YouTransfer: Self-hosted file transfer and sharing solution
github.comI'm using LocalSend for local network sharing needs (typically stuff between my laptop and my phone). It works like a charm, and is really easy to use
I did try a bunch of these peer-peer file sharing, the best ones the worked well are localsend and LANdrop, as I have a screen (basically a custom android tablet) in my car and I needed to send files without the car accessing any wifi, those two worked well. The others I tried that didn’t work well were: Arc, Sharedrop, pairdrop, and snapdrop.
SnapDrop was so buggy that the transfer speed was very slow, sometimes hitting the send button did nothing, and need to open browser on the target machine first and recently somehow it stopped working completely, I figured installing NextCloud client on my Android phone solved it easily to have the file arrive instantly without complications.
Having to download an app for each platform to use it is a huge drawback for me. LANdrop seems to require this (unless I am not understanding it well).
Maybe a drawback for your case, but it’s the feature I was looking for, one of the devices (my car screen) has no internet access at all, so I loaded the APK file there, and used it to transfer the files from my iPhone to it without internet, it wouldn’t be possible with the likes of snapdrop, and it didn’t even work properly in other two devices that had internet access.
Been running a selfhosted PairDrop instance for about a year now and it's amazingly useful. No apps to install, just web based "AirDrop" that works across macOS, Windows, iOS, Linux...
Out of interest, What’s the advantage of self hosting vs using the web version on the main page? Are there security or convenience benefits?
The main ones for me are not being dependent on someone else's server, and being able to use my own domain name.
Last checkin four years ago and README says „looking for a new maintainer“. Is this abandonware?
I've seen probably four or five different brilliant file transfer solutions that totally solved the person to person file transfer problem posted to HN and every dang one of them was shut down or abandoned.
Because the problem doesn’t exist. Non tech folk use stuff like imessage to send things and rarely deal with large files at all beyond images or video. That works fine for them. Tech people use proven existing tooling like rsync or ftp. The only market that exist for this I’d guess is resumeware which explains why these projects are all built then abandoned.
Tech people don't use rsync or FTP because those are terrible solutions. FTP is insecure and requires setting up a server. Rsync requires an account on both machines.
In my experience companies usually end up paying for a service that solves this problem for their employees. Yes really.
Anyway I would suggest using
https://magic-wormhole.readthedocs.io/en/latest/
or RustDesk. RustDesk has a nice GUI and file transfer has a really nice two pane file explorer view but that is obviously not great for transferring files to people you don't fully trust.
> Non tech folk use stuff like [messengers] to send things
Yes, and tech folks too, but what about if you're not already connected friends? You don't want to invite your entire audience at a conference to send them slides.
You either need to already have a website and say "click on News and find the entry for today", have them type over some long URL with perfect accuracy, or use a link shortener to the same effect. It always requires having hosting, unless there exists file sharing services. That's the problem these things solve.
Also mind that there are size limits in most messengers on the order of a few hundred megabytes. You don't run into them that often, but whatcha gonna do when you do? A dedicated file sharing service that supports in the gigabytes range solves that situation as well.
You SFTP your slides to your self-hosted webspace and share a link like https://www.mydomain.example/public/foo-talk-slides.pdf.
Sure, only if https://icantfindanametoregistertosavemylife.com wasn’t taken.
Lots of available choices: https://www.checkdomain.net/en/domains/search/?domain=reacto...
And we were presuming self-hosting anyway.
I've been using Send, which I really like: https://github.com/timvisee/send
Oh cool, I didn't realize Firefox Send has survived via a community fork. No commits in 7 months though, that's a bit long...
Yes but it doesn't need more commits I guess, it does what it does very well.
That's probably what Maine thought as well https://apnews.com/article/maine-moveit-file-transfer-softwa...
I'm self-hosting Pairdrop on my home network. It's a great solution to the problem of moving files around in an inhomogenous device environment".
What's the difference between inhomogenous and heterogenous?
I can recommend PicoShare which I've been self-hosting for a while. It's a couple of years old now and still maintained. Also, it's very simple and allows for guests too.
So do guests need an account?
No, you can just create guest link for single use.
For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software.
For context, this is a parody of the infamous https://news.ycombinator.com/item?id=9224
I was unaware there was copypasta on HN. I know this might be generally the sort of post that the site wants to avoid, but the phenomenon of copypasta within a given community still makes my heart smile a little bit.
> "getting an FTP account"
There are myriad options if you get a server of some kind. A webserver is even easier to get, and to share, than an FTP server.
That's not the challenge these projects attempt to meet.
For that you can also use sparkleshare, abandoned but its just a git frontend
That sounds like a whole lot of effort. Just buy iCloud.
On a mac iirc the ftp setup is a checkbox in system settings. Less friction than logging into icloud even.
