[HN Gopher] Gokapi: Lightweight selfhosted Firefox Send alternat...
___________________________________________________________________
Gokapi: Lightweight selfhosted Firefox Send alternative with AWS S3
support
Author : thunderbong
Score : 101 points
Date : 2024-10-06 03:55 UTC (19 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| toomuchtodo wrote:
| Also supports Backblaze B2 per the docs.
| dddw wrote:
| I dig this
| peterpost2 wrote:
| That's a different site, this is hackernews.
| your_challenger wrote:
| Can we have this but something server less? Like using cloudflare
| workers and R2 (I know R2 is S3 compatible)
| tfolbrecht wrote:
| If this is something you're interested in it can be
| reimplemented on CloudFlare workers super easily using the
| awssdk for s3 (R2) and with D1 as the DB.
| your_challenger wrote:
| Yes, but would be great if someone made it and is open
| source. Would be cool little side project, no doubt.
| shrubble wrote:
| The source code is there - you could try to add the
| functionality to it :-)
| tfolbrecht wrote:
| I'm down, I think this is an awesome idea.
| gfody wrote:
| xkcd949.com is serverless (azure only tho,
| github.com/gfody/webrelay)
| ornornor wrote:
| Whoops, http only
| Larrikin wrote:
| You could use Tailscale send
| ktosobcy wrote:
| Would it be better than seafile and it's share link functionality
| (it can be expired after x days as well)
| voiper1 wrote:
| Any recommendations for s3/b2 - anyone can upload (or with
| password) and only the admin can download?
|
| Goal: allow customers to upload large files.
| bobnamob wrote:
| To go full aws on this:
|
| - lambda vending s3 pre signed urls with put only permissions
|
| - a static page with 20 lines of js that requests one of those
| urls and does the put
|
| I'm not aware of any existing solutions, but your problem seems
| simple enough that you could roll a solution yourself
| INTPenis wrote:
| This is exactly what I use Firefox Send for in my org. It's not
| strictly "admin can download" but anyone with the password/link
| can download. The effect is the same.
| ricardbejarano wrote:
| I run https://www.wormhol.org
|
| Ping me if you want your own instance.
|
| It uploads to S3. I could make it such that only you/admin can
| download. Right now everyone with the link can.
|
| Supports up to 5GB (S3's limit without doing multipart
| uploads).
| peterpost2 wrote:
| AWS S3 scares the shit out of me.
|
| The company I worked for misconfiguration one of the buckets and
| allowed uploads. A couple of months later there was a bill for
| $15k. Since apparently some spammers were using our service.
| Which is OK for a company but I would not want to use it as a
| private individual.
| fhke wrote:
| Notwithstanding the fact that this was a user misconfiguration,
| S3 allows you to configure public access blocks to prevent this
| sort of thing.
| endgame wrote:
| These days, you have to remove the public access block AND
| explicitly write a bucket policy (or set up deprecated ACLs)
| to allow public access.
| ksynwa wrote:
| I have never had to use them directly but the use-now-pay-later
| model feels scary to me for the same reason. Maybe they allow
| setting the upper cap to the monthly bill (crossing which they
| don't serve you until you intervene) but I have never heard of
| it. On the other hand there are many stories extremely
| ballooned bills for some unforeseen reasons.
| leetrout wrote:
| They have "AWS Budgets" for alerting you if you go over an
| amount but no automatic stops.
| ranger_danger wrote:
| Not using the budget reporting feature is the bigger issue here
| IMO and just highlights that the organization was poorly
| managed.
| peterpost2 wrote:
| Wow you can figure all of that out from a single sentence?
| ranger_danger wrote:
| Yes, because not only was the projected cost not monitored,
| neither were changes to bucket security. They have entire
| suites of tools to monitor all of this stuff that is easily
| accessible.
| promiseofbeans wrote:
| Apparently Thunderbird are working on reviving Firefox Send and
| adding encryption.
|
| Overall Thunderbird seem to be doing white well from themselves
| since rejoining Mozilla: >$8m in donations last year I think.
| darkwater wrote:
| I just discovered this TH feature the other day when attaching
| a file to a mail but it looks like it works with plugins now,
| so you can use different providers.
|
| Actually I came here to ask if Gokapi works with that
| Thunderbird feature.
| jasonjayr wrote:
| FF Send already had encryption -- IIRC, Mozilla shut it down
| because it was being abused.
| mhuffman wrote:
| Abused in what way? Content? How would they know, if it was
| encrypted. Or volume?
| brandon272 wrote:
| Likely law enforcement found out about it being used to
| distribute illegal content and then applied pressure.
| Companies don't have a strong history of successfully
| resisting that pressure.
| compootr wrote:
| law enforcement is so bass-ackward on privacy/security
| tools
|
| Of course, if a hammer is for sale, some will use it to
| build houses and a subset will use it to hurt people.
| Just because something can possibly be bad doesn't mean
| we shouldn't have it
| neodymiumphish wrote:
| But if law enforcement's data suggests to Mozilla that
| something like 60%+ of Send's uses are for malicious
| purposes, what benefit do they have in continuing to make
| it available?
|
| I'm all for privacy, but I wouldn't support my tool being
| used predominantly for criminal activity, no matter how
| good I feel about it as a security/privacy tool.
| Stem0037 wrote:
| Consider implementing a 'guest upload' feature with stricter
| expiration policies and file size limits. This could maintain
| security while allowing for more flexible use cases, especially
| in client-facing scenarios where bidirectional file sharing is
| necessary.
| ei8ths wrote:
| I need something like this but allows users to upload and send
| files. I don't want to make everyone admin.
| latexr wrote:
| The staying power of "Firefox Send" as a brand is baffling to me.
| It never did anything that wasn't already available by multiple
| other services, didn't do it better, and it was embarrassingly
| obvious from day one it was another one of those projects Mozilla
| would abandon in no time.
|
| Just goes to show how powerful (and mismanaged) "Firefox" is a
| brand.
___________________________________________________________________
(page generated 2024-10-06 23:01 UTC)