[ cgl / g / mu ] [ index / top / reports / FAQ / DAAS / status / transparency / fuuka ] [ img-search ]
As Dark As My Soul v2 Yotsuba Green

/g/ - Technology (Full Images)


View post   

File: 240 KB, 900x900, gnome.png [Show reposts] Image search: [google] [iqdb]
47902084 No. 47902084 [Reply] [Original]

DOES THE SHILLING EVER STOP?

http://tfwno.space

I started a file uploading service with Pomf's code.

To answer a few questions from the get-go:
>What differs this from Pomf?
Pomf is having disk issues lately and even when it isn't full, upload limit is only 5MB. Nothing against Pomf! I just wanted to run my own.

>No SSL
I'm getting a cert tomorrow. StartSSL told me the domain was too new

>Yet another shitty file host that's going down in a few days
Nope. This is stuff I like doing and I enjoy starting long-term projects.

>> No. 47902091
File: 14 KB, 497x280, tfwnospace_files-day.png [Show reposts] Image search: [google] [iqdb]
47902091

Just a small statistic so far.

>> No. 47902103

>>47902084
>I enjoy starting projects that last 3 days

>> No. 47902161

http://tfwno.space/faq

404 Not Found - nginx

>> No. 47902188
File: 545 KB, 3104x1970, Screen Shot 2015-05-09 at 12.37.31 PM.png [Show reposts] Image search: [google] [iqdb]
47902188

>>47902161
Weird, works for me? I'll take a look into it. Thanks for noticing.

>> No. 47902332

>click FAQ
>File Open dialogue opens, 404 file not found
>click Contact
>File Open dialogue opens along with mail client
>click on Pomf
>File Open dialogue opens, pomf.se opens

I get that you want us to upload stuff, but come on. The same behaviour happens on every browser I tried (Chrome, Firefox, IE, Safari) it on both Windows and Mac OS X.

>> No. 47902430

>>47902332 here.
You're quick OP, looks fixed now.

>> No. 47902440

>Upload logs are kept for 72 hours
Why would you even keep logs. Logs will only get you in more trouble if anything ever happens, if you have no logs to hand over then they can't do anything about it.

>> No. 47902510

>>47902430
Yeah, it was shitty JS I wrote. Reverted back to the old code. After finals when I have more time to look at stuff I'll have a whole-page dropzone. I'm more of a backend guy, JS isn't my thing.

>> No. 47902533

>>47902084
I'm gonna hack you David.
Nice to see you took my advice of adding logs.

>> No. 47902558

>>47902440
I bet you're a pedo

>> No. 47902564

>>47902533
pls no haks

I'm still arguing with myself if I want logs. I'll probably seek legal advice from a lawyer professor on my campus, I know one that's always willing to help with this stuff.

>> No. 47902587

>>47902564
Yeah definitely look for legal advice if you can.
A good way of avoiding problems is blocking tor, maybe vpns.

>> No. 47902614

>>47902587
The whole reason I don't want to use CloudFlare is because of their stupid Tor-captcha bullshit. I kinda want to avoid blocking Tor, but I'm not sure if that's just me being naive.

>> No. 47902658

>>47902614
It's a bit naive to be honest, but it's your site and I don't wanna tell you how to run it.
You can wait for it to start being used and if you see abuse you can then decide on what to do.

>> No. 47902812

>>47902614
I would block tor people who want to protect their privacy would just use a vpn.

>> No. 47902908

>>47902812
>>47902658
Thanks for the input. I'll make a permanent decision by tonight once I can get legal advice. For now, 72 hour logs + Tor allowed.

>> No. 47902959

>>47902188
>no beastiality
It's legal in my state, faggot.

>> No. 47903202

>>47902959
;_; sorry mang.

