v1.5.4

fix ssdp on dualstack
support fat32 time precision, avoiding rescans
2022-12-29 04:44:15 +00:00 · 2022-12-22 16:50:46 +00:00 · 2022-12-20 22:19:32 +01:00 · 2022-12-20 13:28:48 +00:00 · 2022-12-19 21:18:27 +00:00 · 2022-12-15 22:38:33 +00:00
142 changed files with 13169 additions and 2386 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -11,7 +11,7 @@ copyparty.egg-info/
 /build/
 /dist/
 /py2/
-/sfx/
+/sfx*
 /unt/
 /log/

@@ -22,6 +22,7 @@ copyparty.egg-info/
 *.bak

 # derived
+copyparty/res/COPYING.txt
 copyparty/web/deps/
 srv/

--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -8,6 +8,7 @@
            "module": "copyparty",
            "console": "integratedTerminal",
            "cwd": "${workspaceFolder}",
+            "justMyCode": false,
            "args": [
                //"-nw",
                "-ed",
--- a/.vscode/launch.py
+++ b/.vscode/launch.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python3
+
 # takes arguments from launch.json
 # is used by no_dbg in tasks.json
 # launches 10x faster than mspython debugpy
@@ -9,15 +11,15 @@ import sys

 print(sys.executable)

+import json5
 import shlex
-import jstyleson
 import subprocess as sp


 with open(".vscode/launch.json", "r", encoding="utf-8") as f:
    tj = f.read()

-oj = jstyleson.loads(tj)
+oj = json5.loads(tj)
 argv = oj["configurations"][0]["args"]

 try:
@@ -28,6 +30,8 @@ except:

 argv = [os.path.expanduser(x) if x.startswith("~") else x for x in argv]

+argv += sys.argv[1:]
+
 if re.search(" -j ?[0-9]", " ".join(argv)):
    argv = [sys.executable, "-m", "copyparty"] + argv
    sp.check_call(argv)
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -52,9 +52,11 @@
        "--disable=missing-module-docstring",
        "--disable=missing-class-docstring",
        "--disable=missing-function-docstring",
+        "--disable=import-outside-toplevel",
        "--disable=wrong-import-position",
        "--disable=raise-missing-from",
        "--disable=bare-except",
+        "--disable=broad-except",
        "--disable=invalid-name",
        "--disable=line-too-long",
        "--disable=consider-using-f-string"
@@ -64,6 +66,7 @@
    "editor.formatOnSave": true,
    "[html]": {
        "editor.formatOnSave": false,
+        "editor.autoIndent": "keep",
    },
    "[css]": {
        "editor.formatOnSave": false,
--- a/README.md
+++ b/README.md
@@ -8,9 +8,9 @@

 turn your phone or raspi into a portable file server with resumable uploads/downloads using *any* web browser

-* server only needs `py2.7` or `py3.3+`, all dependencies optional
+* server only needs Python (`2.7` or `3.3+`), all dependencies optional
 * browse/upload with [IE4](#browser-support) / netscape4.0 on win3.11 (heh)
-* *resumable* uploads need `firefox 34+` / `chrome 41+` / `safari 7+`
+* protocols: [http](#the-browser) // [ftp](#ftp-server) // [webdav](#webdav-server) // [smb/cifs](#smb-server)

 try the **[read-only demo server](https://a.ocv.me/pub/demo/)** 👀 running from a basement in finland

@@ -30,16 +30,17 @@ try the **[read-only demo server](https://a.ocv.me/pub/demo/)** 👀 running fro
    * [quickstart](#quickstart) - download **[copyparty-sfx.py](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py)** and you're all set!
        * [on servers](#on-servers) - you may also want these, especially on servers
        * [on debian](#on-debian) - recommended additional steps on debian
-    * [notes](#notes) - general notes
-    * [status](#status) - feature summary
+    * [features](#features)
    * [testimonials](#testimonials) - small collection of user feedback
 * [motivations](#motivations) - project goals / philosophy
-    * [future plans](#future-plans) - some improvement ideas
+    * [notes](#notes) - general notes
 * [bugs](#bugs)
    * [general bugs](#general-bugs)
    * [not my bugs](#not-my-bugs)
+* [breaking changes](#breaking-changes) - upgrade notes
 * [FAQ](#FAQ) - "frequently" asked questions
 * [accounts and volumes](#accounts-and-volumes) - per-folder, per-user permissions
+    * [shadowing](#shadowing) - hiding specific subfolders
 * [the browser](#the-browser) - accessing a copyparty server using a web-browser
    * [tabs](#tabs) - the main tabs in the ui
    * [hotkeys](#hotkeys) - the browser has the following hotkeys
@@ -49,30 +50,39 @@ try the **[read-only demo server](https://a.ocv.me/pub/demo/)** 👀 running fro
    * [uploading](#uploading) - drag files/folders into the web-browser to upload
        * [file-search](#file-search) - dropping files into the browser also lets you see if they exist on the server
        * [unpost](#unpost) - undo/delete accidental uploads
+        * [self-destruct](#self-destruct) - uploads can be given a lifetime
    * [file manager](#file-manager) - cut/paste, rename, and delete files/folders (if you have permission)
    * [batch rename](#batch-rename) - select some files and press `F2` to bring up the rename UI
    * [markdown viewer](#markdown-viewer) - and there are *two* editors
    * [other tricks](#other-tricks)
    * [searching](#searching) - search by size, date, path/name, mp3-tags, ...
 * [server config](#server-config) - using arguments or config files, or a mix of both
-    * [ftp-server](#ftp-server) - an FTP server can be started using `--ftp 3921`
+    * [zeroconf](#zeroconf) - announce enabled services on the LAN
+        * [mdns](#mdns) - LAN domain-name and feature announcer
+        * [ssdp](#ssdp) - windows-explorer announcer
+    * [qr-code](#qr-code) - print a qr-code [(screenshot)](https://user-images.githubusercontent.com/241032/194728533-6f00849b-c6ac-43c6-9359-83e454d11e00.png) for quick access
+    * [ftp server](#ftp-server) - an FTP server can be started using `--ftp 3921`
+    * [webdav server](#webdav-server) - with read-write support
+        * [connecting to webdav from windows](#connecting-to-webdav-from-windows) - using the GUI
+    * [smb server](#smb-server) - unsafe, slow, not recommended for wan
    * [file indexing](#file-indexing) - enables dedup and music search ++
        * [exclude-patterns](#exclude-patterns) - to save some time
        * [filesystem guards](#filesystem-guards) - avoid traversing into other filesystems
        * [periodic rescan](#periodic-rescan) - filesystem monitoring
    * [upload rules](#upload-rules) - set upload rules using volflags
    * [compress uploads](#compress-uploads) - files can be autocompressed on upload
+    * [other flags](#other-flags)
    * [database location](#database-location) - in-volume (`.hist/up2k.db`, default) or somewhere else
    * [metadata from audio files](#metadata-from-audio-files) - set `-e2t` to index tags on upload
-    * [file parser plugins](#file-parser-plugins) - provide custom parsers to index additional tags, also see [./bin/mtag/README.md](./bin/mtag/README.md)
+    * [file parser plugins](#file-parser-plugins) - provide custom parsers to index additional tags
    * [upload events](#upload-events) - trigger a script/program on each upload
    * [hiding from google](#hiding-from-google) - tell search engines you dont wanna be indexed
    * [themes](#themes)
    * [complete examples](#complete-examples)
+    * [reverse-proxy](#reverse-proxy) - running copyparty next to other websites
 * [browser support](#browser-support) - TLDR: yes
 * [client examples](#client-examples) - interact with copyparty using non-browser clients
-* [up2k](#up2k) - quick outline of the up2k protocol, see [uploading](#uploading) for the web-client
-    * [why chunk-hashes](#why-chunk-hashes) - a single sha512 would be better, right?
+    * [mount as drive](#mount-as-drive) - a remote copyparty server as a local filesystem
 * [performance](#performance) - defaults are usually fine - expect `8 GiB/s` download, `1 GiB/s` upload
    * [client-side](#client-side) - when uploading files
 * [security](#security) - some notes on hardening
@@ -80,40 +90,32 @@ try the **[read-only demo server](https://a.ocv.me/pub/demo/)** 👀 running fro
 * [recovering from crashes](#recovering-from-crashes)
    * [client crashes](#client-crashes)
        * [frefox wsod](#frefox-wsod) - firefox 87 can crash during uploads
-* [HTTP API](#HTTP-API)
-    * [read](#read)
-    * [write](#write)
-    * [admin](#admin)
-    * [general](#general)
+* [HTTP API](#HTTP-API) - see [devnotes](#./docs/devnotes.md#http-api)
 * [dependencies](#dependencies) - mandatory deps
    * [optional dependencies](#optional-dependencies) - install these to enable bonus features
    * [install recommended deps](#install-recommended-deps)
    * [optional gpl stuff](#optional-gpl-stuff)
 * [sfx](#sfx) - the self-contained "binary"
-    * [sfx repack](#sfx-repack) - reduce the size of an sfx by removing features
+    * [copyparty.exe](#copypartyexe) - download [copyparty.exe](https://github.com/9001/copyparty/releases/latest/download/copyparty.exe) or [copyparty64.exe](https://github.com/9001/copyparty/releases/latest/download/copyparty64.exe)
 * [install on android](#install-on-android)
 * [reporting bugs](#reporting-bugs) - ideas for context to include in bug reports
-* [building](#building)
-    * [dev env setup](#dev-env-setup)
-    * [just the sfx](#just-the-sfx)
-    * [complete release](#complete-release)
-* [todo](#todo) - roughly sorted by priority
-    * [discarded ideas](#discarded-ideas)
+* [devnotes](#devnotes) - for build instructions etc, see [./docs/devnotes.md](./docs/devnotes.md)


 ## quickstart

 download **[copyparty-sfx.py](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py)** and you're all set!

+if you cannot install python, you can use [copyparty.exe](#copypartyexe) instead
+
 running the sfx without arguments (for example doubleclicking it on Windows) will give everyone read/write access to the current folder; you may want [accounts and volumes](#accounts-and-volumes)

 some recommended options:
 * `-e2dsa` enables general [file indexing](#file-indexing)
-* `-e2ts` enables audio metadata indexing (needs either FFprobe or Mutagen), see [optional dependencies](#optional-dependencies)
+* `-e2ts` enables audio metadata indexing (needs either FFprobe or Mutagen), see [optional dependencies](#optional-dependencies) to enable thumbnails and more
 * `-v /mnt/music:/music:r:rw,foo -a foo:bar` shares `/mnt/music` as `/music`, `r`eadable by anyone, and read-write for user `foo`, password `bar`
  * replace `:r:rw,foo` with `:r,foo` to only make the folder readable by `foo` and nobody else
-  * see [accounts and volumes](#accounts-and-volumes) for the syntax and other permissions (`r`ead, `w`rite, `m`ove, `d`elete, `g`et)
-* `--ls '**,*,ln,p,r'` to crash on startup if any of the volumes contain a symlink which point outside the volume, as that could give users unintended access (see `--help-ls`)
+  * see [accounts and volumes](#accounts-and-volumes) for the syntax and other permissions (`r`ead, `w`rite, `m`ove, `d`elete, `g`et, up`G`et)


 ### on servers
@@ -122,8 +124,16 @@ you may also want these, especially on servers:

 * [contrib/systemd/copyparty.service](contrib/systemd/copyparty.service) to run copyparty as a systemd service
 * [contrib/systemd/prisonparty.service](contrib/systemd/prisonparty.service) to run it in a chroot (for extra security)
-* [contrib/nginx/copyparty.conf](contrib/nginx/copyparty.conf) to reverse-proxy behind nginx (for better https)
+* [contrib/nginx/copyparty.conf](contrib/nginx/copyparty.conf) to [reverse-proxy](#reverse-proxy) behind nginx (for better https)

+and remember to open the ports you want; here's a complete example including every feature copyparty has to offer:
+```
+firewall-cmd --permanent --add-port={80,443,3921,3923,3945,3990}/tcp  # --zone=libvirt
+firewall-cmd --permanent --add-port=12000-12099/tcp --permanent  # --zone=libvirt
+firewall-cmd --permanent --add-port={1900,5353}/udp  # --zone=libvirt
+firewall-cmd --reload
+```
+(1900:ssdp, 3921:ftp, 3923:http/https, 3945:smb, 3990:ftps, 5353:mdns, 12000:passive-ftp)

 ### on debian

@@ -138,40 +148,29 @@ recommended additional steps on debian  which enable audio metadata and thumbnai
 (skipped `pyheif-pillow-opener` because apparently debian is too old to build it)


-## notes
-
-general notes:
-* paper-printing is affected by dark/light-mode! use lightmode for color, darkmode for grayscale
-  * because no browsers currently implement the media-query to do this properly orz
-
-browser-specific:
-* iPhone/iPad: use Firefox to download files
-* Android-Chrome: increase "parallel uploads" for higher speed (android bug)
-* Android-Firefox: takes a while to select files (their fix for ☝️)
-* Desktop-Firefox: ~~may use gigabytes of RAM if your files are massive~~ *seems to be OK now*
-* Desktop-Firefox: may stop you from deleting files you've uploaded until you visit `about:memory` and click `Minimize memory usage`
-
-
-## status
-
-feature summary
+## features

 * backend stuff
-  * ☑ sanic multipart parser
-  * ☑ multiprocessing (actual multithreading)
+  * ☑ IPv6
+  * ☑ [multiprocessing](#performance) (actual multithreading)
  * ☑ volumes (mountpoints)
  * ☑ [accounts](#accounts-and-volumes)
-  * ☑ [ftp-server](#ftp-server)
+  * ☑ [ftp server](#ftp-server)
+  * ☑ [webdav server](#webdav-server)
+  * ☑ [smb/cifs server](#smb-server)
+  * ☑ [qr-code](#qr-code) for quick access
+  * ☑ [upnp / zeroconf / mdns / ssdp](#zeroconf)
 * upload
  * ☑ basic: plain multipart, ie6 support
  * ☑ [up2k](#uploading): js, resumable, multithreaded
  * ☑ stash: simple PUT filedropper
  * ☑ [unpost](#unpost): undo/delete accidental uploads
+  * ☑ [self-destruct](#self-destruct) (specified server-side or client-side)
  * ☑ symlink/discard existing files (content-matching)
 * download
  * ☑ single files in browser
  * ☑ [folders as zip / tar files](#zip-downloads)
-  * ☑ [FUSE client](https://github.com/9001/copyparty/tree/hovudstraum/bin#copyparty-fusepy) (read-only)
+  * ☑ [FUSE client](https://github.com/9001/copyparty/tree/hovudstraum/bin#partyfusepy) (read-only)
 * browser
  * ☑ [navpane](#navpane) (directory tree sidebar)
  * ☑ file manager (cut/paste, delete, [batch-rename](#batch-rename))
@@ -220,25 +219,25 @@ project goals / philosophy
  * no build steps; modify the js/python without needing node.js or anything like that


-## future plans
+## notes

-some improvement ideas
+general notes:
+* paper-printing is affected by dark/light-mode! use lightmode for color, darkmode for grayscale
+  * because no browsers currently implement the media-query to do this properly orz

-* the JS is a mess -- a preact rewrite would be nice
-  * preferably without build dependencies like webpack/babel/node.js, maybe a python thing to assemble js files into main.js
-  * good excuse to look at using virtual lists (browsers start to struggle when folders contain over 5000 files)
-* the UX is a mess -- a proper design would be nice
-  * very organic (much like the python/js), everything was an afterthought
-  * true for both the layout and the visual flair
-  * something like the tron board-room ui (or most other hollywood ones, like ironman) would be :100:
-* some of the python files are way too big
-  * `up2k.py` ended up doing all the file indexing / db management
-  * `httpcli.py` should be separated into modules in general
+browser-specific:
+* iPhone/iPad: use Firefox to download files
+* Android-Chrome: increase "parallel uploads" for higher speed (android bug)
+* Android-Firefox: takes a while to select files (their fix for ☝️)
+* Desktop-Firefox: ~~may use gigabytes of RAM if your files are massive~~ *seems to be OK now*
+* Desktop-Firefox: [may stop you from unplugging USB flashdrives](https://bugzilla.mozilla.org/show_bug.cgi?id=1792598) until you visit `about:memory` and click `Minimize memory usage`
+
+server-os-specific:
+* RHEL8 / Rocky8: you can run copyparty using `/usr/libexec/platform-python`


 # bugs

-* Windows: python 3.7 and older cannot read tags with FFprobe, so use Mutagen or upgrade
 * Windows: python 2.7 cannot index non-ascii filenames with `-e2d`
 * Windows: python 2.7 cannot handle filenames with mojibake
 * `--th-ff-jpg` may fix video thumbnails on some FFmpeg versions (macos, some linux)
@@ -255,6 +254,10 @@ some improvement ideas

 * [Chrome issue 1317069](https://bugs.chromium.org/p/chromium/issues/detail?id=1317069) -- if you try to upload a folder which contains symlinks by dragging it into the browser, the symlinked files will not get uploaded

+* [Chrome issue 1352210](https://bugs.chromium.org/p/chromium/issues/detail?id=1352210) -- plaintext http may be faster at filehashing than https (but also extremely CPU-intensive)
+
+* [Firefox issue 1790500](https://bugzilla.mozilla.org/show_bug.cgi?id=1790500) -- entire browser can crash after uploading ~4000 small files
+
 * iPhones: the volume control doesn't work because [apple doesn't want it to](https://developer.apple.com/library/archive/documentation/AudioVideo/Conceptual/Using_HTML5_Audio_Video/Device-SpecificConsiderations/Device-SpecificConsiderations.html#//apple_ref/doc/uid/TP40009523-CH5-SW11)
  * *future workaround:* enable the equalizer, make it all-zero, and set a negative boost to reduce the volume
    * "future" because `AudioContext` is broken in the current iOS version (15.1), maybe one day...
@@ -268,6 +271,18 @@ some improvement ideas
 * VirtualBox: sqlite throws `Disk I/O Error` when running in a VM and the up2k database is in a vboxsf
  * use `--hist` or the `hist` volflag (`-v [...]:c,hist=/tmp/foo`) to place the db inside the vm instead

+* Ubuntu: dragging files from certain folders into firefox or chrome is impossible
+  * due to snap security policies -- see `snap connections firefox` for the allowlist, `removable-media` permits all of `/mnt` and `/media` apparently
+
+
+# breaking changes
+
+upgrade notes
+
+* `1.5.0` (2022-12-03): [new chunksize formula](https://github.com/9001/copyparty/commit/54e1c8d261df) for files larger than 128 GiB
+  * **users:** upgrade to the latest [cli uploader](https://github.com/9001/copyparty/blob/hovudstraum/bin/up2k.py) if you use that
+  * **devs:** update third-party up2k clients (if those even exist)
+

 # FAQ

@@ -301,6 +316,7 @@ permissions:
 * `m` (move): move files/folders *from* this folder
 * `d` (delete): delete files/folders
 * `g` (get): only download files, cannot see folder contents or zip/tar
+* `G` (upget): same as `g` except uploaders get to see their own filekeys (see `fk` in examples below)

 examples:
 * add accounts named u1, u2, u3 with passwords p1, p2, p3: `-a u1:p1 -a u2:p2 -a u3:p3`
@@ -311,17 +327,28 @@ examples:
  * unauthorized users accessing the webroot can see that the `inc` folder exists, but cannot open it
  * `u1` can open the `inc` folder, but cannot see the contents, only upload new files to it
  * `u2` can browse it and move files *from* `/inc` into any folder where `u2` has write-access
-* make folder `/mnt/ss` available at `/i`, read-write for u1, get-only for everyone else, and enable accesskeys: `-v /mnt/ss:i:rw,u1:g:c,fk=4`
-  * `c,fk=4` sets the `fk` volflag to 4, meaning each file gets a 4-character accesskey
-  * `u1` can upload files, browse the folder, and see the generated accesskeys
-  * other users cannot browse the folder, but can access the files if they have the full file URL with the accesskey
+* make folder `/mnt/ss` available at `/i`, read-write for u1, get-only for everyone else, and enable filekeys: `-v /mnt/ss:i:rw,u1:g:c,fk=4`
+  * `c,fk=4` sets the `fk` (filekey) volflag to 4, meaning each file gets a 4-character accesskey
+  * `u1` can upload files, browse the folder, and see the generated filekeys
+  * other users cannot browse the folder, but can access the files if they have the full file URL with the filekey
+  * replacing the `g` permission with `wg` would let anonymous users upload files, but not see the required filekey to access it
+  * replacing the `g` permission with `wG` would let anonymous users upload files, receiving a working direct link in return
+
+anyone trying to bruteforce a password gets banned according to `--ban-pw`; default is 24h ban for 9 failed attempts in 1 hour
+
+
+## shadowing
+
+hiding specific subfolders  by mounting another volume on top of them
+
+for example `-v /mnt::r -v /var/empty:web/certs:r` mounts the server folder `/mnt` as the webroot, but another volume is mounted at `/web/certs` -- so visitors can only see the contents of `/mnt` and `/mnt/web` (at URLs `/` and `/web`), but not `/mnt/web/certs` because URL `/web/certs` is mapped to `/var/empty`


 # the browser

 accessing a copyparty server using a web-browser

-![copyparty-browser-fs8](https://user-images.githubusercontent.com/241032/129635359-d6dd9b07-8079-4020-ad77-2bfdb9ebd8d5.png)
+![copyparty-browser-fs8](https://user-images.githubusercontent.com/241032/192042695-522b3ec7-6845-494a-abdb-d1c0d0e23801.png)


 ## tabs
@@ -340,6 +367,7 @@ the main tabs in the ui
 ## hotkeys

 the browser has the following hotkeys  (always qwerty)
+* `?` show hotkeys help
 * `B` toggle breadcrumbs / [navpane](#navpane)
 * `I/K` prev/next folder
 * `M` parent folder (or unexpand current)
@@ -347,8 +375,10 @@ the browser has the following hotkeys  (always qwerty)
 * `G` toggle list / [grid view](#thumbnails) -- same as `田` bottom-right
 * `T` toggle thumbnails / icons
 * `ESC` close various things
+* `ctrl-K` delete selected files/folders
 * `ctrl-X` cut selected files/folders
 * `ctrl-V` paste
+* `Y` download selected files
 * `F2` [rename](#batch-rename) selected file/folder
 * when a file/folder is selected (in not-grid-view):
  * `Up/Down` move cursor
@@ -480,7 +510,7 @@ see [up2k](#up2k) for details on how it works, or watch a [demo video](https://a

 **protip:** you can avoid scaring away users with [contrib/plugins/minimal-up2k.html](contrib/plugins/minimal-up2k.html) which makes it look [much simpler](https://user-images.githubusercontent.com/241032/118311195-dd6ca380-b4ef-11eb-86f3-75a3ff2e1332.png)

-**protip:** if you enable `favicon` in the `[⚙️] settings` tab (by typing something into the textbox), the icon in the browser tab will indicate upload progress
+**protip:** if you enable `favicon` in the `[⚙️] settings` tab (by typing something into the textbox), the icon in the browser tab will indicate upload progress -- also, the `[🔔]` and/or `[🔊]` switches enable visible and/or audible notifications on upload completion

 the up2k UI is the epitome of polished inutitive experiences:
 * "parallel uploads" specifies how many chunks to upload at the same time
@@ -528,6 +558,17 @@ undo/delete accidental uploads
 you can unpost even if you don't have regular move/delete access, however only for files uploaded within the past `--unpost` seconds (default 12 hours) and the server must be running with `-e2d`


+### self-destruct
+
+uploads can be given a lifetime,  afer which they expire / self-destruct
+
+the feature must be enabled per-volume with the `lifetime` [upload rule](#upload-rules) which sets the upper limit for how long a file gets to stay on the server
+
+clients can specify a shorter expiration time using the [up2k ui](#uploading) -- the relevant options become visible upon navigating into a folder with `lifetimes` enabled -- or by using the `life` [upload modifier](#write)
+
+specifying a custom expiration time client-side will affect the timespan in which unposts are permitted, so keep an eye on the estimates in the up2k ui
+
+
 ## file manager

 cut/paste, rename, and delete files/folders (if you have permission)
@@ -640,12 +681,56 @@ for the above example to work, add the commandline argument `-e2ts` to also scan
 # server config

 using arguments or config files, or a mix of both:
-* config files (`-c some.conf`) can set additional commandline arguments; see [./docs/example.conf](docs/example.conf)
+* config files (`-c some.conf`) can set additional commandline arguments; see [./docs/example.conf](docs/example.conf) and [./docs/example2.conf](docs/example2.conf)
 * `kill -s USR1` (same as `systemctl reload copyparty`) to reload accounts and volumes from config files without restarting
  * or click the `[reload cfg]` button in the control-panel when logged in as admin 


-## ftp-server
+## zeroconf
+
+announce enabled services on the LAN  if you specify the `-z` option, which enables [mdns](#mdns) and [ssdp](#ssdp)
+
+* `--z-on` / `--z-off`' limits the feature to certain networks
+
+
+### mdns
+
+LAN domain-name and feature announcer
+
+uses [multicast dns](https://en.wikipedia.org/wiki/Multicast_DNS) to give copyparty a domain which any machine on the LAN can use to access it
+
+all enabled services ([webdav](#webdav-server), [ftp](#ftp-server), [smb](#smb-server)) will appear in mDNS-aware file managers (KDE, gnome, macOS, ...)
+
+the domain will be http://partybox.local if the machine's hostname is `partybox` unless `--name` specifies soemthing else
+
+
+### ssdp
+
+windows-explorer announcer
+
+uses [ssdp](https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol) to make copyparty appear in the windows file explorer on all machines on the LAN
+
+doubleclicking the icon opens the "connect" page which explains how to mount copyparty as a local filesystem
+
+if copyparty does not appear in windows explorer, use `--zsv` to see why:
+
+* maybe the discovery multicast was sent from an IP which does not intersect with the server subnets
+
+
+## qr-code
+
+print a qr-code [(screenshot)](https://user-images.githubusercontent.com/241032/194728533-6f00849b-c6ac-43c6-9359-83e454d11e00.png) for quick access,  great between phones on android hotspots which keep changing the subnet
+
+* `--qr` enables it
+* `--qrs` does https instead of http
+* `--qrl lootbox/?pw=hunter2` appends to the url, linking to the `lootbox` folder with password `hunter2`
+* `--qrz 1` forces 1x zoom instead of autoscaling to fit the terminal size
+  * 1x may render incorrectly on some terminals/fonts, but 2x should always work
+
+it uses the server hostname if [mdns](#mdns) is enbled, otherwise it'll use your external ip (default route) unless `--qri` specifies a specific ip-prefix or domain
+
+
+## ftp server

 an FTP server can be started using `--ftp 3921`,  and/or `--ftps` for explicit TLS (ftpes)

@@ -655,6 +740,79 @@ an FTP server can be started using `--ftp 3921`,  and/or `--ftps` for explicit T
 * runs in active mode by default, you probably want `--ftp-pr 12000-13000`
  * if you enable both `ftp` and `ftps`, the port-range will be divided in half
  * some older software (filezilla on debian-stable) cannot passive-mode with TLS
+* login with any username + your password, or put your password in the username field
+
+
+## webdav server
+
+with read-write support,  supports winXP and later, macos, nautilus/gvfs
+
+click the [connect](http://127.0.0.1:3923/?hc) button in the control-panel to see connection instructions for windows, linux, macos
+
+general usage:
+* login with any username + your password, or put your password in the username field (password field can be empty/whatever)
+
+on macos, connect from finder:
+* [Go] -> [Connect to Server...] -> http://192.168.123.1:3923/
+
+
+### connecting to webdav from windows
+
+using the GUI  (winXP or later):
+* rightclick [my computer] -> [map network drive] -> Folder: `http://192.168.123.1:3923/`
+  * on winXP only, click the `Sign up for online storage` hyperlink instead and put the URL there
+  * providing your password as the username is recommended; the password field can be anything or empty
+
+known client bugs:
+* win7+ doesn't actually send the password to the server when reauthenticating after a reboot unless you first try to login with an incorrect password and then switch to the correct password
+  * or just type your password into the username field instead to get around it entirely
+* connecting to a folder which allows anonymous read will make writing impossible, as windows has decided it doesn't need to login
+  * workaround: connect twice; first to a folder which requires auth, then to the folder you actually want, and leave both of those mounted
+* win7+ may open a new tcp connection for every file and sometimes forgets to close them, eventually needing a reboot
+  * maybe NIC-related (??), happens with win10-ltsc on e1000e but not virtio
+* windows cannot access folders which contain filenames with invalid unicode or forbidden characters (`<>:"/\|?*`), or names ending with `.`
+* winxp cannot show unicode characters outside of *some range*
+  * latin-1 is fine, hiragana is not (not even as shift-jis on japanese xp)
+
+
+## smb server
+
+unsafe, slow, not recommended for wan,  enable with `--smb` for read-only or `--smbw` for read-write
+
+click the [connect](http://127.0.0.1:3923/?hc) button in the control-panel to see connection instructions for windows, linux, macos
+
+dependencies: `python3 -m pip install --user -U impacket==0.10.0`
+* newer versions of impacket will hopefully work just fine but there is monkeypatching so maybe not
+
+some **BIG WARNINGS** specific to SMB/CIFS, in decreasing importance:
+* not entirely confident that read-only is read-only
+* the smb backend is not fully integrated with vfs, meaning there could be security issues (path traversal). Please use `--smb-port` (see below) and [prisonparty](./bin/prisonparty.sh)
+  * account passwords work per-volume as expected, but account permissions are coalesced; all accounts have read-access to all volumes, and if a single account has write-access to some volume then all other accounts also do
+    * if no accounts have write-access to a specific volume, or if `--smbw` is not set, then writing to that volume from smb *should* be impossible
+    * will be fixed once [impacket v0.11.0](https://github.com/SecureAuthCorp/impacket/commit/d923c00f75d54b972bca573a211a82f09b55261a) is released
+  * [shadowing](#shadowing) probably works as expected but no guarantees
+
+and some minor issues,
+* clients only see the first ~400 files in big folders; [impacket#1433](https://github.com/SecureAuthCorp/impacket/issues/1433)
+* hot-reload of server config (`/?reload=cfg`) only works for volumes, not account passwords
+* listens on the first IPv4 `-i` interface only (default = :: = 0.0.0.0 = all)
+* login doesn't work on winxp, but anonymous access is ok -- remove all accounts from copyparty config for that to work
+  * win10 onwards does not allow connecting anonymously / without accounts
+* on windows, creating a new file through rightclick --> new --> textfile throws an error due to impacket limitations -- hit OK and F5 to get your file
+* python3 only
+* slow
+
+known client bugs:
+* on win7 only, `--smb1` is much faster than smb2 (default) because it keeps rescanning folders on smb2
+  * however smb1 is buggy and is not enabled by default on win10 onwards
+* windows cannot access folders which contain filenames with invalid unicode or forbidden characters (`<>:"/\|?*`), or names ending with `.`
+
+the smb protocol listens on TCP port 445, which is a privileged port on linux and macos, which would require running copyparty as root. However, this can be avoided by listening on another port using `--smb-port 3945` and then using NAT to forward the traffic from 445 to there;
+* on linux: `iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 445 -j REDIRECT --to-port 3945`
+
+authenticate with one of the following:
+* username `$username`, password `$password`
+* username `$password`, password `k`


 ## file indexing
@@ -673,6 +831,7 @@ through arguments:
 * `-e2v` verfies file integrity at startup, comparing hashes from the db
 * `-e2vu` patches the database with the new hashes from the filesystem
 * `-e2vp` panics and kills copyparty instead
+* `--xlink` enables deduplication across volumes

 the same arguments can be set as volflags, in addition to `d2d`, `d2ds`, `d2t`, `d2ts`, `d2v` for disabling:
 * `-v ~/music::r:c,e2dsa,e2tsr` does a full reindex of everything on startup
@@ -685,6 +844,7 @@ note:
 * the parser can finally handle `c,e2dsa,e2tsr` so you no longer have to `c,e2dsa:c,e2tsr`
 * `e2tsr` is probably always overkill, since `e2ds`/`e2dsa` would pick up any file modifications and `e2ts` would then reindex those, unless there is a new copyparty version with new parsers and the release note says otherwise
 * the rescan button in the admin panel has no effect unless the volume has `-e2ds` or higher
+* deduplication is possible on windows if you run copyparty as administrator (not saying you should!)

