Here is a more polished release of nanogram. Fully compatible on raspberry pi now.
(gitlab.com)
from hereforawhile@lemmy.ml to selfhosted@lemmy.world on 19 Dec 04:41
https://lemmy.ml/post/40521028
from hereforawhile@lemmy.ml to selfhosted@lemmy.world on 19 Dec 04:41
https://lemmy.ml/post/40521028
Documentation for nanogram available here for awhile
Edit:
Dont be a ungrateful Be nice pls. I put a lot of time, effort, and my own money into making this. I’m choosing to freely share it :)
Yes I get help from LLM’s. Review the code if you think it’s unsafe, or just move on and don’t use it. Happy to answer any technical questions.
Edit 2: Expanded source code for termux version here.
Edit 3: Expanded source for pi version here
#selfhosted
threaded - newest
Why put all the Python code in the script?
Apparently it was all ai generated and the author doesn’t actually know how to program. Just look at their responses in the .ml cross-post, that’s not someone whose software I would trust.
And it’s worse because they hide the Python code, which means that they can’t use tools like uv or ruff to check that everything works properly. I don’t understand why people do this.
Also the normal and rpi versions are two completely independent implementations of the same software. So now the LLMs have twice the maintenance load.
I didn’t diff the two files but even the startup and control code appears to be custom for each version.
They are different environments, and so there are many changes that take place in order for it to work on a PI.
The core app and features are a mirror.
Better? gitlab.com/here_forawhile/nanogram-termux
Dedicated expanded pi version coming later.
Charitably: AI turbocharged dunning-kruger
Less charitable: Malware delivery.
There is no good reason why they couldn’t have a normal source tree, that they pack into a single shell script in CI.
Here is the source tree.
<img alt="" src="https://lemmy.ml/pictrs/image/35850f1c-3953-4290-934c-b05b5077a628.jpeg">
Sorry, but a photo of a directory structure is not a source tree.
Your git repo consists of 4 files, a readme, a licence, and two packed shell scripts.
If you have an actual published source repo, link people to it.
So just a expanded file structure directory is what you want? The script executable expands to each individual piece once run.
What do you mean a actual published source repo? I do not understand how its not that. Everything is packaged into one script.
Yes. Separate out each part out. You are currently publishing the equivalent of of a compiled binary. Split it up, and use a script to “compile” it back into the mega shell script.
It means that changes to each file can tracked (and audited) individually, you can conditionally compile bits in or out, and most usefully, you can write tests for the individual components.
Ok I’ll work on it and share when I am done
What do you mean?
AI generated I guess… with love, time, money, and care from me. Take it or leave it lol.
that post is now deleted, but you can see their modlog here
That’s wild that the mod thinks it’s off topic. Thanks for shareing that I didn’t even realize I had been censored by the mods.
I made this on mobile, and one monolithic file was how I can quickly iterate and test each feature.
Every time I added a new feature I had to test it’s function to test if it was properly implemented and exactly what I wanted. Keeping it all one file means I could copy paste it into the terminal. Running it overwrites all the home directory instantly with all my updates across the python, db, html, css.
Almost 9k lunes of python in a bash script. Lmao. No.
Don’t be mad when ppl don’t like LLM code. You can release something for free but calling people ungrateful for not liking seems a bit… entitled.
Sorry I don’t mean to come off entitled. It’s not a very constructive community though that’s unfortunate haha.
You need guidance in your presentation style, you have managed to completely alienate your potential users in one single post.
No one owes you anything. No one asked you to spend time and money on a project. Calling folks “ungrateful” while trying to attract them to your project is weird.
It was a light hearted plea. I hope people can see past my lack of style and I don’t mean to offend you. I was surprised at all the negativitiy.
I’ve been experimenting with Vibe Coding for a few months. I recommend you do some beginner tutorials on coding, at least python.
Then, using what you have learned, have your AI vibe coding assistant refactor your code into something manageable.
Just because it works, doesn’t mean it’s ready for others to use. If you want to vibe code an app for yourself and it works, that’s fine. But this is… python code, in a bash script? You need to clean it up and make it more professional before you share it.
Look at the edits, they have both been broken apart into standalone projects broken down into all their parts.
Expanded source for pi version here
Expanded source code for termux version here.
Had a quick skim and found this little guy:
# ---------- Protected media route ---------- @app.route('/img/<path:name>') @login_required def media(name): db = SessionLocal() try: me = current_user(db) # Find the post with this image post = db.query(Post).filter_by(image_path=name).first() if post: # Check visibility can_view = post.user_id == me.id or db.query(UserVisibility).filter_by( owner_id=post.user_id, viewer_id=me.id ).first() is not None if not can_view: abort(403) return send_from_directory(UPLOAD_DIR, os.path.basename(name)) finally: db.close()I’ve not read through everything, but there are some security concerns that jump out to me from just this function. Hopefully you can enlighten me on them.
Firstly, what is stopping a logged in user from accessing any image that, for whatever reason, doesn’t have an associated post for it?
Secondly, the return codes for “the image doesn’t exist” (404) and “the image exists but you can’t access it” (403) look to be different. This means that a logged in user can check whether a given filename (e.g. “epstien_and_trump_cuddling.jpg”) has been uploaded or not by any user.
Both of these look to be pretty bad security issues, especially for a project touting its ability to protect from nationstates. Am I missing something?
<img alt="" src="https://lemmy.ml/pictrs/image/7bb40f9e-9c77-4f01-8d19-3ca40fd83926.jpeg">
Edit.