I clicked through and browsed the comments and clicked links. It does appear the links are not working as described. Is there something you’re throwing and I’m not catching? :)
The relevant non functional links should be listed in the comments. The OP was complaining they were not able to include links directly. I'm not sure about [1] [2] [3] in the main post but the show hn [A] or [B] thread should afaik have not been an issue.
Ah, good call, I should have included the threads, thanks! I tried several variants of the GitHub URL and the main web site and got errors until I cut it back to what I posted and rushed out of work to have dinner with my wife.
Also not affiliated but my open-source tinycld uses docx as the backend storage for its text package. Supports _most_ of the features (including comments and suggestions) but is still very young. It has a golang backend that reads/writes docx and translates to YJS that the editor reads for multi-user access. Has web/iOS/Android support.
I found docx to be a very well documented format and a surprisingly good fit for this.
I went looking around, but I couldn't find why you're making tinycld, and whether I could expect it to keep going as a project in the future.
I expect I could find whether you're using hardened server implementations or reimplementing, but if it's the former, you should advertise that, or if the latter, you shouldn't.
It's pretty simple: I have a small company and we're using it internally. my hope by releasing it is that the ecosystem will grow and it'll become the best way to publish web apps (ambitious I know).
I do not know what you expect by "hardened server implementations", it's open-source and people will probably host it a lot of different ways? If you're talking about the various services it offers like imap/webdav, I'm using well established golang libraries which I hope are secure but I have not performed a security audit or anything like that.
Thanks, I think you should put that up if it isn't, or at least link from About page if it is.
"If you're talking about the various services it offers like imap/webdav, I'm using well established golang libraries"
That's exactly what I'd hope to see said somewhere as a naive person. Maybe security people would say "that's only 50% of the attack surface!!!" but I'm not one so it sounds good to me.
what was that item from just a day or so ago where an opensource project had said they developed using AI, and a developer said "take it down, you copied it from us"
I thought of it because this project said they used AI
Oh man, that’s disappointing. We implemented this in a test environment and have been hammering on it. Would love to know what’s going on as it solves a real pain point for us.
Edit (since I can’t seem to reply directly) - to the commenter suggesting LibreOffice below: quite different things. This was a library for implementing reasonably high fidelity docx viewing / editing in the browser.
I was going to guess that they accused the author of copying code from Office. Was AI used in the project? Perhaps a model regurgitated copyrighted code leading to a sternly worded notice from legal...?
Ooooh yeah. Looking through the author's past posts: "got a lot of skepticism because we're developing heavily with AI"
So AI was in use. Then the author says that following the spec alone wasn't enough to get it working, they got "active community feedback" and fed that feedback into the AI until it worked just like Word. I have to think that if there were ANY conditions under which a model might output code that Microsoft legal would threaten to sue you for, these would be them
I think this (if it is what happened) is a perfect demonstration of the dynamics. If you use AI to do things you couldn't have done on your own, you're copying off someone else's homework and the real risk is that you don't know who you're copying from, but they probably do.
I suspect the source code for at least some older versions of Office is absolutely in the training materials of some LLMs. There have been leaks before, and the early models were trained on the entire contents of the internet without regard to legality
The original source (matching the latest published NPM version) is still at https://github.com/mhurhangee/patrick/tree/main/packages and Apache-2.0, so I imagine that someone who'd like a copy can pick it up from there.
@mhurhangee also appears to have a mirror of the missing github repo here: https://github.com/mhurhangee/docx-editor
i'd wager a guess that they gave up on their "experiment"
the top comment on the show hn would seem quite apt if so https://news.ycombinator.com/item?id=46971202
I am a sad, dumb little AI driver with no real skills.
This link should be enough to work out the relevant links. [1]
I would guess that they have lost access to a resource lately ... I've read there's a lot of that going around atm.
[1] https://news.ycombinator.com/threads?id=thisisjedr
I clicked through and browsed the comments and clicked links. It does appear the links are not working as described. Is there something you’re throwing and I’m not catching? :)
The relevant non functional links should be listed in the comments. The OP was complaining they were not able to include links directly. I'm not sure about [1] [2] [3] in the main post but the show hn [A] or [B] thread should afaik have not been an issue.