 ### exclude-patterns

@@ -761,6 +921,11 @@ some examples,
  allows (but does not force) gz compression if client uploads to `/inc?pk` or `/inc?gz` or `/inc?gz=4`


+## other flags
+
+* `:c,magic` enables filetype detection for nameless uploads, same as `--magic`
+
+
 ## database location

 in-volume (`.hist/up2k.db`, default) or somewhere else
@@ -800,12 +965,14 @@ see the beautiful mess of a dictionary in [mtag.py](https://github.com/9001/copy
 * avoids pulling any GPL code into copyparty
 * more importantly runs FFprobe on incoming files which is bad if your FFmpeg has a cve

+`--mtag-to` sets the tag-scan timeout; very high default (60 sec) to cater for zfs and other randomly-freezing filesystems. Lower values like 10 are usually safe, allowing for faster processing of tricky files
+

 ## file parser plugins

-provide custom parsers to index additional tags, also see [./bin/mtag/README.md](./bin/mtag/README.md)
+provide custom parsers to index additional tags,  also see [./bin/mtag/README.md](./bin/mtag/README.md)

-copyparty can invoke external programs to collect additional metadata for files using `mtp` (either as argument or volflag), there is a default timeout of 30sec, and only files which contain audio get analyzed by default (see ay/an/ad below)
+copyparty can invoke external programs to collect additional metadata for files using `mtp` (either as argument or volflag), there is a default timeout of 60sec, and only files which contain audio get analyzed by default (see ay/an/ad below)

 * `-mtp .bpm=~/bin/audio-bpm.py` will execute `~/bin/audio-bpm.py` with the audio file as argument 1 to provide the `.bpm` tag, if that does not exist in the audio metadata
 * `-mtp key=f,t5,~/bin/audio-key.py` uses `~/bin/audio-key.py` to get the `key` tag, replacing any existing metadata tag (`f,`), aborting if it takes longer than 5sec (`t5,`)
@@ -816,8 +983,11 @@ copyparty can invoke external programs to collect additional metadata for files
 * "audio file" also means videos btw, as long as there is an audio stream
 * `-mtp ext=an,~/bin/file-ext.py` runs `~/bin/file-ext.py` to get the `ext` tag only if file is not audio (`an`)
 * `-mtp arch,built,ver,orig=an,eexe,edll,~/bin/exe.py` runs `~/bin/exe.py` to get properties about windows-binaries only if file is not audio (`an`) and file extension is exe or dll
-
-you can control how the parser is killed if it times out with option `kt` killing the entire process tree (default), `km` just the main process, or `kn` let it continue running until copyparty is terminated
+* if you want to daisychain parsers, use the `p` flag to set processing order
+  * `-mtp foo=p1,~/a.py` runs before `-mtp foo=p2,~/b.py` and will forward all the tags detected so far as json to the stdin of b.py
+* option `c0` disables capturing of stdout/stderr, so copyparty will not receive any tags from the process at all -- instead the invoked program is free to print whatever to the console, just using copyparty as a launcher
+  * `c1` captures stdout only, `c2` only stderr, and `c3` (default) captures both
+* you can control how the parser is killed if it times out with option `kt` killing the entire process tree (default), `km` just the main process, or `kn` let it continue running until copyparty is terminated

 if something doesn't work, try `--mtag-v` for verbose error messages

@@ -836,7 +1006,7 @@ that'll run the command `notify-send` with the path to the uploaded file as the

 note that it will only trigger on new unique files, not dupes

-and it will occupy the parsing threads, so fork anything expensive, or if you want to intentionally queue/singlethread you can combine it with `--mtag-mt 1`
+and it will occupy the parsing threads, so fork anything expensive (or set `kn` to have copyparty fork it for you) -- otoh if you want to intentionally queue/singlethread you can combine it with `--mtag-mt 1`

 if this becomes popular maybe there should be a less janky way to do it actually

@@ -890,6 +1060,21 @@ see the top of [./copyparty/web/browser.css](./copyparty/web/browser.css) where
    `-lo log/cpp-%Y-%m%d-%H%M%S.txt.xz`


+## reverse-proxy
+
+running copyparty next to other websites  hosted on an existing webserver such as nginx or apache
+
+you can either:
+* give copyparty its own domain or subdomain (recommended)
+* or do location-based proxying, using `--rp-loc=/stuff` to tell copyparty where it is mounted -- has a slight performance cost and higher chance of bugs
+  * if copyparty says `incorrect --rp-loc or webserver config; expected vpath starting with [...]` it's likely because the webserver is stripping away the proxy location from the request URLs -- see the `ProxyPass` in the apache example below
+
+example webserver configs:
+
+* [nginx config](contrib/nginx/copyparty.conf) -- entire domain/subdomain
+* [apache2 config](contrib/apache/copyparty.conf) -- location-based
+
+
 # browser support

 TLDR: yes
@@ -947,7 +1132,9 @@ interact with copyparty using non-browser clients
  * `var xhr = new XMLHttpRequest(); xhr.open('POST', '//127.0.0.1:3923/msgs?raw'); xhr.send('foo');`

 * curl/wget: upload some files (post=file, chunk=stdin)
-  * `post(){ curl -b cppwd=wark -F act=bput -F f=@"$1" http://127.0.0.1:3923/;}`  
+  * `post(){ curl -F act=bput -F f=@"$1" http://127.0.0.1:3923/?pw=wark;}`  
+    `post movie.mkv`
+  * `post(){ curl -b cppwd=wark -H rand:8 -T "$1" http://127.0.0.1:3923/;}`  
    `post movie.mkv`
  * `post(){ wget --header='Cookie: cppwd=wark' --post-file="$1" -O- http://127.0.0.1:3923/?raw;}`  
    `post movie.mkv`
@@ -959,11 +1146,13 @@ interact with copyparty using non-browser clients
  * `(printf 'PUT / HTTP/1.1\r\n\r\n'; cat movie.mkv) >/dev/tcp/127.0.0.1/3923`

 * python: [up2k.py](https://github.com/9001/copyparty/blob/hovudstraum/bin/up2k.py) is a command-line up2k client [(webm)](https://ocv.me/stuff/u2cli.webm)
-  * file uploads, file-search, autoresume of aborted/broken uploads
+  * file uploads, file-search, folder sync, autoresume of aborted/broken uploads
+  * can be downloaded from copyparty: controlpanel -> connect -> [up2k.py](http://127.0.0.1:3923/.cpr/a/up2k.py)
  * see [./bin/README.md#up2kpy](bin/README.md#up2kpy)

 * FUSE: mount a copyparty server as a local filesystem
  * cross-platform python client available in [./bin/](bin/)
+  * can be downloaded from copyparty: controlpanel -> connect -> [partyfuse.py](http://127.0.0.1:3923/.cpr/a/partyfuse.py)
  * [rclone](https://rclone.org/) as client can give ~5x performance, see [./docs/rclone.md](docs/rclone.md)

 * sharex (screenshot utility): see [./contrib/sharex.sxcu](contrib/#sharexsxcu)
@@ -973,44 +1162,27 @@ copyparty returns a truncated sha512sum of your PUT/POST as base64; you can gene
    b512(){ printf "$((sha512sum||shasum -a512)|sed -E 's/ .*//;s/(..)/\\x\1/g')"|base64|tr '+/' '-_'|head -c44;}
    b512 <movie.mkv

-you can provide passwords using cookie `cppwd=hunter2`, as a url query `?pw=hunter2`, or with basic-authentication (either as the username or password)
+you can provide passwords using cookie `cppwd=hunter2`, as a url-param `?pw=hunter2`, or with basic-authentication (either as the username or password)
+
+NOTE: curl will not send the original filename if you use `-T` combined with url-params! Also, make sure to always leave a trailing slash in URLs unless you want to override the filename


-# up2k
+## mount as drive

-quick outline of the up2k protocol, see [uploading](#uploading) for the web-client
-* the up2k client splits a file into an "optimal" number of chunks
-  * 1 MiB each, unless that becomes more than 256 chunks
-  * tries 1.5M, 2M, 3, 4, 6, ... until <= 256 chunks or size >= 32M
-* client posts the list of hashes, filename, size, last-modified
-* server creates the `wark`, an identifier for this upload
-  * `sha512( salt + filesize + chunk_hashes )`
-  * and a sparse file is created for the chunks to drop into
-* client uploads each chunk
-  * header entries for the chunk-hash and wark
-  * server writes chunks into place based on the hash
-* client does another handshake with the hashlist; server replies with OK or a list of chunks to reupload
+a remote copyparty server as a local filesystem;  go to the control-panel and click `connect` to see a list of commands to do that

-up2k has saved a few uploads from becoming corrupted in-transfer already; caught an android phone on wifi redhanded in wireshark with a bitflip, however bup with https would *probably* have noticed as well (thanks to tls also functioning as an integrity check)
+alternatively, some alternatives roughly sorted by speed (unreproducible benchmark), best first:

-regarding the frequent server log message during uploads;  
-`6.0M 106M/s 2.77G 102.9M/s n948 thank 4/0/3/1 10042/7198 00:01:09`
-* this chunk was `6 MiB`, uploaded at `106 MiB/s`
-* on this http connection, `2.77 GiB` transferred, `102.9 MiB/s` average, `948` chunks handled
-* client says `4` uploads OK, `0` failed, `3` busy, `1` queued, `10042 MiB` total size, `7198 MiB` and `00:01:09` left
+* [rclone-http](./docs/rclone.md) (25s), read-only
+* [rclone-ftp](./docs/rclone.md) (47s), read/WRITE
+* [rclone-webdav](./docs/rclone.md) (51s), read/WRITE
+  * copyparty-1.5.0's webdav server is faster than rclone-1.60.0 (69s)
+* [partyfuse.py](./bin/#partyfusepy) (71s), read-only
+* davfs2 (103s), read/WRITE, *very fast* on small files
+* [win10-webdav](#webdav-server) (138s), read/WRITE
+* [win10-smb2](#smb-server) (387s), read/WRITE

-
-## why chunk-hashes
-
-a single sha512 would be better, right?
-
-this is due to `crypto.subtle` [not yet](https://github.com/w3c/webcrypto/issues/73) providing a streaming api (or the option to seed the sha512 hasher with a starting hash)
-
-as a result, the hashes are much less useful than they could have been (search the server by sha512, provide the sha512 in the response http headers, ...)
-
-hashwasm would solve the streaming issue but reduces hashing speed for sha512 (xxh128 does 6 GiB/s), and it would make old browsers and [iphones](https://bugs.webkit.org/show_bug.cgi?id=228552) unsupported
-
-* blake2 might be a better choice since xxh is non-cryptographic, but that gets ~15 MiB/s on slower androids
+most clients will fail to mount the root of a copyparty server unless there is a root volume (so you get the admin-panel instead of a browser when accessing it) -- in that case, mount a specific volume instead


 # performance
@@ -1023,6 +1195,7 @@ below are some tweaks roughly ordered by usefulness:
 * `--http-only` or `--https-only` (unless you want to support both protocols) will reduce the delay before a new connection is established
 * `--hist` pointing to a fast location (ssd) will make directory listings and searches faster when `-e2d` or `-e2t` is set
 * `--no-hash .` when indexing a network-disk if you don't care about the actual filehashes and only want the names/tags searchable
+* `--no-htp --hash-mt=0 --mtag-mt=1 --th-mt=1` minimizes the number of threads; can help in some eccentric environments (like the vscode debugger)
 * `-j` enables multiprocessing (actual multithreading) and can make copyparty perform better in cpu-intensive workloads, for example:
  * huge amount of short-lived connections
  * really heavy traffic (downloads/uploads)
@@ -1041,6 +1214,7 @@ when uploading files,

 * if you're cpu-bottlenecked, or the browser is maxing a cpu core:
  * up to 30% faster uploads if you hide the upload status list by switching away from the `[🚀]` up2k ui-tab (or closing it)
+    * optionally you can switch to the lightweight potato ui by clicking the `[🥔]`
    * switching to another browser-tab also works, the favicon will update every 10 seconds in that case
  * unlikely to be a problem, but can happen when uploding many small files, or your internet is too fast, or PC too slow

@@ -1060,17 +1234,21 @@ some notes on hardening
  * `--unpost 0`, `--no-del`, `--no-mv` disables all move/delete support
  * `--hardlink` creates hardlinks instead of symlinks when deduplicating uploads, which is less maintenance
    * however note if you edit one file it will also affect the other copies
-  * `--vague-403` returns a "404 not found" instead of "403 forbidden" which is a common enterprise meme
+  * `--vague-401` returns a "404 not found" instead of "401 unauthorized" which is a common enterprise meme
+  * `--ban-404=50,60,1440` ban client for 1440min (24h) if they hit 50 404's in 60min
+    * **NB:** will ban anyone who enables up2k turbo
  * `--nih` removes the server hostname from directory listings

 * option `-sss` is a shortcut for the above plus:
+  * `--no-dav` disables webdav support
  * `-lo cpp-%Y-%m%d-%H%M%S.txt.xz` enables logging to disk
  * `-ls **,*,ln,p,r` does a scan on startup for any dangerous symlinks

 other misc notes:

 * you can disable directory listings by giving permission `g` instead of `r`, only accepting direct URLs to files
-  * combine this with volflag `c,fk` to generate per-file accesskeys; users which have full read-access will then see URLs with `?k=...` appended to the end, and `g` users must provide that URL including the correct key to avoid a 404
+  * combine this with volflag `c,fk` to generate filekeys (per-file accesskeys); users which have full read-access will then see URLs with `?k=...` appended to the end, and `g` users must provide that URL including the correct key to avoid a 404
+  * permissions `wG` lets users upload files and receive their own filekeys, still without being able to see other uploads


 ## gotchas
@@ -1102,80 +1280,7 @@ however you can hit `F12` in the up2k tab and use the devtools to see how far yo

 # HTTP API

-* table-column `params` = URL parameters; `?foo=bar&qux=...`
-* table-column `body` = POST payload
-* method `jPOST` = json post
-* method `mPOST` = multipart post
-* method `uPOST` = url-encoded post
-* `FILE` = conventional HTTP file upload entry (rfc1867 et al, filename in `Content-Disposition`)
-
-authenticate using header `Cookie: cppwd=foo` or url param `&pw=foo`
-
-## read
-
-| method | params | result |
-|--|--|--|
-| GET | `?ls` | list files/folders at URL as JSON |
-| GET | `?ls&dots` | list files/folders at URL as JSON, including dotfiles |
-| GET | `?ls=t` | list files/folders at URL as plaintext |
-| GET | `?ls=v` | list files/folders at URL, terminal-formatted |
-| GET | `?b` | list files/folders at URL as simplified HTML |
-| GET | `?tree=.` | list one level of subdirectories inside URL |
-| GET | `?tree` | list one level of subdirectories for each level until URL |
-| GET | `?tar` | download everything below URL as a tar file |
-| GET | `?zip=utf-8` | download everything below URL as a zip file |
-| GET | `?ups` | show recent uploads from your IP |
-| GET | `?ups&filter=f` | ...where URL contains `f` |
-| GET | `?mime=foo` | specify return mimetype `foo` |
-| GET | `?raw` | get markdown file at URL as plaintext |
-| GET | `?txt` | get file at URL as plaintext |
-| GET | `?txt=iso-8859-1` | ...with specific charset |
-| GET | `?th` | get image/video at URL as thumbnail |
-| GET | `?th=opus` | convert audio file to 128kbps opus |
-| GET | `?th=caf` | ...in the iOS-proprietary container |
-
-| method | body | result |
-|--|--|--|
-| jPOST | `{"q":"foo"}` | do a server-wide search; see the `[🔎]` search tab `raw` field for syntax |
-
-| method | params | body | result |
-|--|--|--|--|
-| jPOST | `?tar` | `["foo","bar"]` | download folders `foo` and `bar` inside URL as a tar file |
-
-## write
-
-| method | params | result |
-|--|--|--|
-| GET | `?move=/foo/bar` | move/rename the file/folder at URL to /foo/bar |
-
-| method | params | body | result |
-|--|--|--|--|
-| PUT | | (binary data) | upload into file at URL |
-| PUT | `?gz` | (binary data) | compress with gzip and write into file at URL |
-| PUT | `?xz` | (binary data) | compress with xz and write into file at URL |
-| mPOST | | `act=bput`, `f=FILE` | upload `FILE` into the folder at URL |
-| mPOST | `?j` | `act=bput`, `f=FILE` | ...and reply with json |
-| mPOST | | `act=mkdir`, `name=foo` | create directory `foo` at URL |
-| GET | `?delete` | | delete URL recursively |
-| jPOST | `?delete` | `["/foo","/bar"]` | delete `/foo` and `/bar` recursively |
-| uPOST | | `msg=foo` | send message `foo` into server log |
-| mPOST | | `act=tput`, `body=TEXT` | overwrite markdown document at URL |
-
-server behavior of `msg` can be reconfigured with `--urlform`
-
-## admin
-
-| method | params | result |
-|--|--|--|
-| GET | `?reload=cfg` | reload config files and rescan volumes |
-| GET | `?scan` | initiate a rescan of the volume which provides URL |
-| GET | `?stack` | show a stacktrace of all threads |
-
-## general
-
-| method | params | result |
-|--|--|--|
-| GET | `?pw=x` | logout |
+see [devnotes](#./docs/devnotes.md#http-api)


 # dependencies
@@ -1203,6 +1308,9 @@ enable [thumbnails](#thumbnails) of...
 * **AVIF pictures:** `pyvips` or `ffmpeg` or `pillow-avif-plugin`
 * **JPEG XL pictures:** `pyvips` or `ffmpeg`

+enable [smb](#smb-server) support:
+* `impacket==0.10.0`
+
 `pyvips` gives higher quality thumbnails than `Pillow` and is 320% faster, using 270% more ram: `sudo apt install libvips42 && python3 -m pip install --user -U pyvips`


@@ -1223,40 +1331,39 @@ these are standalone programs and will never be imported / evaluated by copypart

 the self-contained "binary"  [copyparty-sfx.py](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py) will unpack itself and run copyparty, assuming you have python installed of course

+you can reduce the sfx size by repacking it; see [./docs/devnotes.md#sfx-repack](#./docs/devnotes.md#sfx-repack)

-## sfx repack

-reduce the size of an sfx by removing features
+## copyparty.exe

-if you don't need all the features, you can repack the sfx and save a bunch of space; all you need is an sfx and a copy of this repo (nothing else to download or build, except if you're on windows then you need msys2 or WSL)
-* `393k` size of original sfx.py as of v1.1.3
-* `310k` after `./scripts/make-sfx.sh re no-cm`
-* `269k` after `./scripts/make-sfx.sh re no-cm no-hl`
+download [copyparty.exe](https://github.com/9001/copyparty/releases/latest/download/copyparty.exe) or [copyparty64.exe](https://github.com/9001/copyparty/releases/latest/download/copyparty64.exe)

-the features you can opt to drop are
-* `cm`/easymde, the "fancy" markdown editor, saves ~82k
-* `hl`, prism, the syntax hilighter, saves ~41k
-* `fnt`, source-code-pro, the monospace font, saves ~9k
-* `dd`, the custom mouse cursor for the media player tray tab, saves ~2k
+![copyparty-exe-fs8](https://user-images.githubusercontent.com/241032/194707422-cb7f66c9-41a2-4cb9-8dbc-2ab866cd4338.png)

-for the `re`pack to work, first run one of the sfx'es once to unpack it
+can be convenient on old machines where installing python is problematic, however is **not recommended** and should be considered a last resort -- if possible, please use **[copyparty-sfx.py](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py)** instead

-**note:** you can also just download and run [scripts/copyparty-repack.sh](scripts/copyparty-repack.sh) -- this will grab the latest copyparty release from github and do a few repacks; works on linux/macos (and windows with msys2 or WSL)
+* [copyparty.exe](https://github.com/9001/copyparty/releases/latest/download/copyparty.exe) is compatible with 32bit windows7, which means it uses an ancient copy of python (3.7.9) which cannot be upgraded and will definitely become a security hazard at some point
+
+* [copyparty64.exe](https://github.com/9001/copyparty/releases/latest/download/copyparty64.exe) is identical except 64bit so it [works in WinPE](https://user-images.githubusercontent.com/241032/205454984-e6b550df-3c49-486d-9267-1614078dd0dd.png)
+
+meanwhile [copyparty-sfx.py](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py) instead relies on your system python which gives better performance and will stay safe as long as you keep your python install up-to-date
+
+then again, if you are already into downloading shady binaries from the internet, you may also want my [minimal builds](./scripts/pyinstaller#ffmpeg) of [ffmpeg](https://ocv.me/stuff/bin/ffmpeg.exe) and [ffprobe](https://ocv.me/stuff/bin/ffprobe.exe) which enables copyparty to extract multimedia-info, do audio-transcoding, and thumbnails/spectrograms/waveforms, however it's much better to instead grab a [recent official build](https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/ffmpeg-master-latest-win64-gpl.zip) every once ina while if you can afford the size


 # install on android

-install [Termux](https://termux.com/) (see [ocv.me/termux](https://ocv.me/termux/)) and then copy-paste this into Termux (long-tap) all at once:
+install [Termux](https://termux.com/) + its companion app `Termux:API` (see [ocv.me/termux](https://ocv.me/termux/)) and then copy-paste this into Termux (long-tap) all at once:
 ```sh
-apt update && apt -y full-upgrade && apt update && termux-setup-storage && apt -y install python && python -m ensurepip && python -m pip install --user -U copyparty
+yes | pkg upgrade && termux-setup-storage && yes | pkg install python termux-api && python -m ensurepip && python -m pip install --user -U copyparty && { grep -qE 'PATH=.*\.local/bin' ~/.bashrc 2>/dev/null || { echo 'PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc && . ~/.bashrc; }; }
 echo $?
 ```

-after the initial setup, you can launch copyparty at any time by running `copyparty` anywhere in Termux
+after the initial setup, you can launch copyparty at any time by running `copyparty` anywhere in Termux -- and if you run it with `--qr` you'll get a [neat qr-code](#qr-code) pointing to your external ip

-if you want thumbnails, `apt -y install ffmpeg`
+if you want thumbnails (photos+videos) and you're okay with spending another 132 MiB of storage, `pkg install ffmpeg && python3 -m pip install --user -U pillow`

-* or if you want to use vips instead, `apt -y install libvips && python -m pip install --user -U wheel && python -m pip install --user -U pyvips && (cd /data/data/com.termux/files/usr/lib/; ln -s libgobject-2.0.so{,.0}; ln -s libvips.so{,.42})`
+* or if you want to use `vips` for photo-thumbs instead, `pkg install libvips && python -m pip install --user -U wheel && python -m pip install --user -U pyvips && (cd /data/data/com.termux/files/usr/lib/; ln -s libgobject-2.0.so{,.0}; ln -s libvips.so{,.42})`


 # reporting bugs
@@ -1273,86 +1380,6 @@ journalctl -aS '48 hour ago' -u copyparty | grep -C10 FILENAME | tee bug.log
 if there's a wall of base64 in the log (thread stacks) then please include that, especially if you run into something freezing up or getting stuck, for example `OperationalError('database is locked')` -- alternatively you can visit `/?stack` to see the stacks live, so http://127.0.0.1:3923/?stack for example


-# building
+# devnotes

-## dev env setup
-
-you need python 3.9 or newer due to type hints
-
-the rest is mostly optional; if you need a working env for vscode or similar
-
-```sh
-python3 -m venv .venv
-. .venv/bin/activate
-pip install jinja2 strip_hints  # MANDATORY
-pip install mutagen  # audio metadata
-pip install pyftpdlib  # ftp server
-pip install Pillow pyheif-pillow-opener pillow-avif-plugin  # thumbnails
-pip install black==21.12b0 click==8.0.2 bandit pylint flake8 isort mypy  # vscode tooling
-```
-
-
-## just the sfx
-
-first grab the web-dependencies from a previous sfx (assuming you don't need to modify something in those):
-
-```sh
-rm -rf copyparty/web/deps
-curl -L https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py >x.py
-python3 x.py -h
-rm x.py
-mv /tmp/pe-copyparty/copyparty/web/deps/ copyparty/web/deps/
-```
-
-then build the sfx using any of the following examples:
-
-```sh
-./scripts/make-sfx.sh           # regular edition
-./scripts/make-sfx.sh gz no-cm  # gzip-compressed + no fancy markdown editor
-```
-
-
-## complete release
-
-also builds the sfx so skip the sfx section above
-
-in the `scripts` folder:
-
-* run `make -C deps-docker` to build all dependencies
-* run `./rls.sh 1.2.3` which uploads to pypi + creates github release + sfx
-
-
-# todo
-
-roughly sorted by priority
-
-* nothing! currently
-
-
-## discarded ideas
-
-* reduce up2k roundtrips
-  * start from a chunk index and just go
-  * terminate client on bad data
-    * not worth the effort, just throw enough conncetions at it
-* single sha512 across all up2k chunks?
-  * crypto.subtle cannot into streaming, would have to use hashwasm, expensive
-* separate sqlite table per tag
-  * performance fixed by skipping some indexes (`+mt.k`)
-* audio fingerprinting
-  * only makes sense if there can be a wasm client and that doesn't exist yet (except for olaf which is agpl hence counts as not existing)
-* `os.copy_file_range` for up2k cloning
-  * almost never hit this path anyways
-* up2k partials ui
-  * feels like there isn't much point
-* cache sha512 chunks on client
-  * too dangerous -- overtaken by turbo mode
-* comment field
-  * nah
-* look into android thumbnail cache file format
-  * absolutely not
-* indexedDB for hashes, cfg enable/clear/sz, 2gb avail, ~9k for 1g, ~4k for 100m, 500k items before autoeviction
-  * blank hashlist when up-ok to skip handshake
-    * too many confusing side-effects
-* hls framework for Someone Else to drop code into :^)
-  * probably not, too much stuff to consider -- seeking, start at offset, task stitching (probably np-hard), conditional passthru, rate-control (especially multi-consumer), session keepalive, cache mgmt...
+for build instructions etc, see [./docs/devnotes.md](./docs/devnotes.md)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+if you hit something extra juicy pls let me know on either of the following
+* email -- `copyparty@ocv.ze` except `ze` should be `me`
+* [mastodon dm](https://layer8.space/@tripflag) -- `@tripflag@layer8.space`
+* [github private vulnerability report](https://github.com/9001/copyparty/security/advisories/new), wow that form is complicated
+* [twitter dm](https://twitter.com/tripflag) (if im somehow not banned yet)
+
+no bug bounties sorry! all i can offer is greetz in the release notes
--- a/bin/README.md
+++ b/bin/README.md
@@ -1,7 +1,8 @@
 # [`up2k.py`](up2k.py)
 * command-line up2k client [(webm)](https://ocv.me/stuff/u2cli.webm)
 * file uploads, file-search, autoresume of aborted/broken uploads
-* faster than browsers
+* sync local folder to server
+* generally faster than browsers
 * if something breaks just restart it


@@ -11,7 +12,7 @@ produces a chronological list of all uploads by collecting info from up2k databa
 * optional mapping from IP-addresses to nicknames


-# [`copyparty-fuse.py`](copyparty-fuse.py)
+# [`partyfuse.py`](partyfuse.py)
 * mount a copyparty server as a local filesystem (read-only)
 * **supports Windows!** -- expect `194 MiB/s` sequential read
 * **supports Linux** -- expect `117 MiB/s` sequential read
@@ -30,19 +31,19 @@ also consider using [../docs/rclone.md](../docs/rclone.md) instead for 5x perfor
 * install [winfsp](https://github.com/billziss-gh/winfsp/releases/latest) and [python 3](https://www.python.org/downloads/)
  * [x] add python 3.x to PATH (it asks during install)
 * `python -m pip install --user fusepy`
-* `python ./copyparty-fuse.py n: http://192.168.1.69:3923/`
+* `python ./partyfuse.py n: http://192.168.1.69:3923/`

 10% faster in [msys2](https://www.msys2.org/), 700% faster if debug prints are enabled:
 * `pacman -S mingw64/mingw-w64-x86_64-python{,-pip}`
 * `/mingw64/bin/python3 -m pip install --user fusepy`
-* `/mingw64/bin/python3 ./copyparty-fuse.py [...]`
+* `/mingw64/bin/python3 ./partyfuse.py [...]`

 you could replace winfsp with [dokan](https://github.com/dokan-dev/dokany/releases/latest), let me know if you [figure out how](https://github.com/dokan-dev/dokany/wiki/FUSE)  
 (winfsp's sshfs leaks, doesn't look like winfsp itself does, should be fine)



-# [`copyparty-fuse🅱️.py`](copyparty-fuseb.py)
+# [`partyfuse2.py`](partyfuse2.py)
 * mount a copyparty server as a local filesystem (read-only)
 * does the same thing except more correct, `samba` approves
 * **supports Linux** -- expect `18 MiB/s` (wait what)
@@ -50,7 +51,7 @@ you could replace winfsp with [dokan](https://github.com/dokan-dev/dokany/releas



-# [`copyparty-fuse-streaming.py`](copyparty-fuse-streaming.py)
+# [`partyfuse-streaming.py`](partyfuse-streaming.py)
 * pretend this doesn't exist


--- a/bin/mtag/guestbook-read.py
+++ b/bin/mtag/guestbook-read.py
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+
+"""
+fetch latest msg from guestbook and return as tag
+
+example copyparty config to use this:
+  --urlform save,get -vsrv/hello:hello:w:c,e2ts,mtp=guestbook=t10,ad,p,bin/mtag/guestbook-read.py:mte=+guestbook
+
+explained:
+  for realpath srv/hello (served at /hello), write-only for eveyrone,
+  enable file analysis on upload (e2ts),
+  use mtp plugin "bin/mtag/guestbook-read.py" to provide metadata tag "guestbook",
+  do this on all uploads regardless of extension,
+  t10 = 10 seconds timeout for each dwonload,
+  ad = parse file regardless if FFmpeg thinks it is audio or not
+  p = request upload info as json on stdin (need ip)
+  mte=+guestbook enabled indexing of that tag for this volume
+
+PS: this requires e2ts to be functional,
+  meaning you need to do at least one of these:
+   * apt install ffmpeg
+   * pip3 install mutagen
+"""
+
+
+import json
+import os
+import sqlite3
+import sys
+
+
+# set 0 to allow infinite msgs from one IP,
+# other values delete older messages to make space,
+# so 1 only keeps latest msg
+NUM_MSGS_TO_KEEP = 1
+
+
+def main():
+    fp = os.path.abspath(sys.argv[1])
+    fdir = os.path.dirname(fp)
+
+    zb = sys.stdin.buffer.read()
+    zs = zb.decode("utf-8", "replace")
+    md = json.loads(zs)
+
+    ip = md["up_ip"]
+
+    # can put the database inside `fdir` if you'd like,
+    # by default it saves to PWD:
+    # os.chdir(fdir)
+
+    db = sqlite3.connect("guestbook.db3")
+    with db:
+        t = "select msg from gb where ip = ? order by ts desc"
+        r = db.execute(t, (ip,)).fetchone()
+        if r:
+            print(r[0])
+
+
+if __name__ == "__main__":
+    main()
--- a/bin/mtag/guestbook.py
+++ b/bin/mtag/guestbook.py
@@ -0,0 +1,111 @@
+#!/usr/bin/env python3
+
+"""
+store messages from users in an sqlite database
+which can be read from another mtp for example
+
+takes input from application/x-www-form-urlencoded POSTs,
+for example using the message/pager function on the website
+
+example copyparty config to use this:
+  --urlform save,get -vsrv/hello:hello:w:c,e2ts,mtp=xgb=ebin,t10,ad,p,bin/mtag/guestbook.py:mte=+xgb
+
+explained:
+  for realpath srv/hello (served at /hello),write-only for eveyrone,
+  enable file analysis on upload (e2ts),
+  use mtp plugin "bin/mtag/guestbook.py" to provide metadata tag "xgb",
+  do this on all uploads with the file extension "bin",
+  t300 = 300 seconds timeout for each dwonload,
+  ad = parse file regardless if FFmpeg thinks it is audio or not
+  p = request upload info as json on stdin
+  mte=+xgb enabled indexing of that tag for this volume
+
+PS: this requires e2ts to be functional,
+  meaning you need to do at least one of these:
+   * apt install ffmpeg
+   * pip3 install mutagen
+"""
+
+
+import json
+import os
+import sqlite3
+import sys
+from urllib.parse import unquote_to_bytes as unquote
+
+
+# set 0 to allow infinite msgs from one IP,
+# other values delete older messages to make space,
+# so 1 only keeps latest msg
+NUM_MSGS_TO_KEEP = 1
+
+
+def main():
+    fp = os.path.abspath(sys.argv[1])
+    fdir = os.path.dirname(fp)
+    fname = os.path.basename(fp)
+    if not fname.startswith("put-") or not fname.endswith(".bin"):
+        raise Exception("not a post file")
+
+    zb = sys.stdin.buffer.read()
+    zs = zb.decode("utf-8", "replace")
+    md = json.loads(zs)
+
+    buf = b""
+    with open(fp, "rb") as f:
+        while True:
+            b = f.read(4096)
+            buf += b
+            if len(buf) > 4096:
+                raise Exception("too big")
+
+            if not b:
+                break
+
+    if not buf:
+        raise Exception("file is empty")
+
+    buf = unquote(buf.replace(b"+", b" "))
+    txt = buf.decode("utf-8")
+
+    if not txt.startswith("msg="):
+        raise Exception("does not start with msg=")
+
+    ip = md["up_ip"]
+    ts = md["up_at"]
+    txt = txt[4:]
+
+    # can put the database inside `fdir` if you'd like,
+    # by default it saves to PWD:
+    # os.chdir(fdir)
+
+    db = sqlite3.connect("guestbook.db3")
+    try:
+        db.execute("select 1 from gb").fetchone()
+    except:
+        with db:
+            db.execute("create table gb (ip text, ts real, msg text)")
+            db.execute("create index gb_ip on gb(ip)")
+
+    with db:
+        if NUM_MSGS_TO_KEEP == 1:
+            t = "delete from gb where ip = ?"
+            db.execute(t, (ip,))
+
+        t = "insert into gb values (?,?,?)"
+        db.execute(t, (ip, ts, txt))
+
+        if NUM_MSGS_TO_KEEP > 1:
+            t = "select ts from gb where ip = ? order by ts desc"
+            hits = db.execute(t, (ip,)).fetchall()
+
+            if len(hits) > NUM_MSGS_TO_KEEP:
+                lim = hits[NUM_MSGS_TO_KEEP][0]
+                t = "delete from gb where ip = ? and ts <= ?"
+                db.execute(t, (ip, lim))
+
+    print(txt)
+
+
+if __name__ == "__main__":
+    main()
--- a/bin/mtag/install-deps.sh
+++ b/bin/mtag/install-deps.sh
@@ -6,6 +6,7 @@ set -e
 #
 # linux/alpine: requires gcc g++ make cmake patchelf {python3,ffmpeg,fftw,libsndfile}-dev py3-{wheel,pip} py3-numpy{,-dev}
 # linux/debian: requires libav{codec,device,filter,format,resample,util}-dev {libfftw3,python3,libsndfile1}-dev python3-{numpy,pip} vamp-{plugin-sdk,examples} patchelf cmake
+# linux/fedora: requires gcc gcc-c++ make cmake patchelf {python3,ffmpeg,fftw,libsndfile}-devel python3-numpy vamp-plugin-sdk qm-vamp-plugins
 # win64: requires msys2-mingw64 environment
 # macos: requires macports
 #
@@ -160,12 +161,12 @@ install_keyfinder() {
 	
 	h="$HOME"
 	so="lib/libkeyfinder.so"
-	memes=()
+	memes=(-DBUILD_TESTING=OFF)

 	[ $win ] &&
 		so="bin/libkeyfinder.dll" &&
 		h="$(printf '%s\n' "$USERPROFILE" | tr '\\' '/')" &&
-		memes+=(-G "MinGW Makefiles" -DBUILD_TESTING=OFF)
+		memes+=(-G "MinGW Makefiles")
 	
 	[ $mac ] &&
 		so="lib/libkeyfinder.dylib"
@@ -185,7 +186,7 @@ install_keyfinder() {
 	}
 	
 	# rm -rf /Users/ed/Library/Python/3.9/lib/python/site-packages/*keyfinder*
-	CFLAGS="-I$h/pe/keyfinder/include -I/opt/local/include" \
+	CFLAGS="-I$h/pe/keyfinder/include -I/opt/local/include -I/usr/include/ffmpeg" \
 	LDFLAGS="-L$h/pe/keyfinder/lib -L$h/pe/keyfinder/lib64 -L/opt/local/lib" \
 	PKG_CONFIG_PATH=/c/msys64/mingw64/lib/pkgconfig \
 	$pybin -m pip install --user keyfinder
--- a/bin/mtag/mousepad.py
+++ b/bin/mtag/mousepad.py
@@ -0,0 +1,38 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+import subprocess as sp
+
+
+"""
+mtp test -- opens a texteditor
+
+usage:
+  -vsrv/v1:v1:r:c,mte=+x1:c,mtp=x1=ad,p,bin/mtag/mousepad.py
+
+explained:
+  c,mte: list of tags to index in this volume
+  c,mtp: add new tag provider
+     x1: dummy tag to provide
+     ad: dontcare if audio or not
+      p: priority 1 (run after initial tag-scan with ffprobe or mutagen)
+"""
+
+
+def main():
+    env = os.environ.copy()
+    env["DISPLAY"] = ":0.0"
+
+    if False:
+        # open the uploaded file
+        fp = sys.argv[-1]
+    else:
+        # display stdin contents (`oth_tags`)
+        fp = "/dev/stdin"
+
+    p = sp.Popen(["/usr/bin/mousepad", fp])
+    p.communicate()
+
+
+main()
--- a/bin/mtag/rclone-upload.py
+++ b/bin/mtag/rclone-upload.py
@@ -47,8 +47,8 @@ CONDITIONAL_UPLOAD = True


 def main():
+    fp = sys.argv[1]
    if CONDITIONAL_UPLOAD:
-        fp = sys.argv[1]
        zb = sys.stdin.buffer.read()
        zs = zb.decode("utf-8", "replace")
        md = json.loads(zs)
--- a/bin/mtag/very-bad-idea.py
+++ b/bin/mtag/very-bad-idea.py
@@ -16,7 +16,7 @@ goes without saying, but this is HELLA DANGEROUS,
  GIVES RCE TO ANYONE WHO HAVE UPLOAD PERMISSIONS

 example copyparty config to use this:
-  --urlform save,get -v.::w:c,e2d,e2t,mte=+a1:c,mtp=a1=ad,kn,bin/mtag/very-bad-idea.py
+  --urlform save,get -v.::w:c,e2d,e2t,mte=+a1:c,mtp=a1=ad,kn,c0,bin/mtag/very-bad-idea.py

 recommended deps:
  apt install xdotool libnotify-bin
--- a/bin/mtag/vidchk.py
+++ b/bin/mtag/vidchk.py
@@ -2,6 +2,7 @@

 import json
 import re
+import os
 import sys
 import subprocess as sp

@@ -36,14 +37,21 @@ FAST = True  # parse entire file at container level


 # warnings to ignore
-harmless = re.compile("^Unsupported codec with id ")
+harmless = re.compile(
+    r"Unsupported codec with id |Could not find codec parameters.*Attachment:|analyzeduration"
+    + r"|timescale not set"
+)


 def wfilter(lines):
-    return [x for x in lines if not harmless.search(x)]
+    return [x for x in lines if x.strip() and not harmless.search(x)]


-def errchk(so, se, rc):
+def errchk(so, se, rc, dbg):
+    if dbg:
+        with open(dbg, "wb") as f:
+            f.write(b"so:\n" + so + b"\nse:\n" + se + b"\n")
+
    if rc:
        err = (so + se).decode("utf-8", "replace").split("\n", 1)
        err = wfilter(err) or err
@@ -64,6 +72,11 @@ def main():
    zs = zb.decode("utf-8", "replace")
    md = json.loads(zs)

+    fdir = os.path.dirname(os.path.realpath(fp))
+    flag = os.path.join(fdir, ".processed")
+    if os.path.exists(flag):
+        return "already processed"
+
    try:
        w, h = [int(x) for x in md["res"].split("x")]
        if not w + h:
@@ -87,17 +100,17 @@ def main():
    with open(fsenc(f"{fp}.ff.json"), "wb") as f:
        f.write(so)

-    err = errchk(so, se, p.returncode)
+    err = errchk(so, se, p.returncode, f"{fp}.vidchk")
    if err:
        return err

