One thing I think is really lacking from the PDF ecosystem is good open-source tools around signing. PDF signatures are something that is legally important in a lot of the world with regulations like eIDAS. Unfortunately it's extremely difficult to cryptographically sign PDF documents with tools other than Adobe's and some other (often more sketchy) proprietary tools. Even if you figure out how to use stuff like LibreOffice or poppler to sign, you'll struggle to obtain certs that will validate without spending an arm and a leg.
I really hope that someone will decide to step in and become the Let's Encrypt of PDF and S/MIME certs, because that will improve public trust significantly.
JumpCrisscross 10 days ago [-]
> you'll struggle to obtain certs that will validate
You’ll be surprised how far you can go pasting a picture of your signature in Preview.
noodlesUK 10 days ago [-]
Absolutely, and that's what I tend to do with my documents IRL, but I think it would be really nice if we could move to a world where signing documents digitally actually meant something more than `signature.png`.
In the EU, in order to have a legal guarantee of being treated as the same as a handwritten signature in all member states, you have to meet "Qualified Electronic Signature" level, which means cryptographic signatures and the involvement of some kind of trust services provider who validates the certificate used to sign. In practice this is rare, and ordinary electronic signatures a la Preview work for most things.
yencabulator 10 days ago [-]
> involvement of some kind of trust services provider
Marketplace at least in the US has shown that once you have this, the actual cryptography really doesn't matter. All anyone seems to care about seems to be "We are company X and have been doing this business for Y years and here's our standard operating policy. We emailed address A at time T1 and the person reading that email address used our online services to electronically 'sign' the pdf P at time T2."
Everyone trusts Adobe/Dropbox/et al to make that claim, nobody cares about certificates and what not.
SCM-Enthusiast 8 days ago [-]
There does exist a marketplace for documentation to be cryptographically encoded. E.G. Spec sheets. You must have a verified PGP key to open this document, that is generated for a company after they sign a NDA.
wfn 9 days ago [-]
Completely agree. Source: I build things for a company[1][2] which is a TRA and a QTSP (eIDAS parlance).
Two references which I promise will be interesting (re: qcerts and QES tooling):
[1]: https://www.zealid.com/en/ - you can onboard remotely for free, download your qualified certs at https://my.zealid.com/en - upload, QES sign, download PDFs (all of these free) - or use our APIs to integrate into us (get in touch with us if you'd like the latter).
[2]: opinions are my own.
noodlesUK 6 days ago [-]
I know this comment comes a bit late, but thanks so much! That library is exactly the kind of thing I have been looking for. I've just signed up using your app. I'm curious, my UK passport didn't scan correctly with NFC. Do you only support EU docs for NFC validation? I expected the NFC scanning to work with any ICAO 9303 document.
wfn 4 days ago [-]
> That library is exactly the kind of thing I have been looking for.
Ah, that's great to hear! You can message its author if you have any specific questions regarding it, he's a friendly and very competent fella.
> I'm curious, my UK passport didn't scan correctly with NFC. Do you only support EU docs for NFC validation? I expected the NFC scanning to work with any ICAO 9303 document.
Ah, one day I'll write a post / video / book / series of morbid novels on NFC in eMRTDs...
Long story short: we support NFC worldwide (NFC prompt is disabled for certain documents, e.g. Germany has a peculiar interpretation of ICAO 9303 where they require a type of Active Auth (vs Passive Auth which is what happens when you scan it with our app or with many other apps))).
However.
1. Sometimes the chip simply does not scan correctly. It takes a bit of time, there's a handshake involved, we send in a sort of hash of the MRZ so that the chip can give some (not all) of the NFC Data Groups (if you're familiar with the 9303 - e.g. we don't get (as part of Passive Auth) biometrics info such as your iris info). You have to hold it tight for a while. You have to hold it against the right spot on your mobile device (varies per model as you're likely aware). Chip has to be in good shape (confirmed from personal experience).
2. Countries interpret PKI (incl. the underlying x509 spec)... differently. One good recent example: the DSC (Document Signing Certificate embedded in your chip) has to have the same trust root as the corresponding CRL (cert revocation list where we check if the cert which signed the DSC - the so-called CSCA - has not been revoked). In practice... sometimes they differ. We handle exceptions and keep working on them, but it's a slow process.
So TL;DR sometimes it's just the physical process which gets in the way (and you then get the video pattern upload screen); sometimes we fetch the NFC data but cannot ensure its authenticity (cannot verify chain of signed certs up to a trusted root - UK like other countries has issued a few CSCAs; these are included in ICAO's PKD which we download, verify and then use). And sometimes all of this is well, but we conclude that the revocation status of the parent cert (the CSCA) is unknown.
If revocation information is included in the cert (e.g. through a so-called distribution point - which usually points to a URL (sometimes broken...), sometimes to a file (...), etc.), we have to make revocation checks and conclude that the cert inside the chip (DSC) and the parent cert(s) have not been revoked. Sometimes the latter process fails.
