frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Start all of your commands with a comma (2009)

https://rhodesmill.org/brandon/2009/commands-with-comma/
289•theblazehen•2d ago•95 comments

Software Engineering Is Back

https://blog.alaindichiappari.dev/p/software-engineering-is-back
20•alainrk•1h ago•10 comments

Hoot: Scheme on WebAssembly

https://www.spritely.institute/hoot/
34•AlexeyBrin•1h ago•5 comments

Reinforcement Learning from Human Feedback

https://arxiv.org/abs/2504.12501
14•onurkanbkrc•1h ago•1 comments

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

https://openciv3.org/
715•klaussilveira•16h ago•216 comments

The Waymo World Model

https://waymo.com/blog/2026/02/the-waymo-world-model-a-new-frontier-for-autonomous-driving-simula...
978•xnx•21h ago•562 comments

Vocal Guide – belt sing without killing yourself

https://jesperordrup.github.io/vocal-guide/
94•jesperordrup•6h ago•35 comments

Omarchy First Impressions

https://brianlovin.com/writing/omarchy-first-impressions-CEEstJk
11•tosh•1h ago•8 comments

Making geo joins faster with H3 indexes

https://floedb.ai/blog/how-we-made-geo-joins-400-faster-with-h3-indexes
138•matheusalmeida•2d ago•36 comments

Unseen Footage of Atari Battlezone Arcade Cabinet Production

https://arcadeblogger.com/2026/02/02/unseen-footage-of-atari-battlezone-cabinet-production/
74•videotopia•4d ago•11 comments

Ga68, a GNU Algol 68 Compiler

https://fosdem.org/2026/schedule/event/PEXRTN-ga68-intro/
16•matt_d•3d ago•4 comments

What Is Ruliology?

https://writings.stephenwolfram.com/2026/01/what-is-ruliology/
46•helloplanets•4d ago•46 comments

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

https://github.com/valdanylchuk/breezydemo
242•isitcontent•16h ago•27 comments

Monty: A minimal, secure Python interpreter written in Rust for use by AI

https://github.com/pydantic/monty
242•dmpetrov•16h ago•128 comments

Cross-Region MSK Replication: K2K vs. MirrorMaker2

https://medium.com/lensesio/cross-region-msk-replication-a-comprehensive-performance-comparison-o...
4•andmarios•4d ago•1 comments

Show HN: I spent 4 years building a UI design tool with only the features I use

https://vecti.com
344•vecti•18h ago•153 comments

Hackers (1995) Animated Experience

https://hackers-1995.vercel.app/
510•todsacerdoti•1d ago•248 comments

Sheldon Brown's Bicycle Technical Info

https://www.sheldonbrown.com/
393•ostacke•22h ago•101 comments

Show HN: If you lose your memory, how to regain access to your computer?

https://eljojo.github.io/rememory/
309•eljojo•19h ago•192 comments

Microsoft open-sources LiteBox, a security-focused library OS

https://github.com/microsoft/litebox
361•aktau•22h ago•187 comments

An Update on Heroku

https://www.heroku.com/blog/an-update-on-heroku/
436•lstoll•22h ago•286 comments

The AI boom is causing shortages everywhere else

https://www.washingtonpost.com/technology/2026/02/07/ai-spending-economy-shortages/
31•1vuio0pswjnm7•2h ago•31 comments

PC Floppy Copy Protection: Vault Prolok

https://martypc.blogspot.com/2024/09/pc-floppy-copy-protection-vault-prolok.html
73•kmm•5d ago•11 comments

Was Benoit Mandelbrot a hedgehog or a fox?

https://arxiv.org/abs/2602.01122
26•bikenaga•3d ago•13 comments

Dark Alley Mathematics

https://blog.szczepan.org/blog/three-points/
98•quibono•4d ago•22 comments

How to effectively write quality code with AI

https://heidenstedt.org/posts/2026/how-to-effectively-write-quality-code-with-ai/
277•i5heu•19h ago•227 comments

Female Asian Elephant Calf Born at the Smithsonian National Zoo

https://www.si.edu/newsdesk/releases/female-asian-elephant-calf-born-smithsonians-national-zoo-an...
43•gmays•11h ago•14 comments

I now assume that all ads on Apple news are scams

https://kirkville.com/i-now-assume-that-all-ads-on-apple-news-are-scams/
1088•cdrnsf•1d ago•469 comments

Understanding Neural Network, Visually

https://visualrambling.space/neural-network/
312•surprisetalk•3d ago•45 comments

Delimited Continuations vs. Lwt for Threads

https://mirageos.org/blog/delimcc-vs-lwt
36•romes•4d ago•3 comments
Open in hackernews

Show HN: I built a universal clipboard that syncs realtime on multiple devices

https://www.quickclip.space/
40•imgopaal•1mo ago
I’m Gopal, the guy behind QuickClip.