-    if min(w, h) < 1080:
+    if max(w, h) < 1280 and min(w, h) < 720:
        return "resolution too small"

    zs = (
        "ffmpeg -y -hide_banner -nostdin -v warning"
        + " -err_detect +crccheck+bitstream+buffer+careful+compliant+aggressive+explode"
-        " -xerror -i"
+        + " -xerror -i"
    )

    cmd = zs.encode("ascii").split(b" ") + [fsenc(fp)]
@@ -111,7 +124,7 @@ def main():

    p = sp.Popen(cmd, stdout=sp.PIPE, stderr=sp.PIPE)
    so, se = p.communicate()
-    return errchk(so, se, p.returncode)
+    return errchk(so, se, p.returncode, f"{fp}.vidchk")


 if __name__ == "__main__":
--- a/bin/copyparty-fuse-streaming.py
+++ b/bin/copyparty-fuse-streaming.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 from __future__ import print_function, unicode_literals

-"""copyparty-fuse-streaming: remote copyparty as a local filesystem"""
+"""partyfuse-streaming: remote copyparty as a local filesystem"""
 __author__ = "ed <copyparty@ocv.me>"
 __copyright__ = 2020
 __license__ = "MIT"
@@ -12,7 +12,7 @@ __url__ = "https://github.com/9001/copyparty/"
 mount a copyparty server (local or remote) as a filesystem

 usage:
-  python copyparty-fuse-streaming.py http://192.168.1.69:3923/  ./music
+  python partyfuse-streaming.py http://192.168.1.69:3923/  ./music

 dependencies:
  python3 -m pip install --user fusepy
@@ -21,7 +21,7 @@ dependencies:
  + on Windows: https://github.com/billziss-gh/winfsp/releases/latest

 this was a mistake:
-  fork of copyparty-fuse.py with a streaming cache rather than readahead,
+  fork of partyfuse.py with a streaming cache rather than readahead,
  thought this was gonna be way faster (and it kind of is)
  except the overhead of reopening connections on trunc totally kills it
 """
@@ -62,12 +62,12 @@ except:
    else:
        libfuse = "apt install libfuse\n    modprobe fuse"

-    print(
-        "\n  could not import fuse; these may help:"
-        + "\n    python3 -m pip install --user fusepy\n    "
-        + libfuse
-        + "\n"
-    )
+    m = """\033[33m
+  could not import fuse; these may help:
+    {} -m pip install --user fusepy
+    {}
+\033[0m"""
+    print(m.format(sys.executable, libfuse))
    raise


@@ -154,7 +154,7 @@ def dewin(txt):
 class RecentLog(object):
    def __init__(self):
        self.mtx = threading.Lock()
-        self.f = None  # open("copyparty-fuse.log", "wb")
+        self.f = None  # open("partyfuse.log", "wb")
        self.q = []

        thr = threading.Thread(target=self.printer)
@@ -185,9 +185,9 @@ class RecentLog(object):
            print("".join(q), end="")


-# [windows/cmd/cpy3]  python dev\copyparty\bin\copyparty-fuse.py q: http://192.168.1.159:1234/
-# [windows/cmd/msys2] C:\msys64\mingw64\bin\python3 dev\copyparty\bin\copyparty-fuse.py q: http://192.168.1.159:1234/
-# [windows/mty/msys2] /mingw64/bin/python3 /c/Users/ed/dev/copyparty/bin/copyparty-fuse.py q: http://192.168.1.159:1234/
+# [windows/cmd/cpy3]  python dev\copyparty\bin\partyfuse.py q: http://192.168.1.159:1234/
+# [windows/cmd/msys2] C:\msys64\mingw64\bin\python3 dev\copyparty\bin\partyfuse.py q: http://192.168.1.159:1234/
+# [windows/mty/msys2] /mingw64/bin/python3 /c/Users/ed/dev/copyparty/bin/partyfuse.py q: http://192.168.1.159:1234/
 #
 # [windows] find /q/music/albums/Phant*24bit -printf '%s %p\n' | sort -n | tail -n 8 | sed -r 's/^[0-9]+ //' | while IFS= read -r x; do dd if="$x" of=/dev/null bs=4k count=8192 & done
 # [alpine]  ll t; for x in t/2020_0724_16{2,3}*; do dd if="$x" of=/dev/null bs=4k count=10240 & done
--- a/bin/copyparty-fuse.py
+++ b/bin/copyparty-fuse.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 from __future__ import print_function, unicode_literals

-"""copyparty-fuse: remote copyparty as a local filesystem"""
+"""partyfuse: remote copyparty as a local filesystem"""
 __author__ = "ed <copyparty@ocv.me>"
 __copyright__ = 2019
 __license__ = "MIT"
@@ -12,7 +12,7 @@ __url__ = "https://github.com/9001/copyparty/"
 mount a copyparty server (local or remote) as a filesystem

 usage:
-  python copyparty-fuse.py http://192.168.1.69:3923/  ./music
+  python partyfuse.py http://192.168.1.69:3923/  ./music

 dependencies:
  python3 -m pip install --user fusepy
@@ -74,12 +74,12 @@ except:
    else:
        libfuse = "apt install libfuse3-3\n    modprobe fuse"

-    print(
-        "\n  could not import fuse; these may help:"
-        + "\n    python3 -m pip install --user fusepy\n    "
-        + libfuse
-        + "\n"
-    )
+    m = """\033[33m
+  could not import fuse; these may help:
+    {} -m pip install --user fusepy
+    {}
+\033[0m"""
+    print(m.format(sys.executable, libfuse))
    raise


@@ -166,7 +166,7 @@ def dewin(txt):
 class RecentLog(object):
    def __init__(self):
        self.mtx = threading.Lock()
-        self.f = None  # open("copyparty-fuse.log", "wb")
+        self.f = None  # open("partyfuse.log", "wb")
        self.q = []

        thr = threading.Thread(target=self.printer)
@@ -197,9 +197,9 @@ class RecentLog(object):
            print("".join(q), end="")


-# [windows/cmd/cpy3]  python dev\copyparty\bin\copyparty-fuse.py q: http://192.168.1.159:1234/
-# [windows/cmd/msys2] C:\msys64\mingw64\bin\python3 dev\copyparty\bin\copyparty-fuse.py q: http://192.168.1.159:1234/
-# [windows/mty/msys2] /mingw64/bin/python3 /c/Users/ed/dev/copyparty/bin/copyparty-fuse.py q: http://192.168.1.159:1234/
+# [windows/cmd/cpy3]  python dev\copyparty\bin\partyfuse.py q: http://192.168.1.159:1234/
+# [windows/cmd/msys2] C:\msys64\mingw64\bin\python3 dev\copyparty\bin\partyfuse.py q: http://192.168.1.159:1234/
+# [windows/mty/msys2] /mingw64/bin/python3 /c/Users/ed/dev/copyparty/bin/partyfuse.py q: http://192.168.1.159:1234/
 #
 # [windows] find /q/music/albums/Phant*24bit -printf '%s %p\n' | sort -n | tail -n 8 | sed -r 's/^[0-9]+ //' | while IFS= read -r x; do dd if="$x" of=/dev/null bs=4k count=8192 & done
 # [alpine]  ll t; for x in t/2020_0724_16{2,3}*; do dd if="$x" of=/dev/null bs=4k count=10240 & done
@@ -997,7 +997,7 @@ def main():
    ap.add_argument(
        "-cf", metavar="NUM_BLOCKS", type=int, default=nf, help="file cache"
    )
-    ap.add_argument("-a", metavar="PASSWORD", help="password")
+    ap.add_argument("-a", metavar="PASSWORD", help="password or $filepath")
    ap.add_argument("-d", action="store_true", help="enable debug")
    ap.add_argument("-te", metavar="PEM_FILE", help="certificate to expect/verify")
    ap.add_argument("-td", action="store_true", help="disable certificate check")
--- a/bin/copyparty-fuseb.py
+++ b/bin/copyparty-fuseb.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 from __future__ import print_function, unicode_literals

-"""copyparty-fuseb: remote copyparty as a local filesystem"""
+"""partyfuse2: remote copyparty as a local filesystem"""
 __author__ = "ed <copyparty@ocv.me>"
 __copyright__ = 2020
 __license__ = "MIT"
@@ -32,9 +32,19 @@ try:
    if not hasattr(fuse, "__version__"):
        raise Exception("your fuse-python is way old")
 except:
-    print(
-        "\n  could not import fuse; these may help:\n    python3 -m pip install --user fuse-python\n    apt install libfuse\n    modprobe fuse\n"
-    )
+    if WINDOWS:
+        libfuse = "install https://github.com/billziss-gh/winfsp/releases/latest"
+    elif MACOS:
+        libfuse = "install https://osxfuse.github.io/"
+    else:
+        libfuse = "apt install libfuse\n    modprobe fuse"
+
+    m = """\033[33m
+  could not import fuse; these may help:
+    {} -m pip install --user fuse-python
+    {}
+\033[0m"""
+    print(m.format(sys.executable, libfuse))
    raise


@@ -42,13 +52,13 @@ except:
 mount a copyparty server (local or remote) as a filesystem

 usage:
-  python ./copyparty-fuseb.py -f -o allow_other,auto_unmount,nonempty,pw=wark,url=http://192.168.1.69:3923 /mnt/nas
+  python ./partyfuse2.py -f -o allow_other,auto_unmount,nonempty,pw=wark,url=http://192.168.1.69:3923 /mnt/nas

 dependencies:
  sudo apk add fuse-dev python3-dev
  python3 -m pip install --user fuse-python

-fork of copyparty-fuse.py based on fuse-python which
+fork of partyfuse.py based on fuse-python which
  appears to be more compliant than fusepy? since this works with samba
    (probably just my garbage code tbh)
 """
@@ -639,7 +649,7 @@ def main():
        print("  need argument: mount-path")
        print("example:")
        print(
-            "  ./copyparty-fuseb.py -f -o allow_other,auto_unmount,nonempty,pw=wark,url=http://192.168.1.69:3923 /mnt/nas"
+            "  ./partyfuse2.py -f -o allow_other,auto_unmount,nonempty,pw=wark,url=http://192.168.1.69:3923 /mnt/nas"
        )
        sys.exit(1)

--- a/bin/unforget.py
+++ b/bin/unforget.py
@@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+
+"""
+unforget.py: rebuild db from logfiles
+2022-09-07, v0.1, ed <irc.rizon.net>, MIT-Licensed
+https://github.com/9001/copyparty/blob/hovudstraum/bin/unforget.py
+
+only makes sense if running copyparty with --no-forget
+(e.g. immediately shifting uploads to other storage)
+
+usage:
+  xz -d < log | ./unforget.py .hist/up2k.db
+
+"""
+
+import re
+import sys
+import json
+import base64
+import sqlite3
+import argparse
+
+
+FS_ENCODING = sys.getfilesystemencoding()
+
+
+class APF(argparse.ArgumentDefaultsHelpFormatter, argparse.RawDescriptionHelpFormatter):
+    pass
+
+
+mem_cur = sqlite3.connect(":memory:").cursor()
+mem_cur.execute(r"create table a (b text)")
+
+
+def s3enc(rd: str, fn: str) -> tuple[str, str]:
+    ret: list[str] = []
+    for v in [rd, fn]:
+        try:
+            mem_cur.execute("select * from a where b = ?", (v,))
+            ret.append(v)
+        except:
+            wtf8 = v.encode(FS_ENCODING, "surrogateescape")
+            ret.append("//" + base64.urlsafe_b64encode(wtf8).decode("ascii"))
+
+    return ret[0], ret[1]
+
+
+def main():
+    ap = argparse.ArgumentParser()
+    ap.add_argument("db")
+    ar = ap.parse_args()
+
+    db = sqlite3.connect(ar.db).cursor()
+    ptn_times = re.compile(r"no more chunks, setting times \(([0-9]+)")
+    at = 0
+    ctr = 0
+
+    for ln in [x.decode("utf-8", "replace").rstrip() for x in sys.stdin.buffer]:
+        if "no more chunks, setting times (" in ln:
+            m = ptn_times.search(ln)
+            if m:
+                at = int(m.group(1))
+
+        if '"hash": []' in ln:
+            try:
+                ofs = ln.find("{")
+                j = json.loads(ln[ofs:])
+            except:
+                pass
+
+            w = j["wark"]
+            if db.execute("select w from up where w = ?", (w,)).fetchone():
+                continue
+
+            # PYTHONPATH=/home/ed/dev/copyparty/ python3 -m copyparty -e2dsa  -v foo:foo:rwmd,ed -aed:wark --no-forget
+            # 05:34:43.845 127.0.0.1 42496       no more chunks, setting times (1662528883, 1658001882)
+            # 05:34:43.863 127.0.0.1 42496       {"name": "f\"2", "purl": "/foo/bar/baz/", "size": 1674, "lmod": 1658001882, "sprs": true, "hash": [], "wark": "LKIWpp2jEAh9dH3fu-DobuURFGEKlODXDGTpZ1otMhUg"}
+            # |                      w                       |     mt     |  sz  |   rd    | fn  |    ip     |     at     |
+            # | LKIWpp2jEAh9dH3fu-DobuURFGEKlODXDGTpZ1otMhUg | 1658001882 | 1674 | bar/baz | f"2 | 127.0.0.1 | 1662528883 |
+
+            rd, fn = s3enc(j["purl"].strip("/"), j["name"])
+            ip = ln.split(" ")[1].split("m")[-1]
+
+            q = "insert into up values (?,?,?,?,?,?,?)"
+            v = (w, int(j["lmod"]), int(j["size"]), rd, fn, ip, at)
+            db.execute(q, v)
+            ctr += 1
+            if ctr % 1024 == 1023:
+                print(f"{ctr} commit...")
+                db.connection.commit()
+
+    if ctr:
+        db.connection.commit()
+
+    print(f"unforgot {ctr} files")
+
+
+if __name__ == "__main__":
+    main()
--- a/bin/up2k.py
+++ b/bin/up2k.py
@@ -3,14 +3,12 @@ from __future__ import print_function, unicode_literals

 """
 up2k.py: upload to copyparty
-2022-08-10, v0.17, ed <irc.rizon.net>, MIT-Licensed
+2022-12-13, v1.1, ed <irc.rizon.net>, MIT-Licensed
 https://github.com/9001/copyparty/blob/hovudstraum/bin/up2k.py

 - dependencies: requests
- supports python 2.6, 2.7, and 3.3 through 3.11
-
- almost zero error-handling
- but if something breaks just try again and it'll autoresume
+- supports python 2.6, 2.7, and 3.3 through 3.12
+- if something breaks just try again and it'll autoresume
 """

 import os
@@ -35,24 +33,24 @@ except:

 try:
    import requests
-except:
+except ImportError:
    if sys.version_info > (2, 7):
-        m = "\n  ERROR: need 'requests'; run this:\n   python -m pip install --user requests\n"
+        m = "\nERROR: need 'requests'; please run this command:\n {0} -m pip install --user requests\n"
    else:
        m = "requests/2.18.4 urllib3/1.23 chardet/3.0.4 certifi/2020.4.5.1 idna/2.7"
        m = ["   https://pypi.org/project/" + x + "/#files" for x in m.split()]
        m = "\n  ERROR: need these:\n" + "\n".join(m) + "\n"
+        m += "\n  for f in *.whl; do unzip $f; done; rm -r *.dist-info\n"

-    print(m)
-    raise
+    print(m.format(sys.executable))
+    sys.exit(1)


 # from copyparty/__init__.py
-PY2 = sys.version_info[0] == 2
+PY2 = sys.version_info < (3,)
 if PY2:
    from Queue import Queue
-    from urllib import unquote
-    from urllib import quote
+    from urllib import quote, unquote

    sys.dont_write_bytecode = True
    bytes = str
@@ -69,6 +67,14 @@ VT100 = platform.system() != "Windows"
 req_ses = requests.Session()


+class Daemon(threading.Thread):
+    def __init__(self, target, name=None, a=None):
+        # type: (Any, Any, Any) -> None
+        threading.Thread.__init__(self, target=target, args=a or (), name=name)
+        self.daemon = True
+        self.start()
+
+
 class File(object):
    """an up2k upload task; represents a single file"""

@@ -86,6 +92,7 @@ class File(object):
        self.kchunks = {}  # type: dict[str, tuple[int, int]]  # hash: [ ofs, sz ]

        # set by handshake
+        self.recheck = False  # duplicate; redo handshake after all files done
        self.ucids = []  # type: list[str]  # chunks which need to be uploaded
        self.wark = None  # type: str
        self.url = None  # type: str
@@ -154,10 +161,7 @@ class MTHash(object):
        self.done_q = Queue()
        self.thrs = []
        for _ in range(cores):
-            t = threading.Thread(target=self.worker)
-            t.daemon = True
-            t.start()
-            self.thrs.append(t)
+            self.thrs.append(Daemon(self.worker))

    def hash(self, f, fsz, chunksz, pcb=None, pcb_opaque=None):
        with self.omutex:
@@ -257,10 +261,10 @@ def termsize():
        try:
            import fcntl, termios, struct

-            cr = struct.unpack("hh", fcntl.ioctl(fd, termios.TIOCGWINSZ, "1234"))
+            r = struct.unpack(b"hh", fcntl.ioctl(fd, termios.TIOCGWINSZ, b"AAAA"))
+            return r[::-1]
        except:
-            return
-        return cr
+            return None

    cr = ioctl_GWINSZ(0) or ioctl_GWINSZ(1) or ioctl_GWINSZ(2)
    if not cr:
@@ -270,12 +274,11 @@ def termsize():
            os.close(fd)
        except:
            pass
-    if not cr:
-        try:
-            cr = (env["LINES"], env["COLUMNS"])
-        except:
-            cr = (25, 80)
-    return int(cr[1]), int(cr[0])
+
+    try:
+        return cr or (int(env["COLUMNS"]), int(env["LINES"]))
+    except:
+        return 80, 25


 class CTermsize(object):
@@ -290,9 +293,7 @@ class CTermsize(object):
        except:
            return

-        thr = threading.Thread(target=self.worker)
-        thr.daemon = True
-        thr.start()
+        Daemon(self.worker)

    def worker(self):
        while True:
@@ -330,8 +331,8 @@ def _scd(err, top):
            abspath = os.path.join(top, fh.name)
            try:
                yield [abspath, fh.stat()]
-            except:
-                err.append(abspath)
+            except Exception as ex:
+                err.append((abspath, str(ex)))


 def _lsd(err, top):
@@ -340,40 +341,49 @@ def _lsd(err, top):
        abspath = os.path.join(top, name)
        try:
            yield [abspath, os.stat(abspath)]
-        except:
-            err.append(abspath)
+        except Exception as ex:
+            err.append((abspath, str(ex)))


-if hasattr(os, "scandir"):
+if hasattr(os, "scandir") and sys.version_info > (3, 6):
    statdir = _scd
 else:
    statdir = _lsd


-def walkdir(err, top):
+def walkdir(err, top, seen):
    """recursive statdir"""
+    atop = os.path.abspath(os.path.realpath(top))
+    if atop in seen:
+        err.append((top, "recursive-symlink"))
+        return
+
+    seen = seen[:] + [atop]
    for ap, inf in sorted(statdir(err, top)):
+        yield ap, inf
        if stat.S_ISDIR(inf.st_mode):
            try:
-                for x in walkdir(err, ap):
+                for x in walkdir(err, ap, seen):
                    yield x
-            except:
-                err.append(ap)
-        else:
-            yield ap, inf
+            except Exception as ex:
+                err.append((ap, str(ex)))


 def walkdirs(err, tops):
    """recursive statdir for a list of tops, yields [top, relpath, stat]"""
    sep = "{0}".format(os.sep).encode("ascii")
    for top in tops:
+        isdir = os.path.isdir(top)
        if top[-1:] == sep:
            stop = top.rstrip(sep)
+            yield stop, b"", os.stat(stop)
        else:
-            stop = os.path.dirname(top)
+            stop, dn = os.path.split(top)
+            if isdir:
+                yield stop, dn, os.stat(stop)

-        if os.path.isdir(top):
-            for ap, inf in walkdir(err, top):
+        if isdir:
+            for ap, inf in walkdir(err, top, []):
                yield stop, ap[len(stop) :].lstrip(sep), inf
        else:
            d, n = top.rsplit(sep, 1)
@@ -414,7 +424,7 @@ def up2k_chunksize(filesize):
    while True:
        for mul in [1, 2]:
            nchunks = math.ceil(filesize * 1.0 / chunksize)
-            if nchunks <= 256 or chunksize >= 32 * 1024 * 1024:
+            if nchunks <= 256 or (chunksize >= 32 * 1024 * 1024 and nchunks < 4096):
                return chunksize

            chunksize += stepsize
@@ -463,14 +473,17 @@ def get_hashlist(file, pcb, mth):
        file.kchunks[k] = [v1, v2]


-def handshake(req_ses, url, file, pw, search):
-    # type: (requests.Session, str, File, any, bool) -> list[str]
+def handshake(ar, file, search):
+    # type: (argparse.Namespace, File, bool) -> tuple[list[str], bool]
    """
    performs a handshake with the server; reply is:
      if search, a list of search results
      otherwise, a list of chunks to upload
    """

+    url = ar.url
+    pw = ar.a
+
    req = {
        "hash": [x[0] for x in file.cids],
        "name": file.name,
@@ -479,11 +492,14 @@ def handshake(req_ses, url, file, pw, search):
    }
    if search:
        req["srch"] = 1
+    elif ar.dr:
+        req["replace"] = True

-    headers = {"Content-Type": "text/plain"}  # wtf ed
+    headers = {"Content-Type": "text/plain"}  # <=1.5.1 compat
    if pw:
        headers["Cookie"] = "=".join(["cppwd", pw])

+    file.recheck = False
    if file.url:
        url = file.url
    elif b"/" in file.rel:
@@ -498,6 +514,17 @@ def handshake(req_ses, url, file, pw, search):
            eprint("handshake failed, retrying: {0}\n  {1}\n\n".format(file.name, em))
            time.sleep(1)

+    sc = r.status_code
+    if sc >= 400:
+        txt = r.text
+        if sc == 422 or "<pre>partial upload exists at a different" in txt:
+            file.recheck = True
+            return [], False
+        elif sc == 409 or "<pre>upload rejected, file already exists" in txt:
+            return [], False
+
+        raise Exception("http {0}: {1}".format(sc, txt))
+
    try:
        r = r.json()
    except:
@@ -519,8 +546,8 @@ def handshake(req_ses, url, file, pw, search):
    return r["hash"], r["sprs"]


-def upload(req_ses, file, cid, pw):
-    # type: (requests.Session, File, str, any) -> None
+def upload(file, cid, pw):
+    # type: (File, str, str) -> None
    """upload one specific chunk, `cid` (a chunk-hash)"""

    headers = {
@@ -542,51 +569,52 @@ def upload(req_ses, file, cid, pw):
        f.f.close()


-class Daemon(threading.Thread):
-    def __init__(self, *a, **ka):
-        threading.Thread.__init__(self, *a, **ka)
-        self.daemon = True
-
-
 class Ctl(object):
    """
-    this will be the coordinator which runs everything in parallel
-    (hashing, handshakes, uploads)  but right now it's p dumb
+    the coordinator which runs everything in parallel
+    (hashing, handshakes, uploads)
    """

-    def __init__(self, ar):
-        self.ar = ar
-        ar.files = [
-            os.path.abspath(os.path.realpath(x.encode("utf-8")))
-            + (x[-1:] if x[-1:] == os.sep else "").encode("utf-8")
-            for x in ar.files
-        ]
-        ar.url = ar.url.rstrip("/") + "/"
-        if "://" not in ar.url:
-            ar.url = "http://" + ar.url
-
+    def _scan(self):
+        ar = self.ar
        eprint("\nscanning {0} locations\n".format(len(ar.files)))
-
        nfiles = 0
        nbytes = 0
        err = []
        for _, _, inf in walkdirs(err, ar.files):
+            if stat.S_ISDIR(inf.st_mode):
+                continue
+
            nfiles += 1
            nbytes += inf.st_size

        if err:
            eprint("\n# failed to access {0} paths:\n".format(len(err)))
-            for x in err:
-                eprint(x.decode("utf-8", "replace") + "\n")
+            for ap, msg in err:
+                if ar.v:
+                    eprint("{0}\n `-{1}\n\n".format(ap.decode("utf-8", "replace"), msg))
+                else:
+                    eprint(ap.decode("utf-8", "replace") + "\n")

            eprint("^ failed to access those {0} paths ^\n\n".format(len(err)))
+
+            if not ar.v:
+                eprint("hint: set -v for detailed error messages\n")
+
            if not ar.ok:
-                eprint("aborting because --ok is not set\n")
+                eprint("hint: aborting because --ok is not set\n")
                return

        eprint("found {0} files, {1}\n\n".format(nfiles, humansize(nbytes)))
-        self.nfiles = nfiles
-        self.nbytes = nbytes
+        return nfiles, nbytes
+
+    def __init__(self, ar, stats=None):
+        self.ar = ar
+        self.stats = stats or self._scan()
+        if not self.stats:
+            return
+
+        self.nfiles, self.nbytes = self.stats

        if ar.td:
            requests.packages.urllib3.disable_warnings()
@@ -616,8 +644,8 @@ class Ctl(object):

            self.mutex = threading.Lock()
            self.q_handshake = Queue()  # type: Queue[File]
-            self.q_recheck = Queue()  # type: Queue[File]  # partial upload exists [...]
            self.q_upload = Queue()  # type: Queue[tuple[File, str]]
+            self.recheck = []  # type: list[File]

            self.st_hash = [None, "(idle, starting...)"]  # type: tuple[File, int]
            self.st_up = [None, "(idle, starting...)"]  # type: tuple[File, int]
@@ -630,6 +658,9 @@ class Ctl(object):
        """minimal basic slow boring fallback codepath"""
        search = self.ar.s
        for nf, (top, rel, inf) in enumerate(self.filegen):
+            if stat.S_ISDIR(inf.st_mode) or not rel:
+                continue
+
            file = File(top, rel, inf.st_size, inf.st_mtime)
            upath = file.abs.decode("utf-8", "replace")

@@ -639,7 +670,7 @@ class Ctl(object):
            burl = self.ar.url[:12] + self.ar.url[8:].split("/")[0] + "/"
            while True:
                print("  hs...")
-                hs, _ = handshake(req_ses, self.ar.url, file, self.ar.a, search)
+                hs, _ = handshake(self.ar, file, search)
                if search:
                    if hs:
                        for hit in hs:
@@ -656,19 +687,28 @@ class Ctl(object):
                ncs = len(hs)
                for nc, cid in enumerate(hs):
                    print("  {0} up {1}".format(ncs - nc, cid))
-                    upload(req_ses, file, cid, self.ar.a)
+                    upload(file, cid, self.ar.a)

            print("  ok!")
+            if file.recheck:
+                self.recheck.append(file)
+
+        if not self.recheck:
+            return
+
+        eprint("finalizing {0} duplicate files".format(len(self.recheck)))
+        for file in self.recheck:
+            handshake(self.ar, file, search)

    def _fancy(self):
        if VT100:
            atexit.register(self.cleanup_vt100)
            ss.scroll_region(3)

-        Daemon(target=self.hasher).start()
+        Daemon(self.hasher)
        for _ in range(self.ar.j):
-            Daemon(target=self.handshaker).start()
-            Daemon(target=self.uploader).start()
+            Daemon(self.handshaker)
+            Daemon(self.uploader)

        idles = 0
        while idles < 3:
@@ -730,6 +770,13 @@ class Ctl(object):
            t = "{0} eta @ {1}/s, {2}, {3}# left".format(eta, spd, sleft, nleft)
            eprint(txt + "\033]0;{0}\033\\\r{0}{1}".format(t, tail))

+        if not self.recheck:
+            return
+
+        eprint("finalizing {0} duplicate files".format(len(self.recheck)))
+        for file in self.recheck:
+            handshake(self.ar, file, False)
+
    def cleanup_vt100(self):
        ss.scroll_region(None)
        eprint("\033[J\033]0;\033\\")
@@ -741,8 +788,10 @@ class Ctl(object):
        prd = None
        ls = {}
        for top, rel, inf in self.filegen:
-            if self.ar.z:
-                rd = os.path.dirname(rel)
+            isdir = stat.S_ISDIR(inf.st_mode)
+            if self.ar.z or self.ar.drd:
+                rd = rel if isdir else os.path.dirname(rel)
+                srd = rd.decode("utf-8", "replace").replace("\\", "/")
                if prd != rd:
                    prd = rd
                    headers = {}
@@ -751,19 +800,37 @@ class Ctl(object):

                    ls = {}
                    try:
-                        print("      ls ~{0}".format(rd.decode("utf-8", "replace")))
-                        r = req_ses.get(
-                            self.ar.url.encode("utf-8") + quotep(rd) + b"?ls",
-                            headers=headers,
-                        )
-                        for f in r.json()["files"]:
-                            rfn = f["href"].split("?")[0].encode("utf-8", "replace")
-                            ls[unquote(rfn)] = f
-                    except:
-                        print("   mkdir ~{0}".format(rd.decode("utf-8", "replace")))
+                        print("      ls ~{0}".format(srd))
+                        zb = self.ar.url.encode("utf-8")
+                        zb += quotep(rd.replace(b"\\", b"/"))
+                        r = req_ses.get(zb + b"?ls&dots", headers=headers)
+                        if not r:
+                            raise Exception("HTTP {}".format(r.status_code))

+                        j = r.json()
+                        for f in j["dirs"] + j["files"]:
+                            rfn = f["href"].split("?")[0].rstrip("/")
+                            ls[unquote(rfn.encode("utf-8", "replace"))] = f
+                    except Exception as ex:
+                        print("   mkdir ~{0}  ({1})".format(srd, ex))
+
+                    if self.ar.drd:
+                        dp = os.path.join(top, rd)
+                        lnodes = set(os.listdir(dp))
+                        bnames = [x for x in ls if x not in lnodes]
+                        if bnames:
+                            vpath = self.ar.url.split("://")[-1].split("/", 1)[-1]
+                            names = [x.decode("utf-8", "replace") for x in bnames]
+                            locs = [vpath + srd + "/" + x for x in names]
+                            print("DELETING ~{0}/#{1}".format(srd, len(names)))
+                            req_ses.post(self.ar.url + "?delete", json=locs)
+
+            if isdir:
+                continue
+
+            if self.ar.z:
                rf = ls.get(os.path.basename(rel), None)
-                if rf and rf["sz"] == inf.st_size and abs(rf["ts"] - inf.st_mtime) <= 1:
+                if rf and rf["sz"] == inf.st_size and abs(rf["ts"] - inf.st_mtime) <= 2:
                    self.nfiles -= 1
                    self.nbytes -= inf.st_size
                    continue
@@ -772,15 +839,17 @@ class Ctl(object):
            while True:
                with self.mutex:
                    if (
-                        self.hash_b - self.up_b < 1024 * 1024 * 128
-                        and self.hash_c - self.up_c < 64
-                        and (
-                            not self.ar.nh
-                            or (
-                                self.q_upload.empty()
-                                and self.q_handshake.empty()
-                                and not self.uploader_busy
-                            )
+                        self.hash_f - self.up_f == 1
+                        or (
+                            self.hash_b - self.up_b < 1024 * 1024 * 1024
+                            and self.hash_c - self.up_c < 512
+                        )
+                    ) and (
+                        not self.ar.nh
+                        or (
+                            self.q_upload.empty()
+                            and self.q_handshake.empty()
+                            and not self.uploader_busy
                        )
                    ):
                        break
@@ -800,16 +869,10 @@ class Ctl(object):

    def handshaker(self):
        search = self.ar.s
-        q = self.q_handshake
        burl = self.ar.url[:8] + self.ar.url[8:].split("/")[0] + "/"
        while True:
-            file = q.get()
+            file = self.q_handshake.get()
            if not file:
-                if q == self.q_handshake:
-                    q = self.q_recheck
-                    q.put(None)
-                    continue
-
                self.q_upload.put(None)
                break

@@ -817,16 +880,7 @@ class Ctl(object):
                self.handshaker_busy += 1

            upath = file.abs.decode("utf-8", "replace")
-
-            try:
-                hs, sprs = handshake(req_ses, self.ar.url, file, self.ar.a, search)
-            except Exception as ex:
-                if q == self.q_handshake and "<pre>partial upload exists" in str(ex):
-                    self.q_recheck.put(file)
-                    hs = []
-                else:
-                    raise
-
+            hs, sprs = handshake(self.ar, file, search)
            if search:
                if hs:
                    for hit in hs:
@@ -843,8 +897,11 @@ class Ctl(object):

                continue

+            if file.recheck:
+                self.recheck.append(file)
+
            with self.mutex:
-                if not sprs and not self.serialized:
+                if hs and not sprs and not self.serialized:
                    t = "server filesystem does not support sparse files; serializing uploads\n"
                    eprint(t)
                    self.serialized = True
@@ -856,6 +913,9 @@ class Ctl(object):
                    self.up_c += len(file.cids) - file.up_c
                    self.up_b += file.size - file.up_b

+                    if not file.recheck:
+                        self.up_done(file)
+
                if hs and file.up_c:
                    # some chunks failed
                    self.up_c -= len(hs)
@@ -887,10 +947,10 @@ class Ctl(object):

            file, cid = task
            try:
-                upload(req_ses, file, cid, self.ar.a)
+                upload(file, cid, self.ar.a)
            except:
                eprint("upload failed, retrying: {0} #{1}\n".format(file.name, cid[:8]))
-                pass  # handshake will fix it
+                # handshake will fix it

            with self.mutex:
                sz = file.kchunks[cid][1]
@@ -906,6 +966,10 @@ class Ctl(object):
                self.up_c += 1
                self.uploader_busy -= 1

+    def up_done(self, file):
+        if self.ar.dl:
+            os.unlink(file.abs)
+

 class APF(argparse.ArgumentDefaultsHelpFormatter, argparse.RawDescriptionHelpFormatter):
    pass
@@ -916,7 +980,7 @@ def main():
    if not VT100:
        os.system("rem")  # enables colors

-    cores = os.cpu_count() if hasattr(os, "cpu_count") else 4
+    cores = (os.cpu_count() if hasattr(os, "cpu_count") else 0) or 2
    hcores = min(cores, 3)  # 4% faster than 4+ on py3.9 @ r5-4500U

    # fmt: off
@@ -929,21 +993,74 @@ source file/folder selection uses rsync syntax, meaning that:

    ap.add_argument("url", type=unicode, help="server url, including destination folder")
    ap.add_argument("files", type=unicode, nargs="+", help="files and/or folders to process")
-    ap.add_argument("-a", metavar="PASSWORD", help="password")
+    ap.add_argument("-v", action="store_true", help="verbose")
+    ap.add_argument("-a", metavar="PASSWORD", help="password or $filepath")
    ap.add_argument("-s", action="store_true", help="file-search (disables upload)")
    ap.add_argument("--ok", action="store_true", help="continue even if some local files are inaccessible")
+    
+    ap = app.add_argument_group("compatibility")
+    ap.add_argument("--cls", action="store_true", help="clear screen before start")
+    ap.add_argument("--ws", action="store_true", help="copyparty is running on windows; wait before deleting files after uploading")
+
+    ap = app.add_argument_group("folder sync")
+    ap.add_argument("--dl", action="store_true", help="delete local files after uploading")
+    ap.add_argument("--dr", action="store_true", help="delete remote files which don't exist locally")
+    ap.add_argument("--drd", action="store_true", help="delete remote files during upload instead of afterwards; reduces peak disk space usage, but will reupload instead of detecting renames")
+
    ap = app.add_argument_group("performance tweaks")
    ap.add_argument("-j", type=int, metavar="THREADS", default=4, help="parallel connections")
    ap.add_argument("-J", type=int, metavar="THREADS", default=hcores, help="num cpu-cores to use for hashing; set 0 or 1 for single-core hashing")
    ap.add_argument("-nh", action="store_true", help="disable hashing while uploading")
    ap.add_argument("--safe", action="store_true", help="use simple fallback approach")
    ap.add_argument("-z", action="store_true", help="ZOOMIN' (skip uploading files if they exist at the destination with the ~same last-modified timestamp, so same as yolo / turbo with date-chk but even faster)")
+
    ap = app.add_argument_group("tls")
    ap.add_argument("-te", metavar="PEM_FILE", help="certificate to expect/verify")
    ap.add_argument("-td", action="store_true", help="disable certificate check")
    # fmt: on