Sometimes the same document model (same country, doc type, same issue year, same physical security features etc.) embeds a different DSC which leads us to discover that some country has again introduced some non-conforming (against x509 spec, to be precise; e.g. in terms of validation path building) cert chain. We learn to handle them, but it's an ongoing process. Some docs for some countries still prove troublesome.
I don't know the particular onboarding attempt at hand, so it could be something from #1 or #2 above, or perhaps something else.
What can I say, it's fun... (I especially love how ICAO 9303 requires explicit unnamed elliptic curves (as the key algorithm for the keypair underneath the NFC's DSC).
If you want to chat more, shoot me an email :)
TheJoeMan 10 days ago [-]
You’re really right, I asked my IT guy who’s a windows server wizard about what it would take to implement basic PKI for internal document signing and he looked at me like I had 2 heads.
FredrikSE 9 days ago [-]
The PKI is not hard(Windows one works well), but to keep it secure and safe could be more challenging.
10 days ago [-]
perfmode 10 days ago [-]
does Preview in macOS not fit the bill?
noodlesUK 9 days ago [-]
As far as I know preview doesn’t support creating or even viewing cryptographic signatures at all.
maweki 10 days ago [-]
I host this at home. I don't use it myself, I can use the linux CLI tools that its based on. But I prefer my wife to use this to convert/split/etc. her pdf files this way instead of using some random website or app (that uses the same cli tool anyway).
She doesn't mind either way. Seems to work well enough for her use cases.
Since PDFBox is a Java application, it should work cross-platform, not just Linux. Please correct me if you mean something else.
maweki 10 days ago [-]
I am sorry. I was under the impression that, at least for some features, Stirling PDF also uses pdfjam or similar, instead of wholly delegating to PDFBox. I think the point still stands, that there are powerful cli tools and I wouldn't consider running this container just for myself.
Probably anybody who can get this docker container running, can use appropiate open source cli tools. So one would wonder about the target audience. I don't. ;)
But I do indeed LibreOffice's command line conversion features.
nashashmi 10 days ago [-]
You should just get a perpetual license to a PDF tool for $70. Best money ever spent. And get a portable exe version too.
ziddoap 10 days ago [-]
They seem to have a working solution that they, and their wife, is happy with. Why should they spend money on a different solution?
nashashmi 10 days ago [-]
Because it is two birds with one stone? Because it is one less system to maintain? Because it is superior to a web based UI with mutliple tools under different headers? because it is simple for even the least technical?
Suggestion is to use a free Pdf xchange editor by tracker software. And print the document to pdf when done.
sodality2 10 days ago [-]
Counterpoint: A web service is one thing to maintain that then works on all devices, including mobile. A PDF tool needs to be installed.
nashashmi 10 days ago [-]
That is a good point in the world of ipad, android, and iphone. But did you know that iOS has most of these features built in? I just discovered this now.
nirav72 10 days ago [-]
I'm running this in a container on my nas. There isn't anything to maintain with tools like this. If setup, properly - they keep running unless stopped. They can even be auto-updated when their is a new image. I have several types of utility apps I'm self-hosting. I rarely have to do anything other than keep the OS updated.
nirav72 9 days ago [-]
Just plain ubuntu server and docker installed. I use Portainer to manage the containers. Container images are updated automatically using watchtower.
nashashmi 10 days ago [-]
What nas system do you use that runs containers? I tried the whole container thing and have to reboot my system every week
microbass 7 days ago [-]
Unraid is nice, and pretty easy to maintain. You get a web interface and can set up auto updates. There a many different applications in their app store, too, or you can make your own using plain docker.
happymellon 9 days ago [-]
You had to reboot your system every week because you tried a container?
anotherhue 11 days ago [-]
> Originally developed entirely by ChatGPT, this locally hosted web application has evolved to encompass a comprehensive set of features, addressing all your PDF requirements.
Well that's that then.
frooodle 10 days ago [-]
Creator here, I think there is some confusion in my doc.
It's not made with fully with chatgpt
It was initially created as a 24 hour challenge to make a full app with chatgpt 3.0 in a set time limit to test what chatgpt was like last year.
I posted on Reddit it got lots of demand and I turned it into a full app,the only full chatgpt was the first 24 hours, it's over a year later now
neitsab 10 days ago [-]
Yes, it would be a great idea to update the wording as there is no way to derive that from the current one.
Even being sympathetic, my thought reading this was "probably bad code quality/rotten core despite the great feature set".
You can have a "History/Background/Origin" section where you put exactly what you wrote in your comment and it will be fine.
This notwithstanding, thank you very much for developing this app! I will look into deploying it on my server, it will be of great help to people around me who often need manipulating PDFs but are not super technical!
jpnc 11 days ago [-]
I wonder what the point of that sentence is - to get picked up by HN? Kinda like how any product or service even tangentially related to data suddenly has 'by the way also AI and stuff' added somewhere on their landing page.
