Recent Posts

71

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 09, 2024, 08:32:10 PM »

I'm not discouraged by your message, just the data tell the truth.

Keep in mind that it could take several years before a software gets wider usage. HFS needed 10 to 20 years to get on the position is today. It's not something that happens overnight, no matter how much you want to promote it. Too much promotion, could even be counterproductive, since it might look as something negative for some users. Adding advertisement to software is something that also scare off users, especially in English-speaking countries.

Now days, people rather to use web app. Less and less people still use PC.

Yes, that's true. And those who use PC and run a permanent web server, will probably look for something more powerful/robust to handle a lot of traffic/users (concurrent connections), and they might already use Nginx, Apache, Lighttpd, LiteSpeed Web Server or similar (since they could be computer experts). People in the know are not afraid of using complex software. Personally, although I have some advanced computer knowledge, I always try to keep things simple. That's why I love HFS, because it can be very simple to use, but also very complex if needed.

I don't known why Webd is very popular only in my native language world

If I'm not mistaken, you are from China, and people from there are smarter/intelligent (more geeky persons, open to test new technologies), than in English-speaking countries. There you all could be more comfortable to seeing advertisements than here too. That could be the reason why Webd is very popular there. I have a big respect (and admiration) for people from your country, but you should know that not everyone here have the same concept of your country (the world is very divided today). I do not get carried away by what others say, I evaluate and value people, I do not follow pre-established precepts. However, I am always very cautious when trying new software, no matter what country it comes from (and I like privacy-friendly software).

And even worse I don't have much friends  :'(

I also don't have too many friends (I prefer quality friends, to quantity of semi-acquaintances), but you can count on me to help you out, on whatever is possible to me, given my very limited free time. I always try to be active on this forum, helping people who need something (you can find me here and also on Twitter). Well, I have nothing more to say, I hope other users here can leave their opinion about your program.

Rejetto (the author of HFS) would like if you try his new HFS3, and leave your opinion about it.

Wish you all the best,
Leo.-

72

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 08, 2024, 04:19:51 AM »

I've run Webd with administrator rights (my mistake). But I could have bad luck with my graphic card, and it might be a mere coincidence that was testing your software. Please don't feel bad.
Please don't feel discouraged by my message.

» To tell the true, I was a little paranoid, because lately there are too many people attacking old HFS versions (v2.3m and v2.4), like if they were doing on purpose, to discourage others running local home servers. I know this is totally unrelated, but it's to give you some context about my last message.

If you have some friends with Delphi/Pascal knowledge, you can tell them to give a hand to find a solution to this vulnerability (CVE-2024-23692), which is explained here: https://github.com/drapid/HFS/issues/3

You can still be a hero here...

I'm not discouraged by your message, just the data tell the truth.
Now days, people rather to use web app. Less and less people still use PC.

I don't have friends with Delphi/Pascal knowledge.  I even don't have friends with C knowledge.
And even worse I don't have much friends  :'(

73

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 08, 2024, 03:52:45 AM »

Did you run it unprivileged?

I've run Webd with administrator rights (my mistake). But I could have bad luck with my graphic card, and it might be a mere coincidence that was testing your software. Please don't feel bad.

I think I won't give much time on apps like webd any more, It not worth it.

Please don't feel discouraged by my message.

» To tell the true, I was a little paranoid, because lately there are too many people attacking old HFS versions (v2.3m and v2.4), like if they were doing on purpose, to discourage others running local home servers. I know this is totally unrelated, but it's to give you some context about my last message.

If you have some friends with Delphi/Pascal knowledge, you can tell them to give a hand to find a solution to this vulnerability (CVE-2024-23692), which is explained here: https://github.com/drapid/HFS/issues/3

You can still be a hero here...

