glitr.io

im working on a p2p file transfer app. at the moment its a close-source webapp, but i hope to work towards some selfhosted options as seen on my other projects.

the storage is local-only from your browser/device. so like “the cloud”, but the cloud storage capacity is made up of your devices.

ive recently updated the landing page and i hope ive got it as simple as possible to transfer a file from one device to another.

im looking for feedback on the experience.

(Note 1: its still a work in progress. if there is an issue, you can usually refresh the browser and try again)

(Note 2: it seems important to mention: this app is not libre software. This needs more consideration to see if I can align to this. For information and open-source examples of the code in action, take a look at the docs and github for decentralized chat)

  • Melody Fwygon@lemmy.one
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 month ago

    I’m of the opinion that you should probably provide Source Code on a “Source Available” basis to people who ask and have a need to see it to audit or self-compile. The lack of “Open-ness” in your code is disturbing.

    I won’t comment or judge on your decision to refuse to offer this software on a Libre basis. You absolutely have the right to monetize as necessary; especially if this code is speaking to a backend infrastructure that you maintain for it. Even if all you do is aim to break even and pay for those servers.

    The experience is extremely unintuitive. I couldn’t get your app to work at all on my privacy enforcing browser within the confines of my privacy enforcing LAN. (Yes; I do/did enable WebRTC and the other required technologies, however they’re enabled in a privacy respecting manner.) Neither of my devices would show or remain connected once added. There were no popups or information given to me by the app to troubleshoot the issue; and I’m not going to crank open a Dev Console for something that I can’t contribute to anyways. If your software is going to remain closed in source; “It should just work™”.

    • xoron@programming.devOP
      link
      fedilink
      arrow-up
      2
      ·
      1 month ago

      thanks!

      im a developer im not much of an expert on licences of any kind. i created code and decided to open source it here: https://github.com/positive-intentions/chat . when i say the close source app is “based on” the open source code, i hope it doesnt undermine that it itself is a fully functional p2p messaging system (im of the opinion that all projects will always need refinement). anyone with issues about close-source code should take a look at the open-srouce version. its basically more functional but it seems too complex to maintain as open source andd thus this new project.

      id like to offer the statics as a zipped folder. this is in the roadmap, but the code will be minified and obfuscated. about as opaque as possible for “source available”. i dont know much on the matter, but id like to learn more about if this can be made into libre software. its hardly modifyable or studyable.

      while i dont want you to “trust me bro”, i am actively developing it and improving the functionality. so that static bundle will have to be build by the CI/CD and it will update along with the app. it goes without saying, the project is not mature enough to have things like security audits.

      thanks! for your feedback there! ahh the connection bugs. unfortunately this is is one of the trickier bugs. im working towards fixing that asap. i have an idea of a fix, but im trying to avoid rewriting a core piece. have you tried closing the app on both devices and trying again (sorry, i know its a bit cliche).

      if its not a secret, can you maybe tell me more about your LAN setup for me to set something up and try? i certainly aim for it to “just work”.

      • Melody Fwygon@lemmy.one
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        Obfuscated code is not “Source Available”. You will need to provide the code without obfuscation; though I don’t personally blame you if you’re choosy about what reasons you will release the source for.

      • Melody Fwygon@lemmy.one
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 month ago

        Network is standard double NAT grade B. [ISP <-> Router <-> Firewall <-> Client] with all necessary port forwards in place (TCP/UDP 1025-65535 to Firewall). Firewall is standard pfSense CE; and will forward invisibly and does automatically perform necessary UPnP and port forwarding as detected. STUN may be necessary but does function and establish the route(s) and the ports your application selected would ordinarily be invisibly NAT’ed quickly by the firewall as long as the packets are solicited. ICE Candidates udp <Public IPv4>:65359 srflx udp <Public IPv6>:65363 srflx udp [<Public IPv6 /64 issued by ISP>]:54597 srflx udp [<Public IPv6 /64 issued by ISP>]:58798 srflx Error: No active TCP candidates were found

        To my knowledge your application does not appear to opinion or declare if it uses STUN. (Perhaps it should, there are valid reasons to offer STUN or not offer STUN). The application provides no meaningful errors so I can’t tell what might need adjusted or allowed network-wise.

  • Ohh@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    1 month ago

    I need this. But ffsend + encrypted zip file works most of the time. Or onionshare.

    Not sure I see how this helps.

    • xoron@programming.devOP
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      For me, it’s an achievement for it to be comparable to those tools. I aim to get to a similar feature set and make the user experience intuitive.

