1. 39
  1.  

  2. 16

    Cool! And it was thoughtful to include & highlight the disclaimers.

    To deter using QuickServ in production, it runs on port 42069.

    Another good safety technique is to bind only to the loopback interface (127.0.0.1) by default. That means only processes on the same host can connect, which is what you’re mostly doing in development. By requiring an extra arg or config setting to allow access over the network, you make it less likely someone can accidentally run something that can compromise their machine.

    1. 10

      Thanks for the kind words!

      I actually considered only binding to the loopback interface, but in the end decided not to. I wanted to ensure the server is visible to other devices on the local network specifically for the use case of Raspberry Pi projects. I was concerned it would be hard for a user who didn’t know about that configuration option to figure out why they couldn’t see the running server from other devices on the network, so I compromised in favor of more usable defaults over more secure defaults.

      1. 3

        Have you considered also announcing the service via Avahi (mDNS)? That would help with local discovery, no need to mess with IP addresses, just, hostname.local:port.

        1. 2

          I have a sorta-functional prototype of an Airdrop knockoff that announces via mDNS here if that’s of use to anyone: https://gitlab.com/bitemyapp/coilgun

          I’ve been thinking about tightening it up, daemonizing it, and making a systray icon for it.

    2. 3

      I’ve had some success at hackathons in the past. In my experience, it seems like “learning a framework in advance” beats “using an easy-to-use framework”. I have seen some truly barebones apps win prizes due to good marketing, but not often. Having a really flashy demo that makes judges think “how the heck did you do that in 24 hours?” gets votes. And knowing how to use a powerful (but complex) framework/tool can be a good way to create the mirage.

      1. 1

        Yeah, I’m already used to web dev in Go, so this doesn’t strike me as easier than just using the normal HTTP interface. I can see how this would be easier for someone without web dev experience, but in that case, you’re better off in the long run just learning it than learning something that has a brick wall two feet in front of your face.

      2. 2

        Neat, I wanted to build a static site generator that works this way! Run a bunch of cgi scripts and dump the output somewhere

        1. 1

          Might consider taking a look at https://mkws.sh.

        2. 1

          congratulations, you’ve recreated CGI-BIN

          1. 12

            The readme.md mentions its CGI inspiration.