[HN Gopher] A Console-Friendly Pastebin with binary support
___________________________________________________________________
A Console-Friendly Pastebin with binary support
Author : goranmoomin
Score : 92 points
Date : 2024-10-20 23:08 UTC (23 hours ago)
(HTM) web link (paste.c-net.org)
(TXT) w3m dump (paste.c-net.org)
| daniel-s wrote:
| > This is a console friendly pastebin that allows binary files.
| No fancy website, no intermediate pages to click through, and no
| CAPTCHAs.
|
| The site is cool, but is it not just going to be abused?
| derefr wrote:
| It very likely will be, yes.
|
| I would personally suggest that this site _probably_ "wants"
| accounts. Yes, with CAPTCHAs (on registration.) If you want to
| be able to ban people who abuse your service, you'll need some
| thing-that-is-costly-to-get-multiple-of to ban them by.
| Otherwise they just keep coming back.
|
| To still be a "console-friendly pastebin", the result of doing
| that costly registration process, could just be a page that
| gives you a (private) URL, that works like the base URL does
| now. https://paste.c-net.org/b/{bucket} or something, where
| {bucket} is a UUIDv4, or anything else with enough entropy to
| not be able to brute-force enumerate your way into someone
| else's account URL.
|
| The uploaded files themselves could still have short human-
| writable top-level paths, for ease of repeating them over the
| phone.
|
| Though, I notice that when you upload a file, you get a "delete
| key" as well as a URL. IMHO the "delete key" shouldn't be a
| weird nonstandard header you send with an HTTP DELETE; it
| should just be a URL -- e.g.
| https://paste.c-net.org/b/{bucket}/{delete_key} -- that you can
| HTTP DELETE directly.
|
| In other words, make /b/{bucket}/{delete_key} the file's "true
| name", and /{link} a "read-only view" of the file.
| daniel-s wrote:
| I have heard good things about
| https://www.stopforumspam.com/.
| t-3 wrote:
| When you say abused, I assume you mean either CSAM or
| copyrighted material?
|
| Is there a hash database or something that could be queried to
| block known bad stuff? (would probably fail in the face of
| compression or encryption, but catching the low-hanging fruit
| would at least probably handle any potential legal liability?)
| Seems like something useful AI would actually work well for, if
| FBI/publishers/etc., would train a model and release it or host
| a service with an API.
| j16sdiz wrote:
| > catching the low-hanging fruit would at least probably
| handle any potential legal liability?
|
| Actually No. It take 5 minutes to create a script to
| randomize a password, encrypt and upload.
|
| Abusers have been doing the same for 20+ years and it is very
| effective.
| ttyprintk wrote:
| I think the question is not about the persistence of
| uploaders but the safe harbor of innocent hosters.
|
| For example, hosting a password-protected binary with a
| cleared hash is one thing. The bad actor posting a password
| (any password) might be another.
| xg15 wrote:
| This. The reason why we don't have an un-siloed, general-
| purpose means of file transfer after 40 years of internet is
| probably more a legal than a technical one...
| hnlmorg wrote:
| Usually youll find vendor lock ins because the actual hard
| part of this isn't legal, it's building a user base from non-
| technical users. And that usually requires having your
| standard included with platforms they already use.
|
| This is why (for example) Google Drive and OneDrive have
| become so popular despite Dropbox being first to market.
|
| There's plenty of other file transfer solutions out there too
| but you'll find the un-siloed ones will be lesser known than
| the siloed ones simply because of the power of $$$
| GoblinSlayer wrote:
| bittorent
| egeozcan wrote:
| It will be. Any time you offer something that allows anonymous
| uploads & shares (hell, sometimes even if you don't allow
| share, people will share accounts), it will be a silo 95% full
| of material that's illegal in practically every corner of the
| world.
|
| If you play the good citizen and encrypt the files, giving the
| key to the owners, then you also don't have any means to
| preemptively detect and delete that stuff, you just keep
| waiting on some law agency knocking at your door. Also, if you
| openly say "hey I'll peek into your files to see if they are
| legal", then they will be the ones encrypting. Disallow that?
| It's a nightmare to detect and abusers are really, really
| creative! So much dedication too!
|
| And it's not just CSAM, there will be detailed instructions on
| practically any illegal thing you couldn't even imagine.
|
| It's bad, really bad, and I've grown to accept that small,
| closed community services (best with real-world connections)
| are the only way forward.
| guerrilla wrote:
| > It's bad, really bad, and I've grown to accept that small,
| closed community services (best with real-world connections)
| are the only way forward.
|
| Our first technology, community, serves a purpose after all.
| alias_neo wrote:
| I wrote something similar as a toy project a while back, it's
| open source, and I host a "demo" version of it, but for fear
| of all of this, I limited it to only kilobytes of data and
| have the links expire after an hour.
|
| I run it on my LAN for my own use, which is what I think it's
| best for, but I really don't like having something like this
| on the web.
|
| Luckily, I've never advertised or shown it off so nobody but
| myself uses it, but I'll probably take down the demo site
| too, soon.