You don't see 'Developed using intellisense' used in READMEs.
exe34 10 days ago [-]
You do see "sent from my iPhone"
BonusPlay 10 days ago [-]
For me it means:
1) don't expose it to public internet
2) don't give it untrusted input
Which highly reduces the usability factor for me.
arthurcolle 11 days ago [-]
That's amazing. What a time to be alive.
nolongerthere 11 days ago [-]
so do we trust it?
wakawaka28 11 days ago [-]
The claim, or the software? If the software was developed by ChatGPT it probably sucks. If it wasn't developed by ChatGPT, its author is a liar. So either way, fuck it.
secfirstmd 10 days ago [-]
Who cares if it was developed by ChatGPT if it actually works? Why not try it out first before crapping on someone's hard Open Source work?
wakawaka28 10 days ago [-]
Yeah let me waste a shitload of time on possible low-quality shit that might have spyware. Based on the advertisement I'm not convinced. I want PDF tools developed by experts, not monkeys pounding on keyboards or shysters who push stupid gimmicks.
langnutty 10 days ago [-]
PDF software / readers are reliably the least reliable, most likely to have security issues programs on any given machine. I for one would not run C code blindly copied from ChatGPT carelessly.
In this case I think the actual PDF bits are command line tools written by humans though, and just the web wrapping (some small initial piece of it) is originally from ChatGPT.
atoav 10 days ago [-]
I once tried 3 hours to get ChatGPT to write a correct cubic interpolation function. Everything it wrote was either not cubic or not an interpolation function (the resulting curve didn't pass through the input points).
So yeah.
franga2000 10 days ago [-]
Not sure what your point is. I probably couldn't write a correct cubic interpolation function in 3 hours if you stuck me in an empty room and kept giving me the same instruction with a small change every time. But I've definitely written software as complex as this project basically from memory with only the occasional glance at some framework docs.
Leetcode is a meaningless metric when evaluating application developers.
atoav 9 days ago [-]
What are you talking about?
This was an example of how I gave a LLM clear instructions on a function that is known to the internet. If I told you get to use google you probably could solve this "leetcode" task in 10 minutes.
So I picked a random known algorithm and asked ChatGPT to write a function with it, just to test it.
I agree that leetcode is a useless metric, but nobody informed me that something simple like cubic interpolation belongs to this.category now. Maybe I should re-evaluate my career.
franga2000 9 days ago [-]
I'm just saying that writing a small function that has to be perfectly correct is a very different task from from writing a small web app where the space of possible solutions is incredibly large.
LLMs don't have perfect recall, so it has to reconstructtthe answer from the information it retained from training. Your example is like asking it math problems: unless it had both seen and retained the specific one you've asked it, it can't answer correctly because doesn't have the capability to reason about the problem and solve it. But something like writing a web app is closer to writing a story, where each next block it spits out doesn't have to be exactly correct, it just has to get the job done.
As for leetcode, I guess it depends on your field, but my logic is this: if I came to an interview and was told to write a microservice that receives a POSTed file, extracts some data and puts it in a DB, that's a solid work-relevant skill test. But if they asked to to write some interpolation functions, I'd consider that a leetcode interview - closer to math than programming, not a good indicator of job ability, not representative of the kind of work I'll be doing.
petepete 10 days ago [-]
I'd love it if this could be integrated into Paperless. Every now and then one of my scanned documents goes in upside down and I need to rescan. Clicking rotate, maybe reordering and letting it be rescanned would be great.
moritzruth 10 days ago [-]
The last minor release of paperless-ngx added merging, splitting and rotating.
Ah thanks. I'd actually updated but didn't read the changelog and hadn't noticed the new functionality!
Odenwaelder 10 days ago [-]
The latest version of paperless-ngx can rotate documents. Check it out!
petepete 10 days ago [-]
Perfect timing, thank you.
nashashmi 10 days ago [-]
Ouch. Rotate the document in a pdf reader. And Print to pdf.
petepete 9 days ago [-]
My Brother scanner SFTPs documents right to my server where they're ingested by Paperless-ngx. It's all really seamless other than occasionally when the document appears upside down for some reason.
babox 10 days ago [-]
me tooo
tacocataco 10 days ago [-]
One of firefox's more recent updates added a PDF editor.
I think people's perception of forefox is from several versons ago. As a daily user throughout its history, Firefox has made alot of progress over the years IMO.
Give it another shot if it's been a while.
emarsden 10 days ago [-]
From the README: “Stirling PDF does not initiate any outbound calls for record-keeping or tracking purposes”. Beyond auditing the code, how could a potential user verify this claim in advance, and how can a web-based app help support such a claim (in particular when the app does need to make some web requests to operate, but only to a restricted list of URLs that might be listed in a manifest along the lines of a Content-Security-Policy for instance)?
