stronglink
stronglink copied to clipboard
btrask
A searchable, syncable, content-addressable notetaking system
Hashing in JavaScript before uploading would have two advantages: - Preventing corruption during transmission - Deduplication, potentially skipping the upload entirely
Right now our server doesn't send the `Date` header, which IIRC is required by the standard. Pretty easy to add and in practice regular clients don't care much. Might affect...
This is two problems: - Pushing to a dumb data store like Amazon S3 without potential data races (individual files are fine, but the URI list could easily get clobbered...
We should support fragments and even query parameters in our hash link parser, so we can split them out and then possibly glom them back on in preview links. If...
We should support case-insensitive meta-data queries. This requires indexing the data twice: once case-normalized for lookup, and once in original case for output.
There should be some way for limiting the total amount of data synced. This might involve automatic file deletion (#30) or more clever things like randomly rotating through files (like...
Use CSRF tokens in all of our `POST` forms. - Blog composer (`/new`) - Blog uploader (`/up`) - Login and registration forms Also think about how to protect our upload...
Raw files may be malicious to either the user or the repo. In order to protect everyone concerned, we should consider: - `Content-Security-Policy` header - Sandboxing in iframes (worst option...
It might be nice to use DOM templating instead of our current string-based template system. The main problem currently is that a bad template can compromise the security of the...
In a decentralized network with multiple people sharing files, digital signatures would be very useful. The obvious choice is PGP/GPG, despite all of its problems. I haven't really thought about...