rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - LeoNeeson

Pages: 1 2 3 ... 57
1
Hi everyone! This is a notice to all the users of HFS version 2.x (I will call it 'HFS2' for making it short). Recently, a severe vulnerability (CVE-2024-23692) was found in HFS2 (known to affect HFS v2.4.0 RC7 and HFS v2.3m). This information was kept private until now, to give it time to find a solution, but now I think it's time to make this notice public. This is only an informational message to let everyone know about this. Anyone with Pascal/Delphi knowledge could contribute to finding a fix.

We are discussing how to patch it, here:
https://github.com/drapid/hfs/issues/3

You could contribute by submitting code fixes to the source code, either on GitHub or here in the appropriate forum section: Programmers corner (opening a new thread there or leaving a comment here on this very same thread). If we find a correct fix (and since Rejetto will not update HFS2 anymore), perhaps we can build an unofficial "community" version for those who can't upgrade to HFS3.

Let's keep HFS v2.x alive, and...
...please do not panic. ;)

Stay safe,
Leo.-

2
Everything else / Re: Webd, similar to HFS, only 90KB
« on: July 11, 2024, 05:10:45 PM »
May I ask why you don't have enough free time?
The answer is simple: life is very uneven where I live, and it can be tough for those who are not lucky to have a great job. Having 2 or more jobs to survive is something normal here, that's why there is no free time. And programming isn't my source of income (I've studied programming many years ago, but in the end I dedicated myself to something else). Now I have a hobbyist approach to programming.

By the way, even replying messages like this, here on this forum, consumes too much of my free spare time. That's why I don't like chit-chatting about trivial matters, but only contributing to things that are useful to others. Please keep it that way. It's best that we keep this forum thread open, so that others can leave their opinion about your program (Webd) in the future, instead of continuing to undermine it with personal conversations, and it would be great if you could contribute in any way to the progress of HFS. :)

It's time for me to get back to work,
until next time, goodbye...
Leo.-


3
Everything else / Re: Webd, similar to HFS, only 90KB
« on: July 09, 2024, 08:32:10 PM »
I'm not discouraged by your message, just the data tell the truth.
Keep in mind that it could take several years before a software gets wider usage. HFS needed 10 to 20 years to get on the position is today. It's not something that happens overnight, no matter how much you want to promote it. Too much promotion, could even be counterproductive, since it might look as something negative for some users. Adding advertisement to software is something that also scare off users, especially in English-speaking countries.

Now days, people rather to use web app. Less and less people still use PC.
Yes, that's true. And those who use PC and run a permanent web server, will probably look for something more powerful/robust to handle a lot of traffic/users (concurrent connections), and they might already use Nginx, Apache, Lighttpd, LiteSpeed Web Server or similar (since they could be computer experts). People in the know are not afraid of using complex software. Personally, although I have some advanced computer knowledge, I always try to keep things simple. That's why I love HFS, because it can be very simple to use, but also very complex if needed.

I don't known why Webd is very popular only in my native language world
If I'm not mistaken, you are from China, and people from there are smarter/intelligent (more geeky persons, open to test new technologies), than in English-speaking countries. There you all could be more comfortable to seeing advertisements than here too. That could be the reason why Webd is very popular there. I have a big respect (and admiration) for people from your country, but you should know that not everyone here have the same concept of your country (the world is very divided today). I do not get carried away by what others say, I evaluate and value people, I do not follow pre-established precepts. However, I am always very cautious when trying new software, no matter what country it comes from (and I like privacy-friendly software).

And even worse I don't have much friends  :'(
I also don't have too many friends (I prefer quality friends, to quantity of semi-acquaintances), but you can count on me to help you out, on whatever is possible to me, given my very limited free time. I always try to be active on this forum, helping people who need something (you can find me here and also on Twitter). Well, I have nothing more to say, I hope other users here can leave their opinion about your program.

Rejetto (the author of HFS) would like if you try his new HFS3, and leave your opinion about it. ;)

Wish you all the best,
Leo.-

4
Everything else / Re: Webd, similar to HFS, only 90KB
« on: July 08, 2024, 03:52:45 AM »
Did you run it unprivileged?
I've run Webd with administrator rights (my mistake). But I could have bad luck with my graphic card, and it might be a mere coincidence that was testing your software. Please don't feel bad. :-[

I think I won't give much time on apps like webd any more, It not worth it.
Please don't feel discouraged by my message.

» To tell the true, I was a little paranoid, because lately there are too many people attacking old HFS versions (v2.3m and v2.4), like if they were doing on purpose, to discourage others running local home servers. I know this is totally unrelated, but it's to give you some context about my last message.