I built this out of pure frustration. Copying items between my phone and laptop was very painful. Sending notes and links on WhatsApp. Saving random drafts I’d forget about. It was total waste of time.

So I made QuickClip for myself first. A dead simple way to move text, links and images between devices instantly. No setup drama. No thinking. Fully encrypted

I use it every day. Shipping it publicly now to see if anyone else has the same problem.

Would honestly love to hear, how you move stuff between devices today, what’s broken or slow and what would make this actually useful for you

Happy to answer anything and take suggestions. Thanks for checking it out.

Comments

zekejohn•1mo ago
i know a gemini 3 site when i see one lol, looks good tho! Does this work if you copy an image on your phone/laptop, will it sync to the other device?
imgopaal•1mo ago
Yes, It works smoothly with texts and images both
elicash•1mo ago
> i know a gemini 3 site when i see one lol, looks good tho!

Ha I thought the same. I created a website that's also in this neo-brutalist style and it has the same marquee.

This reminds me of when everything used to look like default Bootstrap.

shinycode•1mo ago
I did something similar with Claude code, I did not write a single line of code and it’s hosted on cloudflare workers. With the free tier it’s enough for one person (and I feel safer to own and host my private data). Works beautifully. Your website does not show how it works, no screenshots, it would be better with it
imgopaal•1mo ago
Thanks for your suggestions. Would work on it
yashau•1mo ago
Same. I vibe-coded a real-time notepad thing with optional E2E with CC over a weekend. Not going to plug it unless someone asks me to, just pointing out how easy this is nowadays.
semyonsh•1mo ago
The website does not show anything on how the product is used, which is kind of important for me as a potential customer. Especially if it's going to be effectively handling my copy/pasting of sensitive information.

Does it use some client, what do I need to install on my devices (if supported) and what permissions does it need etc? Instead I'm greeted by a login page.

It's not transparent enough for me how the product is used before signing up and that's a huge turn off.

imgopaal•1mo ago
Hi, Its a simple web application, nothing is required to install
sakopov•1mo ago
So you copy/paste things into the app on one device then copy it from the app on another device?
imgopaal•1mo ago
exactly
baobun•1mo ago
And for but the price of a coffee per month you get both dark mode and markdown support!
philipallstar•1mo ago
Oh! I thought it was more like a second copy keyboard shortcut that pushed to the cloud.
phireal•1mo ago
KDE Connect works fine for me and does more than clipboard (files, mouse sharing etc.).
imgopaal•1mo ago
great
yoavm•1mo ago
For those of us on Linux, I've built clapboard - a lightweight clipboard manager that uses whatever dmenu-like system for GUI, and plain files as a storage backend. Because all the history is just files, you can easily sync it between devices with a tool like syncthing. Probably a bit more slower than 0.1s though!

https://github.com/bjesus/clapboard

mentalgear•1mo ago
neat!
janandonly•1mo ago
I forgot that this was a problem for some. I’ve been op iPad iPhone and macOS for too long it guess.
imgopaal•1mo ago
yup, thats still a nightmare for a lot of people
ValdikSS•1mo ago
KDE Connect does that in LAN. Clipboard sync, file transfer, contacts, calls, remote control, etc.
thebiblelover7•1mo ago
And you can do it over any network if you pair it with tailscale. Tailscale + KDE Connect is such a time saver.
utopiah•1mo ago
AFAIR works also behind WireGuard.
utopiah•1mo ago
Came that for that, how is this different (not necessarily better) than KDE Connect which I already use daily?
nicolas_17•1mo ago
KDE Connect sends data directly between your devices, while QuickClip sends data through QuickClip servers using useless encryption.
utopiah•1mo ago
Privacy minded user : "Eh... what, no."

VC funding surveillance capitalism startups : "Here, take my money!"

