I built something similar but it wasn't intended as a clipboard. Mostly for anonymous chat but I personally ended up using it as a clip board. The difference. We don't persist anything on the server side, it's totally in memory and you can create new streams that have shorter ttls.
>The difference. We don't persist anything on the server side, it's totally in memory
Very nice. At what point are items deleted?
Obviously private data is up to the user, but what about privacy ie gdpr, and the general courtesy of deletion from your end?
Every message is deleted after 1024 seconds by default in any stream created on the fly by posting a message. New streams can be explicitly created with lower ttls that expire messages sooner. All streams cap at 1024 messages and are aged out like that if they persist longer than the ttl of the stream.
at this point why not just ssh to a host and use vim?
i mean, you might have better client os support than a matrix client in most cases :) and if you are running a private matrix node you already have sshd to solve all the constant annoyances and upgrades
How private the chat is is defined by E2E client encryption. Dendrite + Postgres uses ~320MB of my home server memory with negligible CPU and that’s while joined to a few federated rooms.
The interesting thing here is that an identity is represented by an image ("avatar"). Normally you can't get enough combinations with such a scheme and still produce a distinguishable image. Perhaps those long hex numbers shown in the screenshot also represent identity?
Another interesting thing here is that the RSA keys are 1024 bits long. It is fairly unlikely that some entity like the NSA is going to expend a Manhattan Project level of effort to get the messages of one individual (it would be cheaper to use other methods) but they in theory could. Most just make RSA keys 2048 bits long and accept the wild overkill.
Is there a German word for "this person is very intelligent but lacks sensibilities"?
A js-based browser app to move files between VMs in (literally any scenario where you've opt-ed into using VMs for isolating)??? The only thing feature here that seems useful, is also unmentioned and basically is an anti-feature -- a server with persistence.
so, instead of using the qemu/libvirt/vb/hyperv native way of passing in a socket/secret/etc, we're involving: javascript, a web browser, php, redis, jquery, bootstrap (probably fine, but also who knows depending on how it's included), oh I ctrl-tab back and apparently it's generating RSA keys somewhere, for me, for some reason????
Feel like XY Problem - there's probably a simpler, better solution for a slightly more specific (or even just attempted-to-be-specified-at-all) problem statement.
> Is there a German word for "this person is very intelligent but lacks sensibilities"?
Not quite the same, but there is the word "Fachidiot" ("fach" = subject) referring to someone who is book-smart on a topic, but is generally not very smart, nor able to apply their topical knowledge in ways they weren't specifically taught.
> Feel like XY Problem - there's probably a simpler, better solution for a slightly more specific (or even just attempted-to-be-specified-at-all) problem statement.
Problem:
Share content between two random devices without having to install an app, having to share the content with a third party or having to have a verified (by third party) identity.
Or alternatively, what's a quick way to share a file with a random person that I meet on the street without unnecessary friction or leaving unnecessary traces.
Where is the file stored, I looked at the security-design page and it says hat it's uploaded to Backblaze and there's some reference to torrent creation, I'm not sure I get it
And I thank you for it! I’ve been pushing it to anyone who has a need and I use it myself to safely exchange files across machines that are behind vpns and firewalls at work.
It’s pretty fast too!
My only comment is that I wished there was a way to choose to keep the files a couple more days (had the issue with sending files to my nephew who couldn’t get them straight away and then the link expired once he was able to use it, after class, the next day).
> alternatively, what's a quick way to share a file with a random person that I meet on the street without unnecessary friction or leaving unnecessary traces.
There’s a lot of things that cumulatively make this hard. Some of them are “social” more than technical, and some are technically hard because of society. But importantly, people have made webpages that just p2p link two devices (eg wormhole).
Generally, no one wants to be the third party to facilitate anonymous, easy content sharing. Because people do bad things with such power. Due to the way most people consume the internet, everything is behind NATs and we’ve exhausted the IP(4) space, so p2p is pretty hard, but doable especially with a signaling server. It’s really hard to leave no trace because again, no one wants to be anonymous really, and pseudonymous tools like BitTorrent still leave subtle traces in the DHT.
