Wonderful. I wish there was the possibility to sync data among browsers, but that would probably defy the whole purpose of this. Is there a repository?
I might consider adding a backend server at some point, but I'd still want to keep the tool as simple and privacy-friendly as possible.
Right now everything works fully offline, and that's part of the appeal.
If I do add a backend, it would only be for optional things like syncing or sharing — and it would stay opt-in so the core experience remains local-only.
Still exploring the balance there, but thanks for the idea!
I implemented something similar as a caddy module, then I realized that if I was connected to a public wifi network I was actually authorizing the whole bunch of people that were connected to it with me. How do you avoid this, or is it just not important?
It shouldn't be your only layer of security, and then it's not important. Think of it as replacing explicit IP black/whitelisting - you still want a login wall or something, but now you restrict access to guess logins or otherwise obtain access through app vulnerabilities etc.
It's a compromise.It's not as secure as using a VPN, but it's way more convenient, since only one device has to have a knocker client on it without needing any sort of VPN.
The likelihood of someone is on the same network as you noticing your servic, try to hack it, before the TTL expires again is IMO quite low.
This is without taking into account that the services themselves have their own security and login processes, getting a port open doesn't mean the service is hacked.
While "nespole" is apparently sometimes called "Japanese Medlar" in English, they are more usually called "Loquat" (Eriobotrya japonica): https://en.wikipedia.org/wiki/Loquat
You might mistake them in a black-and-white photo, but otherwise are easily distinguished. Neither is well known in most of the US, but the loquat is commonly grown in California yards while the medlar is a true rarity here.
reply