This also reduced the download size by about 30mb and will make the time it takes to extract from a zip file microscopic by comparison. I'm pretty excited about it, but I want to do more testing before I put it out there. I do hope to get this out shortly though.

I had tested beta 2 on my Mac, but didn't test it on Windows. For some reason it worked on the mac. Next time I will test more thoroughly before releasing.

[funilrys]

For those who are landing here, please report to https://github.com/encryptic-team/encryptic.

[devurandom]

He acknowledged that laverna doesn't solve issues with synchronization and multiple devices. He suggested that effort would be better spent focusing on other projects that do already.

@daed Can you please expand on that? What are these issues and which other projects should the effort be spent on?