I was building a new type of node when something started to bother me.
The techniques I was using felt too powerful. It was like discovering you could rewrite the rules of a game before the other players even step onto the field (like brazilian politicians do) — and no referee would ever notice. (because our society is modeled to be unfair)
Except this wasn't a game. This was every Node-RED instance running in production.
So I started building the referee.
I can't find a description of what it does or how to use it.
It is top secret. But I gave a hint of what it is and what it does in the post. It is abstract on purpose to not spoil the magic trick hehe
It will be easy to install it
npm install @allanoricil/nrg-sentinel
And you will be all set.
Sentinel is to Node-RED what Lightning Locker is to LWC: a security and integrity layer that monitors and protects runtime behavior.
Well I am not going to do that without knowing a lot more about it.
I will find a way to have it reviewed by pedigree folks that will trigger your safety biases. Just not sure if I will be able to open source it.
It's top secret but you want to open source it?
I can't decide if this is a joke or not.
The suspense is part of my marketing campaign. 
I need to make future customers "feel something" to get their attention. Just dont feel anger, please haha
I admire your enthusiasm @AllanOricil - and it's something I share a lot in my own projects. 
Just keep focus on your target audience (remembering a lot here, have a fair bit of security awareness). - especially for us hardened tinkerers 
Whether or not it's open source - such a project will need to be (as much as possible) transparent.
Take this comment as a way to help you execute your project delivery as best as possible 
I really hope it goes well.
(The Logo is great BTW 
)
I will see how anti-virus tools get audited for security and probably do the same.
Thanks for the compliment. NRG and NRG Sentinel logos were inspired by the shapes and colors found in the NodeJS and Node-RED logos.
The lightning shape in the NRG logo, besides obviously representing electrical energy, is also a disguised letter R, from RED. The colors are dark because I'm like the root ambu from naruto, for now, at least. Im kidding, I just like dark themes and I would love to have a red light saber haha
Did anybody notice the light source behind the logo is pulsating like a heart beat? It was done on purpose to increase suspense haha
This is an expensive process that typically also requires annual reviews and involves reviews of all processes, storage, etc. Not just the software itself.
It is hard enough to get Node-RED accepted for controlled production environments, let alone something like this I'm afraid.
Open-sourcing it would be a good first step as it would allow others to review and vet the software for themselves and also to understand actually what it does and how it does it.
Without a view of those things, most organisations would - rightly - decline to allow it on their infrastructure.
Even with 3rd-party security audits, organisations would still need to have good documentation regarding what infrastructure, support, configuration, etc is needed.
Digital security is HARD WORK I'm afraid.
It’s already difficult to get Node-RED accepted in controlled production environments. I understand that.
But what frustrates me is that sometimes the people raising concerns are also the ones dismissing discoveries that come from outside the usual circles.
I’m not someone with a big pedigree or a famous background. I come from a place many people would probably overlook. Yet while working within the system and playing by the rules, I discovered something that shows how environments like these can be compromised.
I’m deliberately not sharing the technical details publicly because the goal isn’t to create harm. The goal is to highlight that the risk exists so it can be addressed.
What I hope people realize is this: security insights can come from anywhere. Sometimes the person who finds the problem isn’t the one with the title, the reputation, or the enterprise badge. Sometimes it’s just someone paying attention.
How can I protect my work if I do so? I want to get paid for this and get famous for sure. I need to sell something valueable so that I can call myself an "entrepreneur" without thinking I'm a unworthy or impostor
What if I show to a few of you folks who have experience and reputation in the industry to back my work? It is hard to pass through people's biases when you have no pedigree nowadays
I absolutely agree and I'm not trying to undermine what you are trying to do, simply providing the perspective of enterprise architecture and security.
Well, this is a very different thing and really outside the scope of this forum I feel. To achieve what you are saying needs you to persuade people with money to back your idea. They might do so if they feel there is a market that would give them a return on the investment.
Unfortunately, creating software isn't like creating something physical, it is much harder to get backing unless you are lucky enough to be in a place where someone sees value and wants to put resources behind it.
It is actually much "easier" (not that easy still) to create something that people want - offered maybe for free - and build a business around a couple of things:
Building a security feature for a niche product like Node-RED is, I feel, unlikely to be a sure path to riches I'm afraid. Sorry to sound negative, I know that you've many good ideas, I'm only providing my perspective from personal experience.
Well, you need to create something valuable. What you need to sell is the idea that it is valuable, to people who are prepared to spend money on it. The product is the smallest part of this. Which is why sometimes, open source, is a better starting path. Getting the product to a large-enough group of users to build momentum and need.
Finding the right people to share your idea to is absolutely a good way to go. Assuming you can find the right people, as I mention above.
But you need to be realistic. Who has both the money and the need to apply what you are offering to this niche - free - product called Node-RED? That is the trick. If you can find such people, you need to target them with comms and build a relationship. Or, you could show a potential investor your idea and convince them it has legs and that people will be willing to pay for it once they see it. Then they might invest and help you with the marketing.
@Colin check the images I shared
This whole reply from @TotallyInformation is so very, very well spoken and valid for all kind of entrepreneurship
Personal experience, sw I have developed spending many years & days, shared it, is (or has) been used & appreciated by thousands of users around the globe, not a single penny earned. On the other hand, I have used sw kindly shared by others, without paying a penny either
I don't see them.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy
