Show HN: Cypht – Unique Open Source Webmail (opens in new tab)

(cypht.org)

110 pointsjasonmunro9y ago36 comments

36 comments

The opening paragraph cracked me up:

"Cypht is not your father's webmail. Unless you are one of my daughters, in which case it is your father's webmail. Cypht is like a news reader, but for E-mail."

jasonmunroOP9y ago

This project has been a labor of love for me over the last 2.5 years. I'm interested in any feedback you have, and happy to answer any questions!

carussell9y ago

Do you know about Sandstorm and its app market?

https://sandstorm.io/news/2014-07-21-open-source-web-apps-re...

jasonmunroOP9y ago

I did not, thanks for the info. Looks interesting.

the_duke9y ago

Sandstorm is an interesting idea.

The design is so ugly, though...

guessmyname9y ago

I am impressed with the 100% code coverage [1] of your project. It would be cool to have the installation instructions [2] in a Vagrant or Docker script, or as someone else suggested, a Heroku button. I like the website, very clean and most possible questions regarding the license, security, tests, and such are addressed in an easy-to-access section, very good, something that many other HN featured projects lack. Thanks for your work.

[1] https://cypht.org/docs/test_coverage/index.html

[2] https://cypht.org/install.html

jasonmunroOP9y ago

Wow, thanks for the kind words! I submitted this last night hoping to drum up some support for the project. I never dreamed it would be on the front page when I woke up!

ckluis9y ago

It looks nice, but may I suggest a couple more screenshots and/or GIFs to really showcase it (email edit/compose view, RSS reader view, etc).

As a marketer it kills me the amount of cool projects whose adoption may be hurt by a lack of a couple extra screenshots.

jasonmunroOP9y ago

I appreciate the suggestion, and will get a screenshot page added to the site. In the meantime, here are a few blog posts with more shots:

https://unencumberedbyfacts.com/2016/09/08/cypht-webmail-scr... https://unencumberedbyfacts.com/2016/10/04/cypht-webmail-scr...

0xmohit9y ago

Looks very nice.

Was about to ask about support for 2-factor authentication, then saw this:

  Support for 2 factor authentication with any TOTP compatible
  authenticator app

A quick-setup page might help.

mpitt9y ago

Why GPL v2?

jasonmunroOP9y ago

I felt that it most accurately represented my intentions for the software.

the_common_man9y ago

I use rainloop currently on a Cloudron. Would be great to have this as a cloudron.io app! (It's just based on Docker)

mike-cardwell9y ago

I can't find any mention of PGP anywhere on the site. That it is supported, or in-development, or planned. Which is a shame, because there are good Webmail implementations out there with PGP support. Roundcube via plugins, Rainloop built in.

jasonmunroOP9y ago

We have an open issue at github for PGP support, and it's something I definitely want to pursue. The big concern is private key security and how to balance that with usability.

fak3r9y ago

Is there a way to hook into keybase? https://keybase.io/ This project looks great, I use Fastmail but would like to have an IMAP web front end I host (I used to host my own stack), so I may give this a go. Thanks for sharing it!

scandox9y ago

I would love this. Appreciate it isn't simple. Keep up the good work.

stephenr9y ago

Any chance that/another issue would cover s/mime?

Many mainstream (read: Apple/Microsoft) mail clients need plugins (which eg on iOS aren't an option) for PGP Mail, but S/MIME is handled out of the box.

therealidiot9y ago

Don't these typically require access to the private key though?

I'm not comfortable uploading my private key to a webmail server, even when its my own server

mike-cardwell9y ago

> Don't these typically require access to the private key though?

Yes, but not on the server. The key is typically stored encrypted in the browser storage. Never hits the server.

But there is still the problem where the server could send "bad" javascript which copies the key and uploads to the server.

However, if it's my server and I'm running the webmail, I might be ok with that. And if the server is being run by somebody I trust, I might still be ok with making that decision.

And even if I don't want to add my own private key, it would still be nice if the webmail could verify messages signed by other people. There's nothing risky about that.

ecesena9y ago

I can recommend adding a faster way to try it, either a demo online or even better a docker image.

jasonmunroOP9y ago

Thanks for the feedback, and I agree. I love the idea of a docker image to create a demo environment.

wes-k9y ago

Could also setup a heroku deploy button.

https://devcenter.heroku.com/articles/heroku-button

Supraperplex9y ago

Definitely needed. Nice clean layout, the cleaner the better.

luck879y ago

mmh. what about Security? If they download locally via imap all your email for all your accounts or there is something more. anyway it is nice to read on Security page "Oauth2 over IMAP/SMTP "

jasonmunroOP9y ago

Thanks for your feedback! Cypht is a thin client that only accesses E-mail using IMAP (or POP3). No E-mail content is maintained locally except in the server side session, and the browser local storage (session only). Cypht does store your E-mail account credentials between logins if you chose to (this behavior can be disabled). Outside of that, we only aggregate content in the browser, not on the server or in any permanent manner. There is a performance price, but it's worth it IMO.

jasonmunroOP9y ago

Also, thanks for the Oauth2 recognition. It's perfect for a client like Cypht (I wish more providers supported it!).

maaarghk9y ago

I'm hosting my own e-mail; do you know if it's possible to set up exim / dovecot to support OAuth2 and what benefit would that provide over using e.g. LOGIN over tls?

