I work with governmental organisations and heavy industry. spotty internet, data privacy, changing laws, cleanroom areas, IT audits, travel to places with less savoury governments, telemetry that shouldn’t be stored but is due to some flag someone forgot, takeover of the server, ulterior motives, you name it. needing a network connection means it has to be assumed compromised, and short of letting my IT dept host its own version, you can’t convince me otherwise. I need to be able to 1) sync data only when on a verified safe network, and 2) trust the server that data goes to and from.
when it comes to what something could be used for… are you doing market research, or basic research? building a tool usually means you have a need for that tool. If you’re trying to market something, do a proper test with a control group. just going “i made a thing, i don’t know what it’s good for” isn’t going to pull in crowds, especially if there is a barrier such as account creation to actually use the thing.
Edit:
also, your page is missing basic accessibility features. all the links are <button>s, not <a>s, so they’re not properly picked up.
Hi! Just circling back here- what does this mean? I’d like to action it: “Page is missing basic accessibility features” - Can you provide more detail on location perhaps or just more info in general!
Wow! This is great stuff! Really appreciate you taking the time to lay this out.
I get your point: in high-stakes, security-conscious environments like yours, needing a persistent internet connection is a non-starter. Your two conditions (sync only on verified safe networks + trusted server endpoints) are a clear, actionable framework I hadn’t articulated so well before-thank you.
Cheers for calling out the muddiness around purpose. I started this as a tool to scratch a personal itch, but I’ve been deliberately open-ended in trying to understand where others see value. Still, the lack of clarity does become friction-especially when account creation is required up front. I’ll be rethinking that flow and messaging.
Also noted (and agreed) on the accessibility issue. I’ll fix the <button> vs <a> problem-thank you for catching that.
what would a deployable/self-managed version for an environments like yours look like?
i’m glad you’re taking it as intended, i was worried about my tone…
a version that could be used in a restricted setting would
be offline-first (or online-optional, even)
install and work with minimal privileges (no curl|sudo bash)
have few to zero external dependencies that need vetting (to get past IT)
send and store very minimal amounts of data off-device (especially important for PII like user accounts)
use only audited and proven crypto and auth (because nobody should be rolling their own there)
allow bring-your-own-database setups for the server (because some places run the same DB software for everything)
play well with other tools on a posix system, e.g. make sure data files are structured text rather than binary (for future-proofing)
if running in a browser-based environment, preferably work without scripts enabled (to eliminate XSS risks)
if running in a native environment, be open and reproducible (so builds can be verified)
keep to itself; e.g. make sure to keep stuff in its own namespace and not spread files around (for the server this is usually accomplished by containerization but not everyone allows running stuff like docker)
I work with governmental organisations and heavy industry. spotty internet, data privacy, changing laws, cleanroom areas, IT audits, travel to places with less savoury governments, telemetry that shouldn’t be stored but is due to some flag someone forgot, takeover of the server, ulterior motives, you name it. needing a network connection means it has to be assumed compromised, and short of letting my IT dept host its own version, you can’t convince me otherwise. I need to be able to 1) sync data only when on a verified safe network, and 2) trust the server that data goes to and from.
when it comes to what something could be used for… are you doing market research, or basic research? building a tool usually means you have a need for that tool. If you’re trying to market something, do a proper test with a control group. just going “i made a thing, i don’t know what it’s good for” isn’t going to pull in crowds, especially if there is a barrier such as account creation to actually use the thing.
Edit:
also, your page is missing basic accessibility features. all the links are <button>s, not <a>s, so they’re not properly picked up.
Hi! Just circling back here- what does this mean? I’d like to action it: “Page is missing basic accessibility features” - Can you provide more detail on location perhaps or just more info in general!
basically this
in short,
also, don’t use the wording “circling back” unless you want people to get office ptsd.
Wow! This is great stuff! Really appreciate you taking the time to lay this out.
I get your point: in high-stakes, security-conscious environments like yours, needing a persistent internet connection is a non-starter. Your two conditions (sync only on verified safe networks + trusted server endpoints) are a clear, actionable framework I hadn’t articulated so well before-thank you.
Cheers for calling out the muddiness around purpose. I started this as a tool to scratch a personal itch, but I’ve been deliberately open-ended in trying to understand where others see value. Still, the lack of clarity does become friction-especially when account creation is required up front. I’ll be rethinking that flow and messaging.
Also noted (and agreed) on the accessibility issue. I’ll fix the <button> vs <a> problem-thank you for catching that.
what would a deployable/self-managed version for an environments like yours look like?
i’m glad you’re taking it as intended, i was worried about my tone…
a version that could be used in a restricted setting would