-    Ctl(app.parse_args())
+    ar = app.parse_args()
+    if ar.drd:
+        ar.dr = True
+
+    for k in "dl dr drd".split():
+        errs = []
+        if ar.safe and getattr(ar, k):
+            errs.append(k)
+
+        if errs:
+            raise Exception("--safe is incompatible with " + str(errs))
+
+    ar.files = [
+        os.path.abspath(os.path.realpath(x.encode("utf-8")))
+        + (x[-1:] if x[-1:] == os.sep else "").encode("utf-8")
+        for x in ar.files
+    ]
+
+    ar.url = ar.url.rstrip("/") + "/"
+    if "://" not in ar.url:
+        ar.url = "http://" + ar.url
+
+    if ar.a and ar.a.startswith("$"):
+        fn = ar.a[1:]
+        print("reading password from file [{}]".format(fn))
+        with open(fn, "rb") as f:
+            ar.a = f.read().decode("utf-8").strip()
+
+    if ar.cls:
+        print("\x1b\x5b\x48\x1b\x5b\x32\x4a\x1b\x5b\x33\x4a", end="")
+
+    ctl = Ctl(ar)
+
+    if ar.dr and not ar.drd:
+        print("\npass 2/2: delete")
+        if getattr(ctl, "up_br") and ar.ws:
+            # wait for up2k to mtime if there was uploads
+            time.sleep(4)
+
+        ar.drd = True
+        ar.z = True
+        Ctl(ar, ctl.stats)


 if __name__ == "__main__":
--- a/contrib/README.md
+++ b/contrib/README.md
@@ -27,7 +27,13 @@ however if your copyparty is behind a reverse-proxy, you may want to use [`share

 ### [`explorer-nothumbs-nofoldertypes.reg`](explorer-nothumbs-nofoldertypes.reg)
 * disables thumbnails and folder-type detection in windows explorer
-* makes it way faster (especially for slow/networked locations (such as copyparty-fuse))
+* makes it way faster (especially for slow/networked locations (such as partyfuse))
+
+### [`webdav-basicauth.reg`](webdav-basicauth.reg)
+* enables webdav basic-auth over plaintext http; takes effect after a reboot OR after running `webdav-unlimit.bat`
+
+### [`webdav-unlimit.bat`](webdav-unlimit.bat)
+* removes the 47.6 MiB filesize limit when downloading from webdav

 ### [`cfssl.sh`](cfssl.sh)
 * creates CA and server certificates using cfssl
--- a/contrib/apache/copyparty.conf
+++ b/contrib/apache/copyparty.conf
@@ -0,0 +1,15 @@
+# when running copyparty behind a reverse proxy,
+# the following arguments are recommended:
+#
+#   --http-only     lower latency on initial connection
+#   -i 127.0.0.1    only accept connections from nginx
+#
+# if you are doing location-based proxying (such as `/stuff` below)
+# you must run copyparty with --rp-loc=stuff
+#
+# on fedora/rhel, remember to setsebool -P httpd_can_network_connect 1
+
+LoadModule proxy_module modules/mod_proxy.so
+ProxyPass "/stuff" "http://127.0.0.1:3923/stuff"
+# do not specify ProxyPassReverse
+RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
--- a/contrib/nginx/copyparty.conf
+++ b/contrib/nginx/copyparty.conf
@@ -1,15 +1,17 @@
 # when running copyparty behind a reverse proxy,
 # the following arguments are recommended:
 #
-#   -nc 512         important, see next paragraph
 #   --http-only     lower latency on initial connection
 #   -i 127.0.0.1    only accept connections from nginx
 #
 # -nc must match or exceed the webserver's max number of concurrent clients;
+# copyparty default is 1024 if OS permits it (see "max clients:" on startup),
 # nginx default is 512  (worker_processes 1, worker_connections 512)
 #
 # you may also consider adding -j0 for CPU-intensive configurations
 # (not that i can really think of any good examples)
+#
+# on fedora/rhel, remember to setsebool -P httpd_can_network_connect 1

 upstream cpp {
 	server 127.0.0.1:3923;
--- a/contrib/openrc/copyparty
+++ b/contrib/openrc/copyparty
@@ -14,5 +14,5 @@ name="$SVCNAME"
 command_background=true
 pidfile="/var/run/$SVCNAME.pid"

-command="/usr/bin/python /usr/local/bin/copyparty-sfx.py"
+command="/usr/bin/python3 /usr/local/bin/copyparty-sfx.py"
 command_args="-q -v /mnt::rw"
--- a/contrib/plugins/up2k-hook-ytid.js
+++ b/contrib/plugins/up2k-hook-ytid.js
@@ -14,6 +14,8 @@ function up2k_namefilter(good_files, nil_files, bad_files, hooks) {
    a_up2k_namefilter(good_files, nil_files, bad_files, hooks).then(() => { });
 }

+// ebi('op_up2k').appendChild(mknod('input','unick'));
+
 function bstrpos(buf, ptn) {
    var ofs = 0,
        ch0 = ptn[0],
@@ -44,13 +46,19 @@ async function a_up2k_namefilter(good_files, nil_files, bad_files, hooks) {
        md_only = [],  // `${id} ${fn}` where ID was only found in metadata
        mofs = 0,
        mnchk = 0,
-        mfile = '';
+        mfile = '',
+        myid = localStorage.getItem('ytid_t0');
+
+    if (!myid)
+        localStorage.setItem('ytid_t0', myid = Date.now());

    for (var a = 0; a < good_files.length; a++) {
        var [fobj, name] = good_files[a],
            cname = name,  // will clobber
            sz = fobj.size,
            ids = [],
+            fn_ids = [],
+            md_ids = [],
            id_ok = false,
            m;

@@ -71,7 +79,7 @@ async function a_up2k_namefilter(good_files, nil_files, bad_files, hooks) {

            cname = cname.replace(m[1], '');
            yt_ids.add(m[1]);
-            ids.push(m[1]);
+            fn_ids.unshift(m[1]);
        }

        // look for IDs in video metadata,
@@ -85,6 +93,8 @@ async function a_up2k_namefilter(good_files, nil_files, bad_files, hooks) {
                aspan = id_ok ? 128 : 512;  // MiB

            aspan = parseInt(Math.min(sz / 2, aspan * 1024 * 1024) / chunksz) * chunksz;
+            if (!aspan)
+                aspan = Math.min(sz, chunksz);

            for (var side = 0; side < 2; side++) {
                var ofs = side ? Math.max(0, sz - aspan) : 0,
@@ -110,10 +120,13 @@ async function a_up2k_namefilter(good_files, nil_files, bad_files, hooks) {

                        console.log(`found ${m} @${bofs}, ${name} `);
                        yt_ids.add(m);
-                        if (!has(ids, m)) {
-                            ids.push(m);
+                        if (!has(fn_ids, m) && !has(md_ids, m)) {
+                            md_ids.push(m);
                            md_only.push(`${m} ${name}`);
                        }
+                        else
+                            // id appears several times; make it preferred
+                            md_ids.unshift(m);

                        // bail after next iteration
                        chunk = nchunks - 1;
@@ -130,6 +143,13 @@ async function a_up2k_namefilter(good_files, nil_files, bad_files, hooks) {
                }
            }
        }
+
+        for (var yi of md_ids)
+            ids.push(yi);
+
+        for (var yi of fn_ids)
+            if (!has(ids, yi))
+                ids.push(yi);
    }

    if (md_only.length)
@@ -149,6 +169,16 @@ async function a_up2k_namefilter(good_files, nil_files, bad_files, hooks) {
        return hooks[0]([], [], [], hooks.slice(1));
    }

+    var el = ebi('unick'), unick = el ? el.value : '';
+    if (unick) {
+        console.log(`sending uploader nickname [${unick}]`);
+        fetch(document.location, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8' },
+            body: 'msg=' + encodeURIComponent(unick)
+        });
+    }
+
    toast.inf(5, `running query for ${yt_ids.size} youtube-IDs...`);

    var xhr = new XHR();
@@ -164,18 +194,31 @@ async function a_up2k_namefilter(good_files, nil_files, bad_files, hooks) {

    function process_id_list(txt) {
        var wanted_ids = new Set(txt.trim().split('\n')),
-            wanted_names = new Set(),  // basenames with a wanted ID
+            name_id = {},
+            wanted_names = new Set(),  // basenames with a wanted ID -- not including relpath
+            wanted_names_scoped = {},  // basenames with a wanted ID -> list of dirs to search under
            wanted_files = new Set();  // filedrops

        for (var a = 0; a < good_files.length; a++) {
            var name = good_files[a][1];
            for (var b = 0; b < file_ids[a].length; b++)
                if (wanted_ids.has(file_ids[a][b])) {
-                    wanted_files.add(good_files[a]);
+                    // let the next stage handle this to prevent dupes
+                    //wanted_files.add(good_files[a]);

                    var m = /(.*)\.(mp4|webm|mkv|flv|opus|ogg|mp3|m4a|aac)$/i.exec(name);
-                    if (m)
-                        wanted_names.add(m[1]);
+                    if (!m)
+                        continue;
+
+                    var [rd, fn] = vsplit(m[1]);
+
+                    if (fn in wanted_names_scoped)
+                        wanted_names_scoped[fn].push(rd);
+                    else
+                        wanted_names_scoped[fn] = [rd];
+
+                    wanted_names.add(fn);
+                    name_id[m[1]] = file_ids[a][b];

                    break;
                }
@@ -184,13 +227,35 @@ async function a_up2k_namefilter(good_files, nil_files, bad_files, hooks) {
        // add all files with the same basename as each explicitly wanted file
        // (infojson/chatlog/etc when ID was discovered from metadata)
        for (var a = 0; a < good_files.length; a++) {
-            var name = good_files[a][1];
+            var [rd, name] = vsplit(good_files[a][1]);
            for (var b = 0; b < 3; b++) {
                name = name.replace(/\.[^\.]+$/, '');
-                if (wanted_names.has(name)) {
-                    wanted_files.add(good_files[a]);
+                if (!wanted_names.has(name))
+                    continue;
+
+                var vid_fp = false;
+                for (var c of wanted_names_scoped[name])
+                    if (rd.startsWith(c))
+                        vid_fp = c + name;
+
+                if (!vid_fp)
+                    continue;
+
+                var subdir = name_id[vid_fp];
+                subdir = `v${subdir.slice(0, 1)}/${subdir}-${myid}`;
+                var newpath = subdir + '/' + good_files[a][1].split(/\//g).pop();
+
+                // check if this file is a dupe
+                for (var c of good_files)
+                    if (c[1] == newpath)
+                        newpath = null;
+
+                if (!newpath)
                    break;
-                }
+
+                good_files[a][1] = newpath;
+                wanted_files.add(good_files[a]);
+                break;
            }
        }

@@ -218,3 +283,15 @@ async function a_up2k_namefilter(good_files, nil_files, bad_files, hooks) {
 up2k_hooks.push(function () {
    up2k.gotallfiles.unshift(up2k_namefilter);
 });
+
+// persist/restore nickname field if present
+setInterval(function () {
+    var o = ebi('unick');
+    if (!o || document.activeElement == o)
+        return;
+
+    o.oninput = function () {
+        localStorage.setItem('unick', o.value);
+    };
+    o.value = localStorage.getItem('unick') || '';
+}, 1000);
--- a/contrib/webdav-cfg.bat
+++ b/contrib/webdav-cfg.bat
@@ -0,0 +1,51 @@
+@echo off
+rem removes the 47.6 MiB filesize limit when downloading from webdav
+rem + optionally allows/enables password-auth over plaintext http
+rem + optionally helps disable wpad
+
+setlocal enabledelayedexpansion
+
+net session >nul 2>&1
+if %errorlevel% neq 0 (
+    echo sorry, you must run this as administrator
+    pause
+    exit /b
+)
+
+reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters /v FileSizeLimitInBytes /t REG_DWORD /d 0xffffffff /f
+reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters /v FsCtlRequestTimeoutInSec /t REG_DWORD /d 0xffffffff /f
+
+echo(
+echo OK;
+echo allow webdav basic-auth over plaintext http?
+echo Y: login works, but the password will be visible in wireshark etc
+echo N: login will NOT work unless you use https and valid certificates
+set c=.
+set /p "c=(Y/N): "
+echo(
+if /i not "!c!"=="y" goto :g1
+reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters /v BasicAuthLevel /t REG_DWORD /d 0x2 /f
+rem default is 1 (require tls)
+
+:g1
+echo(
+echo OK;
+echo do you want to disable wpad?
+echo can give a HUGE speed boost depending on network settings
+set c=.
+set /p "c=(Y/N): "
+echo(
+if /i not "!c!"=="y" goto :g2
+echo(
+echo i'm about to open the [Connections] tab in [Internet Properties] for you;
+echo please click [LAN settings] and disable [Automatically detect settings]
+echo(
+pause
+control inetcpl.cpl,,4
+
+:g2
+net stop webclient
+net start webclient
+echo(
+echo OK; all done
+pause
--- a/copyparty/init.py
+++ b/copyparty/init.py
@@ -7,18 +7,19 @@ import sys
 import time

 try:
-    from collections.abc import Callable
-
-    from typing import TYPE_CHECKING, Any
+    from typing import TYPE_CHECKING
 except:
    TYPE_CHECKING = False

-PY2 = sys.version_info[0] == 2
-if PY2:
+if True:
+    from typing import Any, Callable
+
+PY2 = sys.version_info < (3,)
+if not PY2:
+    unicode: Callable[[Any], str] = str
+else:
    sys.dont_write_bytecode = True
    unicode = unicode  # noqa: F821  # pylint: disable=undefined-variable,self-assigning-variable
-else:
-    unicode = str

 WINDOWS: Any = (
    [int(x) for x in platform.version().split(".")]
@@ -33,57 +34,18 @@ ANYWIN = WINDOWS or sys.platform in ["msys", "cygwin"]

 MACOS = platform.system() == "Darwin"

-
-def get_unixdir() -> str:
-    paths: list[tuple[Callable[..., str], str]] = [
-        (os.environ.get, "XDG_CONFIG_HOME"),
-        (os.path.expanduser, "~/.config"),
-        (os.environ.get, "TMPDIR"),
-        (os.environ.get, "TEMP"),
-        (os.environ.get, "TMP"),
-        (unicode, "/tmp"),
-    ]
-    for chk in [os.listdir, os.mkdir]:
-        for pf, pa in paths:
-            try:
-                p = pf(pa)
-                # print(chk.__name__, p, pa)
-                if not p or p.startswith("~"):
-                    continue
-
-                p = os.path.normpath(p)
-                chk(p)  # type: ignore
-                p = os.path.join(p, "copyparty")
-                if not os.path.isdir(p):
-                    os.mkdir(p)
-
-                return p
-            except:
-                pass
-
-    raise Exception("could not find a writable path for config")
+try:
+    CORES = len(os.sched_getaffinity(0))
+except:
+    CORES = (os.cpu_count() if hasattr(os, "cpu_count") else 0) or 2


 class EnvParams(object):
    def __init__(self) -> None:
        self.t0 = time.time()
-        self.mod = os.path.dirname(os.path.realpath(__file__))
-        if self.mod.endswith("__init__"):
-            self.mod = os.path.dirname(self.mod)
-
-        if sys.platform == "win32":
-            self.cfg = os.path.normpath(os.environ["APPDATA"] + "/copyparty")
-        elif sys.platform == "darwin":
-            self.cfg = os.path.expanduser("~/Library/Preferences/copyparty")
-        else:
-            self.cfg = get_unixdir()
-
-        self.cfg = self.cfg.replace("\\", "/")
-        try:
-            os.makedirs(self.cfg)
-        except:
-            if not os.path.isdir(self.cfg):
-                raise
+        self.mod = ""
+        self.cfg = ""
+        self.ox = getattr(sys, "oxidized", None)


 E = EnvParams()
--- a/copyparty/main.py
+++ b/copyparty/main.py
@@ -9,26 +9,30 @@ __license__ = "MIT"
 __url__ = "https://github.com/9001/copyparty/"

 import argparse
+import base64
 import filecmp
 import locale
 import os
 import re
 import shutil
+import socket
 import sys
 import threading
 import time
 import traceback
+import uuid
 from textwrap import dedent

-from .__init__ import ANYWIN, PY2, VT100, WINDOWS, E, unicode
+from .__init__ import ANYWIN, CORES, PY2, VT100, WINDOWS, E, EnvParams, unicode
 from .__version__ import CODENAME, S_BUILD_DT, S_VERSION
-from .authsrv import re_vol
+from .authsrv import expand_config_file, re_vol
 from .svchub import SvcHub
 from .util import (
    IMPLICATIONS,
    JINJA_VER,
    PYFTPD_VER,
    SQLITE_VER,
+    UNPLICATIONS,
    align_tab,
    ansi_re,
    min_ex,
@@ -37,12 +41,11 @@ from .util import (
    wrap,
 )

-try:
+if True:  # pylint: disable=using-constant-test
+    from collections.abc import Callable
    from types import FrameType

    from typing import Any, Optional
-except:
-    pass

 try:
    HAVE_SSL = True
@@ -51,6 +54,7 @@ except:
    HAVE_SSL = False

 printed: list[str] = []
+u = unicode


 class RiceFormatter(argparse.HelpFormatter):
@@ -75,7 +79,11 @@ class RiceFormatter(argparse.HelpFormatter):
                defaulting_nargs = [argparse.OPTIONAL, argparse.ZERO_OR_MORE]
                if action.option_strings or action.nargs in defaulting_nargs:
                    ret += fmt
-        return ret
+
+        if not VT100:
+            ret = re.sub("\033\\[[0-9;]+m", "", ret)
+
+        return ret  # type: ignore

    def _fill_text(self, text: str, width: int, indent: str) -> str:
        """same as RawDescriptionHelpFormatter(HelpFormatter)"""
@@ -98,7 +106,7 @@ class RiceFormatter(argparse.HelpFormatter):
                    self.__add_whitespace(i, lWSpace, x)
                    for i, x in enumerate(wrap(line, width, width - 1))
                ]
-                textRows[idx] = lines
+                textRows[idx] = lines  # type: ignore

        return [item for sublist in textRows for item in sublist]

@@ -131,19 +139,123 @@ def warn(msg: str) -> None:
    lprint("\033[1mwarning:\033[0;33m {}\033[0m\n".format(msg))


+def init_E(E: EnvParams) -> None:
+    # __init__ runs 18 times when oxidized; do expensive stuff here
+
+    def get_unixdir() -> str:
+        paths: list[tuple[Callable[..., Any], str]] = [
+            (os.environ.get, "XDG_CONFIG_HOME"),
+            (os.path.expanduser, "~/.config"),
+            (os.environ.get, "TMPDIR"),
+            (os.environ.get, "TEMP"),
+            (os.environ.get, "TMP"),
+            (unicode, "/tmp"),
+        ]
+        for chk in [os.listdir, os.mkdir]:
+            for pf, pa in paths:
+                try:
+                    p = pf(pa)
+                    # print(chk.__name__, p, pa)
+                    if not p or p.startswith("~"):
+                        continue
+
+                    p = os.path.normpath(p)
+                    chk(p)  # type: ignore
+                    p = os.path.join(p, "copyparty")
+                    if not os.path.isdir(p):
+                        os.mkdir(p)
+
+                    return p  # type: ignore
+                except:
+                    pass
+
+        raise Exception("could not find a writable path for config")
+
+    def _unpack() -> str:
+        import atexit
+        import tarfile
+        import tempfile
+        from importlib.resources import open_binary
+
+        td = tempfile.TemporaryDirectory(prefix="")
+        atexit.register(td.cleanup)
+        tdn = td.name
+
+        with open_binary("copyparty", "z.tar") as tgz:
+            with tarfile.open(fileobj=tgz) as tf:
+                tf.extractall(tdn)
+
+        return tdn
+
+    try:
+        E.mod = os.path.dirname(os.path.realpath(__file__))
+        if E.mod.endswith("__init__"):
+            E.mod = os.path.dirname(E.mod)
+    except:
+        if not E.ox:
+            raise
+
+        E.mod = _unpack()
+
+    if sys.platform == "win32":
+        bdir = os.environ.get("APPDATA") or os.environ.get("TEMP")
+        E.cfg = os.path.normpath(bdir + "/copyparty")
+    elif sys.platform == "darwin":
+        E.cfg = os.path.expanduser("~/Library/Preferences/copyparty")
+    else:
+        E.cfg = get_unixdir()
+
+    E.cfg = E.cfg.replace("\\", "/")
+    try:
+        os.makedirs(E.cfg)
+    except:
+        if not os.path.isdir(E.cfg):
+            raise
+
+
+def get_srvname() -> str:
+    try:
+        ret: str = unicode(socket.gethostname()).split(".")[0]
+    except:
+        ret = ""
+
+    if ret not in ["", "localhost"]:
+        return ret
+
+    fp = os.path.join(E.cfg, "name.txt")
+    lprint("using hostname from {}\n".format(fp))
+    try:
+        with open(fp, "rb") as f:
+            ret = f.read().decode("utf-8", "replace").strip()
+    except:
+        ret = ""
+        while len(ret) < 7:
+            ret += base64.b32encode(os.urandom(4))[:7].decode("utf-8").lower()
+            ret = re.sub("[234567=]", "", ret)[:7]
+        with open(fp, "wb") as f:
+            f.write(ret.encode("utf-8") + b"\n")
+
+    return ret
+
+
 def ensure_locale() -> None:
+    safe = "en_US.UTF-8"
    for x in [
-        "en_US.UTF-8",
+        safe,
        "English_United States.UTF8",
        "English_United States.1252",
    ]:
        try:
            locale.setlocale(locale.LC_ALL, x)
-            lprint("Locale: {}\n".format(x))
-            break
+            if x != safe:
+                lprint("Locale: {}\n".format(x))
+            return
        except:
            continue

+    t = "setlocale {} failed,\n  sorting and dates might get funky\n"
+    warn(t.format(safe))
+

 def ensure_cert() -> None:
    """
@@ -161,8 +273,8 @@ def ensure_cert() -> None:
    try:
        if filecmp.cmp(cert_cfg, cert_insec):
            lprint(
-                "\033[33m  using default TLS certificate; https will be insecure."
-                + "\033[36m\n  certificate location: {}\033[0m\n".format(cert_cfg)
+                "\033[33musing default TLS certificate; https will be insecure."
+                + "\033[36m\ncertificate location: {}\033[0m\n".format(cert_cfg)
            )
    except:
        pass
@@ -239,27 +351,29 @@ def configure_ssl_ciphers(al: argparse.Namespace) -> None:


 def args_from_cfg(cfg_path: str) -> list[str]:
+    lines: list[str] = []
+    expand_config_file(lines, cfg_path, "")
+
    ret: list[str] = []
    skip = False
-    with open(cfg_path, "rb") as f:
-        for ln in [x.decode("utf-8").strip() for x in f]:
-            if not ln:
-                skip = False
-                continue
+    for ln in lines:
+        if not ln:
+            skip = False
+            continue

-            if ln.startswith("#"):
-                continue
+        if ln.startswith("#"):
+            continue

-            if not ln.startswith("-"):
-                continue
+        if not ln.startswith("-"):
+            continue

-            if skip:
-                continue
+        if skip:
+            continue

-            try:
-                ret.extend(ln.split(" ", 1))
-            except:
-                ret.append(ln)
+        try:
+            ret.extend(ln.split(" ", 1))
+        except:
+            ret.append(ln)

    return ret

@@ -323,22 +437,18 @@ def disable_quickedit() -> None:
            cmode(True, mode | 4)


-def run_argparse(argv: list[str], formatter: Any, retry: bool) -> argparse.Namespace:
-    ap = argparse.ArgumentParser(
-        formatter_class=formatter,
-        prog="copyparty",
-        description="http file sharing hub v{} ({})".format(S_VERSION, S_BUILD_DT),
-    )
+def showlic() -> None:
+    p = os.path.join(E.mod, "res", "COPYING.txt")
+    if not os.path.exists(p):
+        print("no relevant license info to display")
+        return

-    try:
-        fk_salt = unicode(os.path.getmtime(os.path.join(E.cfg, "cert.pem")))
-    except:
-        fk_salt = "hunter2"
+    with open(p, "rb") as f:
+        print(f.read().decode("utf-8", "replace"))

-    cores = os.cpu_count() if hasattr(os, "cpu_count") else 4
-    hcores = min(cores, 3)  # 4% faster than 4+ on py3.9 @ r5-4500U

-    sects = [
+def get_sects():
+    return [
        [
            "accounts",
            "accounts and volumes",
@@ -355,6 +465,7 @@ def run_argparse(argv: list[str], formatter: Any, retry: bool) -> argparse.Names
              "m" (move):   move files and folders; need "w" at destination
              "d" (delete): permanently delete files and folders
              "g" (get):    download files, but cannot see folder contents
+              "G" (upget):  "get", but can see filekeys of their own uploads

            too many volflags to list here, see the other sections

@@ -388,6 +499,7 @@ def run_argparse(argv: list[str], formatter: Any, retry: bool) -> argparse.Names
            \033[0muploads, general:
              \033[36mnodupe\033[35m rejects existing files (instead of symlinking them)
              \033[36mnosub\033[35m forces all uploads into the top folder of the vfs
+              \033[36mmagic$\033[35m enables filetype detection for nameless uploads
              \033[36mgz\033[35m allows server-side gzip of uploads with ?gz (also c,xz)
              \033[36mpk\033[35m forces server-side compression, optional arg: xz,9

@@ -414,6 +526,9 @@ def run_argparse(argv: list[str], formatter: Any, retry: bool) -> argparse.Names
              \033[36mscan=60\033[35m scan for new files every 60sec, same as --re-maxage
              \033[36mnohash=\\.iso$\033[35m skips hashing file contents if path matches *.iso
              \033[36mnoidx=\\.iso$\033[35m fully ignores the contents at paths matching *.iso
+              \033[36mnoforget$\033[35m don't forget files when deleted from disk
+              \033[36mdbd=[acid|swal|wal|yolo]\033[35m database speed-durability tradeoff
+              \033[36mxlink$\033[35m cross-volume dupe detection / linking
              \033[36mxdev\033[35m do not descend into other filesystems
              \033[36mxvol\033[35m skip symlinks leaving the volume root

@@ -473,74 +588,192 @@ def run_argparse(argv: list[str], formatter: Any, retry: bool) -> argparse.Names
            """
            ),
        ],
+        [
+            "dbd",
+            "database durability profiles",
+            dedent(
+                """
+            mainly affects uploads of many small files on slow HDDs; speeds measured uploading 520 files on a WD20SPZX (SMR 2.5" 5400rpm 4kb)
+
+            \033[32macid\033[0m = extremely safe but slow; the old default. Should never lose any data no matter what
+
+            \033[32mswal\033[0m = 2.4x faster uploads yet 99.9%% as safe -- theoretical chance of losing metadata for the ~200 most recently uploaded files if there's a power-loss or your OS crashes
+
+            \033[32mwal\033[0m = another 21x faster on HDDs yet 90%% as safe; same pitfall as \033[33mswal\033[0m except more likely
+
+            \033[32myolo\033[0m = another 1.5x faster, and removes the occasional sudden upload-pause while the disk syncs, but now you're at risk of losing the entire database in a powerloss / OS-crash
+
+            profiles can be set globally (--dbd=yolo), or per-volume with volflags: -v ~/Music:music:r:c,dbd=acid
+            """
+            ),
+        ],
    ]

-    # fmt: off
-    u = unicode
+
+# fmt: off
+
+
+def add_general(ap, nc, srvname):
    ap2 = ap.add_argument_group('general options')
    ap2.add_argument("-c", metavar="PATH", type=u, action="append", help="add config file")
-    ap2.add_argument("-nc", metavar="NUM", type=int, default=64, help="max num clients")
+    ap2.add_argument("-nc", metavar="NUM", type=int, default=nc, help="max num clients")
    ap2.add_argument("-j", metavar="CORES", type=int, default=1, help="max num cpu cores, 0=all")
-    ap2.add_argument("-a", metavar="ACCT", type=u, action="append", help="add account, USER:PASS; example [ed:wark]")
-    ap2.add_argument("-v", metavar="VOL", type=u, action="append", help="add volume, SRC:DST:FLAG; examples [.::r], [/mnt/nas/music:/music:r:aed]")
+    ap2.add_argument("-a", metavar="ACCT", type=u, action="append", help="add account, \033[33mUSER\033[0m:\033[33mPASS\033[0m; example [\033[32med:wark\033[0m]")
+    ap2.add_argument("-v", metavar="VOL", type=u, action="append", help="add volume, \033[33mSRC\033[0m:\033[33mDST\033[0m:\033[33mFLAG\033[0m; examples [\033[32m.::r\033[0m], [\033[32m/mnt/nas/music:/music:r:aed\033[0m]")
    ap2.add_argument("-ed", action="store_true", help="enable the ?dots url parameter / client option which allows clients to see dotfiles / hidden files")
    ap2.add_argument("-emp", action="store_true", help="enable markdown plugins -- neat but dangerous, big XSS risk")
    ap2.add_argument("-mcr", metavar="SEC", type=int, default=60, help="md-editor mod-chk rate")
    ap2.add_argument("--urlform", metavar="MODE", type=u, default="print,get", help="how to handle url-form POSTs; see --help-urlform")
-    ap2.add_argument("--wintitle", metavar="TXT", type=u, default="cpp @ $pub", help="window title, for example '$ip-10.1.2.' or '$ip-'")
+    ap2.add_argument("--wintitle", metavar="TXT", type=u, default="cpp @ $pub", help="window title, for example [\033[32m$ip-10.1.2.\033[0m] or [\033[32m$ip-]")
+    ap2.add_argument("--name", metavar="TXT", type=u, default=srvname, help="server name (displayed topleft in browser and in mDNS)")
+    ap2.add_argument("--license", action="store_true", help="show licenses and exit")
+    ap2.add_argument("--version", action="store_true", help="show versions and exit")

+
+def add_qr(ap, tty):
+    ap2 = ap.add_argument_group('qr options')
+    ap2.add_argument("--qr", action="store_true", help="show http:// QR-code on startup")
+    ap2.add_argument("--qrs", action="store_true", help="show https:// QR-code on startup")
+    ap2.add_argument("--qrl", metavar="PATH", type=u, default="", help="location to include in the url, for example [\033[32mpriv/?pw=hunter2\033[0m]")
+    ap2.add_argument("--qri", metavar="PREFIX", type=u, default="", help="select IP which starts with PREFIX; [\033[32m.\033[0m] to force default IP when mDNS URL would have been used instead")
+    ap2.add_argument("--qr-fg", metavar="COLOR", type=int, default=0 if tty else 16, help="foreground; try [\033[32m0\033[0m] if the qr-code is unreadable")
+    ap2.add_argument("--qr-bg", metavar="COLOR", type=int, default=229, help="background (white=255)")
+    ap2.add_argument("--qrp", metavar="CELLS", type=int, default=4, help="padding (spec says 4 or more, but 1 is usually fine)")
+    ap2.add_argument("--qrz", metavar="N", type=int, default=0, help="[\033[32m1\033[0m]=1x, [\033[32m2\033[0m]=2x, [\033[32m0\033[0m]=auto (try [\033[32m2\033[0m] on broken fonts)")
+
+
+def add_upload(ap):
    ap2 = ap.add_argument_group('upload options')
    ap2.add_argument("--dotpart", action="store_true", help="dotfile incomplete uploads, hiding them from clients unless -ed")
+    ap2.add_argument("--plain-ip", action="store_true", help="when avoiding filename collisions by appending the uploader's ip to the filename: append the plaintext ip instead of salting and hashing the ip")
    ap2.add_argument("--unpost", metavar="SEC", type=int, default=3600*12, help="grace period where uploads can be deleted by the uploader, even without delete permissions; 0=disabled")
    ap2.add_argument("--reg-cap", metavar="N", type=int, default=38400, help="max number of uploads to keep in memory when running without -e2d; roughly 1 MiB RAM per 600")
-    ap2.add_argument("--no-fpool", action="store_true", help="disable file-handle pooling -- instead, repeatedly close and reopen files during upload")
-    ap2.add_argument("--use-fpool", action="store_true", help="force file-handle pooling, even if copyparty thinks you're better off without -- probably useful on nfs and cow filesystems (zfs, btrfs)")
+    ap2.add_argument("--no-fpool", action="store_true", help="disable file-handle pooling -- instead, repeatedly close and reopen files during upload (very slow on windows)")
+    ap2.add_argument("--use-fpool", action="store_true", help="force file-handle pooling, even when it might be dangerous (multiprocessing, filesystems lacking sparse-files support, ...)")
    ap2.add_argument("--hardlink", action="store_true", help="prefer hardlinks instead of symlinks when possible (within same filesystem)")
    ap2.add_argument("--never-symlink", action="store_true", help="do not fallback to symlinks when a hardlink cannot be made")
    ap2.add_argument("--no-dedup", action="store_true", help="disable symlink/hardlink creation; copy file contents instead")
+    ap2.add_argument("--no-dupe", action="store_true", help="reject duplicate files during upload; only matches within the same volume (volflag=nodupe)")
+    ap2.add_argument("--no-snap", action="store_true", help="disable snapshots -- forget unfinished uploads on shutdown; don't create .hist/up2k.snap files -- abandoned/interrupted uploads must be cleaned up manually")
+    ap2.add_argument("--magic", action="store_true", help="enable filetype detection on nameless uploads (volflag=magic)")
    ap2.add_argument("--df", metavar="GiB", type=float, default=0, help="ensure GiB free disk space by rejecting upload requests")
    ap2.add_argument("--sparse", metavar="MiB", type=int, default=4, help="windows-only: minimum size of incoming uploads through up2k before they are made into sparse files")
-    ap2.add_argument("--turbo", metavar="LVL", type=int, default=0, help="configure turbo-mode in up2k client; 0 = off and warn if enabled, 1 = off, 2 = on, 3 = on and disable datecheck")
-    ap2.add_argument("--u2sort", metavar="TXT", type=u, default="s", help="upload order; s=smallest-first, n=alphabetical, fs=force-s, fn=force-n -- alphabetical is a bit slower on fiber/LAN but makes it easier to eyeball if everything went fine")
+    ap2.add_argument("--turbo", metavar="LVL", type=int, default=0, help="configure turbo-mode in up2k client; [\033[32m0\033[0m] = off and warn if enabled, [\033[32m1\033[0m] = off, [\033[32m2\033[0m] = on, [\033[32m3\033[0m] = on and disable datecheck")
+    ap2.add_argument("--u2sort", metavar="TXT", type=u, default="s", help="upload order; [\033[32ms\033[0m]=smallest-first, [\033[32mn\033[0m]=alphabetical, [\033[32mfs\033[0m]=force-s, [\033[32mfn\033[0m]=force-n -- alphabetical is a bit slower on fiber/LAN but makes it easier to eyeball if everything went fine")
+    ap2.add_argument("--write-uplog", action="store_true", help="write POST reports to textfiles in working-directory")

+
+def add_network(ap):
    ap2 = ap.add_argument_group('network options')
-    ap2.add_argument("-i", metavar="IP", type=u, default="0.0.0.0", help="ip to bind (comma-sep.)")
+    ap2.add_argument("-i", metavar="IP", type=u, default="::", help="ip to bind (comma-sep.), default: all IPv4 and IPv6")
    ap2.add_argument("-p", metavar="PORT", type=u, default="3923", help="ports to bind (comma/range)")
-    ap2.add_argument("--rproxy", metavar="DEPTH", type=int, default=1, help="which ip to keep; 0 = tcp, 1 = origin (first x-fwd), 2 = cloudflare, 3 = nginx, -1 = closest proxy")
+    ap2.add_argument("--ll", action="store_true", help="include link-local IPv4/IPv6 even if the NIC has routable IPs (breaks some mdns clients)")
+    ap2.add_argument("--rproxy", metavar="DEPTH", type=int, default=1, help="which ip to keep; [\033[32m0\033[0m]=tcp, [\033[32m1\033[0m]=origin (first x-fwd), [\033[32m2\033[0m]=cloudflare, [\033[32m3\033[0m]=nginx, [\033[32m-1\033[0m]=closest proxy")
+    ap2.add_argument("--rp-loc", metavar="PATH", type=u, default="", help="if reverse-proxying on a location instead of a dedicated domain/subdomain, provide the base location here (eg. /foo/bar)")
+    if ANYWIN:
+        ap2.add_argument("--reuseaddr", action="store_true", help="set reuseaddr on listening sockets on windows; allows rapid restart of copyparty at the expense of being able to accidentally start multiple instances")
    ap2.add_argument("--s-wr-sz", metavar="B", type=int, default=256*1024, help="socket write size in bytes")
    ap2.add_argument("--s-wr-slp", metavar="SEC", type=float, default=0, help="debug: socket write delay in seconds")
    ap2.add_argument("--rsp-slp", metavar="SEC", type=float, default=0, help="debug: response delay in seconds")

