There must be some really good protection on this. If I enabled such a thing on any of my servers it would be full of warez, porn, malware, CSAM and who knows what else within minutes.
I've never used CF so I could be ignorant in this matter. I assumed perhaps incorrectly that people had to verify their email address and delegate their domain(s) to CF including setting the glue records in the TLD servers meaning there is likely a financial trail somewhere probably in the DNS registrars and perhaps a mail provider, whereas this is just drag-and-drop with no money trail.
I have no idea what guardrails they have in place in the background that blocks malware, CSAM, warez and such on their free accounts.
The protection is that they're rich enough to handle requests from law enforcement without going to jail themselves. They'll certainly pass your IP address to law enforcement if asked.
At least when it comes to bad types of porn, it's be similar to Imgur allowing anonymous uploads. They already do CSAM scanning on uploads to their R2 storage:
That makes sense. In that case I have to assume that Cloudflare will not permit encrypted archive files as one can hide the image fingerprints all together.
Your code appears to have a bug where if the arrow keys trigger a change of direction twice in a single frame interval, it can mistakenly send the snake back on itself.
Wait, my first impression was that it points a local browser to your local browser. Now it looks like it uploads your folder to Cloudflare and temporarily serves it over the web. But is that different from what we used to do with FTP? Are there any databases or anything like basic PHP hosts supply? It's just static sites?
Is this a product or what? What's the purpose? Is there an API?
A minute ago I had an HTML doc I wanted to share with a PM. It was a Claude prepared demo of a hypothetical feature. Lots of screenshots.
I ended up just embedding them directly in the HTML as base64 and sending him a 15mb file, but hypothetically this would have been a nice solution instead.
There are also solutions for sharing your homelab with others (basically tunneling from your machine->server (internet accessible) <-> client. Though, if your machine would go to sleep that whole chain would fall apart. A few good automatic solutions out there that solve the problem (no "just replace dropbox with ftp" type of argument).
However, I see the appeal of this. Kind of surprised it hasn't happened yet to be honest.
Absolutely agree. There's an insane "feature" of Claude Design which means you can only share the link to the design with other users on your account?! You can export the design, though, but then you need somewhere to quickly drop a bunch of HTML + assets. This would be perfect for that.
Wow, that does sound like a serious hardship for someone who lets Claude write all their code for them.
Creating a folder for some files. Dude, maybe you should file for disability for repetetive stress disorder for "double clicking" or even single clicking twice.
This aggression will not STAND man!
We need computers to go back to pencil and paper but STILL be computers!
But not operated by me? Wierd operated by a fake bot me?
Wait! thats malware! Wha?
Replit is used a lot in this context. Their agent is good, but their circumvent-policies-to-get-something-in-front-of-execs-quickly is an amazing and mis-priced feature.
Oh, how I miss the golden days of blockchain hype so much.
The luxury blockchain resort island is just soaking somewhere in the ocean, collecting dust and guano, while its former inhabitants are all the rage about AI now :'(
Funny story: I used to work for a startup which had a trademark on "Airdrop". When Apple announced that feature, it took everyone there by surprise. Ended up reaching out and selling it to them for a buck or two in favor of maintaining goodwill.
Ha, that's funny. When you say "a buck or two" do you really mean it was almost nothing or did Apple compensate you appropriately? I'm also surprised that Apple didn't catch that before if it was trademarked.
Isn't this what we used to do with Geocities a quarter century ago? And with most other websites that offered FTP upload? You didn't have to be very technical -- there were windows FTP clients where you could just type in the IP, username, password and see an explorer-like view, onto which you could just drag and drop your HTML and image files.
I tried uploading a git repository that I have previously successfully published on Github pages. This is a "no build" website I have built with the help of Claude. It should just work but I keep getting an error. Who can I reach out to give them steps to reproduce? The website repository is public and I feel like anyone at Cloudflare who wants to reproduce my problem can quite literally clone my repo and upload it to cloudflare drop.
Please drop your cloudflare email address and I will reach out to you with my repository information.
