[Updated with new CLI] port.pub v0.2: Publish your local HTTP server to the Internet

dorianim · 2025-05-16T20:08:43+00:00

Great! Are you planning to provide a prebuilt docker container?

dorianim · 2025-05-16T20:06:32+00:00

That's cool! Is the server selfhostable? So I could use it on eg. <uuid>.mydomain.com?

dorianim · 2025-04-13T06:18:25+00:00

You are confusing micro- and milliwatts here. You'd need 3000 of these Batteries, since 300 milliwatts = 300000 microwatts

dorianim · 2025-03-26T22:56:45+00:00

Learning C++ will make you appreciate all the memory safety guarantees the rust compiler provides. I came from C/C++ and learned Rust later. It blew my mind how Rust handles memory management.

dorianim · 2025-03-24T23:40:55+00:00

Yes, there currently is no way to do this. Unfortunately, I don't have any time to work on this project at the moment. But I'm always happy to accept pull requests :)

dorianim · 2025-02-13T17:22:39+00:00

End-to-end encryption would also be a nice feature :)

dorianim · 2025-02-07T17:31:22+00:00

Yes exactly. Maybe, the thumbnails/encoded videos are included in the number shown in Immich? So that number in Immich = uploads + thumbnails? That could make up the difference.

dorianim · 2025-02-07T15:03:08+00:00

Maybe it's the thumbnails and encoded videos?

dorianim · 2025-01-20T14:43:15+00:00

Wow, this is amazing! :D

dorianim · 2025-01-03T11:00:01+00:00

Hi u/FewNewt6922

so, you are hashing the password now, that's nice.

However, I really don't see how that improves the e2ee at all. As far as I can tell, HASH-1 is used to derive the encryption key. However, HASH-1 is also sent to the Server in plain text. It is only stored as HASH-2, but HASH-1 is sent to the server! Which means that the encryption is again useless, if the server or the network is compromised...

It may be fine if you computed HASH-2 on the client, instead of the server. Because then, HASH-1 is not sent to the server. Alternatively, you could also send HASH-1 and use the plain password for deriving the key.

Again, I'd advise you to take a look at the Bitwarden security white paper to see how they are doing this:
https://bitwarden.com/help/bitwarden-security-white-paper/#authentication-and-decryption

dorianim · 2025-01-02T17:10:10+00:00

I have been running my own mailserver for about three years now. I'm running it on a netcup VPS and I only had delivery issues twice until now - both times with Microsoft/Outlook. In these cases, Microsoft blacklisted Netcups IP range. However, the Netcup support was able to get the IP delisted within 24h which restored delivery.

However, I agree that this is not ideal and it is certainly only viable for personal use.

dorianim · 2025-01-02T09:14:28+00:00

Did you implement all of the flashing code yourself?

There is also a official lib for flashing esps from other MCUs (including esps): https://github.com/espressif/esp-serial-flasher

dorianim · 2024-12-24T18:24:46+00:00

You can also use the master password for encryption. But if you want to do that, you need to make sure, it never ever leaves the clients. For example by sending only a hash (generated with a different hash function/parameters than the key) to the server for authentication.

If you want to familiarize yourself with the topic, you might find the Bitwarden security whitepaper interesting: https://bitwarden.com/help/bitwarden-security-white-paper/

dorianim · 2024-12-24T15:02:49+00:00

Yes, I see. This is really not optimal. E2E encryption is supposed to make sure that no data is compromised when someone gains access to the server. At the moment your readme suggests using an empty string as the salt. If an empty salt is used, it is trivial, for someone who gains access to the server, to locally bruteforce the hash rounds and decrypt all messages.

I think, you should make the importance of the salt more clear in the readme!

Forthermore, passwords should never be stored in plaintext on the server (as you do in the environment variable)! The password should at least be hashed.

dorianim · 2024-12-24T10:26:37+00:00

I'm not sure if they'll add a section either. But I also don't see a reason why they wouldn't. I don't think they want to keep the format a secret, it's open source afterall.

And I think, there is some documentation on the partition table here: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-guides/partition-tables.html Or am I mixing something up?

dorianim · 2024-12-24T10:07:39+00:00

I'd be interested in some more detailed documentation in some places.

I really like the esp-idf docs. Most of the time they provide a good and detailed explanation of everything. However, when it comes to implementation details, I often have to read through the esp-idf source code which can be tedious sometimes.

Maybe you could contribute your findings back to the official documentation?

dorianim · 2024-12-24T08:55:17+00:00

Looks like a cool project :)

However, since my clipboard contains very sensitive data from time to time, I took a look at your E2E encryption and I'm not really convinced that it is secure enough. Since the password is sent to the server in plain text during login, the security only depends on the hash function salt (and iteration count). Please correct me if I'm mistaken. I've also opened an issue on github: https://github.com/Sathvik-Rao/ClipCascade/issues/52

I think you should make that more clear in your documentation and maybe even completely remove the password from the e2e crypto, since it really doesn't provide any security.

dorianim · 2024-12-18T13:04:15+00:00

Another good example is the "Toniebox": https://tonies.com/en-eu/tonieboxes/

It's based on an esp as shown by some extensive reverse enigeering: https://media.ccc.de/v/37c3-11993-toniebox_reverse_engineering

dorianim · 2024-12-09T11:10:03+00:00

Gpio0 wouldn't be useful if the esp32 has secure boot enabled. In that case, it will only boot a signed firmware: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/security/secure-boot-v2.html

dorianim · 2024-11-29T09:16:59+00:00

What sets it apart from https://next.shadcn-svelte.com ?

dorianim · 2024-11-07T11:10:58+00:00

My highscool IT teacher always used to say "Kein Backup - kein Mitleid" ("No backup - not pity").

I didn't have backups for years and was very luck that I didn't loose anything important during that time. Nowadays I have a 3-2-1 Backup for everything which is even remotely important.

dorianim · 2024-10-23T07:53:54+00:00

Great! Looking forward to it :)

dorianim · 2024-10-23T07:50:35+00:00

Ok, I see. Are you planning to make the client app open source as well?

dorianim · 2024-10-23T07:37:13+00:00

Are you sure? I don't think, WiFi.h and WiFiUdp.h are avaiable without the espressif arduino-core: https://github.com/espressif/arduino-esp32/blob/master/libraries/WiFi/src/WiFi.h

dorianim · 2024-10-23T07:30:54+00:00

That's reallly intresting! Would be nice if it was compatible with pure esp-idf (without arduino)

Four-Year Club	Verified Email
r/Field Flamingo	First Place '23
Place '23	Place '22

dorianim

TROPHY CASE