[HN Gopher] ffsend: A fully featured Firefox Send command line c... ___________________________________________________________________ ffsend: A fully featured Firefox Send command line client Author : archb Score : 85 points Date : 2022-06-24 19:05 UTC (3 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | ebfe1 wrote: | If anyone is interested, after firefox send shutdown, i wrote | https://www.relaysecret.com, it's footprint is extremely small (1 | lambda function that does all signing for s3 upload/download, | simple frontend code that does encryption in browser using web | crypto api with no 3rd party Js, no 3rd party css, no tracking. | Anchor tag is used for the random key material (so it wont leave | ya browser and files will always be encrypted regardless). | | You can roll your own too with the terraform code in it. It costs | me barely anything to run it because files never live more than | 10 days (there is a catchall lifecycle rule on the bucket) and | when users select durations, i also put them in bucket prefix | that has lifecycle rule place on objects under them for that | duration. Note that we can't rely on lifecycle rule all the time | so i also make sure when lambda is called to access the object, | it checks the time-stamp, the duration and if it is meant to | expire and not yet cleaned up by s3 - lambda function deletes it. | | I learnt a ton of cool things about s3 after this neat little | project and really dig the API, the lifecycle rule, signing url | etc... | | Ps: for these type of tool, you should definitely mitm it to see | if plaintext file or password ever leave the browser... | Relaysecret does leave one item unencrypted and that is the file | name. You can change it upon upload but i like to leave it there | so people know what they are downloading. I have simple idea of | encrypting that with just the anchor key but haven't gotten | around to put that in yet. | laurent123456 wrote: | Very interesting, but why is the password optional? Doesn't it | mean that someone with access to the S3 bucket can decrypt the | data? | rahimnathwani wrote: | The file is encrypted before upload. The decryption key is | supplied in an anchor tag. This is the case even if there's | no password. | Barrin92 wrote: | send is nice but my favorite tool by far in this category is | magic wormhole | | https://magic-wormhole.readthedocs.io/en/latest/welcome.html | | it only relies on a third party for a handshake rather than | storing files online, so there's no limit to what you can send | and it's probably less likely to go away. | smw wrote: | Or croc! | | https://github.com/schollz/croc | unicornporn wrote: | croc it is! | throwamon wrote: | Do you know how secure it is compared to Magic Wormhole? | | I remember a few years ago reading a comparison between two | file sharing apps, and if my memory serves me they were croc | and Magic Wormhole. One of them had a litany of security | holes but I don't remember which of them. I googled but | couldn't find info on this. | stavros wrote: | AFAIK security experts swear by MW and don't like Croc as | much, because of the wonky protocol, but don't quote me on | this. | 0des wrote: | I am very interested in hearing this. I always wondered | what's what with MW. | alexeldeib wrote: | Yeah, I switched from magic wormhole to croc for | simplicity/snappiness over magic wormhole. Static binaries! | stock_toaster wrote: | I use the go version[1] implementation, for a bit easier | installation. | | [1]: https://github.com/psanford/wormhole-william | throwamon wrote: | I feel like I'm slowly becoming a Nix shill, but... Nix is a | good alternative as well. | | Install Nix in one command: sh <(curl -L | https://nixos.org/nix/install) --no-daemon | | Then run Magic Wormhole in one command, without even having | to install it: nix-shell -p magic-wormhole | --run 'wormhole send myfile' | robonerd wrote: | Did Mozilla bring this back? Last I heard, Firefox Send was shut | down due to malware/etc moderation issues. | | https://support.mozilla.org/en-US/kb/what-happened-firefox-s... | | > _Firefox Send has been discontinued as of September 17th, 2020. | You will no longer be able to upload or receive files. We'd like | to thank all of you who tried Firefox Send._ | | > _We started Firefox Send as a way for you to share files safely | and easily from any browser. Unfortunately, some abusive users | were beginning to use Firefox Send to ship malware and conduct | phishing attacks. When this problem was reported, we stopped the | service. Please see the Mozilla Blog for more details on why this | service was discontinued._ | saghul wrote: | Looks like there is a maintained fork here: | https://github.com/timvisee/send | cbkeller wrote: | They ended the service, but you can host your own server -- | which is what the developer of this package has done | Dylan16807 wrote: | That's valid enough, but if I'm hosting my own server and I'm | happy with the command line then the use case for a tool like | this gets very niche. | | If I'm using the dev's server than that's pretty nice I | guess. | cbkeller wrote: | I actually donate a nominal amount via github sponsors just | to help support hosting costs since I find the utility | useful -- specifically in my case for allowing people using | my Binder notebooks to get their data out of the container | without having to have a server of their own. | ask_b123 wrote: | This is not the actual Firefox Send but rather just Send: | https://send.vis.ee/ | | > This application is not affiliated with Firefox or Mozilla in | any way. | | So the title is somewhat wrong. | yccs27 wrote: | It seems like ffsend came before send.vis.ee, but the fork | explicitly kept compatibility (see the readme at | https://github.com/timvisee/send) | VWWHFSfQ wrote: | That's my understanding as well. ffsend was created as a | client to the Mozilla-hosted filesharing service at | send.firefox.com (now defunct). The server component was | then forked and made self-hostable. | aaviator42 wrote: | For the same purposes, I use a script I wrote that can be thought | of as a simple self hosted FF Send alternative. | | Allows you to easily upload files to your server from a web | interface and share them. | | It's a single PHP script you chuck on a server (shared hosting or | virtual private or homelab): https://github.com/aaviator42/izi ___________________________________________________________________ (page generated 2022-06-24 23:00 UTC)