tripflag

@tripflag@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
so uhh, sorry for the late response to this – was going to reply much earlier, but then suddenly it became more timely than ever…

the good news is, I’m fairly confident in how it handles the filesystem and permissions, preventing unauthorized access to files.

but the part I’m a bit less sure about is sanitizing user data; the kind of vulnerabilities where someone uploads a malicious file and bad stuff happens if you then open that file in a certain way, or someone sends you a malicious link and trick you into clicking it – in other words, the kind of vulnerabilities which require the attacker to have a certain level of access already, or that requires tricking you into doing something.

…and with version 1.18.5 released just now, we got a prime example of exactly one of those. Really unfortunate timing, but it’s a blessing to have so many new and curious eyes on it to spot these sooner rather than later. It is what it is.
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
the intention with that statement was that seafile, by default, places all the files inside its own proprietary file container thing, where the files are not easily accessible from the server’s actual filesystem, using regular linux utilities. My knowledge of seafile is really minimal, so this could be wrong – in which case I’ll fix that right away! or, at the very least, try to clarify what I meant to avoid this confusion.

in case you happen to know – are you aware if it’s possible to use Seafile while having it just place all the files and folders on the disk like any other program would?
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
awesome thanks, should be able to reproduce it then :>
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
man… that’s really unexpected, I went with h264+mp3 which should be the most conservative / broadly-supported combination you could possibly use, yet still (ﾉﾟヮﾟ)ﾉ ~┻━┻

what webbrowser / device / player are you using?
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
that should be totally fine, I think a lot of people are doing that :>
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
No worries, good question :>

The problem with bidirectional filesync is that it’s an absolutely massive can of worms, very easy to mess up, and the consequences of messing up are usually the worst kind (loss of data). There’s an insane amount of edgecases to keep in mind, and you need to get every edgecase right every single time, otherwise you might wipe someone’s vacation photos, or suddenly downgrade someone’s keepass database to an older version… And stuff like syncing multiple devices to the same server makes it balloon further.

I’ve started becoming more confident in copyparty’s filesystem-index database, but it’s still just a hint/guideline, with the filesystem being the only source of truth – it’s still not something I’d trust with tracking sync-state against one or more clients.

The bigger guys who offer bidirectional sync (nextcloud, syncthing, etc.) have spent years perfecting their logic, so I’d like to leave this in their capable hands.
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
copyparty-sfx.py is a custom packer (see this reply) created by make-sfx.sh, and copyparty.pyz is a standard zipapp, created by make-pyz.sh. The zipapp has more disadvantages than the sfx.py, so that’s the default/recommended build.
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
sure! my implementation is really basic, just the stuff that’s needed to make the clients i’ve tested happy, so there’s probably still clients that won’t be able to connect (And i’ll fix those as soon as I hear about them!)

httpcli.py is the http methods handler, and the webdav-specific handlers are all next to eachother, propfind // proppatch // lock // unlock // mkcol // and there’s also put for the uploads, but that’s not entirely webdav-specific, just webdav-aware.
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
sooo this is one of the things that started with someone saying “wouldn’t it be funny if…”

if you open copyparty-sfx.py in a text editor, you’ll see how – but please make sure to use an editor which is able to handle about 600 KiB of comments which contain invalid utf8 / binary garbage 😁

I ended up rolling my own packer since I wanted optimal encoding efficiency, and everything I could find would do stuff like base85 or ucs2 tricks, but it turns out python is perfectly happy with binary garbage in comments if you declare that the file is latin-1 so it realizes all hope is lost :D

the only drawback of the sfx.py is that it needs to extract to $TEMP before running, so that’s the slight advantage of the zipapp (the .pyz alternative), but that suffers from some performance reduction in return, and is more hermetic (doesn’t let you swap out the bundled dependencies with fresh versions as easily if necessary)
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I have a hunch that the true answer, to be honest, is “no” – at least with the current UI as it is. I’ve come to terms with not being the best at making intuitive user interfaces, so I went all-in on making it poweruser-friendly and efficiency instead.