This is a concrete problem when deploying apps that need the user to “upload” some sensitive content.
huygens6363 10 days ago [-]
Little snitch[1] can help you out when self-hosting. When not self-hosting, all bets are off and my default stance is "expect the worst".
Edit: LS is MacOS oriented. I'm sure there are others, but I'm not into it. I feel it should be an OS-level feature, but who am I.
vladvasiliu 10 days ago [-]
> LS is MacOS oriented
There's opensnitch on Linux. There's also something similar on Windows but I don't remember what it's called.
mathfailure 9 days ago [-]
TinyWall for Windows.
arcastroe 10 days ago [-]
If you're self-hosting on kubernetes, you can set up network policies with deny-all egress rule for this deployment/pod. This would block all outward network calls.
justsomehnguy 10 days ago [-]
> in particular when the app does need to make some web requests to operate
A web app doesn't need to make an outbound web requests to operate. A user interacting with a web is the one initiating the requests.
You can give the access to the up through a HTTP proxy and you can filter out any outbound requests from the web app or even not configuring the network routing for the server hosting that app. That leaves you with only JS initiated requests in the rendered pages of the app.
TheCapeGreek 10 days ago [-]
That's a problem with just about any package, library or system you use in the end.
Open source runs in a large amount of trust, and we're all complicit.
emarsden 10 days ago [-]
Sure, but these types of applications are running in a web browser sandbox, which benefits from enormous engineering resources to protect the host computer from malicious actions by the remote code. I'm wondering whether this execution environment (augmented with some policy mechanism to allow apps to declare their URL access needs, a little like an AppArmor or network firewal policy) could also provide some guarantees concerning privacy or information security.
apexalpha 10 days ago [-]
Just put a sniffer or network capture tool like Wireshark in between. Additionally you could restrict the apps network access entirely to just your local home network.
emarsden 10 days ago [-]
It seems that there is some missing tooling to make this convenient.
You can run a local bundle of HTML/JS/WASM in a web browser instance that you isolate (for example with firejail) to prevent network access. You distribute as a zip/tgz, but it's not obvious how to handle updates without a full redownload. Distributing with a full Electron-like interface is obviously overkill.
If you're running a web app that's hosted elsewhere (which will be much more convenient for most people), your web browser or the software isolation functionality (or firewall/proxy) needs to distinguish between the initial resource loads (approve) and later sneaky logging requests (ban).
There are Android applications such as TrackerControl that have related functionality (operates as a local VPN to filter all network requests and block tracking) but I don't know of convenient tools for the desktop (Linux, in particular).
mstijak 10 days ago [-]
Working on a product that could be similarily described.
CxReports: Self-hosted, web-based PDF reporting tool.
When I saw this project months ago I instant loved it. I installed and start using it for real and... I found many bugs. Some tools were unusable.
I really hope it's better now.
mathfailure 9 days ago [-]
I once used it on a pdf file with a scanned text form trying to make it more contrast, as the scan was hardly seen. What I needed was basically just making dark stuff darker (up to the point of making it black) and maybe a bit thicker to make it more visible.
The tool failed to help me with such a seemingly menial task, the improvement was very small. I even tried to repeat the step multiple times, but after like 2nd use there were no visual differences anymore (but the file's size kept actually changing).
jacob019 9 days ago [-]
That's not really a PDF thing. In that case the PDF is a thin wrapper around raster images. Extract the images, increase the contrast with gimp or imagemagick, and make a new PDF. You could script this if you had a lot of them.
junto 10 days ago [-]
I’m looking at the list and trying to figure out if there is an API to extract the text from a PDF? Or retrieve it as vectors / embeddings?
Beijinger 10 days ago [-]
At least it is open source. It never hurts to have something web based but I prefer an application. I use a commercial product for Linux. Master PDF Editor. It is good, but their copy protection sucks. Better don't forget to "deregister" ist before wiping your harddrive, otherwise your code won't work. But there is always customer service....
franga2000 10 days ago [-]
I generally agree, but I also very often need to quickly do something basic to a PDF from my phone (like split a 2-column layout to single-column so it's actually readable) or when doing something on someone else's computer and little web tools like this are great for that.
And yes, Master PDF Editor is an amazing piece of software! It makes creating PDF forms so easy that every time I get a PDF to fill out, I make it a form and send back an empty copy too so whoever sent it to me can use that instead. I've gotten a few smaller organisations to start using mine instead.
bustedagain 10 days ago [-]
Can someone convert this mumble jumble of docker api endpoint locally environment into a working software that people can actually install and use on their pc/mac/phone???
This seems too complicated to perform simple tasks of split merge edit not to mention the GBs of space docker and dependencies will take.
Thank you
10 days ago [-]
thrdbndndn 10 days ago [-]
I see it uses pdfbox and pdf.js, so I assume it's mainly a frond end of these tools?
GlacierFox 10 days ago [-]
Anyone got an alternative that wasn't developed entirely in ChatGPT?
cjblomqvist 10 days ago [-]
Anecdotally from previous HN discussions, I believe a lot of the code is now not developed by ChatGPT anymore.
