Creation of Solid Scribe

How I created, encrypted note taking application, solid scribe. 2023-10-1 is a live application. You can sign up for free and use it right now.

Solid Scribe is a zero-access encrypted note taking application. Created for convenience and privacy.

Why it was created

I created solid scribe because I was tired of all my data being scraped and put into a giant marketing profile. Daily notes contain a lot of private information, giving all that data to google or facebook made me uncomfortable. I encouraged my friends to use SolidScribe because all their private data was being read by big corporations.

One of my friends argued "I would rather have google read my notes than someone I know." This lead me to note encryption. Without a password, all notes are unreadable.

How it works - Security

When a note is made, a database entry is created with note text and random noise. This noise is encrypted with the note text to increase entropy. No two notes are the same. When a user access this not, their encryption key decrypts the text and they can edit it. All encryption keys are stored on the server, encrypted with the users password. This is to prevent users from losing them or attempting to falsify their data for access to other users information.

Zero Access Encryption

Note data is stored on the server encrypted. If someone leaked the database and took all the information, note data would not be readable. Without the users password for decryption, nothing can be read. All requests send a json web token with a session id and a session key. This session key is used to decrypt your session on the server. Yes, even the session data stored on the server is encrypted. These sessions tokens expire and are renewed every 100 requests. If a session token does not decrypt properly, all sessions for that user are revoked. Even if an attacker gained access to all the data on the server and your computer browser information, they would only have a small window for an attack.

Tech Stack

  • Solid Scribe is hosted on linode, using NGINX and Express router.
  • The backend is a fully custom Node.js server without an ORM and minimal frameworks to support maintainability and minimize attack vectors.
  • The frontend Vue.js using Vue-CLI, and Sematic UI for the styles.

Current Major Features

  • User accounts/login - Two Factor Authentication
  • Revoking active sessions from other browsers
  • Color themes and Dark mode
  • Note tags, tag searching
  • Note Searching, using Encrypted search index
  • Encrypted Notes with text editing, formatting, color themes
  • Todo lists with sorting and removing completed tasks
  • Link scraping from notes, with image capture and search
  • Inserting of link metadata into note
  • Secure sharing of notes with other users using public-key encryption
  • Synchronous note editing across open note instances
  • Securley pushing URLs from browser to your account using a bookmarklet

Source Code

Other Projects

Tell Android to ignore folder contents

Tired of showing the contents of your audio books library in your music app?

Atreyu keyboard Build

Creating a working ergonomic keyboard. From files to physical.

Build a Keyboard Links

Trying to build your own keyboard? Here are some links!

Creation of Solid Scribe

How I created, encrypted note taking application, solid scribe.

Catch missing image assets inside image tag

If an image is being displayed on a website and for some reason that asset disappears, you can catch that error and display a placeholder image with a little inline js.

Change remote origin in git repo

Sometimes you need to change the remote origin in a git repo, if the server moves or if you just get better at NGINX and change the URL to something cleaner. Here are the simple steps on how to update your remote origin.

crDroid 9.1 OnePlus 7 pro install/update

This will walk you through installing a custom rom on your phone, updating the firmware and installing google apps. Then rooting your phone.

Creation of Ravenwulf Consulting

Designing and building of

Obligatory I am starting a blog, blog post

As we fumble around life, doing little projects we end up learning little things and forgetting a lot of things.

Killing programs in mac or linux

To kill all instances of an application us the command killall

Linux Search text in this and all sub directories

Search text files in current directory and all sub directories. Its super fast so don't worry if you have a node_modules directory or something.

Lower Pipewire CPU usage on Ubuntu while using Firefox

I was noticing high CPU usage for the pipewire process on Ubunutu.


Why would anyone in their right mind us vim? I asked myself this question 543 times in the last 3 years. To my own surprise, I found myself wanting to use vim. The justification being that you can write code without using a mouse.

Sunshine a Parsec Alternative for Linux, GeForce Now alternative for Windows

Sunshine is a desktop streaming client for linux that offers efficient, low latency PC streaming, for free. Download Sunshine onto your linux machine (the host) Sunshine Github Download moonlight onto whatever device you streaming on (the client) Moonlight Homepage

PC Builds

At some point I became infatuated with the SAMA IM01 Case. At only 22 liters, it can house an ATX power supply and a large cooler. I bought two! Thus began the journey of rebuilding both my PC and my unRaid server into smaller cases.

Proudest Software Engineering Achievements

A few highlights of my time programming

Run bash script on linux start

Running a bash script on system start can be an involved process, depending on you distro. The proper way is to create a system service and plug it into /init.d but you can leverage the crontab if you want a simple quick way to run something on startup.

Sending Emails with Cloudflare Workers

Cloudflare has a partnership with MailChannels which has allowed Cloudflare to introduce email sending into its web workers. There is some documentation to set this up but its all over the place. Here are the steps I took to get email sending running, using workers.

Setup nginx to point subdomain at port

You can setup nginx to point subdomains at specific ports.

Sleep Linux Mint Keyboard Shortcut

Sleep Linux Mint with this keyboard shortcut

Get .env file variables into bash scripts

If your server has a .env file, it may be necessary to parse those variables into a bash script. This can be accomplished by using the 'source' command.

Why use ergonomic keyboards?

Ergonomic keyboards have a number of benefits.

Windows Hello for Linux

There is a program called Howdy, which is like Windows Hello. It uses face data as authentication. Howdy Github Repository

Max Gialanella - 2024