> What's the best solution for this?
First, define “unnecessary”. But then…
Probably to change your criteria. I’ve never been in or can imagine a (legal and good for society) situation where I needed truly anonymous file sharing, without any ability to install anything, at a moments notice.
If you’re eg sharing with a journalist, you can take time to install software, or host content for download, or upload content to them, even if you needed to be anonymous.
If you need to it be on the street in a moment, no time for an app, you can probably just share an email or Google drive link.
If you can’t install anything, and you can’t use a 3rd party server, you should just hand them an SD card with the content. You already need to be in person to exchange public keys and hashes and whatnot.
The only true use case I can imagine needing so many anonymous protections is to share… bad media files that shouldn’t be shared with people who want them.
> Share content between two random devices
Easy… Dropbox, SFTP, torrents, USB drive etc
> without having to install an app
You’re limited to built in tools only. So either trust SMS or email, or use a browser. Either way, you need a third party server to relay the content or the software (email server, or server to host a webpage et ).
You can use Dropbox etc, you can use web torrent. You can email. USB drive.
> without having to share the content with a third party
Ok… less tools already available, you can still use webtorrent but you’ll need to exchange the magnet link and the content hashed would be in a DHT. Sorta a 3rd party but you can minimize actual content leak.
Knowing I’d the server (or other party) is logging a lot of data is question you might not be able to know.
Also a usb drive.
> having to have a verified (by third party) identity
I wouldn’t host a service without identities but at this point you have options already in the p2p space. IPFS, web torrent, p2p chat services, DAT, a bunch of things exist.
I don’t think the use case of this project is to share clipboard data with a VM. Especially not if you’re hosting the VM yourself (“clipboard access” implies you’re using the host). That’s an option in the readme BUT… why do all that? You don’t really need encrypted traffic, or identities, etc.
This project is probably for learning purposes of the developer, which is great, but I don’t know what actually use case I’d find for it is.
> I don’t think the use case of this project is to share clipboard data with a VM. Especially not if you’re hosting the VM yourself (“clipboard access” implies you’re using the host). That’s an option in the readme BUT… why do all that? You don’t really need encrypted traffic, or identities, etc.
I have several years experience of working with contractor, who gave us access to their infrastructure by giving remote access to terminal windows server on VMWare Horizon. And there was NO clipboard sharing, files sending or folders mounting features enabled. We couldn't install any software, and user account (and all the machine) regulary was wiped and reinstalled from ground (on weekly basis). So, this service was created exactly for this situation.
Encryption is needed because of data passed into and out of VM is sensitive (passwords, logfiles, partial DB dumps), and my co-workers sometimes used insecure services, like cl1p.net for the same purpose. So, I written this tool in my free time :)
I'll add this explanation to README, as for me it looked obvious :)
I think the mention of using VMs was to show that if you had a machine hosted somewhere outside of your network, but you needed to get a file onto it and had no direct connection to it, then you could use this to host an encrypted file and then download it?
I'm sure I've seen something similar where a browser creates a tunnel of sorts, and lets you send a file or something directly from one browser to the other - which would probably be better for something like this as the file is not stored on a server.
When you are using VMWare Horizon given to you by contractor, where clipboard and all other data transfer integrations are disabled, no software could be installed, Windows inside VM gets wiped every few days, and your collegues mindlessly used dangerous services like cl1p.net to share data, this is not so stupid to write such a tool :)
URL could be used if it COULD be used. If you don't have any clipboard, you can use QR-code.
1) Open first instance of app on you PC
2) Open second one in side the VM
3) Open both QR-codes by your smartphone and add keys with enabled checkbox "send all my keys"
4) Profit! You have all your three devices (with smarphone) connected with eachother
When something is shared one of frequent questions is how it compares to something else. I provided information relevant to potential users.
If you had something useful to say regarding OP or my comment, that'd be fine. What are your comments (yours and the one your responded to) if not comment spam?
If you don't like a comment and have nothing to say on the topic, feel free to downvote it, hide it and/or move on.
Website: https://malten.xyz
Source code: https://github.com/asim/malten