fp.

In case you have seen my previous posts, this is an update for berb.app, a WebRTC file sharing app. My goal is simple: send files between devices in real-time without installing crap or uploading to any servers.

Comments

pwn0•8mo ago

Very cool. Do you mind adding license and contributing information to the project?

rapnie•8mo ago

A LICENSE file would be better, yes. But the package.json at least says it is ISC-licensed.

goodpanda•8mo ago

Thx for the suggestion. Just added a license but don't really have a good contributing guideline yet. Would love to discuss any feature requests/bugs if you open an issue.

fabrice_d•8mo ago

Is it doing the ICE offer/answer exchange over websocket hosted on your server?

globalnode•8mo ago

Im not a js programmer but index.js has the line: "Signaling server running on http://localhost:${PORT}" -- is that what you're talking about? I think you're talking about the initial connection right?

util.js also contains "copyToClipboard = (value) => {", not sure why that would be needed.

and googletagmanager for tracking error/diagnostics I think? its hard to understand this code without learning the language lol.

Also in privacy.html: "To initiate a peer-to-peer connection, Berb uses a temporary signaling server to exchange network metadata (such as IP addresses, session descriptions, and ICE candidates)."

goodpanda•8mo ago

Thx for the analysis! copyToClipboard is for copying the session link so it can be opened on your other device.

As for analytics, you are exactly right. I need to know if people are using the app the way it was intended and soon need to add more events for errors. Though perhaps it is something I can maintain on a separate repo? idk, the goal for me was to truly make everything on berb.app open source. no hiding anything

goodpanda•8mo ago

Yes, that's pretty much the only thing the server does. And maintain an in-memory state of connections. Room for improvement for sure.

howtofly•8mo ago

My understanding is that the signaling server could be used as the perfect place to perform MITM attack. The README does not mention how berb addresses this concern at all.

notpushkin•8mo ago

Do you have a proposal? (Showing file hashes could help, perhaps?)

goodpanda•8mo ago

Oh I would love some more details if you think that's the case. With Berb only two clients can connect really. So let's say you somehow guess a peer ID, which is very tough, and connect to a random user. You can technically send a file but they can easily ignore it since they didn't initiate the transfer. That being said, I can definitely add a way to verify the file is legit like the suggestion in the reply with hashes.

howtofly•8mo ago

Should users trust the signaling server? IIRC, the signaling server can easily intervene SDP offer/answer so that it can intercept user files or instruct users to send files wherever it wants.

goodpanda•8mo ago

Oh I see what you are saying. Yeah I guess if we didn't know what the signalling server was doing, that would be a valid argument. But in my case we can see the server code is pure and simple. Unless you mean there's a bug that allows an attacker to do that?

Either way, would love to know your thoughts on improving trust with this.

satvikpendem•8mo ago

Are you familiar with Iroh's sendme?

https://github.com/n0-computer/sendme

Alifatisk•8mo ago

Is there a website for sendme? Or is this a cli tool?

satvikpendem•8mo ago

https://www.iroh.computer/sendme

Alifatisk•8mo ago

Yeah that's their website describing about their cli tool. This project (berp.app) works on the web.

satvikpendem•8mo ago

Sendme works on the web too (at least, theoretically since iroh released web support recently but not sure they updated this repo specifically, I've sent files using iroh myself on the web).

Alifatisk•8mo ago

Cool! Is there any website available atm to use iroh over the web?

goodpanda•8mo ago

This looks very interesting. I will def take a look. thx

brw•8mo ago

I've used sendme a few times after coming across Iroh on Bluesky. It's honestly great. Just Works™, very fast, supports files and folders, resumable transfers, one sender to many receivers, and has fast relays as a fallback when a direct connection truly isn't possible, and it will actually tell you whether you have a direct connection or are using a relay (unlike others like Magic Wormhole or Croc from my experience).

opengears•8mo ago

also check out localsend https://localsend.org/

goodpanda•8mo ago

This looks cool. However my goal with Berb is pretty much browser to browser only. Although if people keep asking for other features, I might consider a desktop/mobile app.

evbogue•8mo ago

Connecting browsers directly is a fascinting area to explore in web development. It always goes a little haywire when punching thru NAT and I wish there was more research into what the best methods are.

https://github.com/dmotz/trystero is a one tool I've used to build these kinds of apps.

koolala•8mo ago

Do you think the AT protocol could ever work for this? I wish we had one centeralized scriptable method that was popular to enable ubiquitous discovery.

evbogue•8mo ago

atproto would be a great pull request for Trystero come to think of it

ranger_danger•8mo ago

> No servers

Except an impressively large amount of people in the world are behind symmetrical or CGNAT and would require a TURN server.

Because of this, I've personally never gotten a single p2p/WebRTC site to work with another person.

goodpanda•8mo ago

You do have a valid point that TURN is sometimes needed but not ALWAYS right?

My understanding is that ICE tries to establish a direct p2p connection between clients and only if there is no path, it uses TURN?

In either case, the files definitely don't go through my servers and are not stored anywhere and are e2e encrypted which really matters the most.

ranger_danger•8mo ago

Right, many people can connect directly, but also many cannot.

And because a large number of people do need TURN (always), coupled with the majority of WebRTC apps not properly supporting TURN (giving no way to set your own details, or provide a free one, of which there really aren't any reliable public ones)... I've basically never seen it work.

No p2p WebRTC app I have ever tried with a friend has worked.

fmajid•8mo ago

There are many, many products to address this, like Mozilla's defunct Send, or the excellent but not self-hostable Wormhole.app. You will need to describe what is novel with Berb and why we should use it over other solutions, and no, using WebRTC is not sufficient.

My personal choice for this kind of situation is Wormhole-William, but it is not something my dad could use when he asks me to send the last year's worth of his granddaughter's photos to make a photobook of.

goodpanda•8mo ago

You make a good point there but all those solutions you mentioned store your file one way or another. Which also means your file is getting uploaded to some random server and you pretty much have no control over what happens after. With Berb that simply is not the case. WebRTC is a tool to achieve what I want and not the main selling point. It is simple - I don't want my files to be uploaded and I want the transfer to be instant (no download link later).

Beside the fact that this JUST got launched and can either be liked and used by many, or another dead product in a year, I have found myself using it multiple times so far. Like sending a large file to/from my work computer etc. If this is solving a problem for even a small number of people, that is great!

fmajid•8mo ago

Wormhole.app and Magic Wormhole/Wormhole-William are all end to end encrypted by the client.