Is it for sale or do you have to take the entire $2.9B monstrosity?
It's unfortunately not FOSS, but I quite like https://wormhole.app/ - It's client side encrypted and P2P when possible
One of the two creators of https://wormhole.app here :)
Now that we’ve shifted our company’s focus to https://socket.dev, I’d love to open source Wormhole. I’m quite proud of the code - I’ve worked on P2P and file transfer systems for so so long that I think this might be some of the best code I’ve worked on.
It’s just a matter of finding the time, but I expect this will be open source eventually.
Agreed. That's my favorite as well.
Apache is still maintaned, so is nginx... just throw the file into a folder accessible by the webserver (within documentroot), and you're done :)
This is what I do. But these projects give you uploading, hash url generation and thumbnail previews as well, if you care about such things.
I use `python -m http.server` on the sender side, and https://github.com/Densaugeo/uploadserver on the receiver side if Python or the network is problematic to setup on the sender. This is simple and works well for my use cases, since I don't have a need for those features you mention. The only feature I miss is encryption, which could be done via an SSH tunnel with a bit more work, but I usually don't bother if I'm on my home LAN.
We use PsiTransfer [1] in docker. Recently updated, so not abandonware. Serves our needs really well.
Has recent commits, but last release 2022-11-14.
I'm starting to think stable software just needs to issue an update every few months that changes a few strings, just so this mentality dies out.
For a moment there I thought you were saying 'dang' (much vaunted hacker user) had shut them down.
Sharedrop.io ?
Demo page also returns an error from Heroku.
I recently started using SyncThing, it seems just perfect to share between two people. Maybe I'll put it on a server as well so we can sync without being online.
It's definitely pretty nice, but the ergonomics of it for someone that's not that good with computers can be a little hard. I've gotten synced folders into bad states before that took a long time to fix. It's also kinda awkward having to send over a nominally private and very long ID string to set up the share in the first place.
That's not how Syncthing keys/IDs work.
That device ID you have to send to someone is not nominally private; it is in fact explicitly the public key of a key pair. If you use the public discovery servers (which is the default), that key is sent there so people who'd want to connect to you can look up your IP address with it.
https://docs.syncthing.net/users/security.html#global-discov...
https://docs.syncthing.net/users/faq.html#should-i-keep-my-d...
> Should I keep my device IDs secret?
> No. The IDs are not sensitive. Given a device ID it’s possible to find the IP address for that device, if global discovery is enabled on it. Knowing the device ID doesn’t help you actually establish a connection to that device or get a list of files, etc.
> For a connection to be established, both devices need to know about the other’s device ID. It’s not possible (in practice) to forge a device ID. (To forge a device ID you need to create a TLS certificate with that specific SHA-256 hash. If you can do that, you can spoof any TLS certificate. The world is your oyster!)
Ah, thanks for the clarification. I guess I just saw a key larger than an IPv6 address and assumed it was something I couldn't share openly. It does seem weird that it's that big then. 50+ characters that can be A-Z0-9 feels like an insane amount of entropy for something that's essentially a proxy for a 12 digit number. It's longer than Windows product keys or the SSH public key I use for Github!
Additionally, I don't necessarily want a key sitting out there that will let any random person who finds it a dynamic way to look up my current IP address. It's not the worst thing in the world, but it's definitely not something I'd publish publicly.
> 50+ characters that can be A-Z0-9 feels like an insane amount of entropy for something that's essentially a proxy for a 12 digit number.
That's not all it is. It's your cryptographic public key.
> Additionally, I don't necessarily want a key sitting out there that will let any random person who finds it a dynamic way to look up my current IP address.
Sure, that makes sense. How else would you propose that it work?
Just to mention, you can use a private, self-hosted discovery server.
Having the whitelist all peers on all peers is a chore.
I stick with Resilio for this reason. For over a decade now it had been a 100% reliable fire and forget tool.
> Having the whitelist all peers on all peers is a chore.
You don't have to do that with Syncthing. See https://docs.syncthing.net/users/introducer.html
> The introducer feature lets a device automatically add new devices. When two devices connect they exchange a list of mutually shared folders and the devices connected to those shares. In the following example:
> Local device L sets remote device R as an introducer. They share the folder “Pictures.” Device R is also sharing the folder with A and B, but L only shares with R.
> Once L and R connect, L will add A and B automatically, as if R “introduced” A and B to L.
> Remote device R also shares “Videos” with device C, but not with our local L. Device C will not be added to L as it is not connected to any folders that L and R share.
Thats not the same. It means to designate one device as 'primus inter pares', and what I like about Resilio and p2p that there isn't a 'server'. I don't have one!
So then I could make all my devices introducers, which is really the same amount of work, plus adviced against because then no device can ever leave your network (remove it from one then all others will re-introduce).