Update: As evident by the author's comment below, it's definitely not made by ChatGPT anymore (in any major way)
tyre 10 days ago [-]
The creator is in the comments, it wasn’t entirely developed with ChatGPT. The first spike in 24h was. The rest of the past year of development was human.
shiftingleft 10 days ago [-]
Looking at a few files, there's definitely some generated comments in there.
Do you have any method to quantify how much of it is (likely) generated?
Alifatisk 10 days ago [-]
On mac, the preview app.
On Windows, okular. But honestly, pirating Acrobat is the best way if you have a tough economy.
kapildev 10 days ago [-]
On the topic of PDFs, one thing I have always wondered is why there aren't any OpenSource pdf editors that are comparable to Adobe or Foxit. Does anyone know?
trueismywork 9 days ago [-]
What features are you looking for? Okular has served me well.
tiahura 10 days ago [-]
Probably for the same reason there aren't any OpenSource comparables to Word, Excel, Outlook, Autocad, Quickbooks, or any other flagship productivity software
snadal 10 days ago [-]
Not the same thing.
- Libreoffice can edit Word and Excel files.
- There are several tools to read a PST file. Anyway… pst files are not commonly being shared with other people so the need to accessing it is uncommon unless you already use outlook.
- Autocad and Quickbooks are far less used (less people) than PDF.
I also wonder why there are no more tools to edit PDF files. Maybe licensing issues?
Edit: formatting
tiahura 10 days ago [-]
Not the same thing.
- Libreoffice can edit Word and Excel files.
You are correct. Just because Libreoffice can mangle a docx file doesn't make them truly comparable.
emacs can edit a .sqlite file, but they aren't comparable.
The issue is the insanely massive investment needed to build and sustain a project with millions of lines of code for something that isn't particularly sexy.
TechDebtDevin 11 days ago [-]
I feel like everytime I log onto this site I encounter a finished project that's very similar to something I'm working on. I'm too slow (or project hop too much).
Not that PDF related tools are uncommon but yeah I think people understand the sentiment.
I'm also very surprised that <redacted> for profit companies in the Document-manipulating/signing/storing still exist outside of niche industries (healthcare, govt, law) that require audit-trails and other regulatory specifics. I guess SEO still rules.. If anyone wants to make some money call up all the biggest real estate firms in your area and ask them how much they spend on contract signing or related services (it's a lot) and then offer them to do this for half the amount ( I can sign 20-30k documents for <$100 a month, and could be cheaper probably) Your average real estate firm is paying .50c-$1 a signature if they are uninformed, there's a lot of the uninformed.
cess11 10 days ago [-]
Manipulation and signing is the easy part. Robust storage, retrieval and deletion aren't so easy.
Reputation often matters more than price in this area, because the pricey services amount to peanuts compared to the business as a whole. It's like doing price optimisation on toilet paper in the office. And reputation is generally interpreted as a proxy for reliability and a guarantee that there will be someone to sue if things go bad.
jiriro 10 days ago [-]
Could you please elaborate how do you sign 10k documents for $100/month?
TechDebtDevin 10 days ago [-]
Depends on the size of the documents but it's very straightforward. As someone mentioned it's reputation that is the expensive part.
ofrzeta 9 days ago [-]
A subset of the manipulations such as split and merge can also be done with PDFSam
I’m not sure if this uses unoconv with LibreOffice but my heart goes out to anyone trying to develop Pdf/document manipulation tools with the current Python libraries. A thankless task.
The more you work on this stuff the more you hate proprietary formats as well as having to rely on open source repos operated at the whim of a few good people.
siva7 10 days ago [-]
> Originally developed entirely by ChatGPT
I would be careful with such wording as one could easily come to the conclusion that this tool was developed by the ChatGPT team. Nevertheless that this software certainly wasn't entirely developed by ChatGPT which is technically not possible but WITH the assistance of an AI tool.
showerst 10 days ago [-]
On a related note, does anyone have a good solution for highlighting arbitrary spans of text in PDFs? Trying to make viewing search results easier, but most of the solutions I've found are pretty lousy.
Jackson_Fleck 10 days ago [-]
I think you can hack together something in pdf.js but you have to deal with the pain of digging through its code. I’m working on something of the sort in an application I’ve built but it’s v much “nice to have”.
If you’re talking about raw pdfs then you are at the whim of the encoding surely? I’ve always found Adobe etc to have utterly crap searches
2Gkashmiri 10 days ago [-]
Is there a PDF templating tool that lets you GUI modify elements on a PDF to be used to generate reports and invoices for example ?
Backend has Python and preferably agpl
haidev 11 days ago [-]
How is this entirely developed by ChatGPT? Does the author claim that all the code in there was generated by ChatGPT?
frooodle 10 days ago [-]
Creator here, I think there is some confusion in my doc.
