Nanogram is designed for the enthusiest who wants complete data sovereignty on their social media platform.
Spin up your own instance on termux for Android.
Demo here.
Install instructions are at the bottom of the readme.
Why is it a shell script that makes Python scripts? Im definitely not running that on my machine
The script builds the home directory that’s all. It’s building many other files than just the python app. All the html files, css, tor config, ect.
Here is the directory it builds in the virtual termux environment.
Why are those files just not in the repo then, so it is easy to see what is going on? Why the “clever” script to make them?
At this point they could be separated file by file into the repo no doubt.
I did it for development ease and to make sure everything was interacting properly together for each iteration.
To implement one feature you need to touch many parts of the program. html, css, python app, SQLite database logic. Having it all as a giant monolithic program greatly improves a LLMs ability to see every part for context. Having a bunch of separate files is not great for the context window.
Ok… I guess…
I mean, I gotta say, I’ve been a professional developer for over 20 years now, and also using LLMs as a senior dev, to help with day to day stuff, and development. Never have anything like that ever seemed like a way to make things easy to develop.
It is most certainly not easy to understand as a human, and to figure out.Here’s a tip:
Writing good code, is about writing it for the next human, not for the machine.I’m not saying it’s the correct or proper way to do things; it was just the eaisist way for me to keep track of everything. This entire thing was created on mobile and I found it was quicker to keep things in one copy pastable format.
The work flow was: ponder new features, discuss ways to implement, implement and generate the monolith with the implementation, copy paste into the terminal, test to see if it’s what I wanted, tweak stuff until I’m happy, rinse and repeat. It wasn’t like this was a one liner prompt into a LLM.
Here’s a tip:
Writing good code, is about writing it for the next human, not for the machine.not to be rude but as someone who has no coding background I feel like I can read and understand what’s going on in this raw source pretty well at this point after watching each portion generating 100’s of times. Why can’t you read and understand it you are a 20y senior dev?
It is not structured in a way that is easily understandable, or quick to get an overview over.
It’s one big mess of code, all piled together.Why? Because it’s long and complex? It would be the same exact thing just separated. What’s the difference honestly?
Here is a overview.
It starts with defining environment variables, app directory, file permissions for the directory.
Then it assembles/installs or updates the dependencies.
Then is concatenates the python app. The python app is big because it’s complex with all the game logic of three mini games.
The python app grabs all it’s dependency packages it needs, creates the database, defines all the functions I wanted such as… What’s a like, what does a comment button do, what does a login button do, what’s a Scrabble game, what’s a chess game, what’s a read receipt… All these functions define when and where to interact with the memory of the database.
Then the html templates are concatenated. This is shell of what is served to the client so they can interact with the database.
Next the CSS file is born. This is just a skin to make it all look nice.
Finally, it finishes with the CLI server manager. It provides the operator admin functions. Turn the server on, off, networking on and off, backups, invites to server, uninstall the whole app and more.
Python code as a string in a multi thousand line shell script. Lol, this must be a troll
from a previous now-deleted post by OP in another community
Full disclosure. This was created with the help of many different models over the past month two months!
Good to know. Avoiding this like the plague now.
Curious is that just out of principle basically? Because it’s actually a pretty good way to stay away from AI now that it exists. That’s why I made it.
For the same reason I wouldn’t trust a car designed with the help of AI:
I would be concerned that the internals have the equivalent of a sixth finger. In a picture, that’s fairly harmless, but I’m not giving my personal information to a six-fingered hand if I don’t have to.
Maybe if the designer has a solid track record independent of AI, and the AI’s contributions were strictly monitored and checked by humans. But then… why would you use AI?
The backbone and internals were made by great developers…not me. That’s a good thing. Each time you run the script these packages are updated to the latest and greatest.
What I’ve done is brought it all together and generated some harmless html, css, python app to bring it all to life.
Things I didn’t make:
tor - networking backbone
clang - compiler infrastructure.
libjpeg-turbo - server side image compression to keep it all light weight
openssl - open library for encrypted internet communications over tor
gnupg - encrypted backups
flask - lightweight web framework
sqlalchemy - the database backbone
pillow - image processing
itsdangerous - handling session data securely
werkzeug - webserver gateway interface
gunicorn - wsgi complient server for performance and support for handling the server requests efficiently.
If any of these packages get some new security update or performance improvement, nanogram would instantly benefit and patch because it’s searching for the most up to date version of these utilities on each run.
If a single exploit was discovered in what you have here, would you know how to go in and fix it and then verify the fix yourself outside of the dubious words of an LLM?
I’m not interested in entrusting my data/software/device to your faith in some models instead of the wisdom of a human being.
This is why I would not use it.
If a single exploit was discovered in what you have here, would you know how to go in and fix it and then verify the fix yourself outside of the dubious words of an LLM?
No not without a LLM but I’m pretty sure I could patch with it.
If there is an exploit discovered it’s going to be getting past the login somehow in which case the attacker has the .onion address that was leaked from a user. I tried every possible way to penetrate the login without credentials and made it as bullet proof as I could. I also implemented a function in the manager to rotate the onion address and discard the old. This brings it back to square one of distributing the address securely.
I’m not interested in entrusting my data/software/device to your faith in some models instead of the wisdom of a human being.
This is totally fair and I respect your opinion I just think it’s a little naive.
I respect your opinion I just think it’s a little naive.
Under isos 27002, 90003, 25000, and 9001, and their requirements for software pedigree and sustainability, it’s just best-practice.
Is it ironic that you’re calling best-practice “naive”?
It’s naive because we are all running “Ai Generated” code on our machines by now and you would never know it. That doesn’t mean its inherently not infused with human wisdom now.
I’m not criticizing for wanting to stay away from AI…like I said, that’s why I made this. I don’t want my private photos/conversations fed into AI. This was my best attempt with the tools I have today to achieve that.
Fair enough, in that case we think the same of each other.
True! It was.
I decided it has graduated sharing via a paste so I deleted that post and finally put it on a proper code repo.
In fact, I don’t code professionaly and have never developed anything lol! This is fun side project I made for myself.
This is fun side project I made for myself.
Contradicts:
Spin up your own instance on termux for Android.
It’s great if its for yourself, or learning something new to you. Releasing it like this and telling others to install software you didn’t even write is a security nightmare and disingenuous. Nowhere in your readme or any other repo files, does it specify that YOU don’t code, and this product is all due to AI and LLMs.
I don’t see your point of how these two statements contradict at all?
If you think it’s unsafe don’t install it. I demonstrated exactly what it does and the entire source is available to pick apart if you desire. I’m not forcing anyone to do anything.
Sure, I didn’t write the code persaybut it still took me two months to make this thing. Prompt after prompt testing each iteration.
persay
per se
Unsocial media?
Is there any relation to “nanogram” that was supposed to use the cryptocurrency Nano ($XNO)? Or you just liked the name? 🤔
Zero relation to that I just liked the name.