/$

cdaringe•1mo ago
Installed. Thanks for sharing
Someone•1mo ago
> Would honestly love to hear, how you move stuff between devices today

In cases where iOS/macOS misbehave, I use (IMAP) email without sending anything:

- create new mail message

- paste text or add attachments

- save as draft

- open draft on other device

- copy out the data

- delete draft

Works reliably for not-too-large items

imgopaal•1mo ago
cool
sudopsuedo•1mo ago
https://www.quickclip.space/data-deletion

.>client apps are not open source

.>data-deletion page seems to imply servers are storing images/files copied to the clipboard

.>"end-to-end encrypted" in the marketing materials.

bstsb•1mo ago
to be fair the data can be stored and still be "end-to-end encrypted", depending on delivery method
imgopaal•1mo ago
Clarified: it's server-side encryption with per-user keys, not true E2EE. Added https://quickclip.space/data-security explaining the approach. Open source is under consideration. Thanks for pushing for transparency.
sixtyj•1mo ago
Copy API keys

I would add examples how data encryption works. This is so sensitive topic. But if you explain it nicely, people could use the service.

I would add FAQ. Boxes seem like I can read more but I can’t.

imgopaal•1mo ago
thanks, I would work on that
imgopaal•1mo ago
Added https://quickclip.space/data-security with encryption details. FAQ coming soon. Thanks for the feedback—explaining encryption clearly is important.
Closi•1mo ago
On the site:

> So while the image URLs aren't encrypted, they're still secure. Only you can access your images.

This isn't true though - and presumably you know it isn't true?

You would be able to access and download all the images if you wanted to.

> But we can't read the actual content of your encrypted items without your encryption key, and we don't have a reason to try.

This is also misleading - because you do have the encryption key, so you can read the content if you want to. "We won't read the content even though we could, because we don't currently have a reason" is the actual state of affairs.

nottorp•1mo ago
Funny, i want Apple to STOP synchronizing my clipboard between devices. I'm doing different things on them and I don't need the last piece of code on my desktop to paste in the 'where do we go out tonight' chat on whatsapp on my phone.

If I do want to move some info i'll message it to myself thank you.

aprilnya•1mo ago
You can turn it off:

https://support.apple.com/en-us/102430

nottorp•1mo ago
No you can't. Turning off Handoff turns off everything that synchronizes between your devices, not just the clipboard. For example call and imessage forwarding.

They decided to do it Gnome style and give the user no options.

baobun•1mo ago
> For Developers

Would you mind sharing the source code?

> Copy API keys

...yeah, I think that'd be a hard requirement. I don't think there is value in a cliboard-as-a-SaaS that is not self-hostable or even auditable.

I think you are putting the cart before the horse and putting your users at risk by integrating credit card payments before sorting out the basics.

ax0ar•1mo ago
Cool. I just wouldn't use it at all in its current form without more information on how you handle my data.

Why should users trust you?

imgopaal•1mo ago
Yeah fair point. QuickClip does store data in database, otherwise syncing between devices not possible. But here is how it works:

- Data is encrypted when sending and also when sitting in database. - Stored only so your devices can fetch it, not for me or anyone else. - When you delete, it’s gone. I don’t keep logs of clipboard stuff. - I don’t look at your data, only your devices can see it.

I know trust is big thing for clipboard app. I’ll write small “how it works” page so it’s more clear. Appreciate you asking this, makes sense.

Oras•1mo ago
Your footer “no rights reserved just kidding” is not helping with trust building either.
imgopaal•1mo ago
fixed, thanks you for comment
josephg•1mo ago
Where are the keys stored? If you encrypt the data but just have the keys in another database table, I don’t really see the point of having it encrypted at all.

I agree with others. I wouldn’t use this unless I trust how you’re handling my data security. All sorts of highly sensitive passwords and security keys hit my clipboard.

Retr0id•1mo ago
There is only one key, common across all users, stored server-side.
imgopaal•1mo ago
Keys are derived server-side using PBKDF2 (master key + user ID). Each user gets a unique key. Keys never leave the server. Details at https://quickclip.space/data-security. Thanks for asking—this is exactly the kind of question that matters for security.
josephg•1mo ago
Thanks for writing this up and posting it! So:

- It’s not E2ee. It’s not even client side encrypted.

- You encrypt at rest. But using a key that you control anyway. The master key presumably is never stored in the database, which is a nice touch in case the database gets stolen.

- Images aren’t encrypted at all for some reason. (I think you’d find encrypting images with aes to be pretty fast. If you’re using tls, the image data is already being encrypted and decrypted over the wire, but too fast for you to notice).

