n0rdy / remindme Goto Github PK
View Code? Open in Web Editor NEWA simple terminal reminder app
License: GNU General Public License v3.0
A simple terminal reminder app
License: GNU General Public License v3.0
The following pertains to remindme version 1.0.6 (commit 332e03d):
$ remindme start
$ sudo netstat -anp | grep remindme
tcp6 0 0 :::15555 :::* LISTEN 3375763/remindme
In effect, remindme
is listening to even globally accessible IP addresses (I confirmed this by telnet'ing to my home pc from a remote VPS), which is a security nightmare: not only would everybody be able to post reminders for me, they would also be able to exploit potential security vulnerabilities.
As a minimum, remindme should — by default — restrict itself to listening to localhost (either ::1 or 127.0.0.1).
Better yet: Use a socket for client-server communication [on platforms that support it], make the socket owned by the user who starts remindme
, and make the socket R/W'able by the owner only. The name and location for the socket should be user configurable, and default to e.g. /run/user/$UID/remindme.socket
(on a Linux box).
Currently (v1.0.10 @ commit 8b70c23) remindme
is listening on port 15555. As mentioned in #1, this port may already be in use on the local machine, in which case remindme
will be unable to run.
Therefore it will make sense to make the listening port configurable.
In spite of what has been written about safe IP addresses in #1, it may also be useful to make the listening address configurable.
E.g., you could have more than once instance of remindme
running locally by using 127.0.0.1
, 127.0.0.2
, …, or you could choose to let it bind to an address on a VPN so that several machines can share a single instance of remindme
, or you could use it to overrride the default socket path (once that has been implemented).
The bind address and port could be specified via options for the remindme start
command, or simply by using environment variables, e.g.:
$REMINDME_BIND_ADDR
$REMINDME_BIND_PORT
(_BIND
can be omitted)
Ideally, $REMINDME_BIND_ADDR
should default to a socket or to localhost, and $REMINDME_BIND_PORT
could very well default to 15555 if the bind address is an IP address.
As also mentioned in #1, a safe choice for the socket name is $XDG_RUNTIME_DIR/remindme-$UID.socket
, but the user may have a different opinion and specify the absolute path to the desired socket, in which case the $REMINDME_BIND_ADDR
starts with a /
(at least on linux/unix).
A configuration file can also be used, of course.
Redundant information: XDG Base Directory Specification:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.