[A] https://news.ycombinator.com/item?id=46947229
[B] https://news.ycombinator.com/item?id=48228411
[1] https://docx-editor.dev/
[2] https://github.com/eigenpal/docx-js-editor
[3] https://github.com/eigenpal/docx-editor
Edit for additional show hn thread
Ah, good call, I should have included the threads, thanks! I tried several variants of the GitHub URL and the main web site and got errors until I cut it back to what I posted and rushed out of work to have dinner with my wife.
Also not affiliated but my open-source tinycld uses docx as the backend storage for its text package. Supports _most_ of the features (including comments and suggestions) but is still very young. It has a golang backend that reads/writes docx and translates to YJS that the editor reads for multi-user access. Has web/iOS/Android support.
I found docx to be a very well documented format and a surprisingly good fit for this.
https://tinycld.org has a live demo
I went looking around, but I couldn't find why you're making tinycld, and whether I could expect it to keep going as a project in the future.
I expect I could find whether you're using hardened server implementations or reimplementing, but if it's the former, you should advertise that, or if the latter, you shouldn't.
It's pretty simple: I have a small company and we're using it internally. my hope by releasing it is that the ecosystem will grow and it'll become the best way to publish web apps (ambitious I know).
I do not know what you expect by "hardened server implementations", it's open-source and people will probably host it a lot of different ways? If you're talking about the various services it offers like imap/webdav, I'm using well established golang libraries which I hope are secure but I have not performed a security audit or anything like that.
Thanks, I think you should put that up if it isn't, or at least link from About page if it is.
"If you're talking about the various services it offers like imap/webdav, I'm using well established golang libraries"
That's exactly what I'd hope to see said somewhere as a naive person. Maybe security people would say "that's only 50% of the attack surface!!!" but I'm not one so it sounds good to me.
Not affiliated but I been using https://github.com/superdoc-dev/superdoc and it is very good and compatible with many docx features.
I can't include the links because HN filters dead links.
what was that item from just a day or so ago where an opensource project had said they developed using AI, and a developer said "take it down, you copied it from us"
I thought of it because this project said they used AI
( https://news.ycombinator.com/item?id=48085993 )
Oh man, that’s disappointing. We implemented this in a test environment and have been hammering on it. Would love to know what’s going on as it solves a real pain point for us.
There's plenty of open-source docx editors though? What makes eigenpal's editor so special?
Could you recommend your picks in the space?
Edit (since I can’t seem to reply directly) - to the commenter suggesting LibreOffice below: quite different things. This was a library for implementing reasonably high fidelity docx viewing / editing in the browser.
What is wrong with LibreOffice?
The classic UI text is too damned small. You cannot easily increase it last time I checked.
I’m in exactly the same boat. I’ll have to look at some of the suggestions here
it is forseeable that MS would be very interested in taking a security stance vs a very possible vector.
I was going to guess that they accused the author of copying code from Office. Was AI used in the project? Perhaps a model regurgitated copyrighted code leading to a sternly worded notice from legal...?
Ooooh yeah. Looking through the author's past posts: "got a lot of skepticism because we're developing heavily with AI"
So AI was in use. Then the author says that following the spec alone wasn't enough to get it working, they got "active community feedback" and fed that feedback into the AI until it worked just like Word. I have to think that if there were ANY conditions under which a model might output code that Microsoft legal would threaten to sue you for, these would be them
Clearly, it was the fault of the AI, and it should be thrown in jail.
I think this (if it is what happened) is a perfect demonstration of the dynamics. If you use AI to do things you couldn't have done on your own, you're copying off someone else's homework and the real risk is that you don't know who you're copying from, but they probably do.
How do you copy code from Office? Is the source code public?
I suspect the source code for at least some older versions of Office is absolutely in the training materials of some LLMs. There have been leaks before, and the early models were trained on the entire contents of the internet without regard to legality
Today's LLMs are perfectly capable of disassembling.
A vector against a standardized XML+ZIP document format?
‘’ <—— li’l Dr Evil air quotes to put around ‘standardized’ ;-)
If anything it’s DOCX itself that was the vector!
IP is not the only issue. BTW this discussion is being chilled so now an exercise in abusive DV harvesting.
Understanding DOCX Malware and Hidden Threats
https://cloudmersive.com/article/Understanding-DOCX-Malware-...
Hackers using Weaponized Office Document to Exploit Windows Search RCE
https://cybersecuritynews.com/office-document-to-exploit-win...