It's not made with fully with chatgpt
It was initially created as a 24 hour challenge to make a full app with chatgpt 3.0 in a set time limit to test what chatgpt was like last year.
I posted on Reddit it got lots of demand and I turned it into a full app,the only full chatgpt was the first 24 hours, it's over a year later now
figmert 10 days ago [-]
I'd love to know how you did that initial 24 hour challenge. Maybe a blog post or something? If I were to go about creating a start to an application using ChatGPT, how would I go about it?
sidcool 10 days ago [-]
The test coverage is pretty low. I'm raising a PR for this. Code quality not the best.
exac 10 days ago [-]
Well it was developed initially by ChatGPT. First file I open I see repeated comments.
I hope they will add digital signing with certificates capabilities.
nip 10 days ago [-]
Out of curiosity (and self interest [1]), what is your use case for digital signing and verification?
My understanding is that it’s more about trust (Docusign being the leader) than anything else: one can provide certificate signing and verification, but the trust in the owner of the certificate is the crux of the matter
[1] I’m the developer behind SimplePDF.eu
exe34 10 days ago [-]
I guess you could reverse proxy with nginx?
atoav 10 days ago [-]
As you probably should?
brnt 9 days ago [-]
Now do a wasm version.
nikisweeting 9 days ago [-]
I have some questions about the Github Star history, it's very unusual to see a ~1 year old repo with 20k+ stars.
It went from 6k to 15k+ stars in a few days around 2023 Christmas when HN/Github/Reddit traffic is usually lowest, and I didn't see a corresponding social media post or announcement around that time with that kind of traffic.
If I'm wrong and there is some big social media post / promo that I missed, I apologize, I'll eat my shorts!
Creator here, there was a big HN post that caused that big boom during Christmas
nikisweeting 9 days ago [-]
Got it! Strange that such a big post doesn't show up in that Google search! Really makes me lose trust in Google for basic research like that (sigh)
Sorry for insinuating that you maybe bought stars and congrats on the great project growth!
Hopefully if nothing else, my comment will answer this question for others that had the same "partially written by ChatGPT" == "willing to use bots for growth" suspicion.
9 days ago [-]
Rendered at 17:51:50 GMT+0000 (Coordinated Universal Time) with Vercel.
I really hope that someone will decide to step in and become the Let's Encrypt of PDF and S/MIME certs, because that will improve public trust significantly.
You’ll be surprised how far you can go pasting a picture of your signature in Preview.
In the EU, in order to have a legal guarantee of being treated as the same as a handwritten signature in all member states, you have to meet "Qualified Electronic Signature" level, which means cryptographic signatures and the involvement of some kind of trust services provider who validates the certificate used to sign. In practice this is rare, and ordinary electronic signatures a la Preview work for most things.
Marketplace at least in the US has shown that once you have this, the actual cryptography really doesn't matter. All anyone seems to care about seems to be "We are company X and have been doing this business for Y years and here's our standard operating policy. We emailed address A at time T1 and the person reading that email address used our online services to electronically 'sign' the pdf P at time T2."
Everyone trusts Adobe/Dropbox/et al to make that claim, nobody cares about certificates and what not.
Two references which I promise will be interesting (re: qcerts and QES tooling):
- excellent open source library for working with PDFs and digital signatures (incl. PDF ones): https://github.com/MatthiasValvekens/pyHanko
- European Commission's DSS Tool (you can submit one PDF only, don't need both original and signed one): https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo...
[1]: https://www.zealid.com/en/ - you can onboard remotely for free, download your qualified certs at https://my.zealid.com/en - upload, QES sign, download PDFs (all of these free) - or use our APIs to integrate into us (get in touch with us if you'd like the latter).
[2]: opinions are my own.
Ah, that's great to hear! You can message its author if you have any specific questions regarding it, he's a friendly and very competent fella.
> I'm curious, my UK passport didn't scan correctly with NFC. Do you only support EU docs for NFC validation? I expected the NFC scanning to work with any ICAO 9303 document.
Ah, one day I'll write a post / video / book / series of morbid novels on NFC in eMRTDs...
Long story short: we support NFC worldwide (NFC prompt is disabled for certain documents, e.g. Germany has a peculiar interpretation of ICAO 9303 where they require a type of Active Auth (vs Passive Auth which is what happens when you scan it with our app or with many other apps))).
However.
1. Sometimes the chip simply does not scan correctly. It takes a bit of time, there's a handshake involved, we send in a sort of hash of the MRZ so that the chip can give some (not all) of the NFC Data Groups (if you're familiar with the 9303 - e.g. we don't get (as part of Passive Auth) biometrics info such as your iris info). You have to hold it tight for a while. You have to hold it against the right spot on your mobile device (varies per model as you're likely aware). Chip has to be in good shape (confirmed from personal experience).