If you have some friends with Delphi/Pascal knowledge, you can tell them to give a hand to find a solution to this vulnerability (CVE-2024-23692), which is explained here: https://github.com/drapid/HFS/issues/3

You can still be a hero here... :D

5
Everything else / Re: Webd, similar to HFS, only 90KB
« on: July 08, 2024, 01:28:36 AM »
I will test Webd this weekend.
I have some bad news, :( but please don't panic. After testing "Webd", HTTP Web Server (webd.cf/webd), everything seems to be fine (at least, at first sight it works), but when I've analyzed with an "online antivirus" (which does a sandbox analysis), the results were not so good. I've thought it was only a 'false positive', but 24hs later of testing 'Webd', my graphics card suddenly died (nothing really important, since I've tested this on an unimportant PC), but I can't be 100% sure if this was a mere coincidence or not.

After all, according to the sandbox analysis, this software has too many 'Suspicious Indicators', one of them is having driver access ("Contains ability to start/interact with device drivers"). So, I wouldn't take the chance of run this again (at least not directly on hardware, but using a 'Virtual Machine'). The lesson was learned. I always try to trust the programmer behind a software, but when things go wrong (for whatever reason), this trust is lost, and then it's very hard to recover.

I'm commenting this to the rest of the forum community, to make you all aware about the possible consequences of running this software, and how it was my personal experience with it (only as an informational note). Please don't take this as a final verdict about 'Webd'. Anyone is free to do what think it's best, but I can't recommend this software to anyone, unless you take the risks. The report generated by "Falcon Sandbox" @ Hybrid Analysis, says:

"Malicious"
Threat Score: 50/100
AV Detection: Marked as clean
(See the complete report here)

Since antivirus detection "marked it as clean", you have the final choice to run it or not, and determine if it's really safe to run. That's why I always prefer 'open source' apps, to be able to analyze the software activity directly from the source code (in case it's needed). Well, that's it. I hope you don't get angry with me for saying this. I always try to be friendly and help others (I have a long history on this forum), that's why I must leave this warning notice.

Stay safe,
Leo.-

6
Everything else / Re: Webd, similar to HFS, only 90KB
« on: July 06, 2024, 10:36:24 AM »
I think you're curious for what I'm using to build the whole bunch of binaries for all kinds of platforms.
Yes, my curiosity was because it was multi-platform. Now I see that you have put a lot of dedication and work into compiling your software for multiple platforms, congratulations. That's the good thing of writing applications in C language: portability (being a platform-independent language). I will test Webd this weekend.

7
Everything else / Re: Webd, similar to HFS, only 90KB
« on: July 04, 2024, 10:20:44 PM »
This is what ChatGPT said about webd
The description is perfect (it was a good idea using ChatGPT).

All compiled using a single Makefile
Since there are plenty of C compilers available online (GCC, TCC, MinGW, LLVM, Clang, etc), would you please leave a download link for the C compiler you use to compile WebD?. I'm just asking out of curiosity, to learn new things (I'm not afraid of visiting websites in other languages, since I can use a translator).

By doing this, you will soon be able to post direct links on the forum. ;)

8
Everything else / Re: Webd, similar to HFS, only 90KB
« on: July 03, 2024, 04:58:46 AM »
Thanks a lot for telling me all that.
You welcome. :)

I'm not sure whether to open source it. Currently, at the bottom of the file list on the web interface, there might be an inconspicuous line of text advertising or other information. If it's open-sourced, this will definitely be recompiled and removed, or even changed to someone else's advertisement and redistributed.
That's understandable. I hope the advertisements goes well for you, I wish you success. If at any point you decide to abandon or discontinue developing the software, keep in mind to open source it, so that someone else can continue improving it. Anyway, in this part of the world where I live (as you say the "english-speaking world"), most people here are very lazy, so even they having the source code, will do nothing. For example, HFS (this forum is about that software), is open source and almost -nobody- collaborates contributing with enhancements.

I am considering applying the TLS/1.3 code to a new project, such as a chat server similar to webd, because using WebRTC for audio and video calls requires HTTPS support.
It sounds very interesting, I hope it's also lightweight.

9
Everything else / Re: Webd, similar to HFS, only 90KB
« on: June 30, 2024, 04:04:36 AM »
No one interested?
Hi!, thanks for sharing this. I haven't tested (since don't have enough free time right now), but it seems nice by looking the screenshots. You are lucky that I'm active on this forum to leave you a reply. If it's your app, you must know it takes some time a software to get popular and gain trust ("Webd" seems to be a relative new freeware). To my own taste, I always prefer 'Open Source' software, since to run a closed software server, there are many alternatives. If "Webd" gets open source, I'm sure popularity will surely increase. Suggestions: besides running on multiple platforms, the website doesn't say which is the minimum Windows version required (that something useful to know), and it has a typo in the title, since "shareing" is not an English word (it should be "sharing"). It would be cool if support for SSL/HTTPS is added, although file size will be bigger.

