Recent Posts

71

Everything else / Message to Rejetto: forum's email is broken

« Last post by LeoNeeson on July 24, 2024, 12:08:26 AM »

Hi!, this is a message to Rejetto. I have his email, but I don't want to bother him with this, so I use this space to report that the forum's email system is completely broken. The forum system DOES NOT send any email. This means the following:

- Users doesn't get notifications of new 'Private Messages', neither of emails sent through the forum.
- Users doesn't get notifications of new posts, in case they were subscribed to get email notifications.
- New users can't signup/register, since they can't get the verification link, sent by the forum via email.

» Summarizing: any email sent through the forum, is lost and never sent...

Since this forum is using "OVH Web Hosting", perhaps the following link helps you:
https://help.ovhcloud.com/csm?id=kb_article_view&sysparm_article=KB0052915

@Rejetto: I hope you can fix it, but there is no pressure on doing it.
Take the time you need, but please don't forget about it.
Thank you, and sorry for opening this thread.

Cheers,
Leo.-

72

HFS ~ HTTP File Server / Warning: HFS v2.x has a severe vulnerability

« Last post by LeoNeeson on July 22, 2024, 08:16:08 PM »

Hi everyone! This is a notice to all the users of HFS version 2.x (I will call it 'HFS2' for making it short). Recently, a severe vulnerability (CVE-2024-23692) was found in HFS2 (known to affect HFS v2.4.0 RC7 and HFS v2.3m). This information was kept private until now, to give it time to find a solution, but now I think it's time to make this notice public. This is only an informational message to let everyone know about this. Anyone with Pascal/Delphi knowledge could contribute to finding a fix.

We are discussing how to patch it, here:
https://github.com/drapid/hfs/issues/3

You could contribute by submitting code fixes to the source code, either on GitHub or here in the appropriate forum section: Programmers corner (opening a new thread there or leaving a comment here on this very same thread). If we find a correct fix (and since Rejetto will not update HFS2 anymore), perhaps we can build an unofficial "community" version for those who can't upgrade to HFS3.

Let's keep HFS v2.x alive, and...
...please do not panic.

Stay safe,
Leo.-

73

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 13, 2024, 09:31:34 AM »

It's time for me to get back to work,
until next time, goodbye...
Leo.-

Take care, and be healthy.

Did you got the message I sent to you. I'm not sure if this forum's messages is working. 

74

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 11, 2024, 05:10:45 PM »

May I ask why you don't have enough free time?

The answer is simple: life is very uneven where I live, and it can be tough for those who are not lucky to have a great job. Having 2 or more jobs to survive is something normal here, that's why there is no free time. And programming isn't my source of income (I've studied programming many years ago, but in the end I dedicated myself to something else). Now I have a hobbyist approach to programming.

By the way, even replying messages like this, here on this forum, consumes too much of my free spare time. That's why I don't like chit-chatting about trivial matters, but only contributing to things that are useful to others. Please keep it that way. It's best that we keep this forum thread open, so that others can leave their opinion about your program (Webd) in the future, instead of continuing to undermine it with personal conversations, and it would be great if you could contribute in any way to the progress of HFS.

It's time for me to get back to work,
until next time, goodbye...
Leo.-

75

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 11, 2024, 12:12:39 PM »

Keep in mind that it could take several years before a software gets wider usage. HFS needed 10 to 20 years to get on the position is today. It's not something that happens overnight, no matter how much you want to promote it. Too much promotion, could even be counterproductive, since it might look as something negative for some users. Adding advertisement to software is something that also scare off users, especially in English-speaking countries.

Yes, it take years for webd get popular in my native language world too.
I have already disabled ads for most languages, but the webui part of Webd still makes external requests. People with computer knowledge can easily block it. Many even use Webd in intranet environments isolated from the internet, and it still functions properly in such cases.

Yes, that's true. And those who use PC and run a permanent web server, will probably look for something more powerful/robust to handle a lot of traffic/users (concurrent connections), and they might already use Nginx, Apache, Lighttpd, LiteSpeed Web Server or similar (since they could be computer experts). People in the know are not afraid of using complex software. Personally, although I have some advanced computer knowledge, I always try to keep things simple. That's why I love HFS, because it can be very simple to use, but also very complex if needed.

Nowadays, many software programs are too bulky and cumbersome to use and configure, which is one of the motivations behind my development of Webd. This software has indeed helped many people. Many are starting to dislike flashy but impractical software.

If I'm not mistaken, you are from China, and people from there are smarter/intelligent (more geeky persons, open to test new technologies), than in English-speaking countries. There you all could be more comfortable to seeing advertisements than here too. That could be the reason why Webd is very popular there. I have a big respect (and admiration) for people from your country, but you should know that not everyone here have the same concept of your country (the world is very divided today). I do not get carried away by what others say, I evaluate and value people, I do not follow pre-established precepts. However, I am always very cautious when trying new software, no matter what country it comes from (and I like privacy-friendly software).