How long is data stored for? Are images ever deleted? Is text?

And are you using TLS? At the protocol level everything is sent in the clear. So your transport security is quite important.

nicolas_17•1mo ago
Why are you even encrypting? What's the threat model it's protecting against? Clearly it's not "prevent me from reading your data" since you have access to the keys anyway.
r0xsh•1mo ago
Closed source ? i mean thanks for the project but not for me
jzellis•1mo ago
I sync my history between Fire/Waterfox on my phone and laptops, and since almost anything I wanna copy and paste is in the browser, I just open whatever it is from Other Devices. For files or images, I use LocalSend now for everything.

Which is not to say there's not a big use case for this, but speaking only for myself, it's not a pain point. But it looks cool!

imgopaal•1mo ago
I also use localSend. Amazing tool
dailen•1mo ago
So I just wanted to take a moment and say nice work I have a solution that works for me at the moment, although I should check if it's e2ee, but this is a great example of a simple SaaS that could really catch on and meet the niche needs of users. I like the design, I like the implementation, and I really like the price. Everyone and their 3rd cousin charges $5/month for for simple functions which I usually just pass on but yours is a great price point for the job.

Will definitely repost on social media!

imgopaal•1mo ago
Really appreciate your insights. Thanks
Retr0id•1mo ago
I inspected the HTTP requests and this is absolutely not E2EE. Clipboard contents are POSTed as plaintext to https://www.quickclip.space/api/encrypt, and can be decrypted later via https://www.quickclip.space/api/decrypt

Encryption appears to be in the openssl "Salted__" format (and base64 encoded). I can't infer the actual encryption algorithm configured, but it's an unauthenticated block cipher with 128-bit blocks, presumably in CBC mode, padded with PKCS7.

Additionally, the same encryption key (whatever it is, I can't see it since it's stored on the server) is shared across all users (I tested this by decrypting a ciphertext from one account on a second account).

Retr0id•1mo ago
Also, uploaded images are publicly reachable in plaintext and without auth: https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/c...
foltik•1mo ago
Even better, you can enumerate ALL USER UPLOADS with the token you get by typing a random email into the sign-up without verification.

List all folders in the clipboard-images bucket (there's 5, guessing for each user):

  curl -X POST \
    "https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/list/clipboard-images" \
    -H "authorization: Bearer eyJXXXXXXXX" \
    -H "content-type: application/json" \
    -d '{"prefix": ""}' \
    | jq
List everything in a specific user's folder:

  curl -X POST \
    "https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/list/clipboard-images" \
    -H "authorization: Bearer eyJXXXXXXXX" \
    -H "content-type: application/json" \
    -d '{"prefix": "7b407af2-f30c-4e37-adc7-b7bf48f2661b"}' \
    | jq
For example:

  {
    "name": "1766836115975-Gopal_Resume.pdf",
    "id": "7ba4b09f-a0ab-4ce1-ae04-dc664be25b0f",
    "updated_at": "2025-12-27T11:48:36.761Z",
    "created_at": "2025-12-27T11:48:36.761Z",
    "last_accessed_at": "2025-12-27T11:48:36.761Z",
    "metadata": {
      "eTag": "\"eb528546d014c8756fc1d0fedc252cff\"",
      "size": 75023,
      "mimetype": "application/pdf",
      "cacheControl": "max-age=3600",
      "lastModified": "2025-12-27T11:48:37.000Z",
      "contentLength": 75023,
      "httpStatusCode": 200
    }
  }
https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/c...
Retr0id•1mo ago
jfc lol
foltik•1mo ago
but $LLM said it was E2EE!!1!
4k93n2•1mo ago
E2EE - Expected to eventually evaporate
imgopaal•1mo ago
Thanks for reporting this. I'm working on it
imgopaal•1mo ago
still working on it. Storage bucket policies now restrict folder access, but listing permissions need tightening. Will update bucket policies to prevent enumeration. Thanks for the detailed curl examples—they helped identify the exact issue.
Closi•1mo ago
Extra further finding!

Deletion policy says:

> 2. How to Delete Your Account and Data You have several options to delete your account and all associated data: Through the App: If you are signed in, you can delete your account directly from the Settings page. This will permanently delete all your data including [...] all uploaded images and files

... Although I've confirmed that the reality is that it only deletes the reference to those files from your account, and the actual files are still sitting on the server (I've just saved the url and checked the file still exists after deletion).

