[HN Gopher] ffsend: A fully featured Firefox Send command line c...
___________________________________________________________________
ffsend: A fully featured Firefox Send command line client
Author : archb
Score : 85 points
Date : 2022-06-24 19:05 UTC (3 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| ebfe1 wrote:
| If anyone is interested, after firefox send shutdown, i wrote
| https://www.relaysecret.com, it's footprint is extremely small (1
| lambda function that does all signing for s3 upload/download,
| simple frontend code that does encryption in browser using web
| crypto api with no 3rd party Js, no 3rd party css, no tracking.
| Anchor tag is used for the random key material (so it wont leave
| ya browser and files will always be encrypted regardless).
|
| You can roll your own too with the terraform code in it. It costs
| me barely anything to run it because files never live more than
| 10 days (there is a catchall lifecycle rule on the bucket) and
| when users select durations, i also put them in bucket prefix
| that has lifecycle rule place on objects under them for that
| duration. Note that we can't rely on lifecycle rule all the time
| so i also make sure when lambda is called to access the object,
| it checks the time-stamp, the duration and if it is meant to
| expire and not yet cleaned up by s3 - lambda function deletes it.
|
| I learnt a ton of cool things about s3 after this neat little
| project and really dig the API, the lifecycle rule, signing url
| etc...
|
| Ps: for these type of tool, you should definitely mitm it to see
| if plaintext file or password ever leave the browser...
| Relaysecret does leave one item unencrypted and that is the file
| name. You can change it upon upload but i like to leave it there
| so people know what they are downloading. I have simple idea of
| encrypting that with just the anchor key but haven't gotten
| around to put that in yet.
| laurent123456 wrote:
| Very interesting, but why is the password optional? Doesn't it
| mean that someone with access to the S3 bucket can decrypt the
| data?
| rahimnathwani wrote:
| The file is encrypted before upload. The decryption key is
| supplied in an anchor tag. This is the case even if there's
| no password.
| Barrin92 wrote:
| send is nice but my favorite tool by far in this category is
| magic wormhole
|
| https://magic-wormhole.readthedocs.io/en/latest/welcome.html
|
| it only relies on a third party for a handshake rather than
| storing files online, so there's no limit to what you can send
| and it's probably less likely to go away.
| smw wrote:
| Or croc!
|
| https://github.com/schollz/croc
| unicornporn wrote:
| croc it is!
| throwamon wrote:
| Do you know how secure it is compared to Magic Wormhole?
|
| I remember a few years ago reading a comparison between two
| file sharing apps, and if my memory serves me they were croc
| and Magic Wormhole. One of them had a litany of security
| holes but I don't remember which of them. I googled but
| couldn't find info on this.
| stavros wrote:
| AFAIK security experts swear by MW and don't like Croc as
| much, because of the wonky protocol, but don't quote me on
| this.
| 0des wrote:
| I am very interested in hearing this. I always wondered
| what's what with MW.
| alexeldeib wrote:
| Yeah, I switched from magic wormhole to croc for
| simplicity/snappiness over magic wormhole. Static binaries!
| stock_toaster wrote:
| I use the go version[1] implementation, for a bit easier
| installation.
|
| [1]: https://github.com/psanford/wormhole-william
| throwamon wrote:
| I feel like I'm slowly becoming a Nix shill, but... Nix is a
| good alternative as well.
|
| Install Nix in one command: sh <(curl -L
| https://nixos.org/nix/install) --no-daemon
|
| Then run Magic Wormhole in one command, without even having
| to install it: nix-shell -p magic-wormhole
| --run 'wormhole send myfile'
| robonerd wrote:
| Did Mozilla bring this back? Last I heard, Firefox Send was shut
| down due to malware/etc moderation issues.
|
| https://support.mozilla.org/en-US/kb/what-happened-firefox-s...
|
| > _Firefox Send has been discontinued as of September 17th, 2020.
| You will no longer be able to upload or receive files. We'd like
| to thank all of you who tried Firefox Send._
|
| > _We started Firefox Send as a way for you to share files safely
| and easily from any browser. Unfortunately, some abusive users
| were beginning to use Firefox Send to ship malware and conduct
| phishing attacks. When this problem was reported, we stopped the
| service. Please see the Mozilla Blog for more details on why this
| service was discontinued._
| saghul wrote:
| Looks like there is a maintained fork here:
| https://github.com/timvisee/send
| cbkeller wrote:
| They ended the service, but you can host your own server --
| which is what the developer of this package has done
| Dylan16807 wrote:
| That's valid enough, but if I'm hosting my own server and I'm
| happy with the command line then the use case for a tool like
| this gets very niche.
|
| If I'm using the dev's server than that's pretty nice I
| guess.
| cbkeller wrote:
| I actually donate a nominal amount via github sponsors just
| to help support hosting costs since I find the utility
| useful -- specifically in my case for allowing people using
| my Binder notebooks to get their data out of the container
| without having to have a server of their own.
| ask_b123 wrote:
| This is not the actual Firefox Send but rather just Send:
| https://send.vis.ee/
|
| > This application is not affiliated with Firefox or Mozilla in
| any way.
|
| So the title is somewhat wrong.
| yccs27 wrote:
| It seems like ffsend came before send.vis.ee, but the fork
| explicitly kept compatibility (see the readme at
| https://github.com/timvisee/send)
| VWWHFSfQ wrote:
| That's my understanding as well. ffsend was created as a
| client to the Mozilla-hosted filesharing service at
| send.firefox.com (now defunct). The server component was
| then forked and made self-hostable.
| aaviator42 wrote:
| For the same purposes, I use a script I wrote that can be thought
| of as a simple self hosted FF Send alternative.
|
| Allows you to easily upload files to your server from a web
| interface and share them.
|
| It's a single PHP script you chuck on a server (shared hosting or
| virtual private or homelab): https://github.com/aaviator42/izi
___________________________________________________________________
(page generated 2022-06-24 23:00 UTC)