HFS 2 Deleted itself?

[DRSDavidSoft]

Hi there @rejetto, I have had HFS 2.3.x and 2.4.x running on two of my servers. Today I wanted to share some files, so I tried to open it from the tray bar, however, it seems that the .exe file is gone on both servers!

Is this something intentional (maybe you added it because of the recent RCE exploit)? Or is it something that I need to be concerned about, maybe the servers are infected? 😲

I would appreciate some clarification!

[rejetto]

i did nothing like that, just a warning message. but it may have been a security software of yours. Check its logs.

[DRSDavidSoft]

There is no logs that indicated it deleted HFS but I'm seeing a lot of other logs that contain malicious activity from a week ago 🤦‍♂️ It is certainly similar to the type of logs that I have seen before in HFS itself when an attacker tries to execute code on the machine.

@rejetto I'm definitely very thankful for developing this piece of super useful software that I've been using for the past decade, but I can't believe it have had RCE vulnerability for so long....

[rejetto]

it's very common for software to have vulnerabilities. if hfs2 was maintained by someone, it would have been fixed before the problem was disclosed, so that people could update in time. software that's exposed on the internet must be kept updated.

[rejetto]

you know about hfs 3?

[DRSDavidSoft]

Last time I checked it, it was 2021, I know you have been working on it and I thank you, but since it didn't have GUI at the time, I didn't really use it, sorry! I'll make sure to only use HFS 3 from now on!

[DRSDavidSoft]

@rejetto I just tried v3 and WOW! I must say, you've certainly come a long way from Delphi/Pascal to this gorgeous Web-based panel, and with so many great features! The additional package size is certainly worth it. And it supports Linux/macOS as well? Way to go!

I hope the system integrations comes soon, also check packages like this to integrate native notifications: https://www.npmjs.com/package/node-notifier

I hope the HFS icon can also be added to the .exe file instead of the default, ugly Node.js icon (not that it's ugly but it would be way better for the exe file to have its own icon) -- anyway, I digress. I'll close this issue now since HFS 2 is dead at this point (RIP). 😄

Thank you @rejetto for all great memories from 2012-2024 that I used this software. Now's the time for RCE-free HFS 3! I hope I can also have some time to join in the development, if it uses a frontend stack that I know of. I'll have to browse the code when I have some free time. For now, HFS 3 certainly works for my purposes!

[rejetto]

the big binary size is ~90% just node-js embedded in it, to not ask people to have node already installed.

notifications

it's interesting, but it's quite big in size and i'm not sure what kind of notifications hfs is supposed to show when the web is closed. Also, i'm trying to avoid native packages at the moment, as they are complicating my building process.

icon

i'm not sure if/how i can customize the exe icon. I'm generting binaries using "pkg", that doesn't offer such option and has been abandoned recently. I expect within a year to have to change tool, but i'm not on this now.

[DRSDavidSoft]

notifications

it's interesting, but it's quite big in size and i'm not sure what kind of notifications hfs is supposed to show when the web is closed. Also, i'm trying to avoid native packages at the moment, as they are complicating my building process.

You're quite right, I was actually thinking more of releasing a plugin package that would make use of that. In fact, all features like this need to be a plugin since HFS 3 supports this so well.

Regarding the use case, it is used to deliver important notifications to the user, and also it can be used to notify of updates, etc.

Additionally, I'll be very interested in a plugin that would display the progress of file download in the tray bar, like how HFS 2 (R.I.P) used to do.

icon

i'm not sure if/how i can customize the exe icon. I'm generting binaries using "pkg", that doesn't offer such option and has been abandoned recently. I expect within a year to have to change tool, but i'm not on this now.

I see, I can understand why pkg is abandoned by @vercel.

I did some research and while pkg doesn't provide such feature, it is indeed possible to change the icon using methods to directly modify the resources that is included in the .exe file. I'm interested in doing this and submitting a PR, you'll need to add some development packages such as resedit. This tool is also written entirely in js so it's a) cross platform and b) doesn't execute any binaries so it can be used for cross building of HFS.

This can also be used to attach version information and company info to the resulting .exe file and can also be used with whatever build process that you may use later. I also implore you to setup GitHub Actions so that HFS can be entirely built on the cloud using CI, instead of building it on your own machine and uploading it to the releases page.

Are you fine with me submitting PRs that would address the icon issue? I would be very happy to contribute to other areas as well. I'm a bit busy now but I would love to code for the admin page as well, I believe it can improve in many areas. What stack are you using for JS/CSS/components? It isn't vanilla JS, right?

Please commit a .ico file that can be used for this (if you haven't had already). I can also make use of utilities that would generate this on the fly from the .svg/.png files included, it takes ~500KB of the development packages to do so.

Lastly please also consider a plugin or something that would utilize electron. All modern apps use something like this and one important use case for it in my opinion is the drag & drop functionality that it provides similar to HFS 2.

I also believe the icon/tray/... other areas can also be addressed with this too, however I can predict how users will react when seeing its ~90mb size 😆

In any case, the era of 2-5MB exe files is over in my opinion. We must all embrace the new era of cool web-based apps. I use things like Balena Etcher, VS Code, Discord, etc. Instead of Win32 Disk Imager, Notepad++, TeamSpeak now.

I also use Postman, Insomnia, and other apps that use Web technologies. I welcome and embrace HFS' transition from a Delphi app to a full-fledged and well-made app that would be used to serve HTTP files 👍🏻 Thanks for the development!

[DRSDavidSoft]

It's best to move this to HFS 3 repo, I'm super busy with some other projects right now but I'm super excited to be able to code for HFS 3 and be of help! 😄

[rejetto]

ok, so i'll wait you to move your message to hfs 3 discussions, so we can continue there

[DRSDavidSoft]

@rejetto Sure, moved it here:

https://github.com/rejetto/hfs/discussions/657