+
+def add_tls(ap):
    ap2 = ap.add_argument_group('SSL/TLS options')
    ap2.add_argument("--http-only", action="store_true", help="disable ssl/tls -- force plaintext")
    ap2.add_argument("--https-only", action="store_true", help="disable plaintext -- force tls")
-    ap2.add_argument("--ssl-ver", metavar="LIST", type=u, help="set allowed ssl/tls versions; [help] shows available versions; default is what your python version considers safe")
-    ap2.add_argument("--ciphers", metavar="LIST", type=u, help="set allowed ssl/tls ciphers; [help] shows available ciphers")
+    ap2.add_argument("--ssl-ver", metavar="LIST", type=u, help="set allowed ssl/tls versions; [\033[32mhelp\033[0m] shows available versions; default is what your python version considers safe")
+    ap2.add_argument("--ciphers", metavar="LIST", type=u, help="set allowed ssl/tls ciphers; [\033[32mhelp\033[0m] shows available ciphers")
    ap2.add_argument("--ssl-dbg", action="store_true", help="dump some tls info")
    ap2.add_argument("--ssl-log", metavar="PATH", type=u, help="log master secrets for later decryption in wireshark")

-    ap2 = ap.add_argument_group('FTP options')
-    ap2.add_argument("--ftp", metavar="PORT", type=int, help="enable FTP server on PORT, for example 3921")
-    ap2.add_argument("--ftps", metavar="PORT", type=int, help="enable FTPS server on PORT, for example 3990")
-    ap2.add_argument("--ftp-dbg", action="store_true", help="enable debug logging")
-    ap2.add_argument("--ftp-nat", metavar="ADDR", type=u, help="the NAT address to use for passive connections")
-    ap2.add_argument("--ftp-pr", metavar="P-P", type=u, help="the range of TCP ports to use for passive connections, for example 12000-13000")

+def add_zeroconf(ap):
+    ap2 = ap.add_argument_group("Zeroconf options")
+    ap2.add_argument("-z", action="store_true", help="enable all zeroconf backends (mdns, ssdp)")
+    ap2.add_argument("--z-on", metavar="NETS", type=u, default="", help="enable zeroconf ONLY on the comma-separated list of subnets and/or interface names/indexes\n └─example: \033[32meth0, wlo1, virhost0, 192.168.123.0/24, fd00:fda::/96\033[0m")
+    ap2.add_argument("--z-off", metavar="NETS", type=u, default="", help="disable zeroconf on the comma-separated list of subnets and/or interface names/indexes")
+    ap2.add_argument("-zv", action="store_true", help="verbose all zeroconf backends")
+    ap2.add_argument("--mc-hop", metavar="SEC", type=int, default=0, help="rejoin multicast groups every SEC seconds (workaround for some switches/routers which cause mDNS to suddenly stop working after some time); try [\033[32m300\033[0m] or [\033[32m180\033[0m]")
+
+
+def add_zc_mdns(ap):
+    ap2 = ap.add_argument_group("Zeroconf-mDNS options:")
+    ap2.add_argument("--zm", action="store_true", help="announce the enabled protocols over mDNS (multicast DNS-SD) -- compatible with KDE, gnome, macOS, ...")
+    ap2.add_argument("--zm-on", metavar="NETS", type=u, default="", help="enable zeroconf ONLY on the comma-separated list of subnets and/or interface names/indexes")
+    ap2.add_argument("--zm-off", metavar="NETS", type=u, default="", help="disable zeroconf on the comma-separated list of subnets and/or interface names/indexes")
+    ap2.add_argument("--zm4", action="store_true", help="IPv4 only -- try this if some clients can't connect")
+    ap2.add_argument("--zm6", action="store_true", help="IPv6 only")
+    ap2.add_argument("--zmv", action="store_true", help="verbose mdns")
+    ap2.add_argument("--zmvv", action="store_true", help="verboser mdns")
+    ap2.add_argument("--zms", metavar="dhf", type=u, default="", help="list of services to announce -- d=webdav h=http f=ftp s=smb -- lowercase=plaintext uppercase=TLS -- default: all enabled services except http/https (\033[32mDdfs\033[0m if \033[33m--ftp\033[0m and \033[33m--smb\033[0m is set)")
+    ap2.add_argument("--zm-ld", metavar="PATH", type=u, default="", help="link a specific folder for webdav shares")
+    ap2.add_argument("--zm-lh", metavar="PATH", type=u, default="", help="link a specific folder for http shares")
+    ap2.add_argument("--zm-lf", metavar="PATH", type=u, default="", help="link a specific folder for ftp shares")
+    ap2.add_argument("--zm-ls", metavar="PATH", type=u, default="", help="link a specific folder for smb shares")
+    ap2.add_argument("--zm-mnic", action="store_true", help="merge NICs which share subnets; assume that same subnet means same network")
+    ap2.add_argument("--zm-msub", action="store_true", help="merge subnets on each NIC -- always enabled for ipv6 -- reduces network load, but gnome-gvfs clients may stop working")
+    ap2.add_argument("--zm-noneg", action="store_true", help="disable NSEC replies -- try this if some clients don't see copyparty")
+
+
+def add_zc_ssdp(ap):
+    ap2 = ap.add_argument_group("Zeroconf-SSDP options:")
+    ap2.add_argument("--zs", action="store_true", help="announce the enabled protocols over SSDP -- compatible with Windows")
+    ap2.add_argument("--zs-on", metavar="NETS", type=u, default="", help="enable zeroconf ONLY on the comma-separated list of subnets and/or interface names/indexes")
+    ap2.add_argument("--zs-off", metavar="NETS", type=u, default="", help="disable zeroconf on the comma-separated list of subnets and/or interface names/indexes")
+    ap2.add_argument("--zsv", action="store_true", help="verbose SSDP")
+    ap2.add_argument("--zsl", metavar="PATH", type=u, default="/?hc", help="location to include in the url (or a complete external URL), for example [\033[32mpriv/?pw=hunter2\033[0m] (goes directly to /priv/ with password hunter2) or [\033[32m?hc=priv&pw=hunter2\033[0m] (shows mounting options for /priv/ with password)")
+    ap2.add_argument("--zsid", metavar="UUID", type=u, default=uuid.uuid4().urn[4:], help="USN (device identifier) to announce")
+
+
+def add_ftp(ap):
+    ap2 = ap.add_argument_group('FTP options')
+    ap2.add_argument("--ftp", metavar="PORT", type=int, help="enable FTP server on PORT, for example \033[32m3921")
+    ap2.add_argument("--ftps", metavar="PORT", type=int, help="enable FTPS server on PORT, for example \033[32m3990")
+    ap2.add_argument("--ftpv", action="store_true", help="verbose")
+    ap2.add_argument("--ftp-wt", metavar="SEC", type=int, default=7, help="grace period for resuming interrupted uploads (any client can write to any file last-modified more recently than SEC seconds ago)")
+    ap2.add_argument("--ftp-nat", metavar="ADDR", type=u, help="the NAT address to use for passive connections")
+    ap2.add_argument("--ftp-pr", metavar="P-P", type=u, help="the range of TCP ports to use for passive connections, for example \033[32m12000-13000")
+
+
+def add_webdav(ap):
+    ap2 = ap.add_argument_group('WebDAV options')
+    ap2.add_argument("--daw", action="store_true", help="enable full write support. \033[1;31mWARNING:\033[0m This has side-effects -- PUT-operations will now \033[1;31mOVERWRITE\033[0m existing files, rather than inventing new filenames to avoid loss of data. You might want to instead set this as a volflag where needed. By not setting this flag, uploaded files can get written to a filename which the client does not expect (which might be okay, depending on client)")
+    ap2.add_argument("--dav-inf", action="store_true", help="allow depth:infinite requests (recursive file listing); extremely server-heavy but required for spec compliance -- luckily few clients rely on this")
+    ap2.add_argument("--dav-mac", action="store_true", help="disable apple-garbage filter -- allow macos to create junk files (._* and .DS_Store, .Spotlight-*, .fseventsd, .Trashes, .AppleDouble, __MACOS)")
+
+
+def add_smb(ap):
+    ap2 = ap.add_argument_group('SMB/CIFS options')
+    ap2.add_argument("--smb", action="store_true", help="enable smb (read-only) -- this requires running copyparty as root on linux and macos unless --smb-port is set above 1024 and your OS does port-forwarding from 445 to that.\n\033[1;31mWARNING:\033[0m this protocol is dangerous! Never expose to the internet. Account permissions are coalesced; if one account has write-access to a volume, then all accounts do.")
+    ap2.add_argument("--smbw", action="store_true", help="enable write support (please dont)")
+    ap2.add_argument("--smb1", action="store_true", help="disable SMBv2, only enable SMBv1 (CIFS)")
+    ap2.add_argument("--smb-port", metavar="PORT", type=int, default=445, help="port to listen on -- if you change this value, you must NAT from TCP:445 to this port using iptables or similar")
+    ap2.add_argument("--smb-nwa-1", action="store_true", help="disable impacket#1433 workaround (truncate directory listings to 64kB)")
+    ap2.add_argument("--smb-nwa-2", action="store_true", help="disable impacket workaround for filecopy globs")
+    ap2.add_argument("--smbv", action="store_true", help="verbose")
+    ap2.add_argument("--smbvv", action="store_true", help="verboser")
+    ap2.add_argument("--smbvvv", action="store_true", help="verbosest")
+
+
+def add_optouts(ap):
    ap2 = ap.add_argument_group('opt-outs')
    ap2.add_argument("-nw", action="store_true", help="never write anything to disk (debug/benchmark)")
    ap2.add_argument("--keep-qem", action="store_true", help="do not disable quick-edit-mode on windows (it is disabled to avoid accidental text selection which will deadlock copyparty)")
+    ap2.add_argument("--no-dav", action="store_true", help="disable webdav support")
    ap2.add_argument("--no-del", action="store_true", help="disable delete operations")
    ap2.add_argument("--no-mv", action="store_true", help="disable move/rename operations")
    ap2.add_argument("-nih", action="store_true", help="no info hostname -- don't show in UI")
    ap2.add_argument("-nid", action="store_true", help="no info disk-usage -- don't show in UI")
    ap2.add_argument("--no-zip", action="store_true", help="disable download as zip/tar")
-    ap2.add_argument("--no-lifetime", action="store_true", help="disable automatic deletion of uploads after a certain time (lifetime volflag)")
+    ap2.add_argument("--no-lifetime", action="store_true", help="disable automatic deletion of uploads after a certain time (as specified by the 'lifetime' volflag)")

+
+def add_safety(ap, fk_salt):
    ap2 = ap.add_argument_group('safety options')
    ap2.add_argument("-s", action="count", default=0, help="increase safety: Disable thumbnails / potentially dangerous software (ffmpeg/pillow/vips), hide partial uploads, avoid crawlers.\n └─Alias of\033[32m --dotpart --no-thumb --no-mtag-ff --no-robots --force-js")
-    ap2.add_argument("-ss", action="store_true", help="further increase safety: Prevent js-injection, accidental move/delete, broken symlinks, 404 on 403.\n └─Alias of\033[32m -s --no-dot-mv --no-dot-ren --unpost=0 --no-del --no-mv --hardlink --vague-403 -nih")
-    ap2.add_argument("-sss", action="store_true", help="further increase safety: Enable logging to disk, scan for dangerous symlinks.\n └─Alias of\033[32m -ss -lo=cpp-%%Y-%%m%%d-%%H%%M%%S.txt.xz --ls=**,*,ln,p,r")
-    ap2.add_argument("--ls", metavar="U[,V[,F]]", type=u, help="do a sanity/safety check of all volumes on startup; arguments USER,VOL,FLAGS; example [**,*,ln,p,r]")
+    ap2.add_argument("-ss", action="store_true", help="further increase safety: Prevent js-injection, accidental move/delete, broken symlinks, webdav, 404 on 403, ban on excessive 404s.\n └─Alias of\033[32m -s --no-dot-mv --no-dot-ren --unpost=0 --no-del --no-mv --hardlink --vague-403 --ban-404=50,60,1440 -nih")
+    ap2.add_argument("-sss", action="store_true", help="further increase safety: Enable logging to disk, scan for dangerous symlinks.\n └─Alias of\033[32m -ss --no-dav -lo=cpp-%%Y-%%m%%d-%%H%%M%%S.txt.xz --ls=**,*,ln,p,r")
+    ap2.add_argument("--ls", metavar="U[,V[,F]]", type=u, help="do a sanity/safety check of all volumes on startup; arguments \033[33mUSER\033[0m,\033[33mVOL\033[0m,\033[33mFLAGS\033[0m; example [\033[32m**,*,ln,p,r\033[0m]")
    ap2.add_argument("--salt", type=u, default="hunter2", help="up2k file-hash salt; used to generate unpredictable internal identifiers for uploads -- doesn't really matter")
    ap2.add_argument("--fk-salt", metavar="SALT", type=u, default=fk_salt, help="per-file accesskey salt; used to generate unpredictable URLs for hidden files -- this one DOES matter")
    ap2.add_argument("--no-dot-mv", action="store_true", help="disallow moving dotfiles; makes it impossible to move folders containing dotfiles")
@@ -549,33 +782,46 @@ def run_argparse(argv: list[str], formatter: Any, retry: bool) -> argparse.Names
    ap2.add_argument("--no-readme", action="store_true", help="disable rendering readme.md into directory listings")
    ap2.add_argument("--vague-403", action="store_true", help="send 404 instead of 403 (security through ambiguity, very enterprise)")
    ap2.add_argument("--force-js", action="store_true", help="don't send folder listings as HTML, force clients to use the embedded json instead -- slight protection against misbehaving search engines which ignore --no-robots")
-    ap2.add_argument("--no-robots", action="store_true", help="adds http and html headers asking search engines to not index anything")
-    ap2.add_argument("--logout", metavar="H", type=float, default="8086", help="logout clients after H hours of inactivity (0.0028=10sec, 0.1=6min, 24=day, 168=week, 720=month, 8760=year)")
+    ap2.add_argument("--no-robots", action="store_true", help="adds http and html headers asking search engines to not index anything (volflag=norobots)")
+    ap2.add_argument("--logout", metavar="H", type=float, default="8086", help="logout clients after H hours of inactivity; [\033[32m0.0028\033[0m]=10sec, [\033[32m0.1\033[0m]=6min, [\033[32m24\033[0m]=day, [\033[32m168\033[0m]=week, [\033[32m720\033[0m]=month, [\033[32m8760\033[0m]=year)")
+    ap2.add_argument("--ban-pw", metavar="N,W,B", type=u, default="9,60,1440", help="more than \033[33mN\033[0m wrong passwords in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
+    ap2.add_argument("--ban-404", metavar="N,W,B", type=u, default="no", help="hitting more than \033[33mN\033[0m 404's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes (disabled by default since turbo-up2k counts as 404s)")
+    ap2.add_argument("--aclose", metavar="MIN", type=int, default=10, help="if a client maxes out the server connection limit, downgrade it from connection:keep-alive to connection:close for MIN minutes (and also kill its active connections) -- disable with 0")
+    ap2.add_argument("--loris", metavar="B", type=int, default=60, help="if a client maxes out the server connection limit without sending headers, ban it for B minutes; disable with [\033[32m0\033[0m]")

-    ap2 = ap.add_argument_group('yolo options')
+
+def add_shutdown(ap):
+    ap2 = ap.add_argument_group('shutdown options')
    ap2.add_argument("--ign-ebind", action="store_true", help="continue running even if it's impossible to listen on some of the requested endpoints")
    ap2.add_argument("--ign-ebind-all", action="store_true", help="continue running even if it's impossible to receive connections at all")
+    ap2.add_argument("--exit", metavar="WHEN", type=u, default="", help="shutdown after WHEN has finished; for example [\033[32midx\033[0m] will do volume indexing + metadata analysis")

+
+def add_logging(ap):
    ap2 = ap.add_argument_group('logging options')
    ap2.add_argument("-q", action="store_true", help="quiet")
-    ap2.add_argument("-lo", metavar="PATH", type=u, help="logfile, example: cpp-%%Y-%%m%%d-%%H%%M%%S.txt.xz")
+    ap2.add_argument("-lo", metavar="PATH", type=u, help="logfile, example: \033[32mcpp-%%Y-%%m%%d-%%H%%M%%S.txt.xz")
    ap2.add_argument("--no-voldump", action="store_true", help="do not list volumes and permissions on startup")
    ap2.add_argument("--log-conn", action="store_true", help="debug: print tcp-server msgs")
    ap2.add_argument("--log-htp", action="store_true", help="debug: print http-server threadpool scaling")
    ap2.add_argument("--ihead", metavar="HEADER", type=u, action='append', help="dump incoming header")
-    ap2.add_argument("--lf-url", metavar="RE", type=u, default=r"^/\.cpr/|\?th=[wj]$", help="dont log URLs matching")
+    ap2.add_argument("--lf-url", metavar="RE", type=u, default=r"^/\.cpr/|\?th=[wj]$|/\.(_|ql_|DS_Store$|localized$)", help="dont log URLs matching")

+
+def add_admin(ap):
    ap2 = ap.add_argument_group('admin panel options')
    ap2.add_argument("--no-reload", action="store_true", help="disable ?reload=cfg (reload users/volumes/volflags from config file)")
    ap2.add_argument("--no-rescan", action="store_true", help="disable ?scan (volume reindexing)")
    ap2.add_argument("--no-stack", action="store_true", help="disable ?stack (list all stacks)")

+
+def add_thumbnail(ap):
    ap2 = ap.add_argument_group('thumbnail options')
-    ap2.add_argument("--no-thumb", action="store_true", help="disable all thumbnails")
-    ap2.add_argument("--no-athumb", action="store_true", help="disable audio thumbnails (spectrograms)")
-    ap2.add_argument("--no-vthumb", action="store_true", help="disable video thumbnails")
+    ap2.add_argument("--no-thumb", action="store_true", help="disable all thumbnails (volflag=dthumb)")
+    ap2.add_argument("--no-vthumb", action="store_true", help="disable video thumbnails (volflag=dvthumb)")
+    ap2.add_argument("--no-athumb", action="store_true", help="disable audio thumbnails (spectrograms) (volflag=dathumb)")
    ap2.add_argument("--th-size", metavar="WxH", default="320x256", help="thumbnail res")
-    ap2.add_argument("--th-mt", metavar="CORES", type=int, default=cores, help="num cpu cores to use for generating thumbnails")
+    ap2.add_argument("--th-mt", metavar="CORES", type=int, default=CORES, help="num cpu cores to use for generating thumbnails")
    ap2.add_argument("--th-convt", metavar="SEC", type=int, default=60, help="conversion timeout in seconds")
    ap2.add_argument("--th-no-crop", action="store_true", help="dynamic height; show full image")
    ap2.add_argument("--th-dec", metavar="LIBS", default="vips,pil,ff", help="image decoders, in order of preference")
@@ -596,10 +842,14 @@ def run_argparse(argv: list[str], formatter: Any, retry: bool) -> argparse.Names
    ap2.add_argument("--th-r-ffv", metavar="T,T", type=u, default="av1,asf,avi,flv,m4v,mkv,mjpeg,mjpg,mpg,mpeg,mpg2,mpeg2,h264,avc,mts,h265,hevc,mov,3gp,mp4,ts,mpegts,nut,ogv,ogm,rm,vob,webm,wmv", help="video formats to decode using ffmpeg")
    ap2.add_argument("--th-r-ffa", metavar="T,T", type=u, default="aac,m4a,ogg,opus,flac,alac,mp3,mp2,ac3,dts,wma,ra,wav,aif,aiff,au,alaw,ulaw,mulaw,amr,gsm,ape,tak,tta,wv,mpc", help="audio formats to decode using ffmpeg")

+
+def add_transcoding(ap):
    ap2 = ap.add_argument_group('transcoding options')
    ap2.add_argument("--no-acode", action="store_true", help="disable audio transcoding")
    ap2.add_argument("--ac-maxage", metavar="SEC", type=int, default=86400, help="delete cached transcode output after SEC seconds")

+
+def add_db_general(ap, hcores):
    ap2 = ap.add_argument_group('general db options')
    ap2.add_argument("-e2d", action="store_true", help="enable up2k database, making files searchable + enables upload deduplocation")
    ap2.add_argument("-e2ds", action="store_true", help="scan writable folders for new files on startup; sets -e2d")
@@ -607,37 +857,49 @@ def run_argparse(argv: list[str], formatter: Any, retry: bool) -> argparse.Names
    ap2.add_argument("-e2v", action="store_true", help="verify file integrity; rehash all files and compare with db")
    ap2.add_argument("-e2vu", action="store_true", help="on hash mismatch: update the database with the new hash")
    ap2.add_argument("-e2vp", action="store_true", help="on hash mismatch: panic and quit copyparty")
-    ap2.add_argument("--hist", metavar="PATH", type=u, help="where to store volume data (db, thumbs)")
-    ap2.add_argument("--no-hash", metavar="PTN", type=u, help="regex: disable hashing of matching paths during e2ds folder scans")
-    ap2.add_argument("--no-idx", metavar="PTN", type=u, help="regex: disable indexing of matching paths during e2ds folder scans")
-    ap2.add_argument("--xdev", action="store_true", help="do not descend into other filesystems (symlink or bind-mount to another HDD, ...)")
-    ap2.add_argument("--xvol", action="store_true", help="skip symlinks leaving the volume root")
+    ap2.add_argument("--hist", metavar="PATH", type=u, help="where to store volume data (db, thumbs) (volflag=hist)")
+    ap2.add_argument("--no-hash", metavar="PTN", type=u, help="regex: disable hashing of matching paths during e2ds folder scans (volflag=nohash)")
+    ap2.add_argument("--no-idx", metavar="PTN", type=u, help="regex: disable indexing of matching paths during e2ds folder scans (volflag=noidx)")
+    ap2.add_argument("--no-dhash", action="store_true", help="disable rescan acceleration; do full database integrity check -- makes the db ~5%% smaller and bootup/rescans 3~10x slower")
+    ap2.add_argument("--re-dhash", action="store_true", help="rebuild the cache if it gets out of sync (for example crash on startup during metadata scanning)")
+    ap2.add_argument("--no-forget", action="store_true", help="never forget indexed files, even when deleted from disk -- makes it impossible to ever upload the same file twice (volflag=noforget)")
+    ap2.add_argument("--dbd", metavar="PROFILE", default="wal", help="database durability profile; sets the tradeoff between robustness and speed, see --help-dbd (volflag=dbd)")
+    ap2.add_argument("--xlink", action="store_true", help="on upload: check all volumes for dupes, not just the target volume (volflag=xlink)")
+    ap2.add_argument("--xdev", action="store_true", help="do not descend into other filesystems (symlink or bind-mount to another HDD, ...) (volflag=xdev)")
+    ap2.add_argument("--xvol", action="store_true", help="skip symlinks leaving the volume root (volflag=xvol)")
    ap2.add_argument("--hash-mt", metavar="CORES", type=int, default=hcores, help="num cpu cores to use for file hashing; set 0 or 1 for single-core hashing")
-    ap2.add_argument("--re-maxage", metavar="SEC", type=int, default=0, help="disk rescan volume interval, 0=off, can be set per-volume with the 'scan' volflag")
+    ap2.add_argument("--re-maxage", metavar="SEC", type=int, default=0, help="disk rescan volume interval, 0=off (volflag=scan)")
    ap2.add_argument("--db-act", metavar="SEC", type=float, default=10, help="defer any scheduled volume reindexing until SEC seconds after last db write (uploads, renames, ...)")
-    ap2.add_argument("--srch-time", metavar="SEC", type=int, default=30, help="search deadline -- terminate searches running for more than SEC seconds")
+    ap2.add_argument("--srch-time", metavar="SEC", type=int, default=45, help="search deadline -- terminate searches running for more than SEC seconds")
    ap2.add_argument("--srch-hits", metavar="N", type=int, default=7999, help="max search results to allow clients to fetch; 125 results will be shown initially")

+
+def add_db_metadata(ap):
    ap2 = ap.add_argument_group('metadata db options')
    ap2.add_argument("-e2t", action="store_true", help="enable metadata indexing; makes it possible to search for artist/title/codec/resolution/...")
    ap2.add_argument("-e2ts", action="store_true", help="scan existing files on startup; sets -e2t")
    ap2.add_argument("-e2tsr", action="store_true", help="delete all metadata from DB and do a full rescan; sets -e2ts")
    ap2.add_argument("--no-mutagen", action="store_true", help="use FFprobe for tags instead; will catch more tags")
    ap2.add_argument("--no-mtag-ff", action="store_true", help="never use FFprobe as tag reader; is probably safer")
-    ap2.add_argument("--mtag-mt", metavar="CORES", type=int, default=cores, help="num cpu cores to use for tag scanning")
+    ap2.add_argument("--mtag-to", metavar="SEC", type=int, default=60, help="timeout for ffprobe tag-scan")
+    ap2.add_argument("--mtag-mt", metavar="CORES", type=int, default=CORES, help="num cpu cores to use for tag scanning")
    ap2.add_argument("--mtag-v", action="store_true", help="verbose tag scanning; print errors from mtp subprocesses and such")
+    ap2.add_argument("--mtag-vv", action="store_true", help="debug mtp settings and mutagen/ffprobe parsers")
    ap2.add_argument("-mtm", metavar="M=t,t,t", type=u, action="append", help="add/replace metadata mapping")
    ap2.add_argument("-mte", metavar="M,M,M", type=u, help="tags to index/display (comma-sep.)",
-        default="circle,album,.tn,artist,title,.bpm,key,.dur,.q,.vq,.aq,vc,ac,res,.fps,ahash,vhash")
+        default="circle,album,.tn,artist,title,.bpm,key,.dur,.q,.vq,.aq,vc,ac,fmt,res,.fps,ahash,vhash")
    ap2.add_argument("-mth", metavar="M,M,M", type=u, help="tags to hide by default (comma-sep.)",
-        default=".vq,.aq,vc,ac,res,.fps")
+        default=".vq,.aq,vc,ac,fmt,res,.fps")
    ap2.add_argument("-mtp", metavar="M=[f,]BIN", type=u, action="append", help="read tag M using program BIN to parse the file")

+
+def add_ui(ap, retry):
    ap2 = ap.add_argument_group('ui options')
    ap2.add_argument("--lang", metavar="LANG", type=u, default="eng", help="language")
    ap2.add_argument("--theme", metavar="NUM", type=int, default=0, help="default theme to use")
    ap2.add_argument("--themes", metavar="NUM", type=int, default=8, help="number of themes installed")
-    ap2.add_argument("--favico", metavar="TXT", type=u, default="c 000 none" if retry else "🎉 000 none", help="favicon text [ foreground [ background ] ], set blank to disable")
+    ap2.add_argument("--favico", metavar="TXT", type=u, default="c 000 none" if retry else "🎉 000 none", help="\033[33mfavicon-text\033[0m [ \033[33mforeground\033[0m [ \033[33mbackground\033[0m ] ], set blank to disable")
+    ap2.add_argument("--mpmc", metavar="URL", type=u, default="", help="change the mediaplayer-toggle mouse cursor; URL to a folder with {2..5}.png inside (or disable with [\033[32m.\033[0m])")
    ap2.add_argument("--js-browser", metavar="L", type=u, help="URL to additional JS to include")
    ap2.add_argument("--css-browser", metavar="L", type=u, help="URL to additional CSS to include")
    ap2.add_argument("--html-head", metavar="TXT", type=u, default="", help="text to append to the <head> of all HTML pages")
@@ -645,20 +907,86 @@ def run_argparse(argv: list[str], formatter: Any, retry: bool) -> argparse.Names
    ap2.add_argument("--txt-max", metavar="KiB", type=int, default=64, help="max size of embedded textfiles on ?doc= (anything bigger will be lazy-loaded by JS)")
    ap2.add_argument("--doctitle", metavar="TXT", type=u, default="copyparty", help="title / service-name to show in html documents")

+
+def add_debug(ap):
    ap2 = ap.add_argument_group('debug options')
    ap2.add_argument("--no-sendfile", action="store_true", help="disable sendfile; instead using a traditional file read loop")
    ap2.add_argument("--no-scandir", action="store_true", help="disable scandir; instead using listdir + stat on each file")
    ap2.add_argument("--no-fastboot", action="store_true", help="wait for up2k indexing before starting the httpd")
    ap2.add_argument("--no-htp", action="store_true", help="disable httpserver threadpool, create threads as-needed instead")
-    ap2.add_argument("--stackmon", metavar="P,S", type=u, help="write stacktrace to Path every S second")
+    ap2.add_argument("--rclone-mdns", action="store_true", help="use mdns-domain instead of server-ip on /?hc")
+    ap2.add_argument("--stackmon", metavar="P,S", type=u, help="write stacktrace to Path every S second, for example --stackmon=\033[32m./st/%%Y-%%m/%%d/%%H%%M.xz,60")
    ap2.add_argument("--log-thrs", metavar="SEC", type=float, help="list active threads every SEC")
-    ap2.add_argument("--log-fk", metavar="REGEX", type=u, default="", help="log filekey params for files where path matches REGEX; '.' (a single dot) = all files")
-    # fmt: on
+    ap2.add_argument("--log-fk", metavar="REGEX", type=u, default="", help="log filekey params for files where path matches REGEX; [\033[32m.\033[0m] (a single dot) = all files")
+    ap2.add_argument("--bak-flips", action="store_true", help="[up2k] if a client uploads a bitflipped/corrupted chunk, store a copy according to --bf-nc and --bf-dir")
+    ap2.add_argument("--bf-nc", metavar="NUM", type=int, default=200, help="bak-flips: stop if there's more than NUM files at --kf-dir already; default: 6.3 GiB max (200*32M)")
+    ap2.add_argument("--bf-dir", metavar="PATH", type=u, default="bf", help="bak-flips: store corrupted chunks at PATH; default: folder named 'bf' wherever copyparty was started")
+
+
+# fmt: on
+
+
+def run_argparse(
+    argv: list[str], formatter: Any, retry: bool, nc: int
+) -> argparse.Namespace:
+    ap = argparse.ArgumentParser(
+        formatter_class=formatter,
+        prog="copyparty",
+        description="http file sharing hub v{} ({})".format(S_VERSION, S_BUILD_DT),
+    )
+
+    try:
+        fk_salt = unicode(os.path.getmtime(os.path.join(E.cfg, "cert.pem")))
+    except:
+        fk_salt = "hunter2"
+
+    hcores = min(CORES, 4)  # optimal on py3.11 @ r5-4500U
+
+    tty = os.environ.get("TERM", "").lower() == "linux"
+
+    srvname = get_srvname()
+
+    add_general(ap, nc, srvname)
+    add_network(ap)
+    add_tls(ap)
+    add_qr(ap, tty)
+    add_zeroconf(ap)
+    add_zc_mdns(ap)
+    add_zc_ssdp(ap)
+    add_upload(ap)
+    add_db_general(ap, hcores)
+    add_db_metadata(ap)
+    add_thumbnail(ap)
+    add_transcoding(ap)
+    add_ftp(ap)
+    add_webdav(ap)
+    add_smb(ap)
+    add_safety(ap, fk_salt)
+    add_optouts(ap)
+    add_shutdown(ap)
+    add_ui(ap, retry)
+    add_admin(ap)
+    add_logging(ap)
+    add_debug(ap)

    ap2 = ap.add_argument_group("help sections")
+    sects = get_sects()
    for k, h, _ in sects:
        ap2.add_argument("--help-" + k, action="store_true", help=h)

+    try:
+        if not retry:
+            raise Exception()
+
+        for x in ap._actions:
+            if not x.help:
+                continue
+
+            a = ["ascii", "replace"]
+            x.help = x.help.encode(*a).decode(*a) + "\033[0m"
+    except:
+        pass
+
    ret = ap.parse_args(args=argv[1:])
    for k, h, t in sects:
        k2 = "help_" + k.replace("-", "_")
@@ -675,6 +1003,7 @@ def main(argv: Optional[list[str]] = None) -> None:
    if WINDOWS:
        os.system("rem")  # enables colors

+    init_E(E)
    if argv is None:
        argv = sys.argv

@@ -683,19 +1012,32 @@ def main(argv: Optional[list[str]] = None) -> None:
        S_VERSION,
        CODENAME,
        S_BUILD_DT,
-        py_desc().replace("[", "\033[1;30m["),
+        py_desc().replace("[", "\033[90m["),
        SQLITE_VER,
        JINJA_VER,
        PYFTPD_VER,
    )
    lprint(f)

+    if "--version" in argv:
+        sys.exit(0)
+
+    if "--license" in argv:
+        showlic()
+        sys.exit(0)
+
    ensure_locale()
    if HAVE_SSL:
        ensure_cert()

    for k, v in zip(argv[1:], argv[2:]):
-        if k == "-c":
+        if k == "-c" and os.path.isfile(v):
+            supp = args_from_cfg(v)
+            argv.extend(supp)
+
+    for k in argv[1:]:
+        v = k[2:]
+        if k.startswith("-c") and v and os.path.isfile(v):
            supp = args_from_cfg(v)
            argv.extend(supp)

@@ -711,23 +1053,45 @@ def main(argv: Optional[list[str]] = None) -> None:
        argv[idx] = nk
        time.sleep(2)

+    da = len(argv) == 1
    try:
-        if len(argv) == 1 and (ANYWIN or not os.geteuid()):
-            argv.extend(["-p80,443,3923", "--ign-ebind"])
+        if da:
+            argv.extend(["--qr"])
+            if ANYWIN or not os.geteuid():
+                argv.extend(["-p80,443,3923", "--ign-ebind"])
    except:
        pass

+    if da:
+        t = "no arguments provided; will use {}\n"
+        lprint(t.format(" ".join(argv[1:])))
+
+    nc = 1024
+    try:
+        import resource
+
+        _, hard = resource.getrlimit(resource.RLIMIT_NOFILE)
+        if hard > 0:  # -1 == infinite
+            nc = min(nc, hard // 4)
+    except:
+        nc = 512
+
    retry = False
    for fmtr in [RiceFormatter, RiceFormatter, Dodge11874, BasicDodge11874]:
        try:
-            al = run_argparse(argv, fmtr, retry)
+            al = run_argparse(argv, fmtr, retry, nc)
+            break
        except SystemExit:
            raise
        except:
            retry = True
            lprint("\n[ {} ]:\n{}\n".format(fmtr, min_ex()))

-    assert al
+    try:
+        assert al  # type: ignore
+        al.E = E  # __init__ is not shared when oxidized
+    except:
+        sys.exit(1)

    if WINDOWS and not al.keep_qem:
        try:
@@ -754,7 +1118,7 @@ def main(argv: Optional[list[str]] = None) -> None:
            if re.match("c[^,]", opt):
                mod = True
                na.append("c," + opt[1:])
-            elif re.sub("^[rwmdg]*", "", opt) and "," not in opt:
+            elif re.sub("^[rwmdgG]*", "", opt) and "," not in opt:
                mod = True
                perm = opt[0]
                if perm == "a":
@@ -779,6 +1143,11 @@ def main(argv: Optional[list[str]] = None) -> None:
        if getattr(al, k1):
            setattr(al, k2, True)

+    # propagate unplications
+    for k1, k2 in UNPLICATIONS:
+        if getattr(al, k1):
+            setattr(al, k2, False)
+
    al.i = al.i.split(",")
    try:
        if "-" in al.p:
@@ -795,6 +1164,12 @@ def main(argv: Optional[list[str]] = None) -> None:
            zs = "argument {} cannot be '{}'; try one of these: {}"
            raise Exception(zs.format(arg, val, okays))

+    if not al.qrs and [k for k in argv if k.startswith("--qr")]:
+        al.qr = True
+
+    if al.ihead:
+        al.ihead = [x.lower() for x in al.ihead]
+
    if HAVE_SSL:
        if al.ssl_ver:
            configure_ssl_ver(al)
@@ -810,6 +1185,10 @@ def main(argv: Optional[list[str]] = None) -> None:
            + "  (if you crash with codec errors then that is why)"
        )