Dealing with devices is really not what I want. I understand that Resilio is a bit too basic on security, because the share key is the deencryption key (in most cases), but Syncthing isnt quite it either. I think it's suited for few devices and a knowledgeable person, but not my use cases.
This is mostly where I am. Syncthing is a great replacement for something like Dropbox for me to share things between my own computers and not have to care about file size or the like. It's not really a reasonable P2P file sharing option unless the other person already uses Syncthing for their own use case, or you can just get it set up for them and then hope it never breaks. Even then, it's only really reasonable if it's someone you plan to regularly need to send larger files to. For smaller files or one-time sends, there's better options.
Resillio is working in the same way? what's the pros/cons?
Resilio was there first actually, created by the Bittorrent company of old. The main con is it is closed source and less secure, depending on your threat model. Pro is it works really well, and is compatible with less skilled users.
I also came here to put in a word for Resilio. It's the fastest and most hassle-free thing I've found that doesn't require a server. SyncThing was always very slow to reconnect and update for me.
hey Noirbot, I haven't used it for long. Can you tell me thei ssues you had a little in depth?
Let's say I want to share a file with a friend internationally. First off, while there are some reasonable UXes for Syncthing, a lot of them are pretty basic, or rely on running a daemon and then connecting a web browser to Localhost to see what's up. Once they get it set up, then I have to actually set up the share with them. To get them hooked up to my share, I have to send them a 50+ character ID string somehow, which they then have to input into a UI that's far from easy to use. The key is much too long for me to want to read over the phone, and putting it in a chat somewhere means that if that chat ever leaks, my private key for my shared folder is out there. They offer a way to send a QR code, but that has the same leak risk, and scanning a QR code on the computer you're already on is awkward.
In short, it's a great tool, it works well in general, but the initial setup is pretty cumbersome if all I want to do is send a couple files to someone.
Additionally, I've had a couple time where even just syncing between my own devices broke. I think it was something where files were changed on both sides and the reconciliation algorithm got confused, but it was hard enough to debug for me, with direct access to both devices, and decades of experience running and programming computers, that I'd never want to try to debug that over the phone with a friend.
On the ID security points, see my other comment: https://news.ycombinator.com/item?id=38986966
tldr: They're not private keys, or sensitive.
One convenient feature if you run a third instance on a server is that you can "distrust" the server by encrypting the files you sync (this is done at share level), then only entering the decryption password on the trusted end devices. That way plaintext file content doesn't sit on the server.
It's worth checking exactly what is encrypted as I don't think folder and file structure and names were encrypted.
that's superb cool!
Can you tell me what this feature is called?
https://docs.syncthing.net/users/untrusted.html
It's a setting you can find in the advanced tab of devices.
I use syncthing between three different systems and it’s great for keeping multiple systems in sync. One of them takes daily backups of the shares, so I have time-machine like backups too.
sweet! this is the setup I am looking to do as well.
It works very well with SBCs. If you're resource limited, Syncthing plays great with Cgroups limitations as well.
Thanks Bay!
You're welcome. Happy syncing and backing up. Lastly, check "Back in Time" for backups [0].
I've been self hosting a fork of Firefox Send[1] for years now, probably since Mozilla cancelled their Send project.
Lately I've also started self hosting Pairdrop.[2]
1. https://timvisee.com/projects/send/ 2. https://pairdrop.net/
Every time someone invents an actually effective method of person-to-person file transfer, it gets used for piracy and blocked and shunned.
The age of piracy has dawned upon us yet again! WHO wants to be paying $100+ every month to Disney+ Netflix Hulu etc. just to watch 1 or 2 shows on each service?? Who the hell wants to pay for a game that works worse and hurts the customers more than a deDRM'd, cracked version?
POWER TO THE PIRATES
People who don't want to faff about with VPNs, BitTorrent, malware scanning, and the anxiety of never knowing if your gaming machine has been compromised or not.
You need to be careful with executables, that's true, but
Signed GOG installer? That'll be fine.
File checksum matches known scene release? That'll be fine.
I've heard of more people getting infected via Steam than by torrent downloads recently (see: Slay the Spire on Christmas day).
I usually only have one active subscription at a time.
What do you wish to use that is blocked?
I built something similar in ASP.NET: https://github.com/Sebazzz/IFS
When I need to transfer a file from PC to smartphone, I do a
python -m http.server 8080
then from my phone I just use a browser.
Another alternative. This uses only HTTP and requires no special software, except the server. Elegant, IMHO. Extremely robust in fact.
https://github.com/nwtgck/go-piping-server
After starting the server, a few options.