Or you could do some of your own troubleshooting? Uploading a git repo is different than uploading a zipped/folder, especially if your index.htm/l isn't at the root.
Cloudflare is really good at launching features that facility low-friction deployment of malicious content (such as phishing) on the Internet, piggybacking on their hosting reputation and the fact that you can't easily block their ASN or domains.
I don't know your experience. Once I was toying around and doing a basic auth with registration and so. The weekend was over and couldn't get back to that couple of months. The worker was quarantined and marked as phishing automatically. So I believe they have something in place to prevent those you complain.
But it is not that they have nothing. It was my laziness that I could not setup dev prod env's. When you develop on preview, I don't think they will do much.
It would be nice if we could see some information such as file size limitations, demos, link structure, management, etc. Am I expected to upload a random HTML file and see how it works?
Yeah I'm very lost on what this is supposed to do -- "Summon your site" is quite vague. "see it live", like a demo? or is this actually published somewhere? Is it forever?
Desktop mode doesn't show any more information either
Wow the people in this thread are a huge bummer. This is much cooler and I doubt this is a real safety issue. You can already sign up for a free cloudflare account and deploy it for free, on your own, on a free workers.dev domain. The friction removal here isn't going to meaningfully change the security / amount of malicious content.
It's not Apple in general. If they release a new Mac Mini, it's fine. The thread when the Neo was released, was outright jubilant. It's whenever macOS is mentioned, it devolves in extreme negativity. I always, always avoid those.
Well according to the people in this thread it was previously impossible for bad actors to host a website, and CloudFlare has now given them this unique ability.
I really hope/imagine this project specifically has a LLM of some kind doing real-time analysis on the uploaded files for malware from the get-go. How good that is could be is anyone's guess (and chances are there would be blind spots / evasion techniques).
> Is seeing people talking about the things they don’t like something that makes you unhappy? Why?
Probably (I'm just assuming) because that person observes negative/cautious/"I don't like this because X and Y and also Z"/etc sentiment too much and feels like people are only quick to notice issues while forgetting about good sides.
I think HN should be a place where I am excited to see what others have to add. When I see a post I am excited to see what takes and spins others have on it. I do want real criticism and a lively debate about important things, but there has to be a balance.
I want to see other comments that seem like they genuinely want to help steer something or build people up. Sometimes I get the impression that's not happening on HN.
The problem is that everything is negative, all the time. Nothing good is allowed to be acknowledged. Everything someone or some company does must not be acknowledged to have any redeeming value- it’s all just negative
Which is sad, because so much amazing stuff is happening on the world right now, and seems to be only accelerating. For everybody.
I don't know, I find it very hard to stay positive about our general direction in the last couple of years, and know few people in real life who don't share this opinion, in or outside of tech. And I'm also not entirely sure I understand why others are excited, it perplexes me. I would appreciate any insight into this.
It may not be critical thinking though, but simply being contrarian, which is one of the easiest ways to sound smart without necessarily providing much of value or substance. And strangely, seeing as it’s relatively rare IRL, seemingly the default on the internet. Blindly praising isn’t worth much either, but I doubt that’s what jonluca is encouraging. It’s possible to “yes, and” without resorting to either sycophancy or relentless negatively.
Corporations acting as if naive is a bit of problem in reality. For one thing, CF is probably the largest entity serving pirated content internationally while hiding the identities of actual perpetrators for privacy.
Same here: CF is basically giving malicious actors an ability to ship contents/data publicly while laundering the legal responsibility of those actors.
A dirty secret is that piracy is being abused by criminal organizations[1]. When people unknowingly access such sites to see contents for free, it generate ad revenue for those organizations, which can fund other crimes.
Broadly speaking any organisation facilitating piracy is implicitly a criminal one. Piracy is a pretty large field though and the economics of say a streaming site are going to be very different from running a torrent tracker. The fact you can use a torrent tracker without even visiting the site (Radarr/Sonarr etc) tells me that running a tracker site, probably isn't very lucrative.