+    if PY2 and al.smb:
+        print("error: python2 cannot --smb")
+        return
+
    if sys.version_info < (3, 6):
        al.no_scandir = True

--- a/copyparty/version.py
+++ b/copyparty/version.py
@@ -1,8 +1,8 @@
 # coding: utf-8

-VERSION = (1, 3, 11)
-CODENAME = "god dag"
-BUILD_DT = (2022, 8, 10)
+VERSION = (1, 5, 4)
+CODENAME = "babel"
+BUILD_DT = (2022, 12, 29)

 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -18,6 +18,7 @@ from .util import (
    IMPLICATIONS,
    META_NOBOTS,
    SQLITE_VER,
+    UNPLICATIONS,
    Pebkac,
    absreal,
    fsenc,
@@ -30,15 +31,12 @@ from .util import (
    unhumanize,
 )

-try:
+if True:  # pylint: disable=using-constant-test
    from collections.abc import Iterable

-    import typing
    from typing import Any, Generator, Optional, Union

    from .util import RootLogger
-except:
-    pass

 if TYPE_CHECKING:
    pass
@@ -58,18 +56,20 @@ class AXS(object):
        umove: Optional[Union[list[str], set[str]]] = None,
        udel: Optional[Union[list[str], set[str]]] = None,
        uget: Optional[Union[list[str], set[str]]] = None,
+        upget: Optional[Union[list[str], set[str]]] = None,
    ) -> None:
        self.uread: set[str] = set(uread or [])
        self.uwrite: set[str] = set(uwrite or [])
        self.umove: set[str] = set(umove or [])
        self.udel: set[str] = set(udel or [])
        self.uget: set[str] = set(uget or [])
+        self.upget: set[str] = set(upget or [])

    def __repr__(self) -> str:
        return "AXS({})".format(
            ", ".join(
                "{}={!r}".format(k, self.__dict__[k])
-                for k in "uread uwrite umove udel uget".split()
+                for k in "uread uwrite umove udel uget upget".split()
            )
        )

@@ -293,6 +293,7 @@ class VFS(object):
        self.amove: dict[str, list[str]] = {}
        self.adel: dict[str, list[str]] = {}
        self.aget: dict[str, list[str]] = {}
+        self.apget: dict[str, list[str]] = {}

        if realpath:
            self.histpath = os.path.join(realpath, ".hist")  # db / thumbcache
@@ -369,7 +370,6 @@ class VFS(object):

    def _find(self, vpath: str) -> tuple["VFS", str]:
        """return [vfs,remainder]"""
-        vpath = undot(vpath)
        if vpath == "":
            return self, ""

@@ -380,13 +380,15 @@ class VFS(object):
            rem = ""

        if name in self.nodes:
-            return self.nodes[name]._find(rem)
+            return self.nodes[name]._find(undot(rem))

        return self, vpath

-    def can_access(self, vpath: str, uname: str) -> tuple[bool, bool, bool, bool, bool]:
-        """can Read,Write,Move,Delete,Get"""
-        vn, _ = self._find(vpath)
+    def can_access(
+        self, vpath: str, uname: str
+    ) -> tuple[bool, bool, bool, bool, bool, bool]:
+        """can Read,Write,Move,Delete,Get,Upget"""
+        vn, _ = self._find(undot(vpath))
        c = vn.axs
        return (
            uname in c.uread or "*" in c.uread,
@@ -394,6 +396,7 @@ class VFS(object):
            uname in c.umove or "*" in c.umove,
            uname in c.udel or "*" in c.udel,
            uname in c.uget or "*" in c.uget,
+            uname in c.upget or "*" in c.upget,
        )

    def get(
@@ -405,6 +408,7 @@ class VFS(object):
        will_move: bool = False,
        will_del: bool = False,
        will_get: bool = False,
+        err: int = 403,
    ) -> tuple["VFS", str]:
        """returns [vfsnode,fs_remainder] if user has the requested permissions"""
        if ANYWIN:
@@ -414,7 +418,7 @@ class VFS(object):
                    self.log("vfs", "invalid relpath [{}]".format(vpath))
                raise Pebkac(404)

-        vn, rem = self._find(vpath)
+        vn, rem = self._find(undot(vpath))
        c: AXS = vn.axs

        for req, d, msg in [
@@ -426,7 +430,7 @@ class VFS(object):
        ]:
            if req and (uname not in d and "*" not in d) and uname != LEELOO_DALLAS:
                t = "you don't have {}-access for this location"
-                raise Pebkac(403, t.format(msg))
+                raise Pebkac(err, t.format(msg))

        return vn, rem

@@ -441,11 +445,20 @@ class VFS(object):

    def canonical(self, rem: str, resolve: bool = True) -> str:
        """returns the canonical path (fully-resolved absolute fs path)"""
-        rp = self.realpath
+        ap = self.realpath
        if rem:
-            rp += "/" + rem
+            ap += "/" + rem

-        return absreal(rp) if resolve else rp
+        return absreal(ap) if resolve else ap
+
+    def dcanonical(self, rem: str) -> str:
+        """resolves until the final component (filename)"""
+        ap = self.realpath
+        if rem:
+            ap += "/" + rem
+
+        ad, fn = os.path.split(ap)
+        return os.path.join(absreal(ad), fn)

    def ls(
        self,
@@ -562,14 +575,21 @@ class VFS(object):
                yield x

    def zipgen(
-        self, vrem: str, flt: set[str], uname: str, dots: bool, scandir: bool
+        self,
+        vrem: str,
+        flt: set[str],
+        uname: str,
+        dots: bool,
+        dirs: bool,
+        scandir: bool,
+        wrap: bool = True,
    ) -> Generator[dict[str, Any], None, None]:

        # if multiselect: add all items to archive root
        # if single folder: the folder itself is the top-level item
-        folder = "" if flt else (vrem.split("/")[-1] or "top")
+        folder = "" if flt or not wrap else (vrem.split("/")[-1] or "top")

-        g = self.walk(folder, vrem, [], uname, [[True]], dots, scandir, False)
+        g = self.walk(folder, vrem, [], uname, [[True, False]], dots, scandir, False)
        for _, _, vpath, apath, files, rd, vd in g:
            if flt:
                files = [x for x in files if x[0] in flt]
@@ -603,6 +623,21 @@ class VFS(object):
            for f in [{"vp": v, "ap": a, "st": n[1]} for v, a, n in ret]:
                yield f

+            if not dirs:
+                continue
+
+            ts = int(time.time())
+            st = os.stat_result((16877, -1, -1, 1, 1000, 1000, 8, ts, ts, ts))
+            dnames = [n[0] for n in rd]
+            dstats = [n[1] for n in rd]
+            dnames += list(vd.keys())
+            dstats += [st] * len(vd)
+            vpaths = [vpath + "/" + n for n in dnames] if vpath else dnames
+            apaths = [os.path.join(apath, n) for n in dnames]
+            ret2 = list(zip(vpaths, apaths, dstats))
+            for d in [{"vp": v, "ap": a, "st": n} for v, a, n in ret2]:
+                yield d
+

 if WINDOWS:
    re_vol = re.compile(r"^([a-zA-Z]:[\\/][^:]*|[^:]*):([^:]*):(.*)$")
@@ -668,7 +703,8 @@ class AuthSrv(object):

    def _parse_config_file(
        self,
-        fd: typing.BinaryIO,
+        fp: str,
+        cfg_lines: list[str],
        acct: dict[str, str],
        daxs: dict[str, AXS],
        mflags: dict[str, dict[str, Any]],
@@ -678,7 +714,8 @@ class AuthSrv(object):
        vol_src = None
        vol_dst = None
        self.line_ctr = 0
-        for ln in [x.decode("utf-8").strip() for x in fd]:
+        expand_config_file(cfg_lines, fp, "")
+        for ln in cfg_lines:
            self.line_ctr += 1
            if not ln and vol_src is not None:
                vol_src = None
@@ -707,6 +744,9 @@ class AuthSrv(object):
                if not vol_dst.startswith("/"):
                    raise Exception('invalid mountpoint "{}"'.format(vol_dst))

+                if vol_src.startswith("~"):
+                    vol_src = os.path.expanduser(vol_src)
+
                # cfg files override arguments and previous files
                vol_src = absreal(vol_src)
                vol_dst = vol_dst.strip("/")
@@ -723,12 +763,13 @@ class AuthSrv(object):
                t = "WARNING (config-file): permission flag 'a' is deprecated; please use 'rw' instead"
                self.log(t, 1)

+            assert vol_dst is not None
            self._read_vol_str(lvl, uname, daxs[vol_dst], mflags[vol_dst])

    def _read_vol_str(
        self, lvl: str, uname: str, axs: AXS, flags: dict[str, Any]
    ) -> None:
-        if lvl.strip("crwmdg"):
+        if lvl.strip("crwmdgG"):
            raise Exception("invalid volflag: {},{}".format(lvl, uname))

        if lvl == "c":
@@ -758,7 +799,9 @@ class AuthSrv(object):
                ("m", axs.umove),
                ("d", axs.udel),
                ("g", axs.uget),
-            ]:
+                ("G", axs.uget),
+                ("G", axs.upget),
+            ]:  # b bb bbb
                if ch in lvl:
                    al.add(un)

@@ -808,7 +851,7 @@ class AuthSrv(object):

        if self.args.v:
            # list of src:dst:permset:permset:...
-            # permset is <rwmdg>[,username][,username] or <c>,<flag>[=args]
+            # permset is <rwmdgG>[,username][,username] or <c>,<flag>[=args]
            for v_str in self.args.v:
                m = re_vol.match(v_str)
                if not m:
@@ -829,13 +872,16 @@ class AuthSrv(object):

        if self.args.c:
            for cfg_fn in self.args.c:
-                with open(cfg_fn, "rb") as f:
-                    try:
-                        self._parse_config_file(f, acct, daxs, mflags, mount)
-                    except:
-                        t = "\n\033[1;31m\nerror in config file {} on line {}:\n\033[0m"
-                        self.log(t.format(cfg_fn, self.line_ctr), 1)
-                        raise
+                lns: list[str] = []
+                try:
+                    self._parse_config_file(cfg_fn, lns, acct, daxs, mflags, mount)
+                except:
+                    lns = lns[: self.line_ctr]
+                    slns = ["{:4}: {}".format(n, s) for n, s in enumerate(lns, 1)]
+                    t = "\033[1;31m\nerror @ line {}, included from {}\033[0m"
+                    t = t.format(self.line_ctr, cfg_fn)
+                    self.log("\n{0}\n{1}{0}".format(t, "\n".join(slns)))
+                    raise

        # case-insensitive; normalize
        if WINDOWS:
@@ -870,10 +916,11 @@ class AuthSrv(object):
            zv.flags = mflags[dst]
            zv.dbv = None

+        assert vfs
        vfs.all_vols = {}
        vfs.get_all_vols(vfs.all_vols)

-        for perm in "read write move del get".split():
+        for perm in "read write move del get pget".split():
            axs_key = "u" + perm
            unames = ["*"] + list(acct.keys())
            umap: dict[str, list[str]] = {x: [] for x in unames}
@@ -888,7 +935,7 @@ class AuthSrv(object):
        all_users = {}
        missing_users = {}
        for axs in daxs.values():
-            for d in [axs.uread, axs.uwrite, axs.umove, axs.udel, axs.uget]:
+            for d in [axs.uread, axs.uwrite, axs.umove, axs.udel, axs.uget, axs.upget]:
                for usr in d:
                    all_users[usr] = 1
                    if usr != "*" and usr not in acct:
@@ -1071,10 +1118,29 @@ class AuthSrv(object):
                if getattr(self.args, k):
                    vol.flags[k] = True

+            for ga, vf in (
+                ("no_forget", "noforget"),
+                ("no_dupe", "nodupe"),
+                ("magic", "magic"),
+                ("xlink", "xlink"),
+            ):
+                if getattr(self.args, ga):
+                    vol.flags[vf] = True
+
            for k1, k2 in IMPLICATIONS:
                if k1 in vol.flags:
                    vol.flags[k2] = True

+            for k1, k2 in UNPLICATIONS:
+                if k1 in vol.flags:
+                    vol.flags[k2] = False
+
+            dbds = "acid|swal|wal|yolo"
+            vol.flags["dbd"] = dbd = vol.flags.get("dbd") or self.args.dbd
+            if dbd not in dbds.split("|"):
+                t = "invalid dbd [{}]; must be one of [{}]"
+                raise Exception(t.format(dbd, dbds))
+
            # default tag cfgs if unset
            if "mte" not in vol.flags:
                vol.flags["mte"] = self.args.mte
@@ -1117,6 +1183,16 @@ class AuthSrv(object):

                vol.flags = {k: v for k, v in vol.flags.items() if not k.startswith(rm)}

+            ints = ["lifetime"]
+            for k in list(vol.flags):
+                if k in ints:
+                    vol.flags[k] = int(vol.flags[k])
+
+            if "lifetime" in vol.flags and "e2d" not in vol.flags:
+                t = 'removing lifetime config from volume "/{}" because e2d is disabled'
+                self.log(t.format(vol.vpath), 1)
+                del vol.flags["lifetime"]
+
            # verify tags mentioned by -mt[mp] are used by -mte
            local_mtp = {}
            local_only_mtp = {}
@@ -1161,6 +1237,18 @@ class AuthSrv(object):
                self.log(t.format(mtp), 1)
                errors = True

+        have_daw = False
+        for vol in vfs.all_vols.values():
+            daw = vol.flags.get("daw") or self.args.daw
+            if daw:
+                vol.flags["daw"] = True
+                have_daw = True
+
+        if have_daw and self.args.no_dav:
+            t = 'volume "/{}" has volflag "daw" (webdav write-access), but --no-dav is set'
+            self.log(t, 1)
+            errors = True
+
        if errors:
            sys.exit(1)

@@ -1179,6 +1267,7 @@ class AuthSrv(object):
                ["  move", "umove"],
                ["delete", "udel"],
                ["   get", "uget"],
+                [" upget", "upget"],
            ]:
                u = list(sorted(getattr(zv.axs, attr)))
                u = ", ".join("\033[35meverybody\033[0m" if x == "*" else x for x in u)
@@ -1274,10 +1363,11 @@ class AuthSrv(object):
                raise Exception("volume not found: " + zs)

        self.log(str({"users": users, "vols": vols, "flags": flags}))
-        t = "/{}: read({}) write({}) move({}) del({}) get({})"
+        t = "/{}: read({}) write({}) move({}) del({}) get({}) upget({})"
        for k, zv in self.vfs.all_vols.items():
            vc = zv.axs
-            self.log(t.format(k, vc.uread, vc.uwrite, vc.umove, vc.udel, vc.uget))
+            vs = [k, vc.uread, vc.uwrite, vc.umove, vc.udel, vc.uget, vc.upget]
+            self.log(t.format(*vs))

        flag_v = "v" in flags
        flag_ln = "ln" in flags
@@ -1302,7 +1392,7 @@ class AuthSrv(object):
                    "",
                    [],
                    u,
-                    [[True]],
+                    [[True, False]],
                    True,
                    not self.args.no_scandir,
                    False,
@@ -1346,3 +1436,33 @@ class AuthSrv(object):

        if not flag_r:
            sys.exit(0)
+
+
+def expand_config_file(ret: list[str], fp: str, ipath: str) -> None:
+    """expand all % file includes"""
+    fp = absreal(fp)
+    ipath += " -> " + fp
+    ret.append("#\033[36m opening cfg file{}\033[0m".format(ipath))
+    if len(ipath.split(" -> ")) > 64:
+        raise Exception("hit max depth of 64 includes")
+
+    if os.path.isdir(fp):
+        for fn in sorted(os.listdir(fp)):
+            fp2 = os.path.join(fp, fn)
+            if not os.path.isfile(fp2):
+                continue  # dont recurse
+
+            expand_config_file(ret, fp2, ipath)
+        return
+
+    with open(fp, "rb") as f:
+        for ln in [x.decode("utf-8").strip() for x in f]:
+            if ln.startswith("% "):
+                fp2 = ln[1:].strip()
+                fp2 = os.path.join(os.path.dirname(fp), fp2)
+                expand_config_file(ret, fp2, ipath)
+                continue
+
+            ret.append(ln)
+
+    ret.append("#\033[36m closed{}\033[0m".format(ipath))
--- a/copyparty/bos/bos.py
+++ b/copyparty/bos/bos.py
@@ -4,14 +4,13 @@ from __future__ import print_function, unicode_literals
 import os

 from ..util import SYMTIME, fsdec, fsenc
-from . import path
+from . import path as path

-try:
-    from typing import Optional
-except:
-    pass
+if True:  # pylint: disable=using-constant-test
+    from typing import Any, Optional

 _ = (path,)
+__all__ = ["path"]

 # grep -hRiE '(^|[^a-zA-Z_\.-])os\.' . | gsed -r 's/ /\n/g;s/\(/(\n/g' | grep -hRiE '(^|[^a-zA-Z_\.-])os\.' | sort | uniq -c
 # printf 'os\.(%s)' "$(grep ^def bos/__init__.py | gsed -r 's/^def //;s/\(.*//' | tr '\n' '|' | gsed -r 's/.$//')"
@@ -25,19 +24,25 @@ def listdir(p: str = ".") -> list[str]:
    return [fsdec(x) for x in os.listdir(fsenc(p))]


-def makedirs(name: str, mode: int = 0o755, exist_ok: bool = True) -> None:
+def makedirs(name: str, mode: int = 0o755, exist_ok: bool = True) -> bool:
    bname = fsenc(name)
    try:
        os.makedirs(bname, mode)
+        return True
    except:
        if not exist_ok or not os.path.isdir(bname):
            raise
+        return False


 def mkdir(p: str, mode: int = 0o755) -> None:
    return os.mkdir(fsenc(p), mode)


+def open(p: str, *a, **ka) -> int:
+    return os.open(fsenc(p), *a, **ka)
+
+
 def rename(src: str, dst: str) -> None:
    return os.rename(fsenc(src), fsenc(dst))

--- a/copyparty/broker_mp.py
+++ b/copyparty/broker_mp.py
@@ -3,21 +3,20 @@ from __future__ import print_function, unicode_literals

 import threading
 import time
+import traceback

 import queue

-from .__init__ import TYPE_CHECKING
+from .__init__ import CORES, TYPE_CHECKING
 from .broker_mpw import MpWorker
 from .broker_util import try_exec
-from .util import mp
+from .util import Daemon, mp

 if TYPE_CHECKING:
    from .svchub import SvcHub

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any
-except:
-    pass


 class MProcess(mp.Process):
@@ -44,20 +43,14 @@ class BrokerMp(object):
        self.procs = []
        self.mutex = threading.Lock()

-        self.num_workers = self.args.j or mp.cpu_count()
+        self.num_workers = self.args.j or CORES
        self.log("broker", "booting {} subprocesses".format(self.num_workers))
        for n in range(1, self.num_workers + 1):
            q_pend: queue.Queue[tuple[int, str, list[Any]]] = mp.Queue(1)
            q_yield: queue.Queue[tuple[int, str, list[Any]]] = mp.Queue(64)

            proc = MProcess(q_pend, q_yield, MpWorker, (q_pend, q_yield, self.args, n))
-
-            thr = threading.Thread(
-                target=self.collector, args=(proc,), name="mp-sink-{}".format(n)
-            )
-            thr.daemon = True
-            thr.start()
-
+            Daemon(self.collector, "mp-sink-{}".format(n), (proc,))
            self.procs.append(proc)
            proc.start()

@@ -101,12 +94,15 @@ class BrokerMp(object):

            else:
                # new ipc invoking managed service in hub
-                obj = self.hub
-                for node in dest.split("."):
-                    obj = getattr(obj, node)
+                try:
+                    obj = self.hub
+                    for node in dest.split("."):
+                        obj = getattr(obj, node)

-                # TODO will deadlock if dest performs another ipc
-                rv = try_exec(retq_id, obj, *args)
+                    # TODO will deadlock if dest performs another ipc
+                    rv = try_exec(retq_id, obj, *args)
+                except:
+                    rv = ["exception", "stack", traceback.format_exc()]

                if retq_id:
                    proc.q_pend.put((retq_id, "retq", rv))
@@ -121,6 +117,10 @@ class BrokerMp(object):
            for p in self.procs:
                p.q_pend.put((0, dest, [args[0], len(self.procs)]))

+        elif dest == "set_netdevs":
+            for p in self.procs:
+                p.q_pend.put((0, dest, list(args)))
+
        elif dest == "cb_httpsrv_up":
            self.hub.cb_httpsrv_up()

--- a/copyparty/broker_mpw.py
+++ b/copyparty/broker_mpw.py
@@ -2,23 +2,23 @@
 from __future__ import print_function, unicode_literals

 import argparse
+import os
 import signal
 import sys
 import threading

 import queue

+from .__init__ import ANYWIN
 from .authsrv import AuthSrv
 from .broker_util import BrokerCli, ExceptionalQueue
 from .httpsrv import HttpSrv
-from .util import FAKE_MP
+from .util import FAKE_MP, Daemon, HMaccas

-try:
+if True:  # pylint: disable=using-constant-test
    from types import FrameType

    from typing import Any, Optional, Union
-except:
-    pass


 class MpWorker(BrokerCli):
@@ -47,21 +47,23 @@ class MpWorker(BrokerCli):
        # we inherited signal_handler from parent,
        # replace it with something harmless
        if not FAKE_MP:
-            for sig in [signal.SIGINT, signal.SIGTERM, signal.SIGUSR1]:
+            sigs = [signal.SIGINT, signal.SIGTERM]
+            if not ANYWIN:
+                sigs.append(signal.SIGUSR1)
+
+            for sig in sigs:
                signal.signal(sig, self.signal_handler)

        # starting to look like a good idea
        self.asrv = AuthSrv(args, None, False)

        # instantiate all services here (TODO: inheritance?)
+        self.iphash = HMaccas(os.path.join(self.args.E.cfg, "iphash"), 8)
        self.httpsrv = HttpSrv(self, n)

        # on winxp and some other platforms,
        # use thr.join() to block all signals
-        thr = threading.Thread(target=self.main, name="mpw-main")
-        thr.daemon = True
-        thr.start()
-        thr.join()
+        Daemon(self.main, "mpw-main").join()

    def signal_handler(self, sig: Optional[int], frame: Optional[FrameType]) -> None:
        # print('k')
@@ -95,6 +97,9 @@ class MpWorker(BrokerCli):
            elif dest == "listen":
                self.httpsrv.listen(args[0], args[1])

+            elif dest == "set_netdevs":
+                self.httpsrv.set_netdevs(args[0])
+
            elif dest == "retq":
                # response from previous ipc call
                with self.retpend_mutex:
--- a/copyparty/broker_thr.py
+++ b/copyparty/broker_thr.py
@@ -1,19 +1,19 @@
 # coding: utf-8
 from __future__ import print_function, unicode_literals

+import os
 import threading

 from .__init__ import TYPE_CHECKING
 from .broker_util import BrokerCli, ExceptionalQueue, try_exec
 from .httpsrv import HttpSrv
+from .util import HMaccas

 if TYPE_CHECKING:
    from .svchub import SvcHub

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any
-except:
-    pass


 class BrokerThr(BrokerCli):
@@ -31,6 +31,7 @@ class BrokerThr(BrokerCli):
        self.num_workers = 1

        # instantiate all services here (TODO: inheritance?)
+        self.iphash = HMaccas(os.path.join(self.args.E.cfg, "iphash"), 8)
        self.httpsrv = HttpSrv(self, None)
        self.reload = self.noop

@@ -60,6 +61,10 @@ class BrokerThr(BrokerCli):
            self.httpsrv.listen(args[0], 1)
            return

+        if dest == "set_netdevs":
+            self.httpsrv.set_netdevs(args[0])
+            return
+
        # new ipc invoking managed service in hub
        obj = self.hub
        for node in dest.split("."):
--- a/copyparty/broker_util.py
+++ b/copyparty/broker_util.py
@@ -8,14 +8,12 @@ from queue import Queue

 from .__init__ import TYPE_CHECKING
 from .authsrv import AuthSrv
-from .util import Pebkac
+from .util import HMaccas, Pebkac

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any, Optional, Union

    from .util import RootLogger
-except:
-    pass

 if TYPE_CHECKING:
    from .httpsrv import HttpSrv
@@ -41,11 +39,14 @@ class BrokerCli(object):
    for example resolving httpconn.* in httpcli -- see lines tagged #mypy404
    """

+    log: "RootLogger"
+    args: argparse.Namespace
+    asrv: AuthSrv
+    httpsrv: "HttpSrv"
+    iphash: HMaccas
+
    def __init__(self) -> None:
-        self.log: "RootLogger" = None
-        self.args: argparse.Namespace = None
-        self.asrv: AuthSrv = None
-        self.httpsrv: "HttpSrv" = None
+        pass

    def ask(self, dest: str, *args: Any) -> ExceptionalQueue:
        return ExceptionalQueue(1)
--- a/copyparty/dxml.py
+++ b/copyparty/dxml.py
@@ -0,0 +1,72 @@
+import importlib
+import sys
+import xml.etree.ElementTree as ET
+
+from .__init__ import PY2
+
+if True:  # pylint: disable=using-constant-test
+    from typing import Any, Optional
+
+
+def get_ET() -> ET.XMLParser:
+    pn = "xml.etree.ElementTree"
+    cn = "_elementtree"
+
+    cmod = sys.modules.pop(cn, None)
+    if not cmod:
+        return ET.XMLParser  # type: ignore
+
+    pmod = sys.modules.pop(pn)
+    sys.modules[cn] = None  # type: ignore
+
+    ret = importlib.import_module(pn)
+    for name, mod in ((pn, pmod), (cn, cmod)):
+        if mod:
+            sys.modules[name] = mod
+        else:
+            sys.modules.pop(name, None)
+
+    sys.modules["xml.etree"].ElementTree = pmod  # type: ignore
+    ret.ParseError = ET.ParseError  # type: ignore
+    return ret.XMLParser  # type: ignore
+
+
+XMLParser: ET.XMLParser = get_ET()
+
+
+class DXMLParser(XMLParser):  # type: ignore
+    def __init__(self) -> None:
+        tb = ET.TreeBuilder()
+        super(DXMLParser, self).__init__(target=tb)
+
+        p = self._parser if PY2 else self.parser
+        p.StartDoctypeDeclHandler = self.nope
+        p.EntityDeclHandler = self.nope
+        p.UnparsedEntityDeclHandler = self.nope
+        p.ExternalEntityRefHandler = self.nope
+
+    def nope(self, *a: Any, **ka: Any) -> None:
+        raise BadXML("{}, {}".format(a, ka))
+
+
+class BadXML(Exception):
+    pass
+
+
+def parse_xml(txt: str) -> ET.Element:
+    parser = DXMLParser()
+    parser.feed(txt)
+    return parser.close()  # type: ignore
+
+
+def mktnod(name: str, text: str) -> ET.Element:
+    el = ET.Element(name)
+    el.text = text
+    return el
+
+
+def mkenod(name: str, sub_el: Optional[ET.Element] = None) -> ET.Element:
+    el = ET.Element(name)
+    if sub_el is not None:
+        el.append(sub_el)
+    return el
--- a/copyparty/fsutil.py
+++ b/copyparty/fsutil.py
@@ -10,12 +10,10 @@ from .authsrv import AXS, VFS
 from .bos import bos
 from .util import chkcmd, min_ex

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Optional, Union

    from .util import RootLogger
-except:
-    pass


 class Fstab(object):
@@ -28,7 +26,7 @@ class Fstab(object):
        self.age = 0.0

    def log(self, msg: str, c: Union[int, str] = 0) -> None:
-        self.log_func("fstab", msg + "\033[K", c)
+        self.log_func("fstab", msg, c)

    def get(self, path: str) -> str:
        if len(self.cache) > 9000:
--- a/copyparty/ftpd.py
+++ b/copyparty/ftpd.py
@@ -6,18 +6,16 @@ import logging
 import os
 import stat
 import sys
-import threading
 import time

 from pyftpdlib.authorizers import AuthenticationFailed, DummyAuthorizer
 from pyftpdlib.filesystems import AbstractedFS, FilesystemError
 from pyftpdlib.handlers import FTPHandler
-from pyftpdlib.log import config_logging
 from pyftpdlib.servers import FTPServer

 from .__init__ import PY2, TYPE_CHECKING, E
 from .bos import bos
-from .util import Pebkac, exclude_dotfiles, fsenc
+from .util import Daemon, Pebkac, exclude_dotfiles, fsenc, ipnorm

 try:
    from pyftpdlib.ioloop import IOLoop
@@ -31,11 +29,9 @@ except ImportError:
 if TYPE_CHECKING:
    from .svchub import SvcHub

-try:
+if True:  # pylint: disable=using-constant-test
    import typing
    from typing import Any, Optional
-except:
-    pass


 class FtpAuth(DummyAuthorizer):
@@ -46,19 +42,40 @@ class FtpAuth(DummyAuthorizer):
    def validate_authentication(
        self, username: str, password: str, handler: Any
    ) -> None:
+        handler.username = "{}:{}".format(username, password)
+
+        ip = handler.addr[0]
+        if ip.startswith("::ffff:"):
+            ip = ip[7:]
+
+        ip = ipnorm(ip)
+        bans = self.hub.bans
+        if ip in bans:
+            rt = bans[ip] - time.time()
+            if rt < 0:
+                logging.info("client unbanned")
+                del bans[ip]
+            else:
+                raise AuthenticationFailed("banned")
+
        asrv = self.hub.asrv
        if username == "anonymous":
-            password = ""
+            uname = "*"
+        else:
+            uname = asrv.iacct.get(password, "") or asrv.iacct.get(username, "") or "*"

-        uname = "*"
-        if password:
-            uname = asrv.iacct.get(password, "")
+        if not uname or not (asrv.vfs.aread.get(uname) or asrv.vfs.awrite.get(uname)):
+            g = self.hub.gpwd
+            if g.lim:
+                bonk, ip = g.bonk(ip, handler.username)
+                if bonk:
+                    logging.warning("client banned: invalid passwords")
+                    bans[ip] = bonk
+
+            raise AuthenticationFailed("Authentication failed.")

        handler.username = uname

-        if password and not uname:
-            raise AuthenticationFailed("Authentication failed.")
-
    def get_home_dir(self, username: str) -> str:
        return "/"

@@ -92,6 +109,9 @@ class FtpFs(AbstractedFS):
        self.cwd = "/"  # pyftpdlib convention of leading slash
        self.root = "/var/lib/empty"

+        self.can_read = self.can_write = self.can_move = False
+        self.can_delete = self.can_get = self.can_upget = False
+
        self.listdirinfo = self.listdir
        self.chdir(".")

@@ -143,16 +163,36 @@ class FtpFs(AbstractedFS):
        w = "w" in mode or "a" in mode or "+" in mode

        ap = self.rv2a(filename, r, w)
-        if w and bos.path.exists(ap):
-            raise FilesystemError("cannot open existing file for writing")
+        if w:
+            try:
+                st = bos.stat(ap)
+                td = time.time() - st.st_mtime
+            except:
+                td = 0
+
+            if td < -1 or td > self.args.ftp_wt:
+                raise FilesystemError("cannot open existing file for writing")

        self.validpath(ap)
        return open(fsenc(ap), mode)

    def chdir(self, path: str) -> None:
-        self.cwd = join(self.cwd, path)
-        x = self.hub.asrv.vfs.can_access(self.cwd.lstrip("/"), self.h.username)
-        self.can_read, self.can_write, self.can_move, self.can_delete, self.can_get = x
+        nwd = join(self.cwd, path)
+        vfs, rem = self.hub.asrv.vfs.get(nwd, self.uname, False, False)
+        ap = vfs.canonical(rem)
+        if not bos.path.isdir(ap):
+            # returning 550 is library-default and suitable
+            raise FilesystemError("Failed to change directory")
+
+        self.cwd = nwd
+        (
+            self.can_read,
+            self.can_write,
+            self.can_move,
+            self.can_delete,
+            self.can_get,
+            self.can_upget,
+        ) = self.hub.asrv.vfs.can_access(self.cwd.lstrip("/"), self.h.username)

    def mkdir(self, path: str) -> None:
        ap = self.rv2a(path, w=True)
@@ -164,7 +204,10 @@ class FtpFs(AbstractedFS):
            vfs, rem = self.hub.asrv.vfs.get(vpath, self.uname, True, False)

            fsroot, vfs_ls1, vfs_virt = vfs.ls(
-                rem, self.uname, not self.args.no_scandir, [[True], [False, True]]
+                rem,
+                self.uname,
+                not self.args.no_scandir,
+                [[True, False], [False, True]],
            )
            vfs_ls = [x[0] for x in vfs_ls1]
            vfs_ls.extend(vfs_virt.keys())
@@ -193,7 +236,7 @@ class FtpFs(AbstractedFS):

        vp = join(self.cwd, path).lstrip("/")
        try:
-            self.hub.up2k.handle_rm(self.uname, self.h.remote_ip, [vp])
+            self.hub.up2k.handle_rm(self.uname, self.h.remote_ip, [vp], [])
        except Exception as ex:
            raise FilesystemError(str(ex))

@@ -233,11 +276,14 @@ class FtpFs(AbstractedFS):

    def lstat(self, path: str) -> os.stat_result:
        ap = self.rv2a(path)
-        return bos.lstat(ap)
+        return bos.stat(ap)

    def isfile(self, path: str) -> bool:
-        st = self.stat(path)
-        return stat.S_ISREG(st.st_mode)
+        try:
+            st = self.stat(path)
+            return stat.S_ISREG(st.st_mode)
+        except:
+            return False  # expected for mojibake in ftp_SIZE()

    def islink(self, path: str) -> bool:
        ap = self.rv2a(path)
@@ -274,8 +320,8 @@ class FtpFs(AbstractedFS):

 class FtpHandler(FTPHandler):
    abstracted_fs = FtpFs
-    hub: "SvcHub" = None
-    args: argparse.Namespace = None
+    hub: "SvcHub"
+    args: argparse.Namespace

    def __init__(self, conn: Any, server: Any, ioloop: Any = None) -> None:
        self.hub: "SvcHub" = FtpHandler.hub
@@ -289,6 +335,9 @@ class FtpHandler(FTPHandler):
        # abspath->vpath mapping to resolve log_transfer paths
        self.vfs_map: dict[str, str] = {}

+        # reduce non-debug logging
+        self.log_cmds_list = [x for x in self.log_cmds_list if x not in ("CWD", "XCWD")]
+
    def ftp_STOR(self, file: str, mode: str = "w") -> Any:
        # Optional[str]
        vp = join(self.fs.cwd, file).lstrip("/")
@@ -356,7 +405,7 @@ class Ftpd(object):
                print(t.format(sys.executable))
                sys.exit(1)

-            h1.certfile = os.path.join(E.cfg, "cert.pem")
+            h1.certfile = os.path.join(self.args.E.cfg, "cert.pem")
            h1.tls_control_required = True
            h1.tls_data_required = True

@@ -383,17 +432,15 @@ class Ftpd(object):
            if self.args.ftp_nat:
                h2.masquerade_address = self.args.ftp_nat

-        if self.args.ftp_dbg:
-            config_logging(level=logging.DEBUG)
+        lgr = logging.getLogger("pyftpdlib")
+        lgr.setLevel(logging.DEBUG if self.args.ftpv else logging.INFO)

        ioloop = IOLoop()
        for ip in self.args.i:
            for h, lp in hs:
                FTPServer((ip, int(lp)), h, ioloop)

-        thr = threading.Thread(target=ioloop.loop, name="ftp")
-        thr.daemon = True
-        thr.start()
+        Daemon(ioloop.loop, "ftp")


 def join(p1: str, p2: str) -> str:
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
--- a/copyparty/httpconn.py
+++ b/copyparty/httpconn.py
@@ -15,7 +15,7 @@ except:
    HAVE_SSL = False

 from . import util as Util
-from .__init__ import TYPE_CHECKING, E
+from .__init__ import TYPE_CHECKING, EnvParams
 from .authsrv import AuthSrv  # typechk
 from .httpcli import HttpCli
 from .ico import Ico
@@ -23,16 +23,18 @@ from .mtag import HAVE_FFMPEG
 from .th_cli import ThumbCli
 from .th_srv import HAVE_PIL, HAVE_VIPS
 from .u2idx import U2idx
+from .util import HMaccas, shut_socket