>> No. 47905018
File: 13 KB, 497x280, tfwnospace_files-day (1).png [Show reposts] Image search: [google] [iqdb]
47905018

Gonna bump with a bit more stats. I like numbers, even if they're paltry in comparison.

david@tfwno:~$ du -h /home/tfwnospace/files/
280M /home/tfwnospace/files/

>> No. 47905414

>>47905018
How much space do you have m8

>> No. 47905436

>>47905414
~2TB. Will increase as usage increases. Right now I'm just testing waters to see if it'll actually be heavily used.

>> No. 47905456

>'forked' from pomf
>too fucking lazy to rename the javascript file

lel

>> No. 47905560 (Deleted) 
File: 29 KB, 400x400, 2215601.jpg [Show reposts] Image search: [google] [iqdb]
47905560

>>47902084

>> No. 47905564

Wub here, I've been closely monitoring Pomf's situation with neku. I've never been entitled to talk on behalf of Pomf.se but that's what I often do.

>>47902084
What about img.loveisover.me? I don't really like that you are still hosting this at OVH.

What are you going to do to prevent layer 7 upload attacks like at Pomf.se?

Will you use CloudFlare on this later?

By all means, I'm supportive of this project and very glad to see more diversity and uploading options.

Why the logs >>47902440 ? I don't think img.loveisover.me admin (Blade) keeps logs there either, nor do I think maxfile.ro does. I have myself consulted a lawyer from Turre Legal regarding logs, you are not a telecommunications provider so mandatory data retention laws do not apply to you (service provider). (I can't give you legal advice.)

Please do not block Tor >>47902614. There are plenty of privacy aware users in an IRC channel I go to, and I hear frequent complaints of having to fill CAPTCHAs from Tor because of CloudFlare.

>> No. 47905632

>>47905456
done :^)

>>47905564
Hiya Wub.

Just spoke with the on-campus lawyer. He said logs weren't necessary, and that I can safely turn them off. I'd still have to respect DMCA issues though, being a US resident, and having the server located in Canada doesn't mean I'm safe from DMCA either.

I might use CloudFlare on this later if the load gets too high. I'm hesitant because of the anti-Tor stance CF seems to have. Being a Tor user myself, I get really fed up with having to do captchas all the time.

I see the situation with Pomf is pretty bad right now and I feel bad for Neku. I'm going to want to talk with him and see how he handles them once he's less busy.

>> No. 47905719

Going to use a temporary tripcode for this thread.

>>47905632
Good to hear regarding logs.

Yeah, DMCA is a shame. Canadian copyright is notice-and-notice, which works much better. I'm also critical of the copyright laws, especially DMCA which EFF has published an article about: "Unintended Consequences: Twelve Years under the DMCA".[1]

neku is mostly on #/g/hostingtalk @ irc.partyvan.eu if you want to talk to him, also on Stormbit #cute channel. Could you come to #/g/hostingtalk? I'd like to hook you up on better hosting provider.

[1]: https://www.eff.org/wp/unintended-consequences-under-dmca

>> No. 47905771

>>47905719
Sure, I might stop by later tonight. I'm currently studying for my finals.

>> No. 47905787

>>47905771
Should probably specify I'm in EST.

>> No. 47905799

>>47905771
>>47905787
Don't worry, I'll be on for 10+ hours probably. Just woke up a hour ago.

I feel like a dirty tripfag.

>> No. 47905903

>>47905799
Dirty tripfag.
>>47905632
Let's just hope you don't receive too much abuse.
I still think keeping logs for a small amount of time is a good idea, even if it's just someone trying to DDoS but let's see how it goes.

>> No. 47905920
File: 41 KB, 607x810, Capture.png [Show reposts] Image search: [google] [iqdb]
47905920

I uploaded some photos and after uploading them, the last bit of them didn't give me a url to them


pic related

>> No. 47905977

Are you using RAID or is it only meant for quickly sharing files?
If using RAID don't forget to accidentally rebuild it.

>> No. 47906009

OP, you said you want to make this a long-term project. Could you commit to transparency and accountability? Things like financial summaries, config options used and even sysadmin.txt.

It would also would be nice to know your identity if you really want to stand up for rights as a public person, but I understand the privacy concerns very early into this project.

