Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Janus]

Hey Janus,
Used the contact form to request control of my files again. Can you confirm my request went through?

Thanks -
Kiira

Apologies, looks like there was a mail routing issue on your contact form message (on our end, a relay bounce that only affects the contact form) which I'll need to sort out. Looks like it was just that one message, nobody else has been affected yet.

Anyway, I just recovered your message, and I've gone ahead and re-attributed your files.

[kiiranaux]

Very much appreciated.

[noirscape]

Out of curiosity, is the source code for DFFD available anywhere?

It seems to be based on PHCDownload ( https://github.com/AlexanderGW/phcdownload ), which seems to be under the GPL. While the question on if the GPL applies to server software is dubious, it would be a good gesture to make the software OSS (especially if it's still running on the same old PHP version as the original source code release) and would allow other users to help find potential security bugs.

[Janus]

Out of curiosity, is the source code for DFFD available anywhere?

It seems to be based on PHCDownload ( https://github.com/AlexanderGW/phcdownload ), which seems to be under the GPL. While the question on if the GPL applies to server software is dubious, it would be a good gesture to make the software OSS (especially if it's still running on the same old PHP version as the original source code release) and would allow other users to help find potential security bugs.

It's not available anywhere at the moment. It's actually been pretty heavily modified from the original PHCDownload codebase at this point, which does seem to have been abandoned by the author quite some time ago. Besides a decent bit of new and changed functionality, I did end up patching some security holes that the original had after a full security sweep through the entire codebase at one point many years ago. I've done a couple more brief passes since then with fresh eyes and found nothing else. I take security very seriously and keep it in mind with any updates I make, and I try to thoroughly test things out on a test server before making them live.
I've also updated the codebase to work with modern PHP versions.

While I'm not a proponent of security through obscurity, I also don't feel particularly compelled to release the code for it. It has been modified to work solely with a custom compiled version of Nginx (though currently at least able to use the OpenResty offshoot) to allow for large uploads without tying up a PHP worker for the duration and to allow tracking and reporting live upload progress to the person submitting the file. That and other things in the code would take some work to make optional and allow for more standard/basic server setup by other people. I also have several things hardcoded that I wouldn't normally need to change for my setup (but could easily change myself if needed), but for general use by others would call for adding further configuration options.
I just don't feel like or really have the time to work on that.

[jipehog]

You are up and running I see, Congrats!

I hope people keep using it. When Rimworld added steam integration it sucked a lot of people to steamworkshop, but all the best mods had downloads link both for Steam and manual download.

[noirscape]

It's not available anywhere at the moment. It's actually been pretty heavily modified from the original PHCDownload codebase at this point, which does seem to have been abandoned by the author quite some time ago. Besides a decent bit of new and changed functionality, I did end up patching some security holes that the original had after a full security sweep through the entire codebase at one point many years ago. I've done a couple more brief passes since then with fresh eyes and found nothing else. I take security very seriously and keep it in mind with any updates I make, and I try to thoroughly test things out on a test server before making them live.
I've also updated the codebase to work with modern PHP versions.

While I'm not a proponent of security through obscurity, I also don't feel particularly compelled to release the code for it. It has been modified to work solely with a custom compiled version of Nginx (though currently at least able to use the OpenResty offshoot) to allow for large uploads without tying up a PHP worker for the duration and to allow tracking and reporting live upload progress to the person submitting the file. That and other things in the code would take some work to make optional and allow for more standard/basic server setup by other people. I also have several things hardcoded that I wouldn't normally need to change for my setup (but could easily change myself if needed), but for general use by others would call for adding further configuration options.
I just don't feel like or really have the time to work on that.

Aye fair enough. There's a certain amount of work put into making intended to remain private code public after all.

Really glad to hear that you're still maintaining the code and keeping an eye on the security for it though. PHP stuff, especially for older versions always has a habit of accruing security problems.