(orth.uk)

319 points SpaghettiX | 1 comments | 10 Feb 22 09:18 UTC | HN request time: 0.215s | source

Show context

pabs3 ◴[10 Feb 22 11:25 UTC] No.30284770[source]▶

Unfortunately the cloudflared software, while the source is available on GitHub, and there are pull requests open and accepted for it, is not under an open source license, and the license it is under does not allow modifications, so any modifications (including the aformentioned pull requests) are contrary to the license and thus copyright law and thus illegal. The issue I filed about this is still waiting for action since October 2021.

https://github.com/cloudflare/cloudflared/issues/464

replies(6): >>30284815 #>>30284846 #>>30285004 #>>30285051 #>>30285076 #>>30285476 #

pabs3 ◴[10 Feb 22 11:37 UTC] No.30284846[source]▶

>>30284770 #

PS: I note cloudflared uses some form of telemetry, although I have not looked at what data is transmitted and didn't try to remove it after seeing the above license.

PPS: I wish cloudflared were split up into client and server instead of one binary for both, it would be easier to audit and understand that way.

PPPS: I noted while auditing that cloudflared embeds its dependencies instead of depending on them and uses some golang libraries that are obsoleted.

replies(1): >>30284928 #

1. blibble ◴[10 Feb 22 11:51 UTC] No.30284928[source]▶

>>30284846 #

hearing this I'm not sure I want cloudflared inside my network at all

it's already vast... and telemetry always seems to be the thin end of the wedge

a minimal version, not maintained by the company, under a proper open source license with no bullshit and a vastly smaller attack service would seem like a easy win...

(and even better if it supported more service providers than just cloudflare... killing their lock-in)

↑

SSH into private machines from anywhere using Cloudflare Tunnel