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Optional, Pattern, Union
-except:
-    pass

 if TYPE_CHECKING:
    from .httpsrv import HttpSrv


+PTN_HTTP = re.compile(br"[A-Z]{3}[A-Z ]")
+
+
 class HttpConn(object):
    """
    spawned by HttpSrv to handle an incoming client connection,
@@ -44,14 +46,19 @@ class HttpConn(object):
    ) -> None:
        self.s = sck
        self.sr: Optional[Util._Unrecv] = None
+        self.cli: Optional[HttpCli] = None
        self.addr = addr
        self.hsrv = hsrv

        self.mutex: threading.Lock = hsrv.mutex  # mypy404
        self.args: argparse.Namespace = hsrv.args  # mypy404
+        self.E: EnvParams = self.args.E
        self.asrv: AuthSrv = hsrv.asrv  # mypy404
        self.cert_path = hsrv.cert_path
        self.u2fh: Util.FHC = hsrv.u2fh  # mypy404
+        self.iphash: HMaccas = hsrv.broker.iphash
+        self.bans: dict[str, int] = hsrv.bans
+        self.aclose: dict[str, int] = hsrv.aclose

        enth = (HAVE_PIL or HAVE_VIPS or HAVE_FFMPEG) and not self.args.no_thumb
        self.thumbcli: Optional[ThumbCli] = ThumbCli(hsrv) if enth else None  # mypy404
@@ -59,7 +66,7 @@ class HttpConn(object):

        self.t0: float = time.time()  # mypy404
        self.stopping = False
-        self.nreq: int = 0  # mypy404
+        self.nreq: int = -1  # mypy404
        self.nbyte: int = 0  # mypy404
        self.u2idx: Optional[U2idx] = None
        self.log_func: "Util.RootLogger" = hsrv.log  # mypy404
@@ -72,8 +79,7 @@ class HttpConn(object):
    def shutdown(self) -> None:
        self.stopping = True
        try:
-            self.s.shutdown(socket.SHUT_RDWR)
-            self.s.close()
+            shut_socket(self.log, self.s, 1)
        except:
            pass

@@ -91,7 +97,7 @@ class HttpConn(object):
        return self.log_src

    def respath(self, res_name: str) -> str:
-        return os.path.join(E.mod, "web", res_name)
+        return os.path.join(self.E.mod, "web", res_name)

    def log(self, msg: str, c: Union[int, str] = 0) -> None:
        self.log_func(self.log_src, msg, c)
@@ -132,9 +138,11 @@ class HttpConn(object):
                self.s.send(b"HTTP/1.1 400 Bad Request\r\n\r\n" + err.encode("utf-8"))
                return False

-        return method not in [None, b"GET ", b"HEAD", b"POST", b"PUT ", b"OPTI"]
+        return not method or not bool(PTN_HTTP.match(method))

    def run(self) -> None:
+        self.s.settimeout(10)
+
        self.sr = None
        if self.args.https_only:
            is_https = True
@@ -189,11 +197,7 @@ class HttpConn(object):
            except Exception as ex:
                em = str(ex)

-                if "ALERT_BAD_CERTIFICATE" in em:
-                    # firefox-linux if there is no exception yet
-                    self.log("client rejected our certificate (nice)")
-
-                elif "ALERT_CERTIFICATE_UNKNOWN" in em:
+                if "ALERT_CERTIFICATE_UNKNOWN" in em:
                    # android-chrome keeps doing this
                    pass

@@ -207,6 +211,6 @@ class HttpConn(object):

        while not self.stopping:
            self.nreq += 1
-            cli = HttpCli(self)
-            if not cli.run():
+            self.cli = HttpCli(self)
+            if not self.cli.run():
                return
--- a/copyparty/httpsrv.py
+++ b/copyparty/httpsrv.py
@@ -28,18 +28,31 @@ except ImportError:
    )
    sys.exit(1)

-from .__init__ import MACOS, TYPE_CHECKING, E
+from .__init__ import ANYWIN, MACOS, TYPE_CHECKING, EnvParams
 from .bos import bos
 from .httpconn import HttpConn
-from .util import FHC, min_ex, spack, start_log_thrs, start_stackmon
+from .util import (
+    E_SCK,
+    FHC,
+    Daemon,
+    Garda,
+    Magician,
+    Netdev,
+    NetMap,
+    ipnorm,
+    min_ex,
+    shut_socket,
+    spack,
+    start_log_thrs,
+    start_stackmon,
+)

 if TYPE_CHECKING:
    from .broker_util import BrokerCli
+    from .ssdp import SSDPr

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any, Optional
-except:
-    pass


 class HttpSrv(object):
@@ -52,11 +65,24 @@ class HttpSrv(object):
        self.broker = broker
        self.nid = nid
        self.args = broker.args
+        self.E: EnvParams = self.args.E
        self.log = broker.log
        self.asrv = broker.asrv

-        nsuf = "-n{}-i{:x}".format(nid, os.getpid()) if nid else ""
+        # redefine in case of multiprocessing
+        socket.setdefaulttimeout(120)

+        nsuf = "-n{}-i{:x}".format(nid, os.getpid()) if nid else ""
+        self.magician = Magician()
+        self.nm = NetMap([], {})
+        self.ssdp: Optional["SSDPr"] = None
+        self.gpwd = Garda(self.args.ban_pw)
+        self.g404 = Garda(self.args.ban_404)
+        self.bans: dict[str, int] = {}
+        self.aclose: dict[str, int] = {}
+
+        self.ip = ""
+        self.port = 0
        self.name = "hsrv" + nsuf
        self.mutex = threading.Lock()
        self.stopping = False
@@ -78,14 +104,18 @@ class HttpSrv(object):
        self.cb_v = ""

        env = jinja2.Environment()
-        env.loader = jinja2.FileSystemLoader(os.path.join(E.mod, "web"))
-        self.j2 = {
-            x: env.get_template(x + ".html")
-            for x in ["splash", "browser", "browser2", "msg", "md", "mde", "cf"]
-        }
-        self.prism = os.path.exists(os.path.join(E.mod, "web", "deps", "prism.js.gz"))
+        env.loader = jinja2.FileSystemLoader(os.path.join(self.E.mod, "web"))
+        jn = ["splash", "svcs", "browser", "browser2", "msg", "md", "mde", "cf"]
+        self.j2 = {x: env.get_template(x + ".html") for x in jn}
+        zs = os.path.join(self.E.mod, "web", "deps", "prism.js.gz")
+        self.prism = os.path.exists(zs)

-        cert_path = os.path.join(E.cfg, "cert.pem")
+        if self.args.zs:
+            from .ssdp import SSDPr
+
+            self.ssdp = SSDPr(broker)
+
+        cert_path = os.path.join(self.E.cfg, "cert.pem")
        if bos.path.exists(cert_path):
            self.cert_path = cert_path
        else:
@@ -102,9 +132,7 @@ class HttpSrv(object):
                start_log_thrs(self.log, self.args.log_thrs, nid)

        self.th_cfg: dict[str, Any] = {}
-        t = threading.Thread(target=self.post_init, name="hsrv-init2")
-        t.daemon = True
-        t.start()
+        Daemon(self.post_init, "hsrv-init2")

    def post_init(self) -> None:
        try:
@@ -113,18 +141,16 @@ class HttpSrv(object):
        except:
            pass

+    def set_netdevs(self, netdevs: dict[str, Netdev]) -> None:
+        self.nm = NetMap([self.ip], netdevs)
+
    def start_threads(self, n: int) -> None:
        self.tp_nthr += n
        if self.args.log_htp:
            self.log(self.name, "workers += {} = {}".format(n, self.tp_nthr), 6)

        for _ in range(n):
-            thr = threading.Thread(
-                target=self.thr_poolw,
-                name=self.name + "-poolw",
-            )
-            thr.daemon = True
-            thr.start()
+            Daemon(self.thr_poolw, self.name + "-poolw")

    def stop_threads(self, n: int) -> None:
        self.tp_nthr -= n
@@ -150,22 +176,29 @@ class HttpSrv(object):
                    return

    def listen(self, sck: socket.socket, nlisteners: int) -> None:
-        ip, port = sck.getsockname()
+        if self.args.j != 1:
+            # lost in the pickle; redefine
+            if not ANYWIN or self.args.reuseaddr:
+                sck.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+
+            sck.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
+            sck.settimeout(None)  # < does not inherit, ^ opts above do
+
+        self.ip, self.port = sck.getsockname()[:2]
        self.srvs.append(sck)
        self.nclimax = math.ceil(self.args.nc * 1.0 / nlisteners)
-        t = threading.Thread(
-            target=self.thr_listen,
-            args=(sck,),
-            name="httpsrv-n{}-listen-{}-{}".format(self.nid or "0", ip, port),
+        Daemon(
+            self.thr_listen,
+            "httpsrv-n{}-listen-{}-{}".format(self.nid or "0", self.ip, self.port),
+            (sck,),
        )
-        t.daemon = True
-        t.start()

    def thr_listen(self, srv_sck: socket.socket) -> None:
        """listens on a shared tcp server"""
-        ip, port = srv_sck.getsockname()
+        ip, port = srv_sck.getsockname()[:2]
        fno = srv_sck.fileno()
-        msg = "subscribed @ {}:{}  f{} p{}".format(ip, port, fno, os.getpid())
+        hip = "[{}]".format(ip) if ":" in ip else ip
+        msg = "subscribed @ {}:{}  f{} p{}".format(hip, port, fno, os.getpid())
        self.log(self.name, msg)

        def fun() -> None:
@@ -175,19 +208,80 @@ class HttpSrv(object):

        while not self.stopping:
            if self.args.log_conn:
-                self.log(self.name, "|%sC-ncli" % ("-" * 1,), c="1;30")
+                self.log(self.name, "|%sC-ncli" % ("-" * 1,), c="90")

-            if self.ncli >= self.nclimax:
-                self.log(self.name, "at connection limit; waiting", 3)
-                while self.ncli >= self.nclimax:
-                    time.sleep(0.1)
+            spins = 0
+            while self.ncli >= self.nclimax:
+                if not spins:
+                    self.log(self.name, "at connection limit; waiting", 3)
+
+                spins += 1
+                time.sleep(0.1)
+                if spins != 50 or not self.args.aclose:
+                    continue
+
+                ipfreq: dict[str, int] = {}
+                with self.mutex:
+                    for c in self.clients:
+                        ip = ipnorm(c.ip)
+                        try:
+                            ipfreq[ip] += 1
+                        except:
+                            ipfreq[ip] = 1
+
+                ip, n = sorted(ipfreq.items(), key=lambda x: x[1], reverse=True)[0]
+                if n < self.nclimax / 2:
+                    continue
+
+                self.aclose[ip] = int(time.time() + self.args.aclose * 60)
+                nclose = 0
+                nloris = 0
+                nconn = 0
+                with self.mutex:
+                    for c in self.clients:
+                        cip = ipnorm(c.ip)
+                        if ip != cip:
+                            continue
+
+                        nconn += 1
+                        try:
+                            if (
+                                c.nreq >= 1
+                                or not c.cli
+                                or c.cli.in_hdr_recv
+                                or c.cli.keepalive
+                            ):
+                                Daemon(c.shutdown)
+                                nclose += 1
+                                if c.nreq <= 0 and (not c.cli or c.cli.in_hdr_recv):
+                                    nloris += 1
+                        except:
+                            pass
+
+                t = "{} downgraded to connection:close for {} min; dropped {}/{} connections"
+                self.log(self.name, t.format(ip, self.args.aclose, nclose, nconn), 1)
+
+                if nloris < nconn / 2:
+                    continue
+
+                t = "slowloris (idle-conn): {} banned for {} min"
+                self.log(self.name, t.format(ip, self.args.loris, nclose), 1)
+                self.bans[ip] = int(time.time() + self.args.loris * 60)

            if self.args.log_conn:
-                self.log(self.name, "|%sC-acc1" % ("-" * 2,), c="1;30")
+                self.log(self.name, "|%sC-acc1" % ("-" * 2,), c="90")

            try:
-                sck, addr = srv_sck.accept()
+                sck, saddr = srv_sck.accept()
+                cip, cport = saddr[:2]
+                if cip.startswith("::ffff:"):
+                    cip = cip[7:]
+
+                addr = (cip, cport)
            except (OSError, socket.error) as ex:
+                if self.stopping:
+                    break
+
                self.log(self.name, "accept({}): {}".format(fno, ex), c=6)
                time.sleep(0.02)
                continue
@@ -196,7 +290,7 @@ class HttpSrv(object):
                t = "|{}C-acc2 \033[0;36m{} \033[3{}m{}".format(
                    "-" * 3, ip, port % 8, port
                )
-                self.log("%s %s" % addr, t, c="1;30")
+                self.log("%s %s" % addr, t, c="90")

            self.accept(sck, addr)

@@ -217,10 +311,7 @@ class HttpSrv(object):
                if self.nid:
                    name += "-{}".format(self.nid)

-                thr = threading.Thread(target=self.periodic, name=name)
-                self.t_periodic = thr
-                thr.daemon = True
-                thr.start()
+                self.t_periodic = Daemon(self.periodic, name)

            if self.tp_q:
                self.tp_time = self.tp_time or now
@@ -235,13 +326,11 @@ class HttpSrv(object):
            t = "looks like the httpserver threadpool died; please make an issue on github and tell me the story of how you pulled that off, thanks and dog bless\n"
            self.log(self.name, t, 1)

-        thr = threading.Thread(
-            target=self.thr_client,
-            args=(sck, addr),
-            name="httpconn-{}-{}".format(addr[0].split(".", 2)[-1][-6:], addr[1]),
+        Daemon(
+            self.thr_client,
+            "httpconn-{}-{}".format(addr[0].split(".", 2)[-1][-6:], addr[1]),
+            (sck, addr),
        )
-        thr.daemon = True
-        thr.start()

    def thr_poolw(self) -> None:
        assert self.tp_q
@@ -275,12 +364,12 @@ class HttpSrv(object):
            except:
                pass

+        thrs = []
        clients = list(self.clients)
        for cli in clients:
-            try:
-                cli.shutdown()
-            except:
-                pass
+            t = threading.Thread(target=cli.shutdown)
+            thrs.append(t)
+            t.start()

        if self.tp_q:
            self.stop_threads(self.tp_nthr)
@@ -289,25 +378,27 @@ class HttpSrv(object):
                if self.tp_q.empty():
                    break

+        for t in thrs:
+            t.join()
+
        self.log(self.name, "ok bye")

    def thr_client(self, sck: socket.socket, addr: tuple[str, int]) -> None:
        """thread managing one tcp client"""
-        sck.settimeout(120)
-
        cli = HttpConn(sck, addr, self)
        with self.mutex:
            self.clients.add(cli)

+        # print("{}\n".format(len(self.clients)), end="")
        fno = sck.fileno()
        try:
            if self.args.log_conn:
-                self.log("%s %s" % addr, "|%sC-crun" % ("-" * 4,), c="1;30")
+                self.log("%s %s" % addr, "|%sC-crun" % ("-" * 4,), c="90")

            cli.run()

        except (OSError, socket.error) as ex:
-            if ex.errno not in [10038, 10054, 107, 57, 49, 9]:
+            if ex.errno not in E_SCK:
                self.log(
                    "%s %s" % addr,
                    "run({}): {}".format(fno, ex),
@@ -317,26 +408,19 @@ class HttpSrv(object):
        finally:
            sck = cli.s
            if self.args.log_conn:
-                self.log("%s %s" % addr, "|%sC-cdone" % ("-" * 5,), c="1;30")
+                self.log("%s %s" % addr, "|%sC-cdone" % ("-" * 5,), c="90")

            try:
                fno = sck.fileno()
-                sck.shutdown(socket.SHUT_RDWR)
-                sck.close()
+                shut_socket(cli.log, sck)
            except (OSError, socket.error) as ex:
                if not MACOS:
                    self.log(
                        "%s %s" % addr,
                        "shut({}): {}".format(fno, ex),
-                        c="1;30",
+                        c="90",
                    )
-                if ex.errno not in [10038, 10054, 107, 57, 49, 9]:
-                    # 10038 No longer considered a socket
-                    # 10054 Foribly closed by remote
-                    #   107 Transport endpoint not connected
-                    #    57 Socket is not connected
-                    #    49 Can't assign requested address (wifi down)
-                    #     9 Bad file descriptor
+                if ex.errno not in E_SCK:
                    raise
            finally:
                with self.mutex:
@@ -351,9 +435,9 @@ class HttpSrv(object):
            if time.time() - self.cb_ts < 1:
                return self.cb_v

-            v = E.t0
+            v = self.E.t0
            try:
-                with os.scandir(os.path.join(E.mod, "web")) as dh:
+                with os.scandir(os.path.join(self.E.mod, "web")) as dh:
                    for fh in dh:
                        inf = fh.stat()
                        v = max(v, inf.st_mtime)
--- a/copyparty/ico.py
+++ b/copyparty/ico.py
@@ -6,16 +6,18 @@ import colorsys
 import hashlib

 from .__init__ import PY2
+from .th_srv import HAVE_PIL
+from .util import BytesIO


 class Ico(object):
    def __init__(self, args: argparse.Namespace) -> None:
        self.args = args

-    def get(self, ext: str, as_thumb: bool) -> tuple[str, bytes]:
+    def get(self, ext: str, as_thumb: bool, chrome: bool) -> tuple[str, bytes]:
        """placeholder to make thumbnails not break"""

-        zb = hashlib.md5(ext.encode("utf-8")).digest()[:2]
+        zb = hashlib.sha1(ext.encode("utf-8")).digest()[2:4]
        if PY2:
            zb = [ord(x) for x in zb]

@@ -24,10 +26,44 @@ class Ico(object):
        ci = [int(x * 255) for x in list(c1) + list(c2)]
        c = "".join(["{:02x}".format(x) for x in ci])

+        w = 100
        h = 30
        if not self.args.th_no_crop and as_thumb:
-            w, h = self.args.th_size.split("x")
-            h = int(100 / (float(w) / float(h)))
+            sw, sh = self.args.th_size.split("x")
+            h = int(100 / (float(sw) / float(sh)))
+            w = 100
+
+        if chrome and as_thumb:
+            # cannot handle more than ~2000 unique SVGs
+            if HAVE_PIL:
+                # svg: 3s, cache: 6s, this: 8s
+                from PIL import Image, ImageDraw
+
+                h = int(64 * h / w)
+                w = 64
+                img = Image.new("RGB", (w, h), "#" + c[:6])
+                pb = ImageDraw.Draw(img)
+                tw, th = pb.textsize(ext)
+                pb.text(((w - tw) // 2, (h - th) // 2), ext, fill="#" + c[6:])
+                img = img.resize((w * 3, h * 3), Image.NEAREST)
+
+                buf = BytesIO()
+                img.save(buf, format="PNG", compress_level=1)
+                return "image/png", buf.getvalue()
+
+            elif False:
+                # 48s, too slow
+                import pyvips
+
+                h = int(192 * h / w)
+                w = 192
+                img = pyvips.Image.text(
+                    ext, width=w, height=h, dpi=192, align=pyvips.Align.CENTRE
+                )
+                img = img.ifthenelse(ci[3:], ci[:3], blend=True)
+                # i = i.resize(3, kernel=pyvips.Kernel.NEAREST)
+                buf = img.write_to_buffer(".png[compression=1]")
+                return "image/png", buf

        svg = """\
 <?xml version="1.0" encoding="UTF-8"?>
--- a/copyparty/mdns.py
+++ b/copyparty/mdns.py
@@ -0,0 +1,512 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import random
+import select
+import socket
+import time
+
+from ipaddress import IPv4Network, IPv6Network
+
+from .__init__ import TYPE_CHECKING
+from .__init__ import unicode as U
+from .multicast import MC_Sck, MCast
+from .stolen.dnslib import CLASS as DC
+from .stolen.dnslib import (
+    NSEC,
+    PTR,
+    QTYPE,
+    RR,
+    SRV,
+    TXT,
+    A,
+    AAAA,
+    DNSHeader,
+    DNSQuestion,
+    DNSRecord,
+)
+from .util import CachedSet, Daemon, Netdev, min_ex
+
+if TYPE_CHECKING:
+    from .svchub import SvcHub
+
+if True:  # pylint: disable=using-constant-test
+    from typing import Any, Optional, Union
+
+
+MDNS4 = "224.0.0.251"
+MDNS6 = "ff02::fb"
+
+
+class MDNS_Sck(MC_Sck):
+    def __init__(
+        self,
+        sck: socket.socket,
+        nd: Netdev,
+        grp: str,
+        ip: str,
+        net: Union[IPv4Network, IPv6Network],
+    ):
+        super(MDNS_Sck, self).__init__(sck, nd, grp, ip, net)
+
+        self.bp_probe = b""
+        self.bp_ip = b""
+        self.bp_svc = b""
+        self.bp_bye = b""
+
+        self.last_tx = 0.0
+
+
+class MDNS(MCast):
+    def __init__(self, hub: "SvcHub") -> None:
+        al = hub.args
+        grp4 = "" if al.zm6 else MDNS4
+        grp6 = "" if al.zm4 else MDNS6
+        super(MDNS, self).__init__(
+            hub, MDNS_Sck, al.zm_on, al.zm_off, grp4, grp6, 5353, hub.args.zmv
+        )
+        self.srv: dict[socket.socket, MDNS_Sck] = {}
+
+        self.ttl = 300
+
+        zs = self.args.name + ".local."
+        zs = zs.encode("ascii", "replace").decode("ascii", "replace")
+        self.hn = "-".join(x for x in zs.split("?") if x) or (
+            "vault-{}".format(random.randint(1, 255))
+        )
+        self.lhn = self.hn.lower()
+
+        # requester ip -> (response deadline, srv, body):
+        self.q: dict[str, tuple[float, MDNS_Sck, bytes]] = {}
+        self.rx4 = CachedSet(0.42)  # 3 probes @ 250..500..750 => 500ms span
+        self.rx6 = CachedSet(0.42)
+        self.svcs, self.sfqdns = self.build_svcs()
+        self.lsvcs = {k.lower(): v for k, v in self.svcs.items()}
+        self.lsfqdns = set([x.lower() for x in self.sfqdns])
+
+        self.probing = 0.0
+        self.unsolicited: list[float] = []  # scheduled announces on all nics
+        self.defend: dict[MDNS_Sck, float] = {}  # server -> deadline
+
+    def log(self, msg: str, c: Union[int, str] = 0) -> None:
+        self.log_func("mDNS", msg, c)
+
+    def build_svcs(self) -> tuple[dict[str, dict[str, Any]], set[str]]:
+        zms = self.args.zms
+        http = {"port": 80 if 80 in self.args.p else self.args.p[0]}
+        https = {"port": 443 if 443 in self.args.p else self.args.p[0]}
+        webdav = http.copy()
+        webdavs = https.copy()
+        webdav["u"] = webdavs["u"] = "u"  # KDE requires username
+        ftp = {"port": (self.args.ftp if "f" in zms else self.args.ftps)}
+        smb = {"port": self.args.smb_port}
+
+        # some gvfs require path
+        zs = self.args.zm_ld or "/"
+        if zs:
+            webdav["path"] = zs
+            webdavs["path"] = zs
+
+        if self.args.zm_lh:
+            http["path"] = self.args.zm_lh
+            https["path"] = self.args.zm_lh
+
+        if self.args.zm_lf:
+            ftp["path"] = self.args.zm_lf
+
+        if self.args.zm_ls:
+            smb["path"] = self.args.zm_ls
+
+        svcs: dict[str, dict[str, Any]] = {}
+
+        if "d" in zms:
+            svcs["_webdav._tcp.local."] = webdav
+
+        if "D" in zms:
+            svcs["_webdavs._tcp.local."] = webdavs
+
+        if "h" in zms:
+            svcs["_http._tcp.local."] = http
+
+        if "H" in zms:
+            svcs["_https._tcp.local."] = https
+
+        if "f" in zms.lower():
+            svcs["_ftp._tcp.local."] = ftp
+
+        if "s" in zms.lower():
+            svcs["_smb._tcp.local."] = smb
+
+        sfqdns: set[str] = set()
+        for k, v in svcs.items():
+            name = "{}-c-{}".format(self.args.name, k.split(".")[0][1:])
+            v["name"] = name
+            sfqdns.add("{}.{}".format(name, k))
+
+        return svcs, sfqdns
+
+    def build_replies(self) -> None:
+        for srv in self.srv.values():
+            probe = DNSRecord(DNSHeader(0, 0), q=DNSQuestion(self.hn, QTYPE.ANY))
+            areply = DNSRecord(DNSHeader(0, 0x8400))
+            sreply = DNSRecord(DNSHeader(0, 0x8400))
+            bye = DNSRecord(DNSHeader(0, 0x8400))
+
+            have4 = have6 = False
+            for s2 in self.srv.values():
+                if srv.idx != s2.idx:
+                    continue
+
+                if s2.v6:
+                    have6 = True
+                else:
+                    have4 = True
+
+            for ip in srv.ips:
+                if ":" in ip:
+                    qt = QTYPE.AAAA
+                    ar = {"rclass": DC.F_IN, "rdata": AAAA(ip)}
+                else:
+                    qt = QTYPE.A
+                    ar = {"rclass": DC.F_IN, "rdata": A(ip)}
+
+                r0 = RR(self.hn, qt, ttl=0, **ar)
+                r120 = RR(self.hn, qt, ttl=120, **ar)
+                # rfc-10:
+                #   SHOULD rr ttl 120sec for A/AAAA/SRV
+                #   (and recommend 75min for all others)
+
+                probe.add_auth(r120)
+                areply.add_answer(r120)
+                sreply.add_answer(r120)
+                bye.add_answer(r0)
+
+            for sclass, props in self.svcs.items():
+                sname = props["name"]
+                sport = props["port"]
+                sfqdn = sname + "." + sclass
+
+                k = "_services._dns-sd._udp.local."
+                r = RR(k, QTYPE.PTR, DC.IN, 4500, PTR(sclass))
+                sreply.add_answer(r)
+
+                r = RR(sclass, QTYPE.PTR, DC.IN, 4500, PTR(sfqdn))
+                sreply.add_answer(r)
+
+                r = RR(sfqdn, QTYPE.SRV, DC.F_IN, 120, SRV(0, 0, sport, self.hn))
+                sreply.add_answer(r)
+                areply.add_answer(r)
+
+                r = RR(sfqdn, QTYPE.SRV, DC.F_IN, 0, SRV(0, 0, sport, self.hn))
+                bye.add_answer(r)
+
+                txts = []
+                for k in ("u", "path"):
+                    if k not in props:
+                        continue
+
+                    zb = "{}={}".format(k, props[k]).encode("utf-8")
+                    if len(zb) > 255:
+                        t = "value too long for mdns: [{}]"
+                        raise Exception(t.format(props[k]))
+
+                    txts.append(zb)
+
+                # gvfs really wants txt even if they're empty
+                r = RR(sfqdn, QTYPE.TXT, DC.F_IN, 4500, TXT(txts))
+                sreply.add_answer(r)
+
+            if not (have4 and have6) and not self.args.zm_noneg:
+                ns = NSEC(self.hn, ["AAAA" if have6 else "A"])
+                r = RR(self.hn, QTYPE.NSEC, DC.F_IN, 120, ns)
+                areply.add_ar(r)
+                if len(sreply.pack()) < 1400:
+                    sreply.add_ar(r)
+
+            srv.bp_probe = probe.pack()
+            srv.bp_ip = areply.pack()
+            srv.bp_svc = sreply.pack()
+            srv.bp_bye = bye.pack()
+
+            # since all replies are small enough to fit in one packet,
+            # always send full replies rather than just a/aaaa records
+            srv.bp_ip = srv.bp_svc
+
+    def send_probes(self) -> None:
+        slp = random.random() * 0.25
+        for _ in range(3):
+            time.sleep(slp)
+            slp = 0.25
+            if not self.running:
+                break
+
+            if self.args.zmv:
+                self.log("sending hostname probe...")
+
+            # ipv4: need to probe each ip (each server)
+            # ipv6: only need to probe each set of looped nics
+            probed6: set[str] = set()
+            for srv in self.srv.values():
+                if srv.ip in probed6:
+                    continue
+
+                try:
+                    srv.sck.sendto(srv.bp_probe, (srv.grp, 5353))
+                    if srv.v6:
+                        for ip in srv.ips:
+                            probed6.add(ip)
+                except Exception as ex:
+                    self.log("sendto failed: {} ({})".format(srv.ip, ex), "90")
+
+    def run(self) -> None:
+        try:
+            bound = self.create_servers()
+        except:
+            t = "no server IP matches the mdns config\n{}"
+            self.log(t.format(min_ex()), 1)
+            bound = []
+
+        if not bound:
+            self.log("failed to announce copyparty services on the network", 3)
+            return
+
+        self.build_replies()
+        Daemon(self.send_probes)
+        zf = time.time() + 2
+        self.probing = zf  # cant unicast so give everyone an extra sec
+        self.unsolicited = [zf, zf + 1, zf + 3, zf + 7]  # rfc-8.3
+        last_hop = time.time()
+        ihop = self.args.mc_hop
+        while self.running:
+            timeout = (
+                0.02 + random.random() * 0.07
+                if self.probing or self.q or self.defend or self.unsolicited
+                else (last_hop + ihop if ihop else 180)
+            )
+            rdy = select.select(self.srv, [], [], timeout)
+            rx: list[socket.socket] = rdy[0]  # type: ignore
+            self.rx4.cln()
+            self.rx6.cln()
+            for sck in rx:
+                buf, addr = sck.recvfrom(4096)
+                try:
+                    self.eat(buf, addr, sck)
+                except:
+                    if not self.running:
+                        return
+
+                    t = "{} {} \033[33m|{}| {}\n{}".format(
+                        self.srv[sck].name, addr, len(buf), repr(buf)[2:-1], min_ex()
+                    )
+                    self.log(t, 6)
+
+            if not self.probing:
+                self.process()
+                continue
+
+            if self.probing < time.time():
+                t = "probe ok; announcing [{}]"
+                self.log(t.format(self.hn[:-1]), 2)
+                self.probing = 0
+
+    def stop(self, panic=False) -> None:
+        self.running = False
+        if not panic:
+            for srv in self.srv.values():
+                try:
+                    srv.sck.sendto(srv.bp_bye, (srv.grp, 5353))
+                except:
+                    pass
+
+        self.srv = {}
+
+    def eat(self, buf: bytes, addr: tuple[str, int], sck: socket.socket) -> None:
+        cip = addr[0]
+        v6 = ":" in cip
+        if (cip.startswith("169.254") and not self.ll_ok) or (
+            v6 and not cip.startswith("fe80")
+        ):
+            return
+
+        cache = self.rx6 if v6 else self.rx4
+        if buf in cache.c:
+            return
+
+        srv: Optional[MDNS_Sck] = self.srv[sck] if v6 else self.map_client(cip)  # type: ignore
+        if not srv:
+            return
+
+        cache.add(buf)
+        now = time.time()
+
+        if self.args.zmv and cip != srv.ip and cip not in srv.ips:
+            t = "{} [{}] \033[36m{} \033[0m|{}|"
+            self.log(t.format(srv.name, srv.ip, cip, len(buf)), "90")
+
+        p = DNSRecord.parse(buf)
+        if self.args.zmvv:
+            self.log(str(p))
+
+        # check for incoming probes for our hostname
+        cips = [U(x.rdata) for x in p.auth if U(x.rname).lower() == self.lhn]
+        if cips and self.sips.isdisjoint(cips):
+            if not [x for x in cips if x not in ("::1", "127.0.0.1")]:
+                # avahi broadcasting 127.0.0.1-only packets
+                return
+
+            self.log("someone trying to steal our hostname: {}".format(cips), 3)
+            # immediately unicast
+            if not self.probing:
+                srv.sck.sendto(srv.bp_ip, (cip, 5353))
+
+            # and schedule multicast
+            self.defend[srv] = self.defend.get(srv, now + 0.1)
+            return
+
+        # check for someone rejecting our probe / hijacking our hostname
+        cips = [
+            U(x.rdata)
+            for x in p.rr
+            if U(x.rname).lower() == self.lhn and x.rclass == DC.F_IN
+        ]
+        if cips and self.sips.isdisjoint(cips):
+            if not [x for x in cips if x not in ("::1", "127.0.0.1")]:
+                # avahi broadcasting 127.0.0.1-only packets
+                return
+
+            t = "mdns zeroconf: "
+            if self.probing:
+                t += "Cannot start; hostname '{}' is occupied"
+            else:
+                t += "Emergency stop; hostname '{}' got stolen"
+
+            t += " on {}! Use --name to set another hostname.\n\nName taken by {}\n\nYour IPs: {}\n"
+            self.log(t.format(self.args.name, srv.name, cips, list(self.sips)), 1)
+            self.stop(True)
+            return
+
+        # then rfc-6.7; dns pretending to be mdns (android...)
+        if p.header.id or addr[1] != 5353:
+            rsp: Optional[DNSRecord] = None
+            for r in p.questions:
+                try:
+                    lhn = U(r.qname).lower()
+                except:
+                    self.log("invalid question: {}".format(r))
+                    continue
+
+                if lhn != self.lhn:
+                    continue
+
+                if p.header.id and r.qtype in (QTYPE.A, QTYPE.AAAA):
+                    rsp = rsp or DNSRecord(DNSHeader(p.header.id, 0x8400))
+                    rsp.add_question(r)
+                    for ip in srv.ips:
+                        qt = r.qtype
+                        v6 = ":" in ip
+                        if v6 == (qt == QTYPE.AAAA):
+                            rd = AAAA(ip) if v6 else A(ip)
+                            rr = RR(self.hn, qt, DC.IN, 10, rd)
+                            rsp.add_answer(rr)
+            if rsp:
+                srv.sck.sendto(rsp.pack(), addr[:2])
+                # but don't return in case it's a differently broken client
+
+        # then a/aaaa records
+        for r in p.questions:
+            try:
+                lhn = U(r.qname).lower()
+            except:
+                self.log("invalid question: {}".format(r))
+                continue
+
+            if lhn != self.lhn:
+                continue
+
+            # gvfs keeps repeating itself
+            found = False
+            unicast = False
+            for rr in p.rr:
+                try:
+                    rname = U(rr.rname).lower()
+                except:
+                    self.log("invalid rr: {}".format(rr))
+                    continue
+
+                if rname == self.lhn:
+                    if rr.ttl > 60:
+                        found = True
+                    if rr.rclass == DC.F_IN:
+                        unicast = True
+
+            if unicast:
+                # spec-compliant mDNS-over-unicast
+                srv.sck.sendto(srv.bp_ip, (cip, 5353))
+            elif addr[1] != 5353:
+                # just in case some clients use (and want us to use) invalid ports
+                srv.sck.sendto(srv.bp_ip, addr[:2])
+
+            if not found:
+                self.q[cip] = (0, srv, srv.bp_ip)
+                return
+
+        deadline = now + (0.5 if p.header.tc else 0.02)  # rfc-7.2
+
+        # and service queries
+        for r in p.questions:
+            if not r or not r.qname:
+                continue
+
+            qname = U(r.qname).lower()
+            if qname in self.lsvcs or qname == "_services._dns-sd._udp.local.":
+                self.q[cip] = (deadline, srv, srv.bp_svc)
+                break
+        # heed rfc-7.1 if there was an announce in the past 12sec
+        # (workaround gvfs race-condition where it occasionally
+        #  doesn't read/decode the full response...)
+        if now < srv.last_tx + 12:
+            for rr in p.rr:
+                if not rr.rdata:
+                    continue
+
+                rdata = U(rr.rdata).lower()
+                if rdata in self.lsfqdns:
+                    if rr.ttl > 2250:
+                        self.q.pop(cip, None)
+                    break
+
+    def process(self) -> None:
+        tx = set()
+        now = time.time()
+        cooldown = 0.9  # rfc-6: 1
+        if self.unsolicited and self.unsolicited[0] < now:
+            self.unsolicited.pop(0)
+            cooldown = 0.1
+            for srv in self.srv.values():
+                tx.add(srv)
+
+        for srv, deadline in list(self.defend.items()):
+            if now < deadline:
+                continue
+
+            if self._tx(srv, srv.bp_ip, 0.02):  # rfc-6: 0.25
+                self.defend.pop(srv)
+
+        for cip, (deadline, srv, msg) in list(self.q.items()):
+            if now < deadline:
+                continue
+
+            self.q.pop(cip)
+            self._tx(srv, msg, cooldown)
+
+        for srv in tx:
+            self._tx(srv, srv.bp_svc, cooldown)
+
+    def _tx(self, srv: MDNS_Sck, msg: bytes, cooldown: float) -> bool:
+        now = time.time()
+        if now < srv.last_tx + cooldown:
+            return False
+
+        srv.sck.sendto(msg, (srv.grp, 5353))
+        srv.last_tx = now
+        return True
--- a/copyparty/mtag.py
+++ b/copyparty/mtag.py
@@ -8,29 +8,27 @@ import shutil
 import subprocess as sp
 import sys