  • opi@lemmy.ca
    link
    fedilink
    arrow-up
    28
    ·
    1 month ago

    There ain’t no trust in this game. If it isn’t open source then it’s pretty much dead in the water. You can’t compete with OSS with closed code in this space, really. There’s a few alternatives (and ones that are more mature and proven) that will always be first choices.

    • starlight_caffeine@feddit.org
      link
      fedilink
      arrow-up
      4
      ·
      1 month ago

      Absolutely. Also, it probably is in your best interest to advertise details of your cryptography. What data is shared with whom, what algorithms are used, etc.; if you’re doing something more exotic / low-level, Alice-Bob diagrams can be helpful. I’m not sure what other people do but when looking at security-sensitive software, the first thing I do is look for the cryptographic setup and research it.

  • fmstrat@lemmy.nowsci.com
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 month ago

    Closed source and a crowded market.

    Sorry to say, but I don’t think you understand the audience for this.

    • xoron@programming.devOP
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 month ago

      This is using the WebRTC protocol. As a webapp it’s immediately good to go, there isn’t a need to run something like a FTP server.

      Of course limitations apply like sending larger files nukes my ram… But I after it’s sent, it seems to settle down.

  • nyankas@lemmy.ml
    link
    fedilink
    arrow-up
    13
    ·
    1 month ago

    Cool project, but it seems to be very similar to PairDrop with the major downside of not being open-source. What would be the advantages of using this project over existing FOSS-solutions?

    • xoron@programming.devOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      8
      ·
      edit-2
      1 month ago

      Thanks!

      Here is the foss equivalent of this project: https://github.com/positive-intentions/chat

      Unfortunately, open source isn’t sustainable. I’m investigating close-source as a way to create something competitive. My plan is to try to sell it on the Play store.

      As for pairdrop, their approach to peer discovery relies on knowing the network you’re connected to. This makes it easy to find peers in cases where you use the same WiFi network. In mine I’m using WebRTC to allow connections over the internet. Peer discovery is achieved by using crypto-random IDs exchanged as a link or QR code.

      Ultimately it’s worth noting my app is a work in progress. I hope I can update the UX to make the functionality as seamless as pairdrop.

    • xoron@programming.devOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      13
      ·
      edit-2
      1 month ago

      I tried foss. I couldn’t get it to work so i’m trying something different.

      • bobbyfiend@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        1 month ago

        I’m sure it’s a hard problem to solve. However, I’m still not using a product missing a critical feature just because the developer found it too difficult to include the feature. Sympathy to the developer but also I need that feature.

        • xoron@programming.devOP
          link
          fedilink
          arrow-up
          1
          ·
          1 month ago

          By feature, do you mean “foss”? (Wondering if you’re replying to the correct thread)

          If so, then it’s unfortunate I’m investigating this direction, it seems nessesary.

          Otherwise feel free to let me know of a critical feature missing (if “foss” is not the feature you meant.)

      • chaoticnumber@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 month ago

        I’m sorry for being a dick, but without seeing what the ones and zeros are doing I’m just not touching it with a ten foot pole. Good luck to you.

      • prole@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 month ago

        I’m the farthest thing from an expert when it comes to programming, etc., but my understanding was that the FOSS end of it is more about which license you use to distribute, and whether or not you provide the code to the public?

        I don’t really understand how that would affect the functioning of the app itself. But again, I’m not a programmer so maybe I’m missing something here.

        • xoron@programming.devOP
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          1 month ago

          I’m no expert on the matter of licences either. I made the open source code some bsd licence because some of the dependencies called for it.

          I created some code and made some open source. I don’t have to apply that to all my projects.

  • Churbleyimyam@lemm.ee
    link
    fedilink
    arrow-up
    48
    arrow-down
    1
    ·
    1 month ago

    That sounds cool 👍 If you do decide to make it FOSS I’d be happy to try it out and give feedback.

      • warm@kbin.earth
        link
        fedilink
        arrow-up
        2
        ·
        1 month ago

        I understand you want to make money from this, but for privately sending files, the much more mature and free open source projects will be greatly preferred. So I dont see this app going anywhere. Closed source doesn’t lend itself to privacy all that well. Gl.

    • xoron@programming.devOP
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      Thanks. I hope to get to a point where I can make the experience as seamless as workhole.

      To compare solutions, a key details around providing my app as a webapp, is to avoid the requirement of a client. this opens up the set of compatible platforms.

      (Note: it’s a common request for me, so by popular demand, i will aim to provide binaries for the major platforms.)