2. Countries interpret PKI (incl. the underlying x509 spec)... differently. One good recent example: the DSC (Document Signing Certificate embedded in your chip) has to have the same trust root as the corresponding CRL (cert revocation list where we check if the cert which signed the DSC - the so-called CSCA - has not been revoked). In practice... sometimes they differ. We handle exceptions and keep working on them, but it's a slow process.
So TL;DR sometimes it's just the physical process which gets in the way (and you then get the video pattern upload screen); sometimes we fetch the NFC data but cannot ensure its authenticity (cannot verify chain of signed certs up to a trusted root - UK like other countries has issued a few CSCAs; these are included in ICAO's PKD which we download, verify and then use). And sometimes all of this is well, but we conclude that the revocation status of the parent cert (the CSCA) is unknown.
If revocation information is included in the cert (e.g. through a so-called distribution point - which usually points to a URL (sometimes broken...), sometimes to a file (...), etc.), we have to make revocation checks and conclude that the cert inside the chip (DSC) and the parent cert(s) have not been revoked. Sometimes the latter process fails.
Sometimes the same document model (same country, doc type, same issue year, same physical security features etc.) embeds a different DSC which leads us to discover that some country has again introduced some non-conforming (against x509 spec, to be precise; e.g. in terms of validation path building) cert chain. We learn to handle them, but it's an ongoing process. Some docs for some countries still prove troublesome.
I don't know the particular onboarding attempt at hand, so it could be something from #1 or #2 above, or perhaps something else.
What can I say, it's fun... (I especially love how ICAO 9303 requires explicit unnamed elliptic curves (as the key algorithm for the keypair underneath the NFC's DSC).
If you want to chat more, shoot me an email :)
She doesn't mind either way. Seems to work well enough for her use cases.
I am interested in this part. Here is what I found: https://pdfbox.apache.org/2.0/commandline.html
Since PDFBox is a Java application, it should work cross-platform, not just Linux. Please correct me if you mean something else.
Probably anybody who can get this docker container running, can use appropiate open source cli tools. So one would wonder about the target audience. I don't. ;)
But I do indeed LibreOffice's command line conversion features.
Suggestion is to use a free Pdf xchange editor by tracker software. And print the document to pdf when done.
Well that's that then.
It was initially created as a 24 hour challenge to make a full app with chatgpt 3.0 in a set time limit to test what chatgpt was like last year.
I posted on Reddit it got lots of demand and I turned it into a full app,the only full chatgpt was the first 24 hours, it's over a year later now
Even being sympathetic, my thought reading this was "probably bad code quality/rotten core despite the great feature set".
You can have a "History/Background/Origin" section where you put exactly what you wrote in your comment and it will be fine.
This notwithstanding, thank you very much for developing this app! I will look into deploying it on my server, it will be of great help to people around me who often need manipulating PDFs but are not super technical!
1) don't expose it to public internet
2) don't give it untrusted input
Which highly reduces the usability factor for me.
In this case I think the actual PDF bits are command line tools written by humans though, and just the web wrapping (some small initial piece of it) is originally from ChatGPT.
So yeah.
Leetcode is a meaningless metric when evaluating application developers.
This was an example of how I gave a LLM clear instructions on a function that is known to the internet. If I told you get to use google you probably could solve this "leetcode" task in 10 minutes.
So I picked a random known algorithm and asked ChatGPT to write a function with it, just to test it.
I agree that leetcode is a useless metric, but nobody informed me that something simple like cubic interpolation belongs to this.category now. Maybe I should re-evaluate my career.
LLMs don't have perfect recall, so it has to reconstructtthe answer from the information it retained from training. Your example is like asking it math problems: unless it had both seen and retained the specific one you've asked it, it can't answer correctly because doesn't have the capability to reason about the problem and solve it. But something like writing a web app is closer to writing a story, where each next block it spits out doesn't have to be exactly correct, it just has to get the job done.
As for leetcode, I guess it depends on your field, but my logic is this: if I came to an interview and was told to write a microservice that receives a POSTed file, extracts some data and puts it in a DB, that's a solid work-relevant skill test. But if they asked to to write some interpolation functions, I'd consider that a leetcode interview - closer to math than programming, not a good indicator of job ability, not representative of the kind of work I'll be doing.
Source: https://docs.paperless-ngx.com/changelog/#paperless-ngx-270
I think people's perception of forefox is from several versons ago. As a daily user throughout its history, Firefox has made alot of progress over the years IMO.
Give it another shot if it's been a while.
This is a concrete problem when deploying apps that need the user to “upload” some sensitive content.
[1] https://www.obdev.at/products/littlesnitch/index.html
Edit: LS is MacOS oriented. I'm sure there are others, but I'm not into it. I feel it should be an OS-level feature, but who am I.
There's opensnitch on Linux. There's also something similar on Windows but I don't remember what it's called.
A web app doesn't need to make an outbound web requests to operate. A user interacting with a web is the one initiating the requests.
You can give the access to the up through a HTTP proxy and you can filter out any outbound requests from the web app or even not configuring the network routing for the server hosting that app. That leaves you with only JS initiated requests in the rendered pages of the app.