74

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 08, 2024, 02:57:24 AM »

I have some bad news, but please don't panic. After testing "Webd", HTTP Web Server (webd.cf/webd), everything seems to be fine (at least, at first sight it works), but when I've analyzed with an "online antivirus" (which does a sandbox analysis), the results were not so good. I've thought it was only a 'false positive', but 24hs later of testing 'Webd', my graphics card suddenly died (nothing really important, since I've tested this on an unimportant PC), but I can't be 100% sure if this was a mere coincidence or not.

After all, according to the sandbox analysis, this software has too many 'Suspicious Indicators', one of them is having driver access ("Contains ability to start/interact with device drivers"). So, I wouldn't take the chance of run this again (at least not directly on hardware, but using a 'Virtual Machine'). The lesson was learned. I always try to trust the programmer behind a software, but when things go wrong (for whatever reason), this trust is lost, and then it's very hard to recover.

I'm commenting this to the rest of the forum community, to make you all aware about the possible consequences of running this software, and how it was my personal experience with it (only as an informational note). Please don't take this as a final verdict about 'Webd'. Anyone is free to do what think it's best, but I can't recommend this software to anyone, unless you take the risks. The report generated by "Falcon Sandbox" @ Hybrid Analysis, says:

"Malicious"
Threat Score: 50/100
AV Detection: Marked as clean
(See the complete report here)

Since antivirus detection "marked it as clean", you have the final choice to run it or not, and determine if it's really safe to run. That's why I always prefer 'open source' apps, to be able to analyze the software activity directly from the source code (in case it's needed). Well, that's it. I hope you don't get angry with me for saying this. I always try to be friendly and help others (I have a long history on this forum), that's why I must leave this warning notice.

Stay safe,
Leo.-

Sorry to hear that about your graphics card.
https://www.virustotal.com/gui/file/32d318da5b85b008da8ffae746c777b3f2b22a1ec5c090b4684592ae9775af75
virustotal has 1 of 64 security vendor  flagged webd.exe  as malicious, and I don't know why,
About the "driver access",  one possible reason is  the calling WSAIoctl()  and ioctlsocket().

And webd.exe can run unprivileged. Did you run it unprivileged? If you did. I don't think it has much to do with your  suddenly died graphics card.
Why would I do that. As I said earlier, since webd is quite tiny. You can totally decompilation it, there are many tools to do that.

After many days of advertising/posting about webd at all kinds of website,  user growth is very little,  I think I won't give much time on apps like webd any more, It not worth it.

I don't known why webd is very popular only in my native language world, there pages result:
https://www.google.com/search?q=%22webd%22+%E7%BD%91%E7%9B%98
But it not work in english internet.

75

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 08, 2024, 01:28:36 AM »

I will test Webd this weekend.

I have some bad news, but please don't panic. After testing "Webd", HTTP Web Server (webd.cf/webd), everything seems to be fine (at least, at first sight it works), but when I've analyzed with an "online antivirus" (which does a sandbox analysis), the results were not so good. I've thought it was only a 'false positive', but 24hs later of testing 'Webd', my graphics card suddenly died (nothing really important, since I've tested this on an unimportant PC), but I can't be 100% sure if this was a mere coincidence or not.

After all, according to the sandbox analysis, this software has too many 'Suspicious Indicators', one of them is having driver access ("Contains ability to start/interact with device drivers"). So, I wouldn't take the chance of run this again (at least not directly on hardware, but using a 'Virtual Machine'). The lesson was learned. I always try to trust the programmer behind a software, but when things go wrong (for whatever reason), this trust is lost, and then it's very hard to recover.

I'm commenting this to the rest of the forum community, to make you all aware about the possible consequences of running this software, and how it was my personal experience with it (only as an informational note). Please don't take this as a final verdict about 'Webd'. Anyone is free to do what think it's best, but I can't recommend this software to anyone, unless you take the risks. The report generated by "Falcon Sandbox" @ Hybrid Analysis, says:

"Malicious"
Threat Score: 50/100
AV Detection: Marked as clean
(See the complete report here)

Since antivirus detection "marked it as clean", you have the final choice to run it or not, and determine if it's really safe to run. That's why I always prefer 'open source' apps, to be able to analyze the software activity directly from the source code (in case it's needed). Well, that's it. I hope you don't get angry with me for saying this. I always try to be friendly and help others (I have a long history on this forum), that's why I must leave this warning notice.