Even after it throws a message saying everything has been permanently deleted...

This thing is an absolute security and privacy nightmare - I would not rely on any information on the website about how they handle your data, considering they said it was e2e and that was not truthful, and they have said they delete the images and that isn't true. How can anything about this be trusted after repeated untruths about how our data is handled?

Also the app seems to send several MB of data back/forward every minute when doing nothing across a socket connection which is another red flag.

imgopaal•1mo ago
Also Fixed. Images now use signed URLs with 1-year expiration. Public URLs are automatically converted to signed URLs. Storage bucket policies restrict access to user-specific folders. Appreciate you flagging this.
foltik•1mo ago
It appears to still be wide open:

  curl -X POST \
    "https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/list/clipboard-images" \
    -H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6IndqeW5tamx1YWJxd3FodGR4YnRsIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NDIzODU1MDQsImV4cCI6MjA1Nzk2MTUwNH0.R6pSgPFgHe3ZU9DfKykE98MC1ObYihWdZuhy9v9Y_p0" \
    -H "content-type: application/json" \
    -d '{"prefix": "7b407af2-f30c-4e37-adc7-b7bf48f2661b"}' \
    | jq
Retr0id•1mo ago
There is also an URL-signing oracle that allows any URL to be signed, so it's still possible to enumerate + download all files.

Example: https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/s...

imgopaal•1mo ago
Fixed. Each user now has a unique encryption key derived via PBKDF2 from master key + user ID. Old items are being re-encrypted in the background. See /data-security for details.

Thanks for catching this critical issue.

Retr0id•1mo ago
Why would you use PBKDF2 here?
imgopaal•1mo ago
I went with PBKDF2 mostly because of its wide support and compliance history, but I’d love to hear your take on what you’d recommend.
Retr0id•1mo ago
If your input is a key and not a passphrase, you can just use a regular KDF. PBKDF2 is a waste of clock cycles.

Also, your site still says "E2EE" on the homepage, you should remove that.

pabs3•1mo ago
PBKDF2 is pretty obsolete crypto, argon2i I think is the latest for converting passphrases to keys. For generating keys, just use entropy instead.
foltik•1mo ago
> Your encryption key is derived from a master key plus your user ID using PBKDF2 (a secure key derivation function). This means even if someone got access to the database, they couldn't decrypt your data without your specific key.

> Your text gets encrypted on our server using your unique key. The encrypted data gets stored in our database

> When you need it on another device, we decrypt it and send it to you

Please stop advertising this as E2EE.

If you encrypt/decrypt the data on the server, you must have the keys. If someone gets access to the server, they can just decrypt everything since the master key is right there. You might as well base64 encode everything and call that encryption.

E2EE is where only the clients have the keys. Data is encrypted before sending to the server, and decrypted after receiving from the server. That's why it's called end-to-end: the server only ever handles encrypted data that it doesn't have the keys to decrypt.

Terretta•1mo ago
So, real time unencrypted pastes of password manager MFA digits from active user device to CC server? Cool cool.

This is definitely not 1/2 of a smishing toolkit pretending to be a convenience utility.

imgopaal•1mo ago
Thank you to everyone who took the time to review QuickClip and give honest feedback. I spent the day going through everything and fixing the issues that were pointed out, especially around security.

You were right. The concerns were valid, and they’re now addressed.

1. Shared encryption key (Retr0id's main issue): Problem: All users shared one encryption key, so any user could decrypt any other user's data. Fix: Each user now has a unique encryption key derived via PBKDF2 from master key + user ID (10,000 iterations). Old items encrypted with the shared key are detected during decryption and automatically re-encrypted in the background with the new per-user key. Backward compatibility is maintained during the migration.

2. Public image access (Retr0id's second issue): Problem: Images were publicly accessible without authentication. Fix: Images now use signed URLs that expire after 1 year. The app automatically converts any public URLs to signed URLs. Storage bucket policies restrict access to user-specific folders.

3. Storage enumeration (foltik's issue): Problem: Could enumerate all user uploads with a sign-up token. Fix: Storage policies now restrict folder access by user ID. Still reviewing listing permissions to prevent enumeration.

4. E2EE misrepresentation: Problem: Marketing claimed "end-to-end encrypted" but it wasn't true E2EE. Fix: Added a /data-security page that explains: It's server-side encryption with per-user keys, not true E2EE Why server-side encryption was chosen (seamless cross-device sync)

5. Transparency issues: Problem: No information about how data is handled before signup. Fix: Added /data-security page with details. Link added to footer. Removed the footer joke that hurt trust.

