You will need to establish a shared secret in person in advanced or over a trusted channel out of band.

You can configure your preferred cipher in the menu. Currently aesgcm is not included because it will require additional packages. `openssl enc’ is not compatible with aesgcm due to to complexities in handling the authentication tag. I do plan on integrating this in the future however.

I think It’s important to note this later of encryption is completely redundant with Tor integration. We are already e2ee encrypted with without openssl encryption. I just saw no reason not to include it as overhead is minimal.

I haven’t tried to break that yet, but I should find out the limits. I have sent pretty lengthy payloads while on 6kbs encoding quality with no issues. I know we can send aleast 60 second

With some work we should theoretically be able to configure any networking pipe. I like Tor for it’s large distributed userbase/built in plug and play circumship transports and reliability is the short answer. It passes simple text encoded audio which should make it really easy to plug n play other networks. Also, I’m using open SSL as an additional encryption layer, it should be possible to configure any other encryption primatives you want easily. It doesn’t have to use this library. It’s just the one I chose.

I am a huge fan of both of those alternatives.

This isn’t nearly as powerful or feature rich as either of those alternatives …but… I don’t think ironcalc has realtime collaboration and neither of the two alternatives can be spun up on the fly in a mobile environment. That would be the main differential factor.

Heavy sheets with large amount of logical dataprocessing; this is not a winner in that regard. This is for casual everyday use, simple budgets, light accounting, ect…

I made this for me and my family. You self host your own private platform.

https://gitlab.com/here_forawhile/nanogram-pi

https://gitlab.com/here_forawhile/nanogram-termux

Thanks, that’s actually the first constructive comment here. I do realize it’s a completely unconventional release format and if I want others to contribute I’ll have to reformat the way the repo is structured. I just hope you at least understand why it is the way it is. That’s was not the LLM’s choice. I specifically asked for the monolithic format because my development environment is a mobile device…it was too complicated to split the program into its expanded file directory and have to update each individual file before testing an iteration and feature I added.

For example; to add a notification dot, I would have needed to touch the python app routing, the html, database classes, css. It was to much to keep track on for a mobile environment. The single file script allowed for a faster feedback loop because I can just swap the script in the terminal and it will overwrite and the existing directory in a snap.

Why? Because it’s long and complex? It would be the same exact thing just separated. What’s the difference honestly?

Here is a overview.

It starts with defining environment variables, app directory, file permissions for the directory.

Then it assembles/installs or updates the dependencies.

Then is concatenates the python app. The python app is big because it’s complex with all the game logic of three mini games.

The python app grabs all it’s dependency packages it needs, creates the database, defines all the functions I wanted such as… What’s a like, what does a comment button do, what does a login button do, what’s a Scrabble game, what’s a chess game, what’s a read receipt… All these functions define when and where to interact with the memory of the database.

Then the html templates are concatenated. This is shell of what is served to the client so they can interact with the database.

Next the CSS file is born. This is just a skin to make it all look nice.

Finally, it finishes with the CLI server manager. It provides the operator admin functions. Turn the server on, off, networking on and off, backups, invites to server, uninstall the whole app and more.

The backbone and internals were made by great developers…not me. That’s a good thing. Each time you run the script these packages are updated to the latest and greatest.

What I’ve done is brought it all together and generated some harmless html, css, python app to bring it all to life.

Things I didn’t make:

tor - networking backbone

clang - compiler infrastructure.

libjpeg-turbo - server side image compression to keep it all light weight

openssl - open library for encrypted internet communications over tor

gnupg - encrypted backups

flask - lightweight web framework

sqlalchemy - the database backbone

pillow - image processing

itsdangerous - handling session data securely

werkzeug - webserver gateway interface

gunicorn - wsgi complient server for performance and support for handling the server requests efficiently.

If any of these packages get some new security update or performance improvement, nanogram would instantly benefit and patch because it’s searching for the most up to date version of these utilities on each run.

I’m not saying it’s the correct or proper way to do things; it was just the eaisist way for me to keep track of everything. This entire thing was created on mobile and I found it was quicker to keep things in one copy pastable format.

The work flow was: ponder new features, discuss ways to implement, implement and generate the monolith with the implementation, copy paste into the terminal, test to see if it’s what I wanted, tweak stuff until I’m happy, rinse and repeat. It wasn’t like this was a one liner prompt into a LLM.

Here’s a tip:
Writing good code, is about writing it for the next human, not for the machine.

not to be rude but as someone who has no coding background I feel like I can read and understand what’s going on in this raw source pretty well at this point after watching each portion generating 100’s of times. Why can’t you read and understand it you are a 20y senior dev?

Removed by mod

Raw Source here

Raw Readme here

It’s naive because we are all running “Ai Generated” code on our machines by now and you would never know it. That doesn’t mean its inherently not infused with human wisdom now.

I’m not criticizing for wanting to stay away from AI…like I said, that’s why I made this. I don’t want my private photos/conversations fed into AI. This was my best attempt with the tools I have today to achieve that.

The script builds the home directory that’s all. It’s building many other files than just the python app. All the html files, css, tor config, ect.

Here is the directory it builds in the virtual termux environment.

I don’t see your point of how these two statements contradict at all?

If you think it’s unsafe don’t install it. I demonstrated exactly what it does and the entire source is available to pick apart if you desire. I’m not forcing anyone to do anything.

Sure, I didn’t write the code persaybut it still took me two months to make this thing. Prompt after prompt testing each iteration.

Zero relation to that I just liked the name.

If a single exploit was discovered in what you have here, would you know how to go in and fix it and then verify the fix yourself outside of the dubious words of an LLM?

No not without a LLM but I’m pretty sure I could patch with it.

If there is an exploit discovered it’s going to be getting past the login somehow in which case the attacker has the .onion address that was leaked from a user. I tried every possible way to penetrate the login without credentials and made it as bullet proof as I could. I also implemented a function in the manager to rotate the onion address and discard the old. This brings it back to square one of distributing the address securely.

I’m not interested in entrusting my data/software/device to your faith in some models instead of the wisdom of a human being.

This is totally fair and I respect your opinion I just think it’s a little naive.

Curious is that just out of principle basically? Because it’s actually a pretty good way to stay away from AI now that it exists. That’s why I made it.

True! It was.

I decided it has graduated sharing via a paste so I deleted that post and finally put it on a proper code repo.

In fact, I don’t code professionaly and have never developed anything lol! This is fun side project I made for myself.

I just released this little self host able social media platform

https://gitlab.com/here_forawhile/nanogram

Your kinda proving his point by insulting him immediately haha.