What is Reddit's opinion of Up1?

From 3.5 billion Reddit comments

I don't really know Go, but this looks like users are able to upload files to any directory they choose, and any 22-character filename they choose (as long as the filename doesn't already exist), on the whole drive:

https://github.com/Upload/Up1/blob/bf39cfe1a4701f5f9168b1a3865bb5fd7eda021f/server.go#L128

ident := r.FormValue("ident") identPath := path.Join("i", ident) out, err := os.Create(identPath)

Is that true? If so: I can't think of a way to exploit that to useful effect, but there probably is something.

There's certainly nothing wrong with building new software to explore a problem and learn, so I hope nothing I say comes as criticism..

1. Are you aware of Up1? It has existed for several years, has a relatively large user base.
2. Count me as one more in the list of people asking for it to be open-source.
3. Why only images?
4. You might want to check the issues on Up1's repo to get ideas of what people are looking for.

In any case, thanks for working on privacy-friendly tools.

I caught this thread a little bit late unfortunately, but recently I've been working on a newer version of a self-hosted encrypted image/file/paste platform called Up1 (https://github.com/Upload/Up1) . While an older version already exists, it's limited in a few ways, such as only supporting 50MB files (as it has to keep everything in memory), and it doesn't support any special functionality beyond being able to delete your own uploaded files afterwards.

​

The newer version of Up1 will support:

• Burn-after-X-views
• File expiry
• Image albums
• Theoretically unlimited-size file uploads

Also for the people who care, the new version is being written in Vue/Typescript in the frontend and Rust in the backend, which is quite a bit easier to develop on than our previous custom frontend framework and backend in Go or Node.

​

If you're interested in this, let me know!