rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - rejetto

Pages: 1 2 3 ... 893
1
HFS ~ HTTP File Server / Re: Upload issue
« on: June 17, 2022, 02:04:41 PM »
you have to be careful on the name for the file field, but I can't remember now. You should find someone else who made the same question here on the forum. There should be some details there.

2
HFS ~ HTTP File Server / Re: Download old versions
« on: June 17, 2022, 10:22:17 AM »
https://sourceforge.net/projects/hfs/files/HFS/

beware, old versions may have critical security bugs

3
HFS ~ HTTP File Server / Re: HFS3 on Windows 10
« on: June 06, 2022, 09:11:56 AM »
HFS 3 is a "console" program now, and it will run in powershell or in older "cmd" (command prompt).
Any method that can bring a console program to the system tray will work also for hfs3.
I'm not aware of an official way to do that, but I'm quite sure there are free programs out there to do it, because i've been doing it like 15 years ago.
Consider anyway that if you need it to be always running, "system tray" is not the way to go, but "services" is your keyword.
There are some ways to transform any console program to a service, both from microsoft and 3rd parties. I didn't focus on this aspect but I surely hope to make things easier in the future. Even producing a guide would be a nice start.

4
Italiano / Re: Barra comandi sulla sinistra apparsa
« on: May 11, 2022, 07:46:48 PM »
ciao, intanto ti consiglio di usare una versione più aggiornata. C'è la 2.3m http://rejetto.com/hfs/?f=dl
Usare versioni non aggiornate ti mette a rischio.

Non c'è un'opzione "da cliccare" per togliere i riquadri a sinistra. Quello che vedi è il template di base, se non ti piace puoi installarne un altro, oppure se conosci l'html puoi pensare di modificarlo tu stesso.

Se prima per te era diverso vuol dire o che usavi un'altra versione o un altro template.

5
hi, what you want to do is not currently offered by HFS, sorry.
You probably need a different software.

6
Quote
One thing that bother me and maybe related to that amnesia : to close HFS, there's no "close" button or feature. So I close the CLI (I even try CTRL+C sometimes in it, to cleanly close the program). Is it the way to close it ?

this isn't a part where i put much attention yet, but apparently the good way of closing it is CTRL+C. This isn't ideal of course, on Windows at least.
I say rare because most stuff is done within 1-2 seconds, so that's for sure not the cause of your problems.
Next version will detect also closing of the window, to ensure final procedures are done

Quote
How do it save things ? I always push "SAVE" putton in the admin panels.

and that's enough

Quote
Solution : add a button with "OK" text.

will do, but i already opted for "auto-dismissing" notification on a couple of cases. In vext version.

Quote
No : I refer to right-click -> launch as administrator (or make a shortcut, go in its properties, advanced, and check the bock "always launch as admin").

i guess it's basically the same thing, presented differently.
I don't run it that way, and still I get the net-drives.
Some programs, when not run "as admin", will present a dialog for admin permissions, you surely know, and that's basically UAC.
I also get no UAC dialog.

Quote
Btw I have disabled UAC competly (this is a nightmare and I'm not the only one th think it).

i'm no expert with this kind of stuff in Windows, but since win10 i didn't have to disable anything, and the annoying UAC interactions introduced with Vista (i think) are simply not there.
Since my account is part of "adminitrators" I'm not sure what triggers the UAC dialog for some softwares, if it's just bumping into a priviledged instruction or an explicit declaration of the exe file at its start. Fact is, some programs present this dialog "later", but I cannot exclude it's because they are launching another program, behind the scenes.

I'm happy to see you managed to solve your problem.
Anyway, I think it has something to do with the "working directory". When you create a shortcut you have a "start in" field, that's basically it. HFS will save files there. You can confirm where it is working when the CLI opens, there's a line starting with "cwd".

7
Everything else / Re: Let things calm down
« on: April 30, 2022, 01:34:24 PM »
I'm not fluent with python, but i had quick look at it and didn't find anything harmful.
We are not talking about a black box, instructions are there, readable for anyone.
Would anybody find malicious instructions please let me know, and I'll take actions accordingly.

8
- We cannot move entries (up, down) with the mouse. It would have been cool, to sort things. For now if we're not satisfied after a few moment of what we have done, we have to delete the entries and recreate them.

i will likely add the up/down at some point because that "editor" is meant to be generic, and other plugins may be sensible to the order of data.
Anyway, this is not true for vhosting plugin, the way it is right now at least. So you should be ok without the order, but if you really really want to change the order you can still open config.yaml file with notepad and you may find it's easy to make it.

Quote
- There's not EXE staying in the systray, like the V2. Now we launch a CLI, and that populates our taskbar, and I don't want that. I'm sure there's a workaround with softwares allowing to minimize any window in the systray, but the ideal would be to have a native solution.

i hope at some point we'll have hfs install as a service, and be controlled with a tray application like you say.
It's not high priority for me, and it would be cool if someone else would work on it, as the tray icon would probably be a separate program.
I added it to the to-do list.

Quote
- Popups hovering when we finished an action don't disappear by themselves. We have to click in the void around, and that may disturb people not used to.

in some cases this is good, because i need to know the user acknowledge to the content of the popup.
I'm sure some cases would be better with the behaviour you just suggested. Feel free to point at some of them you care about, and I'll consider which ones to transform.