|
| EDIT: Typo
| fragmede wrote:
| It's sad that you don't have Internet friends that you
| trust enough to share that with after writing all that
| code. Maybe open source it but don't link to your demo
| instance? It's more sad that the Internet is like that.
| There are a couple of really neat quirky projects out there
| that I only know about through word of mouth because the
| open Internet is not to be trusted. The projects are behind
| a login wall, so it's not like they're discoverable either.
| alias_neo wrote:
| The name of the project is its domain so I'd have to
| separate them out, which is why I've kept the demo site
| online for years now, despite basically no usage, I'm
| also a big fan of being able to try something before you
| go through the effort of deploying it yourself.
|
| The project is already open-source on Github, but I don't
| actively link to it in public forums because I don't want
| to have to deal with it being used for
| questionable/illegal content, which is also the reason I
| haven't added some of the features I'd like to, and
| severely limited the size and duration for the demo site.
|
| It's been a nice toy project, I added multiple
| architectures support for the Docker image builds when I
| was working out how to do that, manifests to deploy it in
| Kubernetes when I was first learning that and even made
| it a Nix flake when I first started playing with NixOS;
| The code itself is written in Go with a goal of using
| zero external (outside of standard library) dependencies,
| keeping the code small and clean for non-programmers to
| be able to understand and uses some Go features that were
| new/interesting to me at the time they were added.
|
| It'd need to grow a lot and forgo some of those goals for
| me to add the features I would like to see, but for
| something nobody will use, and I use quite sparingly
| myself, there's no need.
| fragmede wrote:
| Hell, there's an active post about Google drive being blocked
| in Italy for content being hosted on it.
|
| https://news.ycombinator.com/item?id=41901168
| p4bl0 wrote:
| I ran a very similar service for years. And yes it will be
| abused. I stopped when russian and chinese bots where sending
| many messages per seconds containing AI generated marketing
| bullshit with links to scammy sites in various format (html, bb
| code, markdown, ...) and it became GB of text... :/. I still
| haven't finish to clean things up. The service is now
| discontinued because of this: https://paste.fulltxt.net/
|
| The full code for the service is here:
| https://paste.fulltxt.net/42
|
| The command-line paste tool was this simple script:
| https://paste.fulltxt.net/txtp
|
| In another distant past, I ran an URL minification service at
| http://uzy.me/, and there too because of spams, I had to
| discontinue it.
|
| Spam is really killing the internet... This actually saddens
| me.
| stavros wrote:
| I run https://pastery.net, and yep, exact same deal.
| sans_souse wrote:
| https://paste.c-net.org/ImproperAttacked
| crancher wrote:
| https://paste.c-net.org/HanukkahDisplays
| bxio wrote:
| https://paste.c-net.org/HurtingJunior
| derefr wrote:
| I like it, but this could do with being just the _slightest_ bit
| more specific:
|
| > Don't break the law, don't post illegal shit, don't be an
| asshole.
|
| The law in which country? All countries? Do I have to avoid
| uploading depictions of Mohammed, or insulting statements about
| the president of Turkiye?
| userbinator wrote:
| When someone assumes you know what English-speaking country
| they're referring to, it is likely to be the US.
| defrost wrote:
| 'ken oath mate, whenever I see people typing the queens I
| always reckon they're one of US.
| blooalien wrote:
| > userbinator: "When someone assumes you know what English-
| speaking country they're referring to, it is likely to be the
| US."
|
| I normally take a bit of a "dim" view of generalizing certain
| behaviors to an entire _nation 's_ population, but this one's
| _spot-on_ for certain, and I say this as an English speaking
| U.S.-born citizen that 's lived here all my life, and pretty
| much grew up "online" (had Internet access since the _early_
| days, and even before that I was on local and "long-
| distance" BBSs quite frequently).
|
| When this specific sort of assumption is made online or in
| writing / speech, it's _almost always_ "The U.S." Totally too
| many folks here have a "weird world" inside their mind where
| there is only "here" and "everywhere else", and "everywhere
| else" only really matters at all if it somehow "infringes"
| upon the personal-space of their social-media mandated "rage
| button".
| ttyprintk wrote:
| This is unrelated to website content like social media. The
| legal jurisdiction of where you choose to host is relevant,
| not the relationship between user-agent locale and
| politeness.
| Wowfunhappy wrote:
| I would assume it means "the law in whatever country you're
| in." By definition, I can't break the North Korean law against
| criticizing their leader, it doesn't apply to me.
| derefr wrote:
| Remember that extradition treaties exist. Kim Dotcom, founder
| of Megaupload, is a _New Zealand_ citizen who has never lived
| in the United States, who was nevertheless pursued _by_ the
| United States for breaking _US_ copyright law (through acts
| that were -- as far as any lawyer has been able to ascertain
| -- _not_ illegal according to NZ law!) According to the NZ
| supreme court, Dotcom can (will?) be extradited to the US to
| face those charges.
