login
2021-01-16

C3RES

neoxee

public

Special dates:

A note about this platform (neoxee), and its role in C3RES

This website, neoxee, is a private resource store (a fancy name for a note taking application...) written fully from scratch by me (Jussi) using the current web technologies. neoxee is based on a graph database, relies heavily on tagging, provides in-browser editing tools, and contains some advanced features such as an automatic date extraction feature written in prolog language. All of neoxee should one day be fully open source, but due to lack of time (for things like better secrets handling, documentation, ...) only the templating engine component Clotrine ("CLOjureScript Template Rendering engINE") is currently available.

The core architecture of neoxee was written to be as secure as possible with a lot of focus going to the implementation of session handling as well as database structure (for example, a compromise of a single database service does not expose all user data to a possible attacker). Additionally, it was written to be scalable, using stateless services and a microservice architecture with an accelerator component (Varnish cache) in the middle to provide caching, tracing, and additional control over inter-service data flow.

In addition to simply allowing the addition, editing, and viewing of tagged notes, neoxee also allows to publish one's notes, either to other users via sharing controls or as public content (like these notes) with a human-readable URL.

All of this is currently not very important, though, as neoxee is at the moment only used by me personally. Implementing all of this has been a very interesting and educating journey, but it has also made it clear to me that I do not want to be responsible for other people's private data. This revelation has been one of the key initiators for the C3RES project: how to re-build neoxee without having to carry such a burden. Because no matter how much time I spend on evaluating the security-relevant parts of the code, there might always be something I've missed. I'm just a software engineer after all, not a fully trained data security expert. Thus being able to develop on top of a system that takes care of all the privacy and security issues for me would be great. And what do you know, C3RES aims to be that system.

Comments: