Magic Wormhole uses an end-to-end PAKE to create an encrypted transport between two points in the Internet, using a rendezvous server.
It doesn't store files, which is almost never what you want; it's not a way to send a file and have 10 or 100 people download it. But it's probably the best way to get a file through a bunch of arbitrary network controls, NATs, &c to a desired destination. There's a Go implementation as well:
I wish magic wormhole used federated rendezvous servers, was usable from within a locked down corporate network, had a .NET implementation with a pretty GUI so that even my mom could use it, came with all major OS by default and was as accepted as e-mail so that I can actually share files with everyone, not just my nerdy friends. Is that even remotely a realistic thought?
It does, except it removes a giant advantage of magic wormhole: True end to end encryption requiring only TOFU. The web version downloads JavaScript every time and unless a specific version is somehow pinned by default, you are in principle vulnerable to MitM attacks.
Considering that a small deviation from a cryptographic protocol could fully turn cipher text to plaintext in a revered tool frequently recommended in HN:
I don't know anything about croc, I haven't looked carefully at it, and don't recommend it (or have any opinion on it). Lots of smart people have looked at Magic Wormhole, which is one of the things that makes it neat.
This is a great way to make sure there are no alternatives to Magic Wormhole. If this attitude was common in web browsers, we would only have one software of its kind in every category. No choice for users whatsoever.
What's a good way to make sure of it? Not having any opinion of it, because I haven't looked at it?
There are a lot of alternatives to Magic Wormhole. Unfortunately, most of them are pretty sketchy. One thing I can say about Magic Wormhole: it's not sketchy.
This sounds like a slippery slope. No one is saying not to try anything else, they're saying to make sure and use stuff that is more likely to be safe. In the case of web browsers, we do only use like 4 or 5 out of thousands.
Since not everyone will click the link and read to the end of the post, it seemed worth pointing out that the vulnerability being commented on here was fixed: https://schollz.com/blog/croc9/
You seem to be missing the point. If I wanted to send a funny webm in a room on Discord or IRC for example, if I didn't want to upload it directly to Discord that is, I could use this with ShareX to upload it and get a link that's easy to share. It's not supposed to be secure. It has its place alongside Magic Wormhole just fine.
If you want to send a funny webm, use whatever you'd like. The comment to which I responded to said "no, this isn't the same use case, because Magic Wormhole makes you install something". If they'd said "this isn't the same, it's supposed to be OK for this to be grievously insecure", I'd have shrugged and moved on.
This rant is pretty silly. Nick Lamb's took the time to refute it on that thread; you should acknowledge that before continuing to cite your thread as if nobody had corrected you.
I used to self-host transfer.sh, but nowadays I just use WebDAV.
1. it's easy to get WebDAV running, most of HTTP server support it through modules. or you could run it with rclone, on non-standard port or behind a reverse proxy
2. I don't share upload access with others, it's only for my own use. and this way I don't need to deal with huge uploads or illegal contents.
3. I could also just curl it, the uploaded content will have proper mime types. It's convenient for me to share pictures and videos this way on Telegram because it generate previews for me, and it's easy to just copy-paste a link to send to more than one person.
4. I could use WebDAV for various other cases, such like keeweb instance, Orgzly (android) notes syncing, saving keepass database etc.
Could write a simple shell script to include random characters in the URL, copy url to clipboard etc, such like this one I wrote [1]
btw for plain text, I prefer to use fiche [2] a simple netcat based pastebin. I have a public fiche instance [3] which allow people to upload with bash/zsh/netcat and show webpage with syntax highlighting. Text usually consume very a few of storage and not that "sensitive" like some photos and videos could be, so it's less troublesome to provide a public service for that. I've also write a Telegram bot for easily upload to my pastebin.
Lifespan of my WebDAV uploads and pastes are 1 month, it's very easy to clean them with crontab
Haven't use Windows for a while, on macOS I used to use NFS to access files on a LAN server but switched to WebDAV as well because it seems easier and cleaner to use WebDAV compare to SMB/NFS, since it does not require extra services or opened ports on server.
Nowadays I mainly use linux distro, the main use case of accessing files from LAN server is watching movies or TV series. I just create m3u/m3u8 playlist on server and play it through HTTP (not necessarily use WebDAV in this case). this way could avoid potential troubles I could get from mounting a remote directory.
# LAN server
ls -1 *.mp4 >playlist.m3u
# computer, mpv with "save-position-on-quit"
mpv http://raspberrypi.lan/path/to/playlist.m3u
The problem with webdav on windows explorer for me has always been the lag. Windows explorer has never really handled remotes with latency well, and webdav is one of those when you access a server across the globe
- Send up to 10 GB and get a share link in 1 second
- Files are hosted for 24 hours so you don't have to be online at the same time as the receiver
- There's no need to wait for your files to finish uploading before you can copy the link and send it to your recipient. The recipient can start downloading even before the files have finished uploading.
How do services like this handle the copyright/malware/child porn problem? That is, I thought the whole reason send.firefox.com shut down was that it became a hub for sharing illegal content and there wasn't a good way to filter that out. If Mozilla couldn't solve that issue for a free service, how can anyone else?
Illegal content is generally ephemeral regardless of where you host it. I don't think this changes much, it could still provide a good home for some illegal things.
"Immoral" and "illegal" are not logically equivalent. An act being immoral does not make it illegal and an immoral act is not necessarily illegal.