> The suspects subscribed to 40 Korean cable TV service accounts, re-broadcasting content to Indonesia and offering video-on-demand (VOD) services through customized TV boxes, applications, and web browsers.
Sure, that is a case, but I mainly wanted to quote INTERPOL (the international police):
> Criminals behind pirate sites can be part of organized crime groups. They can use the proceeds to fund other illegal activities, such as illegal online gambling, online sexual exploitation, drug trafficking, arms smuggling, and money laundering.
Another notable example would be Operation KRATOS 2 by EUROPOL[1]. The case was roughly the same — crime organization pirating video content. IPTV piracy is certainly a lucrative business, because videos are relatively more difficult to handle for normal people.
> For one thing, CF is probably the largest entity serving pirated content internationally while hiding the identities of actual perpetrators for privacy.
What about centralizing the internet like Cloudfare is doing? Once corporate greed starts creeping we will find ourselves on the verge of pay per visit a website
You're encountering the "contrarian dynamic" which dang described in this post (which also explains why your own anti-contrarian comment reached the top) https://news.ycombinator.com/item?id=24215601
Thanks for linking that comment! I wasn't familiar with the term, but it perfectly describes the pattern that manifests in every single HN thread about certain topics. The Grok announcement thread that is on the main page today is another perfect example.
After my hoster started asking me for 700€ for a year of hosting a static website of like 100Mb i moved to CF worker and github. I would selfhost but thats not allowed without license
Dropped a folder with a small HTML project, and after 20 seconds got "Something went wrong. An unexpected error occurred. Please try again or contact support.".
Note how the error has zero information.
Looking at the network requests, a POST request to /upload returned 403 and an HTML page starting with "Sorry, you have been blocked", and to "email the site owner to let them know you were blocked". Happens even with adblocker and cookie extensions disabled, and I don't usually have problems with Cloudflare sites. Firefox on linux.
I'm very tired of this adversarial approach to software and vague errors.
257 comments
[ 2.7 ms ] story [ 75.2 ms ] thread(https://x.com/BraydenWilmoth/status/2074894829616509358)
But that won't stop people doing bad stuff for an hour I guess. Vibe code up some on-demand thing that you ping...
I have no idea what guardrails they have in place in the background that blocks malware, CSAM, warez and such on their free accounts.
They assign a subdomain automatically for uploads, same as cloudflare workers.
I don't know what they do, but implementing guardrails for this is possible nowadays with AI, but maybe they use a "mechanical turk"
https://blog.cloudflare.com/a-simpler-path-to-a-safer-intern...
Attempting to distribute/acquire illegal things through Cloudflare is an exercise in how to get caught.
https://drop-e7e6d363-601.important-seat.workers.dev
Tried from two hosts, different countries.
Also it seems to me that this is a good way to exfiltrate data, rubber stamped by cloudflare themselves.
"Something went wrong An unexpected error occurred. Please try again or contact support."
"Please upload a screenshot of the error by dragging a zip of the png file."
Is this a product or what? What's the purpose? Is there an API?
I ended up just embedding them directly in the HTML as base64 and sending him a 15mb file, but hypothetically this would have been a nice solution instead.
However, I see the appeal of this. Kind of surprised it hasn't happened yet to be honest.
Requires the server's sshd config to have GatewayPorts yes, or the server will bind to 127.0.0.1 instead
Creating a folder for some files. Dude, maybe you should file for disability for repetetive stress disorder for "double clicking" or even single clicking twice.
This aggression will not STAND man!
We need computers to go back to pencil and paper but STILL be computers! But not operated by me? Wierd operated by a fake bot me? Wait! thats malware! Wha?
Until he takes 65 minutes to get to reading the email. Or wants to look at it again tomorrow.
This isn’t usable for that kind of business.
you can check it out here: https://github.com/Amal-David/pagecast
The luxury blockchain resort island is just soaking somewhere in the ocean, collecting dust and guano, while its former inhabitants are all the rage about AI now :'(
Funny story: I used to work for a startup which had a trademark on "Airdrop". When Apple announced that feature, it took everyone there by surprise. Ended up reaching out and selling it to them for a buck or two in favor of maintaining goodwill.