How are you going to fund this project? Next month I am going to start providing hosting for Pomf.se (and I already regret that decision) for six months, the funding comes from a nonprofit organization I run.

neku just came online to IRC if you want to talk to him, he knows about this thread too.

>>47905632
What about the layer 7 attacks? CloudFlare lets those pass through, and in any case of Pomf.se the attacker can just use oxipry.se / pomf.fi to bypass CloudFlare. The attack was not very sophisticated, just a cURL script running in a loop which was temporarily stopped with user agent matching until the attacker realized to use -A option in curl.

>>47905920
This bug also exists on Pomf.se with multi-file upload. I don't know if OP changed the PHP upload limits however, that's less likely to cause it but it's possible.

>>47905903
Pomf.se had logs on during the attack, but IP-blocking is ineffective because the attacker can just change IPs quickly.

>>47905977
This, do you have RAID? Do you have backups too?

>> No. 47906049

this is nsa

>> No. 47906089

>>47906009
>I run this service as a hobby, and because I like long-term projects. This will be funded from my own pocket. No ads. Donations maybe, in the future.

Oh, I see. It's in the FAQ.[1]

What if you don't have interest or money to run the service anymore? Will you dump the database and files to Internet Archive[2] or hand them over to someone else to host?

[1]: http://tfwno.space/faq
[2]: https://archive.org/

>> No. 47906096

>>47905564
>>47905632
What are some genuine uses for tor, what do you guys use it for?

>> No. 47906142

>>47906009
>>47905977
Cool, lemme just break things down on my setup:

It's a Kimsufi K4 server right now, with a single 2TB disk, no raid. But I am making off-shore backups to my home servers and a RamNode server I've had, so 2 backups in different locations. They're occurring every hour, compressed, encrypted, and hashed. I do want to set up a ZFS share on the main server to account for bit-checking.

The server itself is $27 a month, and I'm not currently worried about funds. However if the project continues to grow then I will have to obviously step up the costs and I might have to ask for donations if this hits the $100+ a month range. But right now I have no problem with funds and could even manage $100+ a month for a few months without batting an eye.

If comes a time where I do need to shut down, I will make those decisions then. Most likely, I'll see if someone else wants to take reigns first. Otherwise, I'd have issues with just dumping the files somewhere considering some people might upload personal information and I just don't want to dump it.

I can dump the config options in the GitHub repository soon.

>> No. 47906143

>>47906096
I use Tor to avoid Internet surveillance, "traffic analysis". It offers me stronger privacy.

Other Tor users have similar interests.[1] It's used by governments, law enforcement, journalists and many others.

[1]: https://www.torproject.org/about/torusers.html.en

(I really really hate tripfagging.)

>> No. 47906176

Pomf.se has now reverted to 50 MiB upload size again.

23:59:21 +WubTheCaptain | >>47902084
-- Sun, 10 May 2015 --
00:00:12 @neku | Love it~
00:01:21 @neku | Also switched back to 50MiB now since I know how to deal with the attack(s) somewhat

>> No. 47906302

>>47906176
Can you tell us how to deal with the attacks or will that enable the attackers to bypass it?

I'm curious.

>> No. 47906327

>>47906142
>Otherwise, I'd have issues with just dumping the files somewhere considering some people might upload personal information and I just don't want to dump it.

This concerns me. If you are announcing to close down, ArchiveTeam will very likely just scrape your site of all files to rescue them. The URLs are public and there is no private uploading option. It's historically valuable and unique content in my view, which could be permanently lost if not dumped.

This sounds very much like Yahoo's Geocities for me. neku has promised to make the dumps available from Pomf.se in the event of shutdown. Drew Devault (SirCmpwn, also from /g/) also did this with mediacru.sh when it shutdown.

Please reconsider this.

>>47906302
The uploads came came from Linode IP-address space. neku reported it to Linode's abuse desk and I believe blocked some of the Linode IP-addresses used in the attack. That's all I know.

