Here is a more polished release of nanogram. Fully compatible on raspberry pi now.

⁨31⁩ ⁨likes⁩

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨hereforawhile@lemmy.ml⁩ to ⁨selfhosted@lemmy.world⁩

https://gitlab.com/here_forawhile/nanogram

Documentation for nanogram available here for awhile

source

Comments

Sort:hotnew top

sem@piefed.blahaj.zone ⁨3⁩ ⁨weeks⁩ ago
Don’t be mad when ppl don’t like LLM code.

source
- hereforawhile@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
  Sorry I don’t mean to come off entitled. It’s not a very constructive community though that’s unfortunate haha.
  
  source
  - non_burglar@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
    
    It’s not a very constructive community though
    
    You need guidance in your presentation style, you have managed to completely alienate your potential users in one single post.
    
    No one owes you anything. No one asked you to spend time and money on a project. Calling folks “ungrateful” while trying to attract them to your project is weird.
    
    source
    -> View More Comments
smiletolerantly@awful.systems ⁨3⁩ ⁨weeks⁩ ago
Almost 9k lunes of python in a bash script. Lmao. No.

source
6nk06@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
Why put all the Python code in the script?

source
- Ghoelian@piefed.social ⁨3⁩ ⁨weeks⁩ ago
  Apparently it was all ai generated and the author doesn’t actually know how to program. Just look at their responses in the .ml cross-post, that’s not someone whose software I would trust.
  
  source
  - 6nk06@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
    And it’s worse because they hide the Python code, which means that they can’t use tools like uv or ruff to check that everything works properly. I don’t understand why people do this.
    
    source
    -> View More Comments
  - cypherpunks@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
    
    look at their responses in the .ml cross-post,
    
    that post is now deleted, but you can see their modlog here
    
    source
    -> View More Comments
  - hereforawhile@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
    AI generated I guess… with love, time, money, and care from me. Take it or leave it lol.
    
    source
- hereforawhile@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
  I made this on mobile, and one monolithic file was how I can quickly iterate and test each feature.
  
  Every time I added a new feature I had to test it’s function to test if it was properly implemented and exactly what I wanted. Keeping it all one file means I could copy paste it into the terminal. Running it overwrites all the home directory instantly with all my updates across the python, db, html, css.
  
  source
CypherColt@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
I’ve been experimenting with Vibe Coding for a few months. I recommend you do some beginner tutorials on coding, at least python.

Then, using what you have learned, have your AI vibe coding assistant refactor your code into something manageable.

Just because it works, doesn’t mean it’s ready for others to use. If you want to vibe code an app for yourself and it works, that’s fine. But this is… python code, in a bash script? You need to clean it up and make it more professional before you share it.

source
- hereforawhile@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
  Look at the edits, they have both been broken apart into standalone projects broken down into all their parts.
  
  source
savvywolf@pawb.social ⁨2⁩ ⁨weeks⁩ ago
Had a quick skim and found this little guy:

# ---------- Protected media route ---------- @app.route('/img/<path:name>') @login_required def media(name): db = SessionLocal() try: me = current_user(db) # Find the post with this image post = db.query(Post).filter_by(image_path=name).first() if post: # Check visibility can_view = post.user_id == me.id or db.query(UserVisibility).filter_by( owner_id=post.user_id, viewer_id=me.id ).first() is not None if not can_view: abort(403) return send_from_directory(UPLOAD_DIR, os.path.basename(name)) finally: db.close()

I’ve not read through everything, but there are some security concerns that jump out to me from just this function. Hopefully you can enlighten me on them.

Firstly, what is stopping a logged in user from accessing any image that, for whatever reason, doesn’t have an associated post for it?

Secondly, the return codes for “the image doesn’t exist” (404) and “the image exists but you can’t access it” (403) look to be different. This means that a logged in user can check whether a given filename (e.g. “epstien_and_trump_cuddling.jpg”) has been uploaded or not by any user.

Both of these look to be pretty bad security issues, especially for a project touting its ability to protect from nationstates. Am I missing something?
source
- hereforawhile@lemmy.ml ⁨2⁩ ⁨weeks⁩ ago
  I disclaim the opposite, I don’t tout its ability against nation states in the Readme.
  
  Image
  
  There are two checks for someone on the server to be able to view a post. First, are you a valid user? Then did the person sharing the photo give you access to view their posts? If both are true you can see the post. Also, on upload to the server, the image get compressed and stripped of any meta data including the file name…so no they couldn’t check a file name. Each photo is given a randomly generated filename.
  
  source
  - savvywolf@pawb.social ⁨2⁩ ⁨weeks⁩ ago
    
    You list “Activist/journalist secure communication” as a use case. Not all countries have freedom of press.
    
    Looks like you name images based on a random uuid, so that should protect against filename attacks. But if you do have a filename you can tell whether the image has been an image or not.
    
    Also, looks like all uploads are converted to jpg, regardless as to whether the original image was a jpg (or even an image) or not. Don’t do that.
    
    Can you point to where in code this invariant is enforced?
    
    source
    -> View More Comments