Yeah, there’s the android app for sending files to the server, and it’ll always send files to the same folder, so that part should be pretty solid. But actually grabbing files from the server, perhaps not so much. Not sure I’d risk it, but I’ll leave the decision to you hehe

I’m not aware of any user-friendly android/iOS apps for connecting to a webdav / ftps / sftp server, but if those exist, then that would probably have been a good option!
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Yep – github.com/9001/copyparty/tree/…/docker

Hopefully that description makes sense (let me know if it doesn’t)
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Yep! Depending on what your home connection looks like, you have a few options:

if you are lucky enough to have your own private IP-address and are able to open ports, then you’re almost done already – you can put copyparty on some port (or keep the default 3923), and then anyone could connect to it by going to your.ip.address:3923

(with this approach, you will want to create your own HTTPS certificate so the traffic is properly encrypted – the best option here is to get a domain and get a certificate for the domain)

however, if you are behind CGNAT, meaning your internet provider has given you a shared IP-address, then people cannot connect directly to your home-PC. One way around that issue is by setting up a machine somewhere on the internet which bridges the gap back home to your PC. Cloudflare offers this as service, and this is explained in the copyparty readme – see the “at home” section for one way to do that.

if you are against using Cloudflare for idealistic reasons (they are becoming quite powerful since they run a whole lot of the internet), then you can set up a cheap VPS which serves the same purpose. That’s my setup, and how you are accessing the copyparty demo server right now – I have the cheapest VPS you can get from Hetzner. The VPS is running nginx, and it forwards the traffic to my homeserver through an SSH tunnel. I haven’t documented this approach in the copyparty readme, but I have a feeling a lot of other people have :>
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Thanks for the correction; confirmed that Nextcloud now does chunked uploading (with the web-client too). Fixed :>

Good luck, and let me know if you hit any issues o/
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
thanks for the vote, I hear ya :>
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
it’s such an impressive project! Amazing what they’ve accomplished in so little time, and so important too – we need as many options as we can get.
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:

BTRFS and ZFS support real deduplication via copy on write, and would eliminate all current disadvantages of symlink and hardlink deduplication. It just works.

yeah that’s a good point, I’ll add an option to take advantage of this if you know you’re running on a filesystem where that works as intended.

Why have it be one huge python source file?

oh don’t worry, it’s all separate files during development – there’s a build-stage which bundles everything up into a single file for distribution. But thanks for the concern :D
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Thanks a lot for the kind words! ready to answer questions if you hit any bumps :>
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I was thinking of that!! But then I realized that even Firefox removed gopher support by now, so the joke was dead on arrival :P
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
If all you need is basic remote file storage such as a samba server, and especially if you need samba in particular, then your current solution is probably a better fit for you.

Copyparty’s main selling points is the large number of features in one package, and being pretty good at receiving file uploads (usually faster than other alternatives), but it does not have good samba support. Instead of samba, copyparty has WebDAV support, so you can still connect to it from your file manager – but the performance will be different; depending on your access pattern and the type of files, it could be faster or slower than samba.
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
SFTP is not currently on the roadmap, but it’s not entirely implausible.

FTPS is supported, but it requires an optional dependency to be installed (pyopenssl), so it’s not available in the Windows EXE. And I just realized that the dependency is currently not present inside the docker images either, so I’ll get that fixed right away.
⁨Comment⁩ on ⁨introducing copyparty, the FOSS file server⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
That’s a neat idea – I’ve heard that a lot of stuff uses the subsonic API under the hood, so I’ll see what it would take to become compatible with that. At first glance it looks like I’d have to mine and index way more information about audio files, but could still be doable :>
introducing copyparty, the FOSS file serverwww.youtube.com ↗
Submitted ⁨⁨5⁩ ⁨weeks⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨138⁩ ⁨comments⁩
⁨Comment⁩ on ⁨goodbye plex⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
These days the hammer is usually docker/podman/lxc containers instead of VMs though. Like, you don’t need a container to run a self-contained statically-compiled binary, yet people still do it for some reason.
⁨Comment⁩ on ⁨PewDiePie: I'm DONE with Google⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
in that case I would feel comfortable going with a refurb like theloweststone mentioned; pixels are the only(?) android devices which let you swap out the bootloader in a safe manner, so even a phone that’s been in shady hands should be fine if the boot hash matches. And if you know another person with graphene you can do the attestation just to be certain.