>> No. 47906364

>>47906327
Regarding the dumps, I meant that I see the advantages of dumping being far greater than the disadvantages.

>> No. 47906378

>>47906302
No easy way to block it tbh, ip blocking and user agent blocking is both very easy to get around and I don't want to set captcha or rate limiting.

>> No. 47906391

>>47906378
Hi, are you neku? Can you get a tripcode for this thread?

>> No. 47906407

>>47906391
I am, sure.

>> No. 47906441

>>47906143
I see, we'll I don't really have a strong need for privacy, don't do anything illegal and I'm not paranoid either.
I know tor has some legitimate uses and I don't care much about people buying drugs off of it, but there a lot of less "good" uses, and it sort of conflicts me.

>> No. 47906476
File: 29 KB, 400x400, 2215601.jpg [Show reposts] Image search: [google] [iqdb]
47906476

ur a qt :)

>> No. 47906479

Wub, not sure why you hate tripfagging seeing as though you're probably the best one to do so, on /g/.

I liked and enjoyed your posts in the previous /g/ hosting threads.

>> No. 47906482
File: 1.46 MB, 989x1334, 1425852379152 - Copy.png [Show reposts] Image search: [google] [iqdb]
47906482

cmon dudes just fuck off with your MEMEZZ
remove all the MEMEZZ and site is good to go
if i would find the site like this, i would immediately close the tab just because of this

>> No. 47906512

>>47906476
Who is he?

>> No. 47906570

>>47906142
By the way, could you still promise to publish financial reports where we can see where you've spent the money and how much? Also how much in donations you've received.

LeaseWeb's cheapest box is about 29 EUR per month (~$33.5), which has much better network than OVH if you have no trouble hosting in Netherlands. I'd also have no trouble donating 50 EUR or more per month to your hosting costs for something higher quality if people picked up and actively used tfwno.space.

neku currently hosts Pomf.se at LeaseWeb, although the colocation next month is going to be at Portlane in Sweden. Swedish sysadmin with Swedish server location, Swedish jurisdiction.

>>47906441
Abuse of Tor network is only a minority of it, but very often the negative sides are emphasized in media. I'm not good at explaining things. Again, the benefits are far greater than the negative sides.

>>47906479
I post anonymously even in /g/ hosting threads. It's not hard to guess who I am in those threads however for being exceptionally skilled in those threads to say myself.

>> No. 47906585

>>47906327
Sorry for the late reply. Tutoring.
It's something I'm going to have a discussion with people come the time I need to shut down.

I have no problem dumping them all if that's what people want. I just thought that maybe it wasn't smart, but that was just my single opinion.

>> No. 47906618

>>47906570
I don't really think it's a small part, everything I hear people talk about it its almost always for bad things.

>> No. 47906620

>>47906570
Sure, I'll post all receipts/incoming donations when they start.

I have no problem dedicating to that. I'm also fine with moving servers too, I'm not really loyal to a certain host.

>> No. 47906658

>>47906620
You can start now and publish the initial financial report for how much you've paid for the box ($27), domain name and other costs. Please?

If you want to publish it one month from now, that's fine for me.

>> No. 47906752

>>47906658
Yeah I meant I'd publish all things, including this month's records. But right now I can only respond when I look at my laptop for another problem to write on the board. I'll have them up, and be on IRC, tonight.

>> No. 47906898

Question for OP, what will you do to prevent getting blacklisted for malware in places? What else have you learned from Pomf.se's history of trouble?[1]

Also, your postmaster@ and abuse@ email addresses are missing. They are mandated by some RFCs like RFC 2142.[2]

Protip: Save yourself some headache and use OpenSMTPd on the mailserver instead of Exim. I use it myself and I like the simplicity a lot.

>>47906752
Good to hear, thanks.