|
| In effect, in a world where extradition treaties exist, the
| law you're subject to is the sum of the laws of _all_ the
| countries your country has agreed to mutual extradition with.
|
| (And strangely enough, I believe this is even _transitive_.
| Presuming countries {A,B,C} which have extradition treaties
| AB and BC, if country B can get you extradited from country A
| for crime 1, then country C can get you double-extradited
| during your detainment in country B for crime 2 -- even
| though country A may have never signed any treaties with
| country C!)
|
| But even ignoring extradition... when speaking of
| international diplomatic relations, the _law-in-practice_ of
| "whatever country you're in" is often not the law-as-written,
| but rather "whatever it takes to make a foreign country
| happy." I.e. if a foreign country wants you punished -- and
| your own country isn't so powerful as to be able to just tune
| them out -- then often you will be slapped with whatever
| local law your own country can make fit, to get the other
| country to calm down.
|
| I brought up the president of Turkiye for a specific reason:
| the https://en.wikipedia.org/wiki/B%C3%B6hmermann_affair ,
| where a German who wrote an insulting poem about Erdogan, was
| charged with a [rarely used, archaic] crime _by the German
| government_ , after the Turkish government basically sent a
| strongly-worded letter to the German government implying that
| their relations would be damaged unless they "did something."
|
| (Though, pleasantly, after much outcry from the German
| populace, the law they used to try to punish Bohmermann was
| challenged and repealed: https://www.npr.org/sections/thetwo-
| way/2017/01/25/511611581...)
| egeozcan wrote:
| President of Turkiye? Many years ago, a person I know got
| arrested for calling that guy "clueless" on Twitter under a
| nickname.
|
| Disclaimer: Erdogan is the ultimate ruler, he's totally the
| best. That guy I know totally deserved it!!11
|
| ps. I like my vacations in south Turkey.
| chrsw wrote:
| This rules. Hope it stays up.
| betaby wrote:
| https://github.com/dutchcoders/transfer.sh/ is a similar project
| for self-hosting.
| Sephr wrote:
| I self-host OFTN Zerodrop as a pastebin with CAPTCHA support
| along with binary uploads and conditional routing.
|
| Unfortunately I still ended up taking down my publicly accessible
| demo to not have to deal with the legal risk of potential abuse,
| but this software is free for others to host and is written in
| Go.
| ranger_danger wrote:
| Not open source as far as I can tell?
| mmooss wrote:
| Very nice, and the urls use random words instead of random
| strings. Thank you.
| dgl wrote:
| I made a similar thing: https://waste.st/waste.1
|
| If you run curl waste.st you also get the "manpage"
|
| The goal was to make it do uploads without a ton of frameworks.
| The front page is around one request under 20K. It also has a
| special emoji url: https://[waste bin emoji].st that HN doesn't
| support.
| arjvik wrote:
| I love using 0x0.st for something similar - sharing files (not
| the purpose of a pastebin, where the file is to be viewed, not
| downloaded). Curl-based access is perfect :)
| xyz_ielh wrote:
| Check out https://txtd.cc it supports raw data for curl and
| custom urls & other stuff like markdown formatting.
| GoblinSlayer wrote:
| A blogging platform?
| captn3m0 wrote:
| punycode encoded: https://xn--108h.st/
| Timwi wrote:
| Thank you. I tried the emoji URL but Fennec on Android
| doesn't accept it and just runs a web search.
| visil wrote:
| Nice! I used a similar site, termbin.com, for some time now,
| though it uses netcat to upload files. Definitely useful!
| anthk wrote:
| cat file.txt | nc termbin.com 9999
| tomaskafka wrote:
| Excellent! I'll know where to upload my botnet payloads and CSAM!
| hn111 wrote:
| This website has possibly the worst alternative to horizontal
| scrollbars I've ever seen: horizontal scrolling per paragraph.
| blueflow wrote:
| ... this website are two monospaced texts in a <pre>. It does
| not use paragraphs.
| RealStickman_ wrote:
| My browser (Firefox Mobile) somehow does turn it into scroll
| bars per paragraph.
|
| https://paste.c-net.org/CartsTroops
|
| (Cool that it works btw)
| johnisgood wrote:
| Happens to me, too, on desktop with Chromium, just gotta
| resize the window to reproduce.
| Timwi wrote:
| Yep, that's what happens on mobile when each paragraph is in a
| <pre> tag of its own.
| RamVasuthevan wrote:
| This is a really cool tool that I think I'd use, but I am a bit
| concerned about link rot. It'd be nice to self-host it. Is the
| code open source?
|
| I can't seem to find out anything about Cathedral Networks
| (https://cathedral-networks.org/). They do host a cygwin mirror
| (https://cygwin.cathedral-networks.org/) and a GLaDOS Voice
| Generator (https://glados.c-net.org/)
| frays wrote:
| Fun and possibly useful project. Lots of other alternatives
| (including open source with source code) in this thread too.
___________________________________________________________________
(page generated 2024-10-21 23:02 UTC)