1 more reply

jhoechtl9y ago

Lacks a decent name easy to pronounce

jasonmunroOP9y ago

I'm terrible at naming things. It is supposed to be a homophone for "sift", and it's just odd enough that the domains were super cheap :) I toyed around with adding a phonetic "sift" under the logo on the site, maybe I should revive that effort.

agjmills9y ago

It is easy to pronounce, like 'sift'

throwanem9y ago

But that takes some time to realize, because there's nothing in the context of the word to suggest the vowel be pronounced short rather than long, and neither is predominant in American English usage.

knocte9y ago

PHP???

j / k navigate · click thread line to collapse

36 comments

robert_foss9y ago

The opening paragraph cracked me up:

"Cypht is not your father's webmail. Unless you are one of my daughters, in which case it is your father's webmail. Cypht is like a news reader, but for E-mail."

jasonmunroOP9y ago

This project has been a labor of love for me over the last 2.5 years. I'm interested in any feedback you have, and happy to answer any questions!

carussell9y ago

Do you know about Sandstorm and its app market?

https://sandstorm.io/news/2014-07-21-open-source-web-apps-re...

jasonmunroOP9y ago

I did not, thanks for the info. Looks interesting.

the_duke9y ago

Sandstorm is an interesting idea.

The design is so ugly, though...

guessmyname9y ago

[1] https://cypht.org/docs/test_coverage/index.html

[2] https://cypht.org/install.html

jasonmunroOP9y ago

Wow, thanks for the kind words! I submitted this last night hoping to drum up some support for the project. I never dreamed it would be on the front page when I woke up!

ckluis9y ago

It looks nice, but may I suggest a couple more screenshots and/or GIFs to really showcase it (email edit/compose view, RSS reader view, etc).

As a marketer it kills me the amount of cool projects whose adoption may be hurt by a lack of a couple extra screenshots.

jasonmunroOP9y ago

I appreciate the suggestion, and will get a screenshot page added to the site. In the meantime, here are a few blog posts with more shots:

https://unencumberedbyfacts.com/2016/09/08/cypht-webmail-scr... https://unencumberedbyfacts.com/2016/10/04/cypht-webmail-scr...

0xmohit9y ago

Looks very nice.

Was about to ask about support for 2-factor authentication, then saw this:

  Support for 2 factor authentication with any TOTP compatible
  authenticator app

A quick-setup page might help.

mpitt9y ago

Why GPL v2?

jasonmunroOP9y ago

I felt that it most accurately represented my intentions for the software.

the_common_man9y ago

I use rainloop currently on a Cloudron. Would be great to have this as a cloudron.io app! (It's just based on Docker)

mike-cardwell9y ago

jasonmunroOP9y ago

We have an open issue at github for PGP support, and it's something I definitely want to pursue. The big concern is private key security and how to balance that with usability.

fak3r9y ago

scandox9y ago

I would love this. Appreciate it isn't simple. Keep up the good work.

stephenr9y ago

Any chance that/another issue would cover s/mime?

Many mainstream (read: Apple/Microsoft) mail clients need plugins (which eg on iOS aren't an option) for PGP Mail, but S/MIME is handled out of the box.

therealidiot9y ago

Don't these typically require access to the private key though?

I'm not comfortable uploading my private key to a webmail server, even when its my own server

mike-cardwell9y ago

> Don't these typically require access to the private key though?

Yes, but not on the server. The key is typically stored encrypted in the browser storage. Never hits the server.

But there is still the problem where the server could send "bad" javascript which copies the key and uploads to the server.

However, if it's my server and I'm running the webmail, I might be ok with that. And if the server is being run by somebody I trust, I might still be ok with making that decision.

And even if I don't want to add my own private key, it would still be nice if the webmail could verify messages signed by other people. There's nothing risky about that.

ecesena9y ago

I can recommend adding a faster way to try it, either a demo online or even better a docker image.

jasonmunroOP9y ago

Thanks for the feedback, and I agree. I love the idea of a docker image to create a demo environment.

wes-k9y ago

Could also setup a heroku deploy button.

https://devcenter.heroku.com/articles/heroku-button

Supraperplex9y ago

Definitely needed. Nice clean layout, the cleaner the better.

luck879y ago

mmh. what about Security? If they download locally via imap all your email for all your accounts or there is something more. anyway it is nice to read on Security page "Oauth2 over IMAP/SMTP "

jasonmunroOP9y ago

Also, thanks for the Oauth2 recognition. It's perfect for a client like Cypht (I wish more providers supported it!).

maaarghk9y ago

I'm hosting my own e-mail; do you know if it's possible to set up exim / dovecot to support OAuth2 and what benefit would that provide over using e.g. LOGIN over tls?

1 more reply

jhoechtl9y ago

Lacks a decent name easy to pronounce

jasonmunroOP9y ago

agjmills9y ago

It is easy to pronounce, like 'sift'

throwanem9y ago

knocte9y ago

PHP???

j / k navigate · click thread line to collapse