[1]: https://wubthecaptain.eu/files/is-pomf-dead-yet.html
[2]: https://www.ietf.org/rfc/rfc2142.txt

>> No. 47906924

>>47906898
Sorry, I need to get my eyes checked. Your postmaster@ email is missing, but abuse@ is there just as it should be. Set an alias in /etc/aliases or wherever you can. Do you even maintain your own mailserver? Seems like it's handled by a third party.

>> No. 47907002

>>47906898
Why did pomf get blacklisted?

>> No. 47907078

If you can also unmask the domain WHOIS protection, it would help you to receive takedown notices to the abuse@ email address.

Again I get the privacy reasons against this, but the sad truth is that WHOIS privacy protection becomes nulled if a tyrannian copyright owner wants to know your identity by sending an abuse notice to the registrar.

>>47907002
People upload malware to Pomf.se and then anti-malware companies pick up the URLs from infected computers, adding Pomf.se to blacklist to prevent further infections. Then there's email spam, which advertises to download a malicious program from a link/file hosted by Pomf.se.

Removing malware from Pomf.se is a constant game of whack-a-mole.

>> No. 47907174

More questions for OP. What will you do in case of a DMCA notice? Will you review the content or just blindly comply? Will you forward the notice, e.g. in transparency and on the download page with counter-notice instructions?

What if HBO sends you a notice for a fan-made 3D modeled porn[1] which is clearly fair use and what they most likely do not have rights for?

Who is/are allowed to review and moderate files? Will you actively review files for illegal content? The laws only require you to act to illegal content on notice "when you become aware of it" (so you don't need to actively make yourself become aware of it).

[1]: http://transparency.pomf.se/emails/hbo_takedown3_reply.txt

>> No. 47907198

Wub, can you stop posting stupid questions? who cares.

>> No. 47907206

>>47907174
leave him alone now he can do whatever the fuck he wants

>> No. 47907265

>>47907198
>>47907206
Fine then, anonymous now.

Also hi Proplex.

>> No. 47907313

>>47906512
David Lohle, a Tox developer and OP. Also known as nemdiggers.

>> No. 47907327

>>47907313
How do you know he's OP

>> No. 47907335

no one fucking cares, take your problems elsewhere, faggots

>> No. 47907422

>>47907327
https://github.com/Proplex
https://github.com/tfwnospace/tfwnospace-website/commits/master

Member of tfwnospace group on GitHub and the only committer to the fork. Also the david@ email address on front page.

>>47907335
Hide the thread if it annoys you, nigger.

>> No. 47907430

>>47907335
Clearly people care or there wouldn't be any replies you fucking faggot

>> No. 47907442
File: 8 KB, 200x200, AAEAAQAAAAAAAAK-AAAAJDk0ZGU4Yzc1LWRmMDMtNGZmOC04MzcwLTU2MTViZjM0NjczYg[1].jpg [Show reposts] Image search: [google] [iqdb]
47907442

>>47906476
Kawaii desu ne~

>> No. 47907592
File: 67 KB, 931x481, 2015-05-10-014729_931x481_scrot.png [Show reposts] Image search: [google] [iqdb]
47907592

I'm not sure what to say about stripping the original author from the source files. Yes, there's a mention of Pomf.se in README.md but there's no mention of the author (neku) anywhere.

Give him some more credit, maybe.

>> No. 47907670

>didn't even change the site icon

Fucks sake man

>> No. 47908147

Wow, okay. Wub really asked the tougj questions and really made be realize I'm unprepared for this. For now, I'm going to stop accepting uploads while I get a solid foundation set. Criteria of how I handle DMCA requests, abuse reports, malware, and a plan of how I intend to grow should all be laid out before I get burnt or make rash decisions.

Wub I'll be on within a few hours, I got two more students to tutor and then I can start working this all out.

>> No. 47908170
File: 26 KB, 286x64, Screen Shot 2015-05-07 at 3.37.41 PM.png [Show reposts] Image search: [google] [iqdb]
47908170

>>47907670
Thanks for noticing. I had changed the favicon in the beginning but I must've forgotten to commit my changes, and the long cache rate ensured I didn't notice the change until just now.

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Action