I have a few qualms with this app.
I tried uploading a git repository that I have previously successfully published on Github pages. This is a "no build" website I have built with the help of Claude. It should just work but I keep getting an error. Who can I reach out to give them steps to reproduce? The website repository is public and I feel like anyone at Cloudflare who wants to reproduce my problem can quite literally clone my repo and upload it to cloudflare drop.
Please drop your cloudflare email address and I will reach out to you with my repository information.
Desktop mode doesn't show any more information either
I actually setup "xor-gate" for a while, which was trying to be a similar thing co-authored by a friend, but it was too time consuming and we gave up.
Did the author pass? I'm not trying to be crass, but I don't know the details.
Is it really more useful to have everyone expressing how much they like something instead of identifying problems?
Is seeing people talking about the things they don’t like something that makes you unhappy? Why?
Probably (I'm just assuming) because that person observes negative/cautious/"I don't like this because X and Y and also Z"/etc sentiment too much and feels like people are only quick to notice issues while forgetting about good sides.
It's only an assumption, though.
> Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative.
https://news.ycombinator.com/newsguidelines.html
I think HN should be a place where I am excited to see what others have to add. When I see a post I am excited to see what takes and spins others have on it. I do want real criticism and a lively debate about important things, but there has to be a balance.
I want to see other comments that seem like they genuinely want to help steer something or build people up. Sometimes I get the impression that's not happening on HN.
It’s just another take on shill / sheeple / etc. it gets old.
I would get the point if this was someone's personal Show HN project but this is Cloudflare. They can withstand a little critique.
Which is sad, because so much amazing stuff is happening on the world right now, and seems to be only accelerating. For everybody.
What makes you say this?
I wished I could find all the science and technology as uplifting as my friends do.
Same here: CF is basically giving malicious actors an ability to ship contents/data publicly while laundering the legal responsibility of those actors.
Now tell me what is cool
Not immediately being a copyright bootlicker.
The fact that you went straight to "BuT pIrAtEs" already shows who you actually care: Corpos, not people.
[1]: https://www.interpol.int/en/Crimes/Illicit-goods/Projects/Pr...
> The suspects subscribed to 40 Korean cable TV service accounts, re-broadcasting content to Indonesia and offering video-on-demand (VOD) services through customized TV boxes, applications, and web browsers.
> Criminals behind pirate sites can be part of organized crime groups. They can use the proceeds to fund other illegal activities, such as illegal online gambling, online sexual exploitation, drug trafficking, arms smuggling, and money laundering.
Another notable example would be Operation KRATOS 2 by EUROPOL[1]. The case was roughly the same — crime organization pirating video content. IPTV piracy is certainly a lucrative business, because videos are relatively more difficult to handle for normal people.
[1]: https://www.europol.europa.eu/media-press/newsroom/news/29-a...
That's awesome, glad to hear it
Piracy is cool. Information wants to be free.
I hate the corporate bootlicking that is so prevalent here.
There's more to the Internet than the world wide web, though. NNTP and IRC communities remain vibrant, if diminished in size
I've noticed the current version is largely accessed by Chrome which appears to be a trojan.
I'm already on board, you don't need to sell it to me!
https://news.ycombinator.com/item?id=48841559
Double click the html file.
The OS will run the web app using a browser that is just part of the OS.
CORS issues on a tainted canvas if you try to render an image from a file:// src.
Note how the error has zero information.
Looking at the network requests, a POST request to /upload returned 403 and an HTML page starting with "Sorry, you have been blocked", and to "email the site owner to let them know you were blocked". Happens even with adblocker and cookie extensions disabled, and I don't usually have problems with Cloudflare sites. Firefox on linux.
I'm very tired of this adversarial approach to software and vague errors.
I honestly miss those days of deployment simplicity.