I speak Chinese, but that doesn't mean I am from China. There are other countries where similar forms of Chinese are spoken, such as Taiwan, Singapore, Malaysia, and communities in many other parts of the world. Because I speak Chinese, I have a better understanding of the situation there. What you see is just the surface; the underlying reason is the severe exploitation, both overt and covert, in that region. People act that way merely as a means of survival.

I also don't have too many friends (I prefer quality friends, to quantity of semi-acquaintances), but you can count on me to help you out, on whatever is possible to me, given my very limited free time. I always try to be active on this forum, helping people who need something (you can find me here and also on Twitter). Well, I have nothing more to say, I hope other users here can leave their opinion about your program.

May I ask why you don't have enough free time? In my impression, programmers in the Western world have plenty of free time and a decent standard of living, which allows them to contribute to the open-source community. Some programmers who have immigrated to Western countries say the same thing.

Rejetto (the author of HFS) would like if you try his new HFS3, and leave your opinion about it.

I developed this software years ago, inspired by HFS. At that time, I wanted a similar software that could run on Linux, in terminal without GUI.
But now I don't have a suitable environment to run the new version of HFS, only a few spare computers running Windows 7.

76

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 09, 2024, 08:32:10 PM »

I'm not discouraged by your message, just the data tell the truth.

Keep in mind that it could take several years before a software gets wider usage. HFS needed 10 to 20 years to get on the position is today. It's not something that happens overnight, no matter how much you want to promote it. Too much promotion, could even be counterproductive, since it might look as something negative for some users. Adding advertisement to software is something that also scare off users, especially in English-speaking countries.

Now days, people rather to use web app. Less and less people still use PC.

Yes, that's true. And those who use PC and run a permanent web server, will probably look for something more powerful/robust to handle a lot of traffic/users (concurrent connections), and they might already use Nginx, Apache, Lighttpd, LiteSpeed Web Server or similar (since they could be computer experts). People in the know are not afraid of using complex software. Personally, although I have some advanced computer knowledge, I always try to keep things simple. That's why I love HFS, because it can be very simple to use, but also very complex if needed.

I don't known why Webd is very popular only in my native language world

If I'm not mistaken, you are from China, and people from there are smarter/intelligent (more geeky persons, open to test new technologies), than in English-speaking countries. There you all could be more comfortable to seeing advertisements than here too. That could be the reason why Webd is very popular there. I have a big respect (and admiration) for people from your country, but you should know that not everyone here have the same concept of your country (the world is very divided today). I do not get carried away by what others say, I evaluate and value people, I do not follow pre-established precepts. However, I am always very cautious when trying new software, no matter what country it comes from (and I like privacy-friendly software).

And even worse I don't have much friends  :'(

I also don't have too many friends (I prefer quality friends, to quantity of semi-acquaintances), but you can count on me to help you out, on whatever is possible to me, given my very limited free time. I always try to be active on this forum, helping people who need something (you can find me here and also on Twitter). Well, I have nothing more to say, I hope other users here can leave their opinion about your program.

Rejetto (the author of HFS) would like if you try his new HFS3, and leave your opinion about it.

Wish you all the best,
Leo.-

77

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 08, 2024, 04:19:51 AM »

I've run Webd with administrator rights (my mistake). But I could have bad luck with my graphic card, and it might be a mere coincidence that was testing your software. Please don't feel bad.
Please don't feel discouraged by my message.

» To tell the true, I was a little paranoid, because lately there are too many people attacking old HFS versions (v2.3m and v2.4), like if they were doing on purpose, to discourage others running local home servers. I know this is totally unrelated, but it's to give you some context about my last message.

If you have some friends with Delphi/Pascal knowledge, you can tell them to give a hand to find a solution to this vulnerability (CVE-2024-23692), which is explained here: https://github.com/drapid/HFS/issues/3

You can still be a hero here...

I'm not discouraged by your message, just the data tell the truth.
Now days, people rather to use web app. Less and less people still use PC.

I don't have friends with Delphi/Pascal knowledge.  I even don't have friends with C knowledge.
And even worse I don't have much friends  :'(

78

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 08, 2024, 03:52:45 AM »

Did you run it unprivileged?

I've run Webd with administrator rights (my mistake). But I could have bad luck with my graphic card, and it might be a mere coincidence that was testing your software. Please don't feel bad.

I think I won't give much time on apps like webd any more, It not worth it.

Please don't feel discouraged by my message.

» To tell the true, I was a little paranoid, because lately there are too many people attacking old HFS versions (v2.3m and v2.4), like if they were doing on purpose, to discourage others running local home servers. I know this is totally unrelated, but it's to give you some context about my last message.