10
Everything else / Re: Something about me...
« on: May 12, 2024, 09:58:05 PM »
hey Leo, i've not being receiving notifications from the forum and I just saw your post now.
Yes, I noticed the 'email notification system' is broken on the forum. Nothing to worry, but I hope you can fix it (if you haven't done it yet), since it's a very useful feature (not only to receive notifications by email of subscribed threads, but also about new private messages).

You are moving outside the country?
:-\ Eventually, yes (as a last resort option), it's my wish to move out of my country, but it could probably take some time, since moving to another house, even in the same country, is something very frustrating and not an easy task. I like Uruguay, since it's near to Argentina, and it's a much more stable country (I lived there some time, and I liked very much, but I'm also analyzing other options too).

For those reading this, and to make a long story short: I was earning $2.000 USD monthly back in 2012-2014 (and life was *very* good, compared to current life), but ten years later (having the very same job), my earnings only represent (in local currency) nearly $200 USD now (salaries were stuck for years, and high inflation rates did the rest). This wouldn't be bad at all, if the prices were according to salaries, but here the food has now European prices (especially in the last few months).

I'm truly sorry to read such bad news :(
I hope you will find some love soon, but until then you may consider sharing expenses with someone else. I did so for a few years.
Thank you. I truly appreciate your comment, advice and good wishes. :)
I hope my next message here is to share good news...
(I always try to stay positive)

11
Everything else / Re: Something about me...
« on: April 03, 2024, 06:38:05 PM »
I always try to stay positive (I am a very optimistic person by nature), but 2½ years later, the situation is even worse (to the point of being unsustainable). Now I'm having some health issues because of that. My daily diet (what I eat every day) was drastically reduced in the last 3 months (and yes, it was all because of changes that have recently occurred in my country, that I am not going to name). Unfortunately, I am selling my house and I want to go somewhere else, more stable, more predictable place. The situation in my country has no remedy, no matter which side you look at it from. If I could at least find a partner (a woman), we could share expenses and life would be very different, but it has never been easy for me to achieve it. Not for not being handsome, but because I have a different personality, and at my age, many women look for a man who is already successful and has life resolved. I know you can't do anything for me, but these are things that I had to tell, to at least not feel so sad. Don't worry about me, I will not surrender (I will not give up in this life), but I felt the need to share this with all of you.

12
Programmers corner / Re: Configure HFS Virtual File System by code
« on: January 17, 2024, 04:25:05 PM »
You could do it by scripting (THIS thread could give you some light). Keep in mind that Rejetto stopped developing HFS v2.x (he is busy developing his new HFS v3). The most easy solution, is using an already modified HFS version. The only active fork of HFS is maintained by Rapid, which already changed the VFS to ZIP format (with JSON and images, as separate files). I haven't tested it, but you can download it from HERE.

In case you know about programming (Delphi language), another option is modifying the source code and recompiling the binaries (the executable). If I were to modify the sources, I would analyze the possibility of saving the VFS encoded in Base64 (but that's only useful if, before, we convert data blobs from binary to ASCII format), otherwise it makes no sense in just saving the VFS using Base64 encoding. I have no time to think about the changes needed, but if you do it, you could leave the modifications here (to make this useful to anyone).

Hope it helps.
Leo.-

13
Hi!, and welcome to the forum... :)

Yes, this is possible to do (the very same question was answered a few days ago). You can follow the steps described HERE (replacing "test.mydomain.com" with your own "myhost.com"). For future reference to other users, please report back which option worked better (#1, #2 or #3).

Cheers,
Leo.-

14
Español / Re: [Tutorial] Cómo compilar el código fuente de HFS
« on: November 28, 2023, 11:25:15 AM »
Portable Delphi link is not available anymore. 😔
Thank you for reporting a broken link... :)
I will try to update the links, as soon I find a permanent hosting for the file. I could temporally send you the file by Private Message (send me a PM if you want).

This thread is for Spanish messages only, please leave English messages HERE (perhaps some Moderator could move those posts there, deleting this small note).

15
...this script tests if the size of the vfs is less than a certain value (255 to be reduced if necessary) and in this case restores the backup...
Besides checking VFS's file size, is there some alternative to check VFS integrity? (even if it requires modifying the source code). This is serious, because I think it could be very frustrating loosing a well configured VFS.



» Edit: by saying 'checking VFS integrity', I mean comparing what's loaded on memory, versus what is stored on file, before writing the VFS to the disk (of course it would need writing a new function, modifying the source code). An easy source code modification, would be saving a copy of the VFS without compressing (without applying zlib). If the origin of this issue is a bug with zlib, perhaps on those cases, it could be useful (or not, it depends). ???
 

Pages: 1 2 3 ... 57