[WIP] Introducing: Ghost in the Safe – publishing/blogging webapp for safenetwork experiment

Good evening,

it is late and I’ve worked on this quite intensively over the last few weeks, so I am very tired, too. But I didn’t want to miss the chance to announce this here before going to sleep, as it is live on the stable droplet testnet. From the Readme:

Ghost in the Safe 0.7

is an experimental (blog) publishing platforms for the safenetwork (build by maidsafe). It is hosted on the network itself and runs only in the browser, thus allowing to be used as a fully distributed WebApp without any servers, yet the publishing tool on the network itself.

See it in action (click the thumbnail to see the video):


Just connect to the stable droplet test network provided by maidsafe and click the following link to start the app – proceed with caution, this is only a conceptual prototype:

launch ‘Ghost in the Safe’ 0.7


The goal of ‘Ghost in the Safe’ is to provide easy, intuitive and beautiful content publishing and blogging to the safe network for anyone to start their website with. As the safe network operates completely without servers all classic approaches to this – like Wordpress or Ghost – are out of the questions and many static-site-generator are just not non-coder-friendly-enough to find mass-audience acceptance.

However, Ghost themes themselves use a similar approach and all of their – magnificently beautiful – themes can actually be statically build, using a Templateing-language completely written in javascript: handlebars (initially even for the browser rather than the server). Those in combination with the choice of using the really simple markdown language to provide text editing made the ghost system the weapon of choice: Markdown-Files compiled statically with a Javascript-written Templating language using Beautiful Designs – with a [flourishing marketplace for themes])(http://marketplace.ghost.org/).

Thus, by version 1.0 ‘Ghost in the Safe’ attempts to be 100% ghost-themes-compatible.

Development decisions

This is the work of less than 10 days hacking together a concept study to proof that a browser-based publishing tool for and within the maidsafe safenetwork is technically possible and feasible. At it currently stands for its first release (version 0.7), this has been proven and the results are there for anyone to test. For that – let’s call it what it is – hack, the following design decisions had been taken:

  • We are using a fork of the statical-ghost to compile the markdown files with the ghosts templates into websites. We had to fork the project to make some fixes coming from assuming file-system-behaviour we can’t provide
  • We are currently using BrowserFS with an in-memory-storage-system to allow statical-ghost to run as it needs to
  • We rely heavily on the safenet javascript library to connect to the network and sync files between maidsafe and the browser
  • For the editor, we rely on the awesome Pen-Editor
  • For the GUI we are using React and MUI-CSS to give it a nice look and feel
  • We are shipping with a few themes as internal-zip-files
  • all this is barely held together with duct tape and hacks.


This Software is using Monotonic Versioning (for the package.json in the Semantic Versioning Compatibility Mode with an additional .0). Each minor or major release is defined by being published on the maidsafe (test) network.

Work to Come

While pre 1.0

These are some known issues. However, as this was only meant to be a concept study they may or may not get fixed before version 1.0. If you happen to want to fix any one of them, we are accepting pull-requests:

  • When the Safe Launcher runs out of space, the app is screwed
  • We have troubles sending binary data to the safe launcher
  • The DNS-Name generator can’t be reached by clicking (you have to tab there)
  • We can only publish one project per account at the moment
  • we can’t create new posts
  • we can’t upload files
  • There are files, but they aren’t published
  • files nor posts can be deleted
  • posts can’t be set to be draft
  • momentjs seems to cause hick ups on post Metadata
  • there appear to be unicode encoding issues in posts, which duplicate for every write-read-cycle
  • the editor doesn’t switch between files properly, showing old files at times
  • the editor doesn’t have any way to easily link to our files / should link on click in side-drawer
  • there is no preview of files
    • neither in the editor
    • nor when selecting them in the drawer
  • the side drawer should highlight the selected post we editing
  • configuration is missing many options:
  • managing authors
  • managing tags
  • image upload: logos / favicons / authors
  • RSS doesn’t compile (though, do we need that on safenet?)

Version 1.0

However, because of the nature of this project as a concept study, this prototype is in no shape to be maintainable in its current form. It is bloated and big, hacky on every corner and uses way to many huge dependencies. For a feature complete (and maintainable) version 1.0 the internal structure and code must be completely rewritten. This is what I have in mind about this right now:

  • Build an offline-first local-storage-based safenetwork syncing layer
  • Complete rewrite of the system
  • Drop BrowserFS, statical-ghost
  • our own implementation of a ghost-theme-renderer using the new syncing-layer and handlebars directly
  • highly improved UI
  • multi-project support
  • sub-directory support
  • proper logo, design and brand


Please fill away your issues and problems, and for any of the above mentioned Pull-Requests are highly welcomes. However bigger changes will only be accepted towards version 1.0, which will also be the focus for further work.