Stay safe,
Leo.-

76

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 06, 2024, 10:36:24 AM »

I think you're curious for what I'm using to build the whole bunch of binaries for all kinds of platforms.

Yes, my curiosity was because it was multi-platform. Now I see that you have put a lot of dedication and work into compiling your software for multiple platforms, congratulations. That's the good thing of writing applications in C language: portability (being a platform-independent language). I will test Webd this weekend.

77

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 05, 2024, 02:13:02 AM »

Since there are plenty of C compilers available online (GCC, TCC, MinGW, LLVM, Clang, etc), would you please leave a download link for the C compiler you use to compile WebD?.

I think you're curious for what I'm using to build the whole bunch of binaries for all kinds of platforms.
They are all built by gcc.
For windows, it's  gcc version 8.1.0 (i686-win32-dwarf-rev0, Built by MinGW-W64 project)
For linux, it's gcc 14.1.0 (I'm using "Linux From Scratch").
For OpenWRT, it's openwrt-sdk or just openwrt-toolchain:
https://downloads.openwrt.org/releases/23.05.3/targets/ath79/tiny/openwrt-sdk-23.05.3-ath79-tiny_gcc-12.3.0_musl.Linux-x86_64.tar.xz
https://downloads.openwrt.org/releases/23.05.3/targets/ath79/tiny/openwrt-toolchain-23.05.3-ath79-tiny_gcc-12.3.0_musl.Linux-x86_64.tar.xz

There are some other toolchains built by crosstool-ng https://crosstool-ng.github.io/ , such as
mipsel-linux-uclibc
armv7-linux-gnueabihf
armv7-linux-androideabi
arm-linux-gnueabihf
aarch64-linux-gnu
aarch64-linux-android
x86_64-linux-musl

78

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 04, 2024, 10:20:44 PM »

This is what ChatGPT said about webd

The description is perfect (it was a good idea using ChatGPT).

All compiled using a single Makefile

Since there are plenty of C compilers available online (GCC, TCC, MinGW, LLVM, Clang, etc), would you please leave a download link for the C compiler you use to compile WebD?. I'm just asking out of curiosity, to learn new things (I'm not afraid of visiting websites in other languages, since I can use a translator).

By doing this, you will soon be able to post direct links on the forum.

79

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 04, 2024, 03:10:50 AM »

I hope the advertisements goes well for you, I wish you success. If at any point you decide to abandon or discontinue developing the software, keep in mind to open source it, so that someone else can continue improving it.

Thanks. I'm unemployed now. I hope the ads may do a little help.
I will opensource it in that situation.

It sounds very interesting, I hope it's also lightweight.

I think every apps I make will be lightweight.

80

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 03, 2024, 04:58:46 AM »

Thanks a lot for telling me all that.

You welcome.

I'm not sure whether to open source it. Currently, at the bottom of the file list on the web interface, there might be an inconspicuous line of text advertising or other information. If it's open-sourced, this will definitely be recompiled and removed, or even changed to someone else's advertisement and redistributed.

That's understandable. I hope the advertisements goes well for you, I wish you success. If at any point you decide to abandon or discontinue developing the software, keep in mind to open source it, so that someone else can continue improving it. Anyway, in this part of the world where I live (as you say the "english-speaking world"), most people here are very lazy, so even they having the source code, will do nothing. For example, HFS (this forum is about that software), is open source and almost -nobody- collaborates contributing with enhancements.

I am considering applying the TLS/1.3 code to a new project, such as a chat server similar to webd, because using WebRTC for audio and video calls requires HTTPS support.

It sounds very interesting, I hope it's also lightweight.