6. Other fixes: Rate limits adjusted for encryption/decryption operations Background re-encryption for old items Proactive signed URL conversion for images What's still being worked on: Storage bucket listing permissions (enumeration prevention) Adding screenshots to landing page FAQ section Considering open source (evaluating) I appreciate the security review. The app is more secure now, and I'm committed to transparency about what it does and doesn't do. Check /data-security for the full explanation.

fc417fc802•1mo ago
PBKDF2 is outdated. You should be using Argon2.

But, why use a key stretching algorithm for this particular scheme to begin with? What is it protecting against here? The master key is presumably high entropy. If someone gains access to the master key and breaks into your server a key stretching algorithm isn't going to help you.

Lots of secrets get sent through the clipboard. Anything handling it either needs to be strictly local or E2EE. Otherwise everything is vulnerable if someone breaks into the server. It's also accessible by you at will regardless of any promises you might make to the contrary.

Seamless cross device sync isn't an excuse. E2EE itself doesn't impede that whatsoever, only certain protocol choices that aren't (or at least don't need to be) relevant here.

Closi•1mo ago
100% agree - If this app gets any traction at all, it's only a matter of time before someone's crypto wallet gets leaked and emptied.

If you want to be handling peoples secrets, you have to make sure you know what you are doing and build something bombproof (bombproof from a mathematical perspective, rather than relying on your server being secure)

Closi•1mo ago
I think the challenge is that you are potentially storing some of the most secret things for users here - passwords copied from password managers, bank details copied and pasted into forms, private photos, corporate secrets and designs, medical records... And even your revised model shows a completely careless approach to security and is entirely insufficient considering the data stored.

Encrypting images is too slow too? Poor excuse - it probably takes milliseconds. If you are asking people to trust them with their nudes and photos of bank documents, you need to store them in a way that you can’t see them.

You having access to all user data stored with a tiny privacy policy that basically boils down to “we can use your data as long as it’s not illegal for us to use it” is not sufficient!

I wouldn’t be this harsh on the security of another startup or app just because most startups don’t start asking users to store their secrets with them - because you will be storing secrets, that puts you into a category of people who need to be careful and not careless - at the moment you are demonstrating the latter.

It’s entirely possible to do everything end to end by the way (imo this is the only way this should be done considering you will be storing passwords) - see how 1password does it and copy them if nothing else: https://1password.com/files/1password-white-paper.pdf

imgopaal•1mo ago
Hi, I'm a solo developer trying to build and learn new things along the way, and I appreciate your responses, about the QuickClip, I've been making some improvments along the way also I've updated my landing page about how we manage data and how users should not add their senstive data and it should be just used for moving your usual stuff, I've removed all the writings where I was mentioning that we're using "e2ee", its mentioned much more clearly that how we handle your data in the FAQs. Kindly have a look at the quickclip.space again. Let me know what you think
Closi•1mo ago
I've posted elsewhere, but I still have lots of issues personally:

* Your deletion policy says you delete images instantly and via the UI in settings, but I've checked and they are retained in the object store. You need to update these policies to be honest and say that the images aren't deleted, and that you currently retain them and just delete the reference to them.

* Your privacy policy says you can't see user content, but you clearly can (as you have both the data and the encryption keys). You might not have developed the functionality to read it yet - but it is trivial to do. Just be honest and say 'your data can technically be accessed by us, but we promise not to look at it'.

* Your privacy policy only limits your access to 'what is allowed by law' - which is clearly the absolute minimum!

I think your policies currently say how you would like it to be, rather than how it is. You need to be honest with users about how their data is actually processed.

usefulposter•1mo ago
Respect to you and David for trying to help, but eventually you're going to experience Brandolini's law here.

OP is frantically pasting your findings into an LLM and letting it excrete another blob of untested, unverified shit. "It WILL be secure this time!", the LLM says, hopelessly.

OP does not care about whether the tool is built on solid appsec foundations. OP cares about the 0.00001% chance of getting interest in his tool from $VC_FIRM.

You've indicated that this tool already has a bright glowing all caps DO NOT USE verdict and no reassurance from a coding-agent-in-a-loop will make it better.

yablak•1mo ago
See also Push Go: https://chromewebstore.google.com/detail/push-go-for-pushbul...

... works with Pushbullet apps.