If you have some friends with Delphi/Pascal knowledge, you can tell them to give a hand to find a solution to this vulnerability (CVE-2024-23692), which is explained here: https://github.com/drapid/HFS/issues/3

You can still be a hero here...

79

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 08, 2024, 02:57:24 AM »

I have some bad news, but please don't panic. After testing "Webd", HTTP Web Server (webd.cf/webd), everything seems to be fine (at least, at first sight it works), but when I've analyzed with an "online antivirus" (which does a sandbox analysis), the results were not so good. I've thought it was only a 'false positive', but 24hs later of testing 'Webd', my graphics card suddenly died (nothing really important, since I've tested this on an unimportant PC), but I can't be 100% sure if this was a mere coincidence or not.

After all, according to the sandbox analysis, this software has too many 'Suspicious Indicators', one of them is having driver access ("Contains ability to start/interact with device drivers"). So, I wouldn't take the chance of run this again (at least not directly on hardware, but using a 'Virtual Machine'). The lesson was learned. I always try to trust the programmer behind a software, but when things go wrong (for whatever reason), this trust is lost, and then it's very hard to recover.

I'm commenting this to the rest of the forum community, to make you all aware about the possible consequences of running this software, and how it was my personal experience with it (only as an informational note). Please don't take this as a final verdict about 'Webd'. Anyone is free to do what think it's best, but I can't recommend this software to anyone, unless you take the risks. The report generated by "Falcon Sandbox" @ Hybrid Analysis, says:

"Malicious"
Threat Score: 50/100
AV Detection: Marked as clean
(See the complete report here)

Since antivirus detection "marked it as clean", you have the final choice to run it or not, and determine if it's really safe to run. That's why I always prefer 'open source' apps, to be able to analyze the software activity directly from the source code (in case it's needed). Well, that's it. I hope you don't get angry with me for saying this. I always try to be friendly and help others (I have a long history on this forum), that's why I must leave this warning notice.

Stay safe,
Leo.-

Sorry to hear that about your graphics card.
https://www.virustotal.com/gui/file/32d318da5b85b008da8ffae746c777b3f2b22a1ec5c090b4684592ae9775af75
virustotal has 1 of 64 security vendor  flagged webd.exe  as malicious, and I don't know why,
About the "driver access",  one possible reason is  the calling WSAIoctl()  and ioctlsocket().

And webd.exe can run unprivileged. Did you run it unprivileged? If you did. I don't think it has much to do with your  suddenly died graphics card.
Why would I do that. As I said earlier, since webd is quite tiny. You can totally decompilation it, there are many tools to do that.

After many days of advertising/posting about webd at all kinds of website,  user growth is very little,  I think I won't give much time on apps like webd any more, It not worth it.

I don't known why webd is very popular only in my native language world, there pages result:
https://www.google.com/search?q=%22webd%22+%E7%BD%91%E7%9B%98
But it not work in english internet.

80

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 08, 2024, 01:28:36 AM »

I will test Webd this weekend.

I have some bad news, but please don't panic. After testing "Webd", HTTP Web Server (webd.cf/webd), everything seems to be fine (at least, at first sight it works), but when I've analyzed with an "online antivirus" (which does a sandbox analysis), the results were not so good. I've thought it was only a 'false positive', but 24hs later of testing 'Webd', my graphics card suddenly died (nothing really important, since I've tested this on an unimportant PC), but I can't be 100% sure if this was a mere coincidence or not.

After all, according to the sandbox analysis, this software has too many 'Suspicious Indicators', one of them is having driver access ("Contains ability to start/interact with device drivers"). So, I wouldn't take the chance of run this again (at least not directly on hardware, but using a 'Virtual Machine'). The lesson was learned. I always try to trust the programmer behind a software, but when things go wrong (for whatever reason), this trust is lost, and then it's very hard to recover.

I'm commenting this to the rest of the forum community, to make you all aware about the possible consequences of running this software, and how it was my personal experience with it (only as an informational note). Please don't take this as a final verdict about 'Webd'. Anyone is free to do what think it's best, but I can't recommend this software to anyone, unless you take the risks. The report generated by "Falcon Sandbox" @ Hybrid Analysis, says:

"Malicious"
Threat Score: 50/100
AV Detection: Marked as clean
(See the complete report here)

Since antivirus detection "marked it as clean", you have the final choice to run it or not, and determine if it's really safe to run. That's why I always prefer 'open source' apps, to be able to analyze the software activity directly from the source code (in case it's needed). Well, that's it. I hope you don't get angry with me for saying this. I always try to be friendly and help others (I have a long history on this forum), that's why I must leave this warning notice.

Stay safe,
Leo.-