Method 1: Visit https://127.0.0.1:8080 in a Javascript-enabled browser and fill out HTML form
Method 2: Visit https://127.0.0.1:8080/noscript in any browser and fill out HTML form
Method 3: Use any TCP or HTTP client. For example here is a quick and dirty shell script
#!/bin/sh
test $1||exec echo usage: $0 something file
test $2||exec echo usage: $0 something file
x=$(stat -c %s $2)
{
printf 'POST /'$1' HTTP/1.1\r\n'
printf 'Host: 127.0.0.1\r\n'
printf 'Content-Type: multipart/form-data; boundary=\"yxxxxzxxxzxxxzzxyxzx\"\r\n'
printf 'Content-Length: '$x'\r\n'
printf 'Connection: close\r\n'
printf '\r\n'
cat $2
echo ---yxxxxzxxxzxxxzzxyxzx
} \
|nc -vvn 127.1 8080
laptop> 1.sh whatever 1.pdf
phone> curl http://127.0.0.1:8080/whatever > 1.pdf
laptop> 1.sh 1.pdf 1.pdf
On phone, type into browser: https://127.0.0.1:8080/1.pdf
This file is saved as 1.pdf
YMMV
Correction:
Replace 127.0.0.1 with an appropriate address for computers on the LAN, e.g., RFC 1918 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12.
Before trying it in my lab, could the author elaborate on what's its killer feature?
The README mentions that it's an alternative to both Dropbox and WeTransfer. My current alternative to Dropbox is Nextcloud, and my current alternative to WeTransfer is (formerly Mozilla) Send. What's the added value of YouTransfer compared to this solution?
I'm also put off by the fact that the README has a big "looking for a new maintainer" disclaimer on top, and the demo page doesn't even work. Sure, I could put enough effort into maintaining a project if I see its added value, but in this case it seems to be a product trying to sneak into a market where there are already viable and well-maintained open alternatives.
How do you like Send and is it still maintained?
I also use Nextcloud but use the Floccus browser extension to sync bookmarks to Nextcloud. Works well when it works.
I really like Send, I'm not sure it's still maintained, but it works well, so I don't know what there is to maintain. It comes with a cli utility as well.
There's almost always security issues to maintain. Software is never "done".
If only OS vendors like apple thought the same and actually updated the cli tooling
CLI tooling is macOS only, not iOS, visionOS, tvOS, etc. Somof course they don’t care. Just be happy they even keep it. ;)
Used this in the past, imagine WeTransfer, but you run it yourself. That’s it.
For one off for technical folks on both ends I like the magic-wormhole cli tool. https://github.com/magic-wormhole/magic-wormhole
Just FYI, Quiet also allows unlimited file transfer size: https://tryquiet.org/
Not saying it is most efficient, but for non tech friends, that may be an option.
And for non-technical folks I use wormhole.io.
If you are working with technical people might as well just use ftp and be done with it
Partially open source (the crypto) and easy to use. Free though not self-hosted: https://wormhole.app/
There seems to be a trend of people on HN sharing abandoned projects seeking a maintainer
I even made a community for that! https://www.codeshelter.co/
It's abandoned, though.
Haha taking the long play to the punchline!
I've been setting this joke up for five years!
Because there are many unknown, probably worth of being picked by some volunteers. I think it'd be worth creating some place (HN subsection?) where a list of dead or unmaintained, still worth of attention, projects could be kept so that potential maintainers could be made aware of their existence. Just a simple list, all text, one line per project with a bunch of fields: YYYYMMDD formatted date of last update | Name (resolving to link to the project page) | Short description | clickable short list of say max 5 tags so that users can find similar ones just by refining the search to the desired tag(s).
It takes so much time and effort though. It would really be a labor of love to take up someones abandoned piece of work thats probably got deep structural issues if the author decided to pack up and leave already.
Sounds like a perfect thing to fine tune an instruction following GPT on?
https://github.com/proofrock/sfup a possible alternative, if you need upload/download via commandline (curl).
taildrop (https://tailscale.com/kb/1106/taildrop) is also nice to have if you already have a tailscale network set up for your devices. helps with the networking bit also.
last commit 4 years ago... sounds like a security nightmare
Is this easier than self hosting FTP?
Obligatory xkcd, of course: https://xkcd.com/949/
Sad reality.
For non sensitive data, ufile.io is the most decent drop app I could find. Been around for a while and am surprised they haven't yet spoiled it with dark patterns, removal of free tier, sold out.
For sensitive data, Google drive. Share.
For very sensitive data, encrypt, ufile.io, or Google drive. decrypt on the other end. Quite a pipeline but note that it paradoxally doesn't require a self hosted drop app.
Ipfs? Still not nearly as simple as via google drive, needs native app app running. Drains phone batteries, requires manual encryption for anything sensitive as file access can't be gated.
Blockchain? Except for tiny blobs, impossible.
a p2p app that use some open KPI for encryption would be great.