Open source runs in a large amount of trust, and we're all complicit.
You can run a local bundle of HTML/JS/WASM in a web browser instance that you isolate (for example with firejail) to prevent network access. You distribute as a zip/tgz, but it's not obvious how to handle updates without a full redownload. Distributing with a full Electron-like interface is obviously overkill.
If you're running a web app that's hosted elsewhere (which will be much more convenient for most people), your web browser or the software isolation functionality (or firewall/proxy) needs to distinguish between the initial resource loads (approve) and later sneaky logging requests (ban).
There are Android applications such as TrackerControl that have related functionality (operates as a local VPN to filter all network requests and block tracking) but I don't know of convenient tools for the desktop (Linux, in particular).
CxReports: Self-hosted, web-based PDF reporting tool.
https://www.cx-reports.com
I really hope it's better now.
The tool failed to help me with such a seemingly menial task, the improvement was very small. I even tried to repeat the step multiple times, but after like 2nd use there were no visual differences anymore (but the file's size kept actually changing).
And yes, Master PDF Editor is an amazing piece of software! It makes creating PDF forms so easy that every time I get a PDF to fill out, I make it a form and send back an empty copy too so whoever sent it to me can use that instead. I've gotten a few smaller organisations to start using mine instead.
This seems too complicated to perform simple tasks of split merge edit not to mention the GBs of space docker and dependencies will take.
Thank you
Update: As evident by the author's comment below, it's definitely not made by ChatGPT anymore (in any major way)
On Windows, okular. But honestly, pirating Acrobat is the best way if you have a tough economy.
- Libreoffice can edit Word and Excel files.
- There are several tools to read a PST file. Anyway… pst files are not commonly being shared with other people so the need to accessing it is uncommon unless you already use outlook.
- Autocad and Quickbooks are far less used (less people) than PDF.
I also wonder why there are no more tools to edit PDF files. Maybe licensing issues?
Edit: formatting
- Libreoffice can edit Word and Excel files.
You are correct. Just because Libreoffice can mangle a docx file doesn't make them truly comparable.
emacs can edit a .sqlite file, but they aren't comparable.
The issue is the insanely massive investment needed to build and sustain a project with millions of lines of code for something that isn't particularly sexy.
Not that PDF related tools are uncommon but yeah I think people understand the sentiment.
I'm also very surprised that <redacted> for profit companies in the Document-manipulating/signing/storing still exist outside of niche industries (healthcare, govt, law) that require audit-trails and other regulatory specifics. I guess SEO still rules.. If anyone wants to make some money call up all the biggest real estate firms in your area and ask them how much they spend on contract signing or related services (it's a lot) and then offer them to do this for half the amount ( I can sign 20-30k documents for <$100 a month, and could be cheaper probably) Your average real estate firm is paying .50c-$1 a signature if they are uninformed, there's a lot of the uninformed.
Reputation often matters more than price in this area, because the pricey services amount to peanuts compared to the business as a whole. It's like doing price optimisation on toilet paper in the office. And reputation is generally interpreted as a proxy for reliability and a guarantee that there will be someone to sue if things go bad.
https://pdfsam.org/de/
https://github.com/torakiki/pdfsam
The more you work on this stuff the more you hate proprietary formats as well as having to rely on open source repos operated at the whim of a few good people.
I would be careful with such wording as one could easily come to the conclusion that this tool was developed by the ChatGPT team. Nevertheless that this software certainly wasn't entirely developed by ChatGPT which is technically not possible but WITH the assistance of an AI tool.
If you’re talking about raw pdfs then you are at the whim of the encoding surely? I’ve always found Adobe etc to have utterly crap searches
Backend has Python and preferably agpl
It was initially created as a 24 hour challenge to make a full app with chatgpt 3.0 in a set time limit to test what chatgpt was like last year.
I posted on Reddit it got lots of demand and I turned it into a full app,the only full chatgpt was the first 24 hours, it's over a year later now
https://github.com/Stirling-Tools/Stirling-PDF/blob/7f577a60...
My understanding is that it’s more about trust (Docusign being the leader) than anything else: one can provide certificate signing and verification, but the trust in the owner of the certificate is the crux of the matter
[1] I’m the developer behind SimplePDF.eu
It went from 6k to 15k+ stars in a few days around 2023 Christmas when HN/Github/Reddit traffic is usually lowest, and I didn't see a corresponding social media post or announcement around that time with that kind of traffic.
If I'm wrong and there is some big social media post / promo that I missed, I apologize, I'll eat my shorts!
https://star-history.com/#Stirling-Tools/Stirling-PDF&Date
https://www.google.com/search?q=%22stirling%22+%22PDF%22&sca...
Sorry for insinuating that you maybe bought stars and congrats on the great project growth!
Hopefully if nothing else, my comment will answer this question for others that had the same "partially written by ChatGPT" == "willing to use bots for growth" suspicion.