Oh boy. I can’t believe that claims such simplicity made some of these decisions:
Let’s start with this claim:
High security and privacy. Because Standard Notes uses the Standard File format, all your notes are encrypted on your device before being sent over the wire. This means that even if the server was hacked and all your data was stolen, the attacker would only see gibberish - only you can decrypt your notes with your password key.
Then they claim that it uses
cross platform applications that don’t deteriorate over time
EDIT: I was wrong about AES-CBC, they later use an HMAC in EtM. So that is actually okay.
EDIT2: You guys need to be more skeptical of me too! After more deep dives, the keys do have a random key each usage, but I’m skeptical of how the author does it by splitting master and ephemeral keys.
Maybe I’m just being a crusty old guy but I don’t consider electron in this statement at all
Yeah, it’s getting to the point now where when I see that an application supports Windows, Mac, and Linux, I just assume it’s Electron-based. But if you already have a web version of the application, what’s the point of Electron?
But if you already have a web version of the application, what’s the point of Electron?
I don’t really know about this particular instance, but there are some actual benefits. Electron apps get better access to the filesystem, clipboard, fewer security restrictions, etc. They also have native menus and some other GUI niceties. That being said, I tend to shy away from Electron apps because I feel they’re bloated and don’t use standard UI widgets, etc.
Perhaps one should wait until a version number higher than “0.0.1” (and perhaps a few audits and independent implementations) to declare something “Standard”, secure, and long-lasting. It does little good to confuse aspirations with actual features.
(Also, this runs into the problem where if your file format is simple enough, everything sufficiently complex implemented on top of it just becomes a meta-file-format with all the same compatibility problems as before, and you’ve implemented a filesystem, not a file format. Compare “XML”, which is technically a “simple file format”, but actual document formats built on it are things like Office XML, which can still be gargantuan monstrosities.)
Yeah, I think that this has great potential, but probably hold off on real world usage with sensitive data until it matures - including audits and independent implementations, as you say.
The only thing I could think of after reading this
When it comes to storage, there will always be a billion different standards, however unfortunate it is. Everyone’s workload is different, everyone requires a lot of different features, which means there are lots and lots of niches to fill, and therefore lots of money to be made filling them.
The broad concept appears to be the same as remoteStorage’s, but with a few diferences:
What about plain text as a standard format for everything text-based.
Examples: markdown + css based word processor, markdown note taking application, just plain text… Edited with the tool you want.
On the other hand, can anyone tell me how is a Google doc formatted on the server? They do not even have a file format exposed. This is the reason I still think this is a good idea.