Quote
- Network drives aren't detected if we don't launch HFS v3 in admin mode. That's normal with most of softwares, and know this since a long time ^^,  but I suggest to put a line in the UI to inform users.

thanks for the suggestion, but I'm not able to confirm it yet: i have a couple of networked drive here and HFS sees'em even if I don't get the "User Access Control" warning of windows when i launch it. When you say "admin mode" are you referring to the UAC ?


Quote
Now I want to say congratulations for this new version of HFS. The UI is amazing, there's many options. That's a damn good HTTP solution. The upgrade since v2 is stunning. Keep the good work !

thanks, it was not an easy decision because making it will take about 1 year of my time just for the first version. It's not easy to start a project this big. That's why I delayed it for 8 years.

9
i quickly considered the evidence you brought, and i determined that it was not enough for the statements you made against NaitLee. You may disagree, and I may be wrong, but that's the best i can do for the moment.
I'm not asking you to trust the guy. Don't, if you feel like it. I don't say he cannot be evil, I said you went a bit too far with words for this place.

I didn't say "benign" to any attack. I can't say if you had any damage or if you had any real threat on you.
I know most web attacks are automatic (= cheap), hoping to find something very specific behind the "door", but without really knowing, and thus most of them are ineffective.

I don't want to prevent your "free speech" in general, just here. In a way I'm responsible for this forum, but I don't have time and will to investigate this further, and I have to make a few decisions anyway.  I'm not here to lecture people how to live.
 
Answering the rest in a following post.

10
Everything else / Re: Let things calm down
« on: April 30, 2022, 10:36:01 AM »
@naitlee, you are right and i feel bad for you because i know you were trying to help

11
Moreover, I'm not sure that your plugin allow to use several "hosts", you only give a single example.

I was in a hurry and didn't communicate it in the best of ways, but that's what the "+" button in the picture is for, to add more.

Quote
- A way to whitelist URLs incomming in HFS. If a distant user try to reach a URL that isn't corresponding to any URLs parent node, thus he'll been blocked.

I'm not totally sure what you meant by that, but it's giving me a huge hint on how to tell unwanted traffic. Surely a lot of people have come to this eons ago, but me? just now.
I've been paying little attention to the "domain" thing at this stage of the project, for good reasons, but most of the unwanted traffic will come to you just with your IP, randomly.
Rejecting all traffic not using the domain is a piece of cake. I could easily make a feature for that. I'm not sure if as a plugin. I'm trying to make plugins to both show people what they can do, and also to let people customize them to better suite their needs, possibly by making a new plugin out of them.

Problem is: a lot of people don't have a domain, and I'm not sure I want to force them, limiting possible usages of the server. Also because it would rely on external services, I'm trying to not bind the project to external services.

12
Regarding the statements about python, javascript, etc, my 2 cents are: I'm not expert in the security field, yet my profession requires me to know more than the average person. I consider true the statement that some languages/technologies pay their flexibility with some extra risks. And yet, these risks heavily depend on what the programmer does. There are organizations "risking" millions of dollars on stuff built with such technologies. Everybody decides his own level of paranoia, but remember there's a price to pay for paranoia too.
Attacks and remote executions have always existed with and without newer technologies.
Also, remember that python, node, etc, are open source and watched closely by the whole world. You decide.

I've asked a friend who's in IT security to give me a hand ensuring HFS 3 is good enough. It's not an easy task, and it's even harder doing it in my time off, after I'm tired because of my job. But, hey, it's open source, everyone who can contribute to make it more secure is welcome to give a hand.

13
hi guys,
I don't like to be the moderator here, but I'll take some precautions to lessen unnecessary sufferings.
My personal opinion here is that both Rom and NaitLee are in good faith.

All the reports Rom is making are extremely common given the circumstances, it's just what happens if you open a web server on the internet, and using ports on common numbers makes it just much worse/frequent.
It's just like diving into the open sea and getting wet: it can be unpleasant especially if you weren't ready for that, but it's not really harmful per-se, nonetheless there are real threats out there and you should keep all precautions.
It's like emails and spam/phishing, a never-ending fight where software can't easily tell goods from bads.
As a side comments, it's basically why HFS 3 is by default having different logs for errors, to not be overwhelmed in the main log with the huge number of bad requests you normally get. But I hope to be able to do more than that. I hope we'll have a way to filter out most "spam", maybe a plugin, maybe someone else will help and take care of that.

I've read Rom's message, I think he is not a bad person and he acted in good faith.
And yet, some of his comments are not welcome here, so I'll remove few lines.
I don't enjoy doing that and I don't want to force him to think differently, but I don't want to give space to such generalizations and personal attacks.
To be honest, I hate to be the judge here, I'm probably not good at that and I'd rather focus on programming, but I don't feel ok with doing nothing either.

I don't know NaitLee personally, but after the years I've made my opinion of the soul, based on posts and acts, and it's of the kind type.

14
what if i told you i just finished a 15-lines plugin that gives you this.

...HFS 3 of course

15
just  a side comment,
I suspect that I can make quite easily such feature in HFS 3, to serve multiple domains each with its folder. Maybe even as a plugin. I'm taking note and will try soon. That would be cool.
I'm in a rush now and cannot study the solution made by NaitLee for HFS 2, but kudos anyway.
that said, HFS is not designed for serving static websites, it's just a secondary feature, so it's good only for simple cases.

Pages: 1 2 3 ... 893