but since the future of GrapheneOS is slightly shaky at the moment, I’ve looking at alternatives for when my current device inevitably bites the dust – fairphone and pinephone both look like decent choices at first glance. It’s an unfortunate situation but just gotta roll with it!
⁨Comment⁩ on ⁨PewDiePie: I'm DONE with Google⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
what’s stopping you? was the very first thing I did, don’t regret it for a second – ocv.me/b/img/IMG_20230811_121845_049.1ssy.jpg “i’m about to finish setting up my pixel alright” :p
⁨Comment⁩ on ⁨Self Hosted File Drop / File Upload⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:

So for example if you updated the file and need to re-upload it, there is no way for you to delete the previous one.

if this is something you’d fancy then copyparty might be worth a look – it lets uploaders undo their own uploads within a configurable timeframe, even in folders where they only have write-only access (the ability to upload files without seeing existing files).

disclaimer: I’m the author – and also thrilled to see someone else suggesting it in the thread!
⁨Comment⁩ on ⁨A bit of my selfhost journey [that no one asked about]⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
So I realize the following does not directly apply in this specific case, since we are talking about a full android app. But in general, there are strictly technical limitations which absolutely requires you to use https. This for example applies to PWA’s, and it also applies to apps which are WebView-based.

Basically the w3c is disagreeing with you; there are several important javascript features which are forcefully disabled if you are not connecting over https. This is a decision made by the webbrowser itself, and not something you or the dev can disable or otherwise avoid.

For example, it is impossible to use the browser’s built-in api for getting the sha512 hash of a file, which is why i had to go through great pains to do that in other suboptimal ways in one selfhosted service i made. Most devs rightfully wouldn’t bother, since those restrictions are arbitrary and effectively pointless, as there are (usually painful) workarounds.

List of features which require https: …mozilla.org/…/features_restricted_to_secure_cont…
⁨Comment⁩ on ⁨Self-hosting is having a moment. Ethan Sholly knows why.⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
It depends who you ask (which we can already tell hehe), but I’d say YES, because you’re the one running the show – you’re free to grab all of your bits and pieces at any time, and move to a different provider. That flexibility of not being locked into some provider that can suddenly take a bad turn, is what’s precious to me.

And on a related note, I also make sure that this applies to my software-stack too – I’m not running anything that would be annoying to swap out if it turns bad.
⁨Comment⁩ on ⁨Suggestion request: Self-hosted app for shared directories like google drive⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Mind if I suggest my own software, copyparty?

Regarding authentication, someone who has an account (in this case just yourself) can create password-protected shares which other people can browse, or upload, or browse+upload to (configurable when creating the share).

There is WebDAV support, and it should integrate well enough with shares, but I haven’t tested that specifically.

It has photo and video thumbnails, and a basic image-viewer, and with some elbow-grease it can also show exif-tags (gps-coordinates etc).

There is also optional file dedup, so if two people upload the same file, it’ll detect and skip that during the 2nd upload (doesn’t waste any bandwidth) and swap out the new file with a symlink to the existing one. Default disabled to avoid surprising someone with symlinks.

I think the following command would be enough to get you started:
```
wget https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py
python3 copyparty-sfx.py -a sintan:yourpassword -v .::A,sintan --shr=/shr -e2dsa -e2ts
```
but since that’s entirely unreadable, you can do it with a config file instead,
```
[global]
  e2dsa  # enable filesystem indexing 
  e2ts  # enable media indexing (music tags)
  shr: /shr  # enable shares under this url

[accounts]
  sintan: yourpassword 

[/]  # create a volume at this url
  /srv/share/partypics  # the filesystem path to share
  accs:
    sintan: A  # give sintan read-write-move-delete-admin
```
and use it like this:
```
python3 copyparty-sfx.py -c the.conf
```
there’s another example here and here for inspiration.
⁨Comment⁩ on ⁨Pico Pixel Player - Offline-first PWA Music player with transcoding & folder listing support⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
off topic, but out of curiosity - why ogg (presumably vorbis) in favor of opus? maybe old devices or players, or just haven’t made the change yet?

opus is also a xiph project, and is almost entirely transparent at “128kbps” (it’s a misnomer for the q4 of vorbis), so it uses way less space for the same quality. I warmly recommend giving it a try if you haven’t already.