© 2016, Benjamin Kampmann for The Bashy Initiative

This projects is licensed under AGPL 3.0. See the LICENSE File in this directory for more the full text. In short this license states that the software is provided as is, that the authors and distributors do not give any guarantees but that you can use, distribute and change it as you please as long as you keep it under the same license. This license further more requires you to also give anyone access to the source code – including your changes – for whom you make this available as a compiled version or offer via a telecommunication service (you run it for anyone else, you have to provide the source!).



Looks interesting. If the binary file is broken how are we to install and use it though? And is this an app or a web app or what?

whooooooot Oo i didn’t expect THAT when clicking on the thread!!! You are AWESOME! @lightyear =D :heart_eyes:


It’s a webapp, runs totally independently on safenetwork in your browser, no installs needed. Just start the launcher and click the fat link should open the App for you.

that only refers to publishing binary files from within the webapp itself. So right now it can’t handle images for e.g.


Simple so far, but very cool. A web app!!

Can’t wait to see as you get the features filled out. Anxious to start blogging.

Actually, I’ve got an unpublished article I’ll put up as soon as you have it in shape, test net or not!


haha - oookay - it took me some attempts to understand how i can use it (and obviously i did post my posts a couple of times xD ) but it works! and i got the impression it has the potential to become absolutely amazing!!! =) :heart_eyes: :heart_eyes: :heart_eyes:

sooo cooool - my first blog :open_mouth:


edit: and even in this early state it is pretty intuitive to use =) … i wasn’t patient enough to watch your video (or to read your first post till the end :smiley: …) just clicked on the link and tried to use it :slight_smile:
my compliments! sooo coool … !!!


Awesome work @lightyear. Will follow your work!


This is the beauty of having stable community test nets!! :smiley: this is the exact reason the MaidSafe team made the investment!

Great job Mr. Lightyear!!


Good work. Hypothetical (ahem, rhetorical) question: if I made a blog which referenced a 1x1 png at an HTTP URL for my Facebook app or something, have I just successfully deanonymized you? Yup. Not to mention the bazillion other vectors I can use. I don’t say this to disparage your awesome work here, I’m just trying to dissuade developers from accessing the launcher from the common user browser.


Wooow, very nice App. This shows where we are going with the MVP. An stable P2P-Network with tools for blogs, pastebin data and more. Very well done :thumbsup::thumbsup::thumbsup:.


Haven’t tried it yet but I already know this is fantastic news! Well done @lightyear :slight_smile: I hope to see many more web apps like this. This is going to be a very easy way for people to create and deploy apps for SAFE because they will just work - on all devices, on all operating systems. No downloads, no installers, no ARM binaries :wink:. But security…

… I agree with @cretz that we need a SAFE solution (boom… boom…! :joy:). A SAFE browser for example, and ideally SAFE web App developers will highlight the risks when they detect use in a standard web browser, so…

@cretz how about creating a little warning JavaScript so we can encourage all SAFE Web App Devs to include it? It could operate like the Cookie Warnings we now see everywhere - a little banner saying “Warning blah blah” and linking to a security how to on the SAFE network. This would explain the need to use SAFE Browser (or whatever) and what the risks are if you don’t, when using web apps.

This is only one plank that we could put in place, and doesn’t protect users from a malicious web app developer (but that’s true of any SAFE app). It would help by raising awareness of the issue and encouraging users to adopt the SAFE solution (though we still have to develop that of course).

So as not to derail @lightyear’s Ghost in the SAFE topic, I suggest replies on the subject of security be diverted to a new topic by using “Reply on new topic.”


I’ve been doing quite some hours since Friday trying to get Ghost in the Safe running on the Alpha Network and though I made a lot of progress, it appears that the safenet JavaScript lib I am using isn’t gonna work with 0.5 of the launcher API. Therefore, unfortunately, I can’t give an updated, working version of Ghost yet and am further more pondering how much more time to invest in this current, inferior version of it.

I’ll keep you posted!


Which JavaScript lib is that?

@eblanshey’s safenet (npm, github)


v0.5 is simpler, as no encryption between client and launcher, so I am sure it will be updated soon.

1 Like

@lightyear this is slightly more up to date: GitHub - joshuef/safe-js (though not documented at all, it’s fairly simple)

It’s cut out all the encryption to launcher lark, but hasn’t been updated since the alpha release. Shouldn’t be too far behind though. (and PRs always welcome!)

1 Like

Oh, I didn’t realized we don’t need to provide a based64 public key and nonce anymore for authentication. One less dependency, nice.

1 Like

Looks awesome well done!