Likely law enforcement found out about it being used to distribute illegal content and then applied pressure. Companies don’t have a strong history of successfully resisting that pressure.
I just discovered this TH feature the other day when attaching a file to a mail but it looks like it works with plugins now, so you can use different providers.
Actually I came here to ask if Gokapi works with that Thunderbird feature.
Consider implementing a 'guest upload' feature with stricter expiration policies and file size limits. This could maintain security while allowing for more flexible use cases, especially in client-facing scenarios where bidirectional file sharing is necessary.
This is exactly what I use Firefox Send for in my org. It's not strictly "admin can download" but anyone with the password/link can download. The effect is the same.
If this is something you’re interested in it can be reimplemented on CloudFlare workers super easily using the awssdk for s3 (R2) and with D1 as the DB.
The company I worked for misconfiguration one of the buckets and allowed uploads. A couple of months later there was a bill for $15k. Since apparently some spammers were using our service.
Which is OK for a company but I would not want to use it as a private individual.
I have never had to use them directly but the use-now-pay-later model feels scary to me for the same reason. Maybe they allow setting the upper cap to the monthly bill (crossing which they don't serve you until you intervene) but I have never heard of it. On the other hand there are many stories extremely ballooned bills for some unforeseen reasons.
I need something like this but allows users to upload and send files. I don't want to make everyone admin.
Apparently Thunderbird are working on reviving Firefox Send and adding encryption.
Overall Thunderbird seem to be doing white well from themselves since rejoining Mozilla: >$8m in donations last year I think.
FF Send already had encryption -- IIRC, Mozilla shut it down because it was being abused.
Abused in what way? Content? How would they know, if it was encrypted. Or volume?
Likely law enforcement found out about it being used to distribute illegal content and then applied pressure. Companies don’t have a strong history of successfully resisting that pressure.
I just discovered this TH feature the other day when attaching a file to a mail but it looks like it works with plugins now, so you can use different providers.
Actually I came here to ask if Gokapi works with that Thunderbird feature.
Consider implementing a 'guest upload' feature with stricter expiration policies and file size limits. This could maintain security while allowing for more flexible use cases, especially in client-facing scenarios where bidirectional file sharing is necessary.
Any recommendations for s3/b2 - anyone can upload (or with password) and only the admin can download?
Goal: allow customers to upload large files.
I run https://www.wormhol.org
Ping me if you want your own instance.
It uploads to S3. I could make it such that only you/admin can download. Right now everyone with the link can.
Supports up to 5GB (S3's limit without doing multipart uploads).
To go full aws on this:
- lambda vending s3 pre signed urls with put only permissions
- a static page with 20 lines of js that requests one of those urls and does the put
I’m not aware of any existing solutions, but your problem seems simple enough that you could roll a solution yourself
This is exactly what I use Firefox Send for in my org. It's not strictly "admin can download" but anyone with the password/link can download. The effect is the same.
Also supports Backblaze B2 per the docs.
Would it be better than seafile and it's share link functionality (it can be expired after x days as well)
Can we have this but something server less? Like using cloudflare workers and R2 (I know R2 is S3 compatible)
You could use Tailscale send
If this is something you’re interested in it can be reimplemented on CloudFlare workers super easily using the awssdk for s3 (R2) and with D1 as the DB.
Yes, but would be great if someone made it and is open source. Would be cool little side project, no doubt.
The source code is there - you could try to add the functionality to it :-)
xkcd949.com is serverless (azure only tho, github.com/gfody/webrelay)
AWS S3 scares the shit out of me.
The company I worked for misconfiguration one of the buckets and allowed uploads. A couple of months later there was a bill for $15k. Since apparently some spammers were using our service. Which is OK for a company but I would not want to use it as a private individual.
I have never had to use them directly but the use-now-pay-later model feels scary to me for the same reason. Maybe they allow setting the upper cap to the monthly bill (crossing which they don't serve you until you intervene) but I have never heard of it. On the other hand there are many stories extremely ballooned bills for some unforeseen reasons.
They have "AWS Budgets" for alerting you if you go over an amount but no automatic stops.
Notwithstanding the fact that this was a user misconfiguration, S3 allows you to configure public access blocks to prevent this sort of thing.
These days, you have to remove the public access block AND explicitly write a bucket policy (or set up deprecated ACLs) to allow public access.
I dig this
That's a different site, this is hackernews.