Immorality is extremely nuanced and heavily influenced by society. Eg. homosexulity is illegal in some south Asian countries such as Indonesia, but is not seen as immoral in most parts of the world.
Conflating the two - or preferring the term "immoral" over "illegal" inherently lends itself to allowing people to rationalise illegal activities - such as child pornography as only being "disapproved of by society" (morality being a fairly abstract concept) rather than an act which violates the laws of the land and is officially and formally condemned by the government.
I think you're agreeing with kwitze. It's ok and even desirable for these services to host illegal, moral content but bad for them to host immoral content
This stores files for two weeks on a third-party server.
What advantages for the intended use cases does transfer.sh have over netcat invented 26 years ago? I know some people who have used nc for those entire 26 years to xfer files point-to-point from the command line.
Not sure if your comment is just a re-hash of the now famous HN comment on the Dropbox Show HN ("Why can't you just use rsync/scp"), but netcat which is a unix utility shares basically nothing with transfer.sh which is a web based file sharing application. Comparing them is really apples-to-houses.
Netcat has it's uses, but one of them is not guiding your friends and/or family through a terminal in order for them to receive some photos you took last summer vacation.
What I asked about was the intended use cases, considering transfer.sh and nc. What you mentioned is not one of the many listed use cases. Most of them are to transfer a .txt file.
Netcat is seriously awesome, and still exists very much under the radar of a lot of people. I've used to to copy files around the planet, the datacenter, and the lab.
It excels at doing things "right now". If I have a terminal window open on a server in France and one in the US; then I can easily move that file. However, If I have to move my body to the target location before I can copy the file it doesn't work as well. (Need to jump through a few other hoops that make it more challenging.)
Protip: ALWAYS grab the hash of the file before you send it, and compare.
2nd Protip: Encrypt your file(s) before you send them.
Something like this is decent for moving a file at your leisure, or to give a copy to somebody else at their leisure.
Target PC opens a port and starts listening (outputting to file)
Sending machine establishes a connection to the listening port, and starts copying the file.
Example (hide a file transfer as DNS traffic)
Listening computer:
nc -l -u -p 53 > output.file
Sending computer:
cat original.file > nc -u [destination ip address] 53
In this case you'd be dumb not to encrypt the file before transit. And as I mentioned already make sure you have a hash of the original.
You can also use TCP. These are sneaky/simple ways to move files around. Downside: You need to poke a hole in a firewall, but options exist for that too.
ssh/scp downside: You need an account on target PC to connect to.
nc downside: you need an open port on the listening PC.
Most obviously, the same things as its disadvantages:) With nc, you don't have encryption or authentication, which is good - faster, no keys to set up, no fingerprints to accept - and terrible - no transport encryption, no data integrity verification, no access control except for at the network layer. Also, slight difference in how you use them: scp operates on files, nc on streams. But you can just pipe over SSH, so that's not a big difference IMO.
I have literally done this once with a friend of mine, transfer a file over netcat. It cost us about 10 minutes of figuring out the exact commands, and we were at the same LAN party, and thus had a direct network path to each others systems. With most consumer routers and their NAT this would be much more complicated. And this was with a friend with high unix knowledge, so not just the "I know how to paste commands from askubuntu" knowledge.
So yeah, just being able to copy curl commands from a website certainly has value over configuring complicated commands.
Since this is conspicuously lacking among other threads here, allow me to thank the creators and maintainers for a service invaluable to those of us who are grateful for the ability to share files without installing new software, and who mightn't need e2e protection for it (though as the examples show, this is possible, again without installing additional software).
I like transfer.sh and use it occasionally as an easy way to send things to friends that are on a remote server. However, I've realized that the upload speeds are pretty throttled to the point where it takes minutes for 100mb file. So I started using oshi.at which afaik is petty similar but faster uploads. Though, the one downside of oshi.at is that you can't watch mp4s in the browser it just starts download immediately.
I look forward to seeing a CLI for wormhole.app though
Neat! This looks like the closest thing to what I'm looking for when I ssh somewhere and I don't want to cat the file, mark, scroll, scroll, scroll, scroll, copy, and paste into a gist.
Not to put transfer.sh down - it's very useful in many situations, I'm sure! - but I just run a permanent webserver on all the machines I want to share files from. I discuss this more in http://catern.com/computers.html
One of the easiest ways I've found to move a file into places like Heroku (think a task where you need to manually import a CSV using something like an app script or rake task)
I could have created a header of some kind to identify it but I figured it would be more fun in this case to give people some ducktective work to do ;-)
i'd like something like transfer.sh but without uploading files to a server. just relay.
if i wanted to upload files, i could just do that on my own webserver.
what i am looking for is:
download via browser
sharing from commandline or browser
shared file is availble as long as the share-process keeps running
(ideally also) self-hosted relay servers
https://github.com/magic-wormhole/magic-wormhole
Magic Wormhole uses an end-to-end PAKE to create an encrypted transport between two points in the Internet, using a rendezvous server.
It doesn't store files, which is almost never what you want; it's not a way to send a file and have 10 or 100 people download it. But it's probably the best way to get a file through a bunch of arbitrary network controls, NATs, &c to a desired destination. There's a Go implementation as well:
https://github.com/psanford/wormhole-william
... which is what I use most of the time. If you haven't played with it, I highly recommend it.