devtools.fm: Developer Tools, Open Source, Software Development Daniel Thompson-Yvetot, Lucas Nogueira - Tauri
Jan 22, 2024
Daniel Thompson-Yvetot and Lucas Nogueira join to talk about Tauri, advantages over Electron, importance of security in open source, future of cross-platform apps. They discuss governance in open source projects and Tauri's approach with Crab Nebula. They also explore optimizing bundle sizes, impact on the planet, challenges for digital nomads, and importance of updates and security in frameworks and applications. They conclude by discussing building mobile apps with Tauri and the importance of listening to users and staying innovative.
AI Snips
Chapters
Transcript
Episode notes
Establish Governance Early And Iterate
- Set governance early and iterate gradually to avoid single-point failures and build community accountability.
- Use a legal stewardship structure (they used a Dutch foundation) to protect project continuity.
Ditch Localhost Servers For IPC
- Avoid embedding a local HTTP server; use message-based protocols to reduce attack surface.
- Tauri uses a custom protocol and no localhost loopback to strengthen security.
Message Passing Creates A Strong Boundary
- Tauri enforces a strict message-passing API between web UI and native core, preventing function-passing and reducing privilege escalation.
- The Rust backend handles commands while JavaScript acts as a thin API surface.