-from .__init__ import PY2, WINDOWS, unicode
+from .__init__ import PY2, WINDOWS, E, unicode
 from .bos import bos
 from .util import REKOBO_LKEY, fsenc, min_ex, retchk, runcmd, uncyg

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any, Union

    from .util import RootLogger
-except:
-    pass


-def have_ff(cmd: str) -> bool:
+def have_ff(scmd: str) -> bool:
    if PY2:
-        print("# checking {}".format(cmd))
-        cmd = (cmd + " -version").encode("ascii").split(b" ")
+        print("# checking {}".format(scmd))
+        acmd = (scmd + " -version").encode("ascii").split(b" ")
        try:
-            sp.Popen(cmd, stdout=sp.PIPE, stderr=sp.PIPE).communicate()
+            sp.Popen(acmd, stdout=sp.PIPE, stderr=sp.PIPE).communicate()
            return True
        except:
            return False
    else:
-        return bool(shutil.which(cmd))
+        return bool(shutil.which(scmd))


 HAVE_FFMPEG = have_ff("ffmpeg")
@@ -42,9 +40,10 @@ class MParser(object):
        self.tag, args = cmdline.split("=", 1)
        self.tags = self.tag.split(",")

-        self.timeout = 30
+        self.timeout = 60
        self.force = False
        self.kill = "t"  # tree; all children recursively
+        self.capture = 3  # outputs to consume
        self.audio = "y"
        self.pri = 0  # priority; higher = later
        self.ext = []
@@ -72,6 +71,10 @@ class MParser(object):
                self.kill = arg[1:]  # [t]ree [m]ain [n]one
                continue

+            if arg.startswith("c"):
+                self.capture = int(arg[1:])  # 0=none 1=stdout 2=stderr 3=both
+                continue
+
            if arg == "f":
                self.force = True
                continue
@@ -92,7 +95,7 @@ class MParser(object):


 def ffprobe(
-    abspath: str, timeout: int = 10
+    abspath: str, timeout: int = 60
 ) -> tuple[dict[str, tuple[int, Any]], dict[str, list[Any]]]:
    cmd = [
        b"ffprobe",
@@ -178,7 +181,7 @@ def parse_ffprobe(txt: str) -> tuple[dict[str, tuple[int, Any]], dict[str, list[
            ]

        if typ == "format":
-            kvm = [["duration", ".dur"], ["bit_rate", ".q"]]
+            kvm = [["duration", ".dur"], ["bit_rate", ".q"], ["format_name", "fmt"]]

        for sk, rk in kvm:
            v1 = strm.get(sk)
@@ -239,6 +242,9 @@ def parse_ffprobe(txt: str) -> tuple[dict[str, tuple[int, Any]], dict[str, list[
            if ".q" in ret:
                del ret[".q"]

+    if "fmt" in ret:
+        ret["fmt"] = ret["fmt"].split(",")[0]
+
    if ".resw" in ret and ".resh" in ret:
        ret["res"] = "{}x{}".format(ret[".resw"], ret[".resh"])

@@ -254,18 +260,14 @@ class MTag(object):
        self.usable = True
        self.prefer_mt = not args.no_mtag_ff
        self.backend = "ffprobe" if args.no_mutagen else "mutagen"
-        self.can_ffprobe = (
-            HAVE_FFPROBE
-            and not args.no_mtag_ff
-            and (not WINDOWS or sys.version_info >= (3, 8))
-        )
+        self.can_ffprobe = HAVE_FFPROBE and not args.no_mtag_ff
        mappings = args.mtm
        or_ffprobe = " or FFprobe"

        if self.backend == "mutagen":
            self.get = self.get_mutagen
            try:
-                import mutagen  # noqa: F401  # pylint: disable=unused-import,import-outside-toplevel
+                from mutagen import version  # noqa: F401
            except:
                self.log("could not load Mutagen, trying FFprobe instead", c=3)
                self.backend = "ffprobe"
@@ -282,11 +284,6 @@ class MTag(object):
                msg = "found FFprobe but it was disabled by --no-mtag-ff"
                self.log(msg, c=3)

-            elif WINDOWS and sys.version_info < (3, 8):
-                or_ffprobe = " or python >= 3.8"
-                msg = "found FFprobe but your python is too old; need 3.8 or newer"
-                self.log(msg, c=1)
-
        if not self.usable:
            msg = "need Mutagen{} to read media tags so please run this:\n{}{} -m pip install --user mutagen\n"
            pybin = os.path.basename(sys.executable)
@@ -382,20 +379,26 @@ class MTag(object):
                parser_output[alias] = (priority, tv[0])

        # take first value (lowest priority / most preferred)
-        ret = {sk: unicode(tv[1]).strip() for sk, tv in parser_output.items()}
+        ret: dict[str, Union[str, float]] = {
+            sk: unicode(tv[1]).strip() for sk, tv in parser_output.items()
+        }

        # track 3/7 => track 3
-        for sk, tv in ret.items():
+        for sk, zv in ret.items():
            if sk[0] == ".":
-                sv = str(tv).split("/")[0].strip().lstrip("0")
+                sv = str(zv).split("/")[0].strip().lstrip("0")
                ret[sk] = sv or 0

        # normalize key notation to rkeobo
        okey = ret.get("key")
        if okey:
-            key = okey.replace(" ", "").replace("maj", "").replace("min", "m")
+            key = str(okey).replace(" ", "").replace("maj", "").replace("min", "m")
            ret["key"] = REKOBO_LKEY.get(key.lower(), okey)

+        if self.args.mtag_vv:
+            zl = " ".join("\033[36m{} \033[33m{}".format(k, v) for k, v in ret.items())
+            self.log("norm: {}\033[0m".format(zl), "90")
+
        return ret

    def compare(self, abspath: str) -> dict[str, Union[str, float]]:
@@ -442,10 +445,15 @@ class MTag(object):
        if not bos.path.isfile(abspath):
            return {}

-        import mutagen
+        from mutagen import File

        try:
-            md = mutagen.File(fsenc(abspath), easy=True)
+            md = File(fsenc(abspath), easy=True)
+            assert md
+            if self.args.mtag_vv:
+                for zd in (md.info.__dict__, dict(md.tags)):
+                    zl = ["\033[36m{} \033[33m{}".format(k, v) for k, v in zd.items()]
+                    self.log("mutagen: {}\033[0m".format(" ".join(zl)), "90")
            if not md.info.length and not md.info.codec:
                raise Exception()
        except:
@@ -494,7 +502,13 @@ class MTag(object):
        if not bos.path.isfile(abspath):
            return {}

-        ret, md = ffprobe(abspath)
+        ret, md = ffprobe(abspath, self.args.mtag_to)
+
+        if self.args.mtag_vv:
+            for zd in (ret, dict(md)):
+                zl = ["\033[36m{} \033[33m{}".format(k, v) for k, v in zd.items()]
+                self.log("ffprobe: {}\033[0m".format(" ".join(zl)), "90")
+
        return self.normalize_tags(ret, md)

    def get_bin(
@@ -503,11 +517,15 @@ class MTag(object):
        if not bos.path.isfile(abspath):
            return {}

-        pypath = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
-        zsl = [str(pypath)] + [str(x) for x in sys.path if x]
-        pypath = str(os.pathsep.join(zsl))
        env = os.environ.copy()
-        env["PYTHONPATH"] = pypath
+        try:
+            pypath = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
+            zsl = [str(pypath)] + [str(x) for x in sys.path if x]
+            pypath = str(os.pathsep.join(zsl))
+            env["PYTHONPATH"] = pypath
+        except:
+            if not E.ox:
+                raise

        ret: dict[str, Any] = {}
        for tagname, parser in sorted(parsers.items(), key=lambda x: (x[1].pri, x[0])):
@@ -516,7 +534,12 @@ class MTag(object):
                if parser.bin.endswith(".py"):
                    cmd = [sys.executable] + cmd

-                args = {"env": env, "timeout": parser.timeout, "kill": parser.kill}
+                args = {
+                    "env": env,
+                    "timeout": parser.timeout,
+                    "kill": parser.kill,
+                    "capture": parser.capture,
+                }

                if parser.pri:
                    zd = oth_tags.copy()
--- a/copyparty/multicast.py
+++ b/copyparty/multicast.py
@@ -0,0 +1,372 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import socket
+import time
+
+import ipaddress
+from ipaddress import (
+    IPv4Address,
+    IPv4Network,
+    IPv6Address,
+    IPv6Network,
+    ip_address,
+    ip_network,
+)
+
+from .__init__ import TYPE_CHECKING
+from .util import MACOS, Netdev, min_ex, spack
+
+if TYPE_CHECKING:
+    from .svchub import SvcHub
+
+if True:  # pylint: disable=using-constant-test
+    from typing import Optional, Union
+
+if not hasattr(socket, "IPPROTO_IPV6"):
+    setattr(socket, "IPPROTO_IPV6", 41)
+
+
+class NoIPs(Exception):
+    pass
+
+
+class MC_Sck(object):
+    """there is one socket for each server ip"""
+
+    def __init__(
+        self,
+        sck: socket.socket,
+        nd: Netdev,
+        grp: str,
+        ip: str,
+        net: Union[IPv4Network, IPv6Network],
+    ):
+        self.sck = sck
+        self.idx = nd.idx
+        self.name = nd.name
+        self.grp = grp
+        self.mreq = b""
+        self.ip = ip
+        self.net = net
+        self.ips = {ip: net}
+        self.v6 = ":" in ip
+        self.have4 = ":" not in ip
+        self.have6 = ":" in ip
+
+
+class MCast(object):
+    def __init__(
+        self,
+        hub: "SvcHub",
+        Srv: type[MC_Sck],
+        on: list[str],
+        off: list[str],
+        mc_grp_4: str,
+        mc_grp_6: str,
+        port: int,
+        vinit: bool,
+    ) -> None:
+        """disable ipv%d by setting mc_grp_%d empty"""
+        self.hub = hub
+        self.Srv = Srv
+        self.args = hub.args
+        self.asrv = hub.asrv
+        self.log_func = hub.log
+        self.on = on
+        self.off = off
+        self.grp4 = mc_grp_4
+        self.grp6 = mc_grp_6
+        self.port = port
+        self.vinit = vinit
+
+        self.srv: dict[socket.socket, MC_Sck] = {}  # listening sockets
+        self.sips: set[str] = set()  # all listening ips (including failed attempts)
+        self.ll_ok: set[str] = set()  # fallback linklocal IPv4 and IPv6 addresses
+        self.b2srv: dict[bytes, MC_Sck] = {}  # binary-ip -> server socket
+        self.b4: list[bytes] = []  # sorted list of binary-ips
+        self.b6: list[bytes] = []  # sorted list of binary-ips
+        self.cscache: dict[str, Optional[MC_Sck]] = {}  # client ip -> server cache
+
+        self.running = True
+
+    def log(self, msg: str, c: Union[int, str] = 0) -> None:
+        self.log_func("multicast", msg, c)
+
+    def create_servers(self) -> list[str]:
+        bound: list[str] = []
+        netdevs = self.hub.tcpsrv.netdevs
+        ips = [x[0] for x in self.hub.tcpsrv.bound]
+
+        if "::" in ips:
+            ips = [x for x in ips if x != "::"] + list(
+                [x.split("/")[0] for x in netdevs if ":" in x]
+            )
+            ips.append("0.0.0.0")
+
+        if "0.0.0.0" in ips:
+            ips = [x for x in ips if x != "0.0.0.0"] + list(
+                [x.split("/")[0] for x in netdevs if ":" not in x]
+            )
+
+        ips = [x for x in ips if x not in ("::1", "127.0.0.1")]
+
+        # ip -> ip/prefix
+        ips = [[x for x in netdevs if x.startswith(y + "/")][0] for y in ips]
+
+        on = self.on[:]
+        off = self.off[:]
+        for lst in (on, off):
+            for av in list(lst):
+                try:
+                    arg_net = ip_network(av, False)
+                except:
+                    arg_net = None
+
+                for sk, sv in netdevs.items():
+                    if arg_net:
+                        net_ip = ip_address(sk.split("/")[0])
+                        if net_ip in arg_net and sk not in lst:
+                            lst.append(sk)
+
+                    if (av == str(sv.idx) or av == sv.name) and sk not in lst:
+                        lst.append(sk)
+
+        if on:
+            ips = [x for x in ips if x in on]
+        elif off:
+            ips = [x for x in ips if x not in off]
+
+        if not self.grp4:
+            ips = [x for x in ips if ":" in x]
+
+        if not self.grp6:
+            ips = [x for x in ips if ":" not in x]
+
+        ips = list(set(ips))
+        all_selected = ips[:]
+
+        # discard non-linklocal ipv6
+        ips = [x for x in ips if ":" not in x or x.startswith("fe80")]
+
+        if not ips:
+            raise NoIPs()
+
+        for ip in ips:
+            v6 = ":" in ip
+            netdev = netdevs[ip]
+            if not netdev.idx:
+                t = "using INADDR_ANY for ip [{}], netdev [{}]"
+                if not self.srv and ip not in ["::", "0.0.0.0"]:
+                    self.log(t.format(ip, netdev), 3)
+
+            ipv = socket.AF_INET6 if v6 else socket.AF_INET
+            sck = socket.socket(ipv, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
+            sck.settimeout(None)
+            sck.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+            try:
+                sck.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
+            except:
+                pass
+
+            # most ipv6 clients expect multicast on linklocal ip only;
+            # add a/aaaa records for the other nic IPs
+            other_ips: set[str] = set()
+            if v6:
+                for nd in netdevs.values():
+                    if nd.idx == netdev.idx and nd.ip in all_selected and ":" in nd.ip:
+                        other_ips.add(nd.ip)
+
+            net = ipaddress.ip_network(ip, False)
+            ip = ip.split("/")[0]
+            srv = self.Srv(sck, netdev, self.grp6 if ":" in ip else self.grp4, ip, net)
+            for oth_ip in other_ips:
+                srv.ips[oth_ip.split("/")[0]] = ipaddress.ip_network(oth_ip, False)
+
+            # gvfs breaks if a linklocal ip appears in a dns reply
+            ll = {
+                k: v
+                for k, v in srv.ips.items()
+                if k.startswith("169.254") or k.startswith("fe80")
+            }
+            rt = {k: v for k, v in srv.ips.items() if k not in ll}
+
+            if self.args.ll or not rt:
+                self.ll_ok.update(list(ll))
+
+            if not self.args.ll:
+                srv.ips = rt or ll
+
+            if not srv.ips:
+                self.log("no IPs on {}; skipping [{}]".format(netdev, ip), 3)
+                continue
+
+            try:
+                self.setup_socket(srv)
+                self.srv[sck] = srv
+                bound.append(ip)
+            except:
+                t = "announce failed on {} [{}]:\n{}"
+                self.log(t.format(netdev, ip, min_ex()), 3)
+
+        if self.args.zm_msub:
+            for s1 in self.srv.values():
+                for s2 in self.srv.values():
+                    if s1.idx != s2.idx:
+                        continue
+
+                    if s1.ip not in s2.ips:
+                        s2.ips[s1.ip] = s1.net
+
+        if self.args.zm_mnic:
+            for s1 in self.srv.values():
+                for s2 in self.srv.values():
+                    for ip1, net1 in list(s1.ips.items()):
+                        for ip2, net2 in list(s2.ips.items()):
+                            if net1 == net2 and ip1 != ip2:
+                                s1.ips[ip2] = net2
+
+        self.sips = set([x.split("/")[0] for x in all_selected])
+        for srv in self.srv.values():
+            assert srv.ip in self.sips
+
+        return bound
+
+    def setup_socket(self, srv: MC_Sck) -> None:
+        sck = srv.sck
+        if srv.v6:
+            if self.vinit:
+                zsl = list(srv.ips.keys())
+                self.log("v6({}) idx({}) {}".format(srv.ip, srv.idx, zsl), 6)
+
+            for ip in srv.ips:
+                bip = socket.inet_pton(socket.AF_INET6, ip)
+                self.b2srv[bip] = srv
+                self.b6.append(bip)
+
+            grp = self.grp6 if srv.idx else ""
+            try:
+                if MACOS:
+                    raise Exception()
+
+                sck.bind((grp, self.port, 0, srv.idx))
+            except:
+                sck.bind(("", self.port, 0, srv.idx))
+
+            bgrp = socket.inet_pton(socket.AF_INET6, self.grp6)
+            dev = spack(b"@I", srv.idx)
+            srv.mreq = bgrp + dev
+            if srv.idx != socket.INADDR_ANY:
+                sck.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_MULTICAST_IF, dev)
+
+            try:
+                sck.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_MULTICAST_HOPS, 255)
+                sck.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_MULTICAST_LOOP, 1)
+            except:
+                # macos
+                t = "failed to set IPv6 TTL/LOOP; announcements may not survive multiple switches/routers"
+                self.log(t, 3)
+        else:
+            if self.vinit:
+                self.log("v4({}) idx({})".format(srv.ip, srv.idx), 6)
+
+            bip = socket.inet_aton(srv.ip)
+            self.b2srv[bip] = srv
+            self.b4.append(bip)
+
+            grp = self.grp4 if srv.idx else ""
+            try:
+                if MACOS:
+                    raise Exception()
+
+                sck.bind((grp, self.port))
+            except:
+                sck.bind(("", self.port))
+
+            bgrp = socket.inet_aton(self.grp4)
+            dev = (
+                spack(b"=I", socket.INADDR_ANY)
+                if srv.idx == socket.INADDR_ANY
+                else socket.inet_aton(srv.ip)
+            )
+            srv.mreq = bgrp + dev
+            if srv.idx != socket.INADDR_ANY:
+                sck.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_IF, dev)
+
+            try:
+                sck.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255)
+                sck.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_LOOP, 1)
+            except:
+                # probably can't happen but dontcare if it does
+                t = "failed to set IPv4 TTL/LOOP; announcements may not survive multiple switches/routers"
+                self.log(t, 3)
+
+        self.hop(srv)
+        self.b4.sort(reverse=True)
+        self.b6.sort(reverse=True)
+
+    def hop(self, srv: MC_Sck) -> None:
+        """rejoin to keepalive on routers/switches without igmp-snooping"""
+        sck = srv.sck
+        req = srv.mreq
+        if ":" in srv.ip:
+            try:
+                sck.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_LEAVE_GROUP, req)
+                # linux does leaves/joins twice with 0.2~1.05s spacing
+                time.sleep(1.2)
+            except:
+                pass
+
+            sck.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, req)
+        else:
+            try:
+                sck.setsockopt(socket.IPPROTO_IP, socket.IP_DROP_MEMBERSHIP, req)
+                time.sleep(1.2)
+            except:
+                pass
+
+            # t = "joining {} from ip {} idx {} with mreq {}"
+            # self.log(t.format(srv.grp, srv.ip, srv.idx, repr(srv.mreq)), 6)
+            sck.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, req)
+
+    def map_client(self, cip: str) -> Optional[MC_Sck]:
+        try:
+            return self.cscache[cip]
+        except:
+            pass
+
+        ret: Optional[MC_Sck] = None
+        v6 = ":" in cip
+        ci = IPv6Address(cip) if v6 else IPv4Address(cip)
+        for x in self.b6 if v6 else self.b4:
+            srv = self.b2srv[x]
+            if any([x for x in srv.ips.values() if ci in x]):
+                ret = srv
+                break
+
+        if not ret and cip in ("127.0.0.1", "::1"):
+            # just give it something
+            ret = list(self.srv.values())[0]
+
+        if not ret and cip.startswith("169.254"):
+            # idk how to map LL IPv4 msgs to nics;
+            # just pick one and hope for the best
+            lls = (
+                x
+                for x in self.srv.values()
+                if next((y for y in x.ips if y in self.ll_ok), None)
+            )
+            ret = next(lls, None)
+
+        if ret:
+            t = "new client on {} ({}): {}"
+            self.log(t.format(ret.name, ret.net, cip), 6)
+        else:
+            t = "could not map client {} to known subnet; maybe forwarded from another network?"
+            self.log(t.format(cip), 3)
+
+        if len(self.cscache) > 9000:
+            self.cscache = {}
+
+        self.cscache[cip] = ret
+        return ret
--- a/copyparty/smbd.py
+++ b/copyparty/smbd.py
@@ -0,0 +1,321 @@
+# coding: utf-8
+
+import inspect
+import logging
+import os
+import random
+import stat
+import sys
+import time
+from types import SimpleNamespace
+
+from .__init__ import ANYWIN, TYPE_CHECKING
+from .authsrv import LEELOO_DALLAS, VFS
+from .bos import bos
+from .util import Daemon, min_ex
+
+if True:  # pylint: disable=using-constant-test
+    from typing import Any
+
+if TYPE_CHECKING:
+    from .svchub import SvcHub
+
+
+lg = logging.getLogger("smb")
+debug, info, warning, error = (lg.debug, lg.info, lg.warning, lg.error)
+
+
+class SMB(object):
+    def __init__(self, hub: "SvcHub") -> None:
+        self.hub = hub
+        self.args = hub.args
+        self.asrv = hub.asrv
+        self.log = hub.log
+        self.files: dict[int, tuple[float, str]] = {}
+
+        lg.setLevel(logging.DEBUG if self.args.smbvvv else logging.INFO)
+        for x in ["impacket", "impacket.smbserver"]:
+            lgr = logging.getLogger(x)
+            lgr.setLevel(logging.DEBUG if self.args.smbvv else logging.INFO)
+
+        try:
+            from impacket import smbserver
+            from impacket.ntlm import compute_lmhash, compute_nthash
+        except ImportError:
+            m = "\033[36m\n{}\033[31m\n\nERROR: need 'impacket'; please run this command:\033[33m\n {} -m pip install --user impacket\n\033[0m"
+            print(m.format(min_ex(), sys.executable))
+            sys.exit(1)
+
+        # patch vfs into smbserver.os
+        fos = SimpleNamespace()
+        for k in os.__dict__:
+            try:
+                setattr(fos, k, getattr(os, k))
+            except:
+                pass
+        fos.close = self._close
+        fos.listdir = self._listdir
+        fos.mkdir = self._mkdir
+        fos.open = self._open
+        fos.remove = self._unlink
+        fos.rename = self._rename
+        fos.stat = self._stat
+        fos.unlink = self._unlink
+        fos.utime = self._utime
+        smbserver.os = fos
+
+        # ...and smbserver.os.path
+        fop = SimpleNamespace()
+        for k in os.path.__dict__:
+            try:
+                setattr(fop, k, getattr(os.path, k))
+            except:
+                pass
+        fop.exists = self._p_exists
+        fop.getsize = self._p_getsize
+        fop.isdir = self._p_isdir
+        smbserver.os.path = fop
+
+        if not self.args.smb_nwa_2:
+            fop.join = self._p_join
+
+        # other patches
+        smbserver.isInFileJail = self._is_in_file_jail
+        self._disarm()
+
+        ip = next((x for x in self.args.i if ":" not in x), None)
+        if not ip:
+            self.log("smb", "IPv6 not supported for SMB; listening on 0.0.0.0", 3)
+            ip = "0.0.0.0"
+
+        port = int(self.args.smb_port)
+        srv = smbserver.SimpleSMBServer(listenAddress=ip, listenPort=port)
+
+        ro = "no" if self.args.smbw else "yes"  # (does nothing)
+        srv.addShare("A", "/", readOnly=ro)
+        srv.setSMB2Support(not self.args.smb1)
+
+        for name, pwd in self.asrv.acct.items():
+            for u, p in ((name, pwd), (pwd, "k")):
+                lmhash = compute_lmhash(p)
+                nthash = compute_nthash(p)
+                srv.addCredential(u, 0, lmhash, nthash)
+
+        chi = [random.randint(0, 255) for x in range(8)]
+        cha = "".join(["{:02x}".format(x) for x in chi])
+        srv.setSMBChallenge(cha)
+
+        self.srv = srv
+        self.stop = srv.stop
+        self.log("smb", "listening @ {}:{}".format(ip, port))
+
+    def start(self) -> None:
+        Daemon(self.srv.start)
+
+    def _v2a(self, caller: str, vpath: str, *a: Any) -> tuple[VFS, str]:
+        vpath = vpath.replace("\\", "/").lstrip("/")
+        # cf = inspect.currentframe().f_back
+        # c1 = cf.f_back.f_code.co_name
+        # c2 = cf.f_code.co_name
+        debug('%s("%s", %s)\033[K\033[0m', caller, vpath, str(a))
+
+        # TODO find a way to grab `identity` in smbComSessionSetupAndX and smb2SessionSetup
+        vfs, rem = self.asrv.vfs.get(vpath, LEELOO_DALLAS, True, True)
+        return vfs, vfs.canonical(rem)
+
+    def _listdir(self, vpath: str, *a: Any, **ka: Any) -> list[str]:
+        vpath = vpath.replace("\\", "/").lstrip("/")
+        # caller = inspect.currentframe().f_back.f_code.co_name
+        debug('listdir("%s", %s)\033[K\033[0m', vpath, str(a))
+        vfs, rem = self.asrv.vfs.get(vpath, LEELOO_DALLAS, False, False)
+        _, vfs_ls, vfs_virt = vfs.ls(
+            rem, LEELOO_DALLAS, not self.args.no_scandir, [[False, False]]
+        )
+        dirs = [x[0] for x in vfs_ls if stat.S_ISDIR(x[1].st_mode)]
+        fils = [x[0] for x in vfs_ls if x[0] not in dirs]
+        ls = list(vfs_virt.keys()) + dirs + fils
+        if self.args.smb_nwa_1:
+            return ls
+
+        # clients crash somewhere around 65760 byte
+        ret = []
+        sz = 112 * 2  # ['.', '..']
+        for n, fn in enumerate(ls):
+            if sz >= 64000:
+                t = "listing only %d of %d files (%d byte); see impacket#1433"
+                warning(t, n, len(ls), sz)
+                break
+
+            nsz = len(fn.encode("utf-16", "replace"))
+            nsz = ((nsz + 7) // 8) * 8
+            sz += 104 + nsz
+            ret.append(fn)
+
+        return ret
+
+    def _open(
+        self, vpath: str, flags: int, *a: Any, chmod: int = 0o777, **ka: Any
+    ) -> Any:
+        f_ro = os.O_RDONLY
+        if ANYWIN:
+            f_ro |= os.O_BINARY
+
+        wr = flags != f_ro
+        if wr and not self.args.smbw:
+            yeet("blocked write (no --smbw): " + vpath)
+
+        vfs, ap = self._v2a("open", vpath, *a)
+        if wr and not vfs.axs.uwrite:
+            yeet("blocked write (no-write-acc): " + vpath)
+
+        ret = bos.open(ap, flags, *a, mode=chmod, **ka)
+        if wr:
+            now = time.time()
+            nf = len(self.files)
+            if nf > 9000:
+                oldest = min([x[0] for x in self.files.values()])
+                cutoff = oldest + (now - oldest) / 2
+                self.files = {k: v for k, v in self.files.items() if v[0] > cutoff}
+                info("was tracking %d files, now %d", nf, len(self.files))
+
+            vpath = vpath.replace("\\", "/").lstrip("/")
+            self.files[ret] = (now, vpath)
+
+        return ret
+
+    def _close(self, fd: int) -> None:
+        os.close(fd)
+        if fd not in self.files:
+            return
+
+        _, vp = self.files.pop(fd)
+        vp, fn = os.path.split(vp)
+        vfs, rem = self.hub.asrv.vfs.get(vp, LEELOO_DALLAS, False, True)
+        vfs, rem = vfs.get_dbv(rem)
+        self.hub.up2k.hash_file(
+            vfs.realpath,
+            vfs.flags,
+            rem,
+            fn,
+            "1.7.6.2",
+            time.time(),
+        )
+
+    def _rename(self, vp1: str, vp2: str) -> None:
+        if not self.args.smbw:
+            yeet("blocked rename (no --smbw): " + vp1)
+
+        vp1 = vp1.lstrip("/")
+        vp2 = vp2.lstrip("/")
+
+        vfs2, ap2 = self._v2a("rename", vp2, vp1)
+        if not vfs2.axs.uwrite:
+            yeet("blocked rename (no-write-acc): " + vp2)
+
+        vfs1, _ = self.asrv.vfs.get(vp1, LEELOO_DALLAS, True, True)
+        if not vfs1.axs.umove:
+            yeet("blocked rename (no-move-acc): " + vp1)
+
+        self.hub.up2k.handle_mv(LEELOO_DALLAS, vp1, vp2)
+        try:
+            bos.makedirs(ap2)
+        except:
+            pass
+
+    def _mkdir(self, vpath: str) -> None:
+        if not self.args.smbw:
+            yeet("blocked mkdir (no --smbw): " + vpath)
+
+        vfs, ap = self._v2a("mkdir", vpath)
+        if not vfs.axs.uwrite:
+            yeet("blocked mkdir (no-write-acc): " + vpath)
+
+        return bos.mkdir(ap)
+
+    def _stat(self, vpath: str, *a: Any, **ka: Any) -> os.stat_result:
+        return bos.stat(self._v2a("stat", vpath, *a)[1], *a, **ka)
+
+    def _unlink(self, vpath: str) -> None:
+        if not self.args.smbw:
+            yeet("blocked delete (no --smbw): " + vpath)
+
+        # return bos.unlink(self._v2a("stat", vpath, *a)[1])
+        vfs, ap = self._v2a("delete", vpath)
+        if not vfs.axs.udel:
+            yeet("blocked delete (no-del-acc): " + vpath)
+
+        vpath = vpath.replace("\\", "/").lstrip("/")
+        self.hub.up2k.handle_rm(LEELOO_DALLAS, "1.7.6.2", [vpath], [])
+
+    def _utime(self, vpath: str, times: tuple[float, float]) -> None:
+        if not self.args.smbw:
+            yeet("blocked utime (no --smbw): " + vpath)
+
+        vfs, ap = self._v2a("utime", vpath)
+        if not vfs.axs.uwrite:
+            yeet("blocked utime (no-write-acc): " + vpath)
+
+        return bos.utime(ap, times)
+
+    def _p_exists(self, vpath: str) -> bool:
+        try:
+            bos.stat(self._v2a("p.exists", vpath)[1])
+            return True
+        except:
+            return False
+
+    def _p_getsize(self, vpath: str) -> int:
+        st = bos.stat(self._v2a("p.getsize", vpath)[1])
+        return st.st_size
+
+    def _p_isdir(self, vpath: str) -> bool:
+        try:
+            st = bos.stat(self._v2a("p.isdir", vpath)[1])
+            return stat.S_ISDIR(st.st_mode)
+        except:
+            return False
+
+    def _p_join(self, *a) -> str:
+        # impacket.smbserver reads globs from queryDirectoryRequest['Buffer']
+        # where somehow `fds.*` becomes `fds"*` so lets fix that
+        ret = os.path.join(*a)
+        return ret.replace('"', ".")  # type: ignore
+
+    def _hook(self, *a: Any, **ka: Any) -> None:
+        src = inspect.currentframe().f_back.f_code.co_name
+        error("\033[31m%s:hook(%s)\033[0m", src, a)
+        raise Exception("nope")
+
+    def _disarm(self) -> None:
+        from impacket import smbserver
+
+        smbserver.os.chmod = self._hook
+        smbserver.os.chown = self._hook
+        smbserver.os.ftruncate = self._hook
+        smbserver.os.lchown = self._hook
+        smbserver.os.link = self._hook
+        smbserver.os.lstat = self._hook
+        smbserver.os.replace = self._hook
+        smbserver.os.scandir = self._hook
+        smbserver.os.symlink = self._hook
+        smbserver.os.truncate = self._hook
+        smbserver.os.walk = self._hook
+
+        smbserver.os.path.abspath = self._hook
+        smbserver.os.path.expanduser = self._hook
+        smbserver.os.path.getatime = self._hook
+        smbserver.os.path.getctime = self._hook
+        smbserver.os.path.getmtime = self._hook
+        smbserver.os.path.isabs = self._hook
+        smbserver.os.path.isfile = self._hook
+        smbserver.os.path.islink = self._hook
+        smbserver.os.path.realpath = self._hook
+
+    def _is_in_file_jail(self, *a: Any) -> bool:
+        # handled by vfs
+        return True
+
+
+def yeet(msg: str) -> None:
+    info(msg)
+    raise Exception(msg)
--- a/copyparty/ssdp.py
+++ b/copyparty/ssdp.py
@@ -0,0 +1,197 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import re
+import select
+import socket
+from email.utils import formatdate
+
+from .__init__ import TYPE_CHECKING
+from .multicast import MC_Sck, MCast
+from .util import CachedSet, min_ex, html_escape
+
+if TYPE_CHECKING:
+    from .broker_util import BrokerCli
+    from .httpcli import HttpCli
+    from .svchub import SvcHub
+
+if True:  # pylint: disable=using-constant-test
+    from typing import Optional, Union
+
+
+GRP = "239.255.255.250"
+
+
+class SSDP_Sck(MC_Sck):
+    def __init__(self, *a):
+        super(SSDP_Sck, self).__init__(*a)
+        self.hport = 0
+
+
+class SSDPr(object):
+    """generates http responses for httpcli"""
+
+    def __init__(self, broker: "BrokerCli") -> None:
+        self.broker = broker
+        self.args = broker.args
+
+    def reply(self, hc: "HttpCli") -> bool:
+        if hc.vpath.endswith("device.xml"):
+            return self.tx_device(hc)
+
+        hc.reply(b"unknown request", 400)
+        return False
+
+    def tx_device(self, hc: "HttpCli") -> bool:
+        zs = """
+<?xml version="1.0"?>
+<root xmlns="urn:schemas-upnp-org:device-1-0">
+    <specVersion>
+        <major>1</major>
+        <minor>0</minor>
+    </specVersion>
+    <URLBase>{}</URLBase>
+    <device>
+        <presentationURL>{}</presentationURL>
+        <deviceType>urn:schemas-upnp-org:device:Basic:1</deviceType>
+        <friendlyName>{}</friendlyName>
+        <modelDescription>file server</modelDescription>
+        <manufacturer>ed</manufacturer>
+        <manufacturerURL>https://ocv.me/</manufacturerURL>
+        <modelName>copyparty</modelName>
+        <modelURL>https://github.com/9001/copyparty/</modelURL>
+        <UDN>{}</UDN>
+        <serviceList>
+            <service>
+                <serviceType>urn:schemas-upnp-org:device:Basic:1</serviceType>
+                <serviceId>urn:schemas-upnp-org:device:Basic</serviceId>
+                <controlURL>/.cpr/ssdp/services.xml</controlURL>
+                <eventSubURL>/.cpr/ssdp/services.xml</eventSubURL>
+                <SCPDURL>/.cpr/ssdp/services.xml</SCPDURL>
+            </service>
+        </serviceList>
+    </device>
+</root>"""
+
+        c = html_escape
+        sip, sport = hc.s.getsockname()[:2]
+        sip = sip.replace("::ffff:", "")
+        proto = "https" if self.args.https_only else "http"
+        ubase = "{}://{}:{}".format(proto, sip, sport)
+        zsl = self.args.zsl
+        url = zsl if "://" in zsl else ubase + "/" + zsl.lstrip("/")
+        name = "{} @ {}".format(self.args.doctitle, self.args.name)
+        zs = zs.strip().format(c(ubase), c(url), c(name), c(self.args.zsid))
+        hc.reply(zs.encode("utf-8", "replace"))
+        return False  # close connectino
+
+
+class SSDPd(MCast):
+    """communicates with ssdp clients over multicast"""
+
+    def __init__(self, hub: "SvcHub") -> None:
+        al = hub.args
+        vinit = al.zsv and not al.zmv
+        super(SSDPd, self).__init__(
+            hub, SSDP_Sck, al.zs_on, al.zs_off, GRP, "", 1900, vinit
+        )
+        self.srv: dict[socket.socket, SSDP_Sck] = {}
+        self.rxc = CachedSet(0.7)
+        self.txc = CachedSet(5)  # win10: every 3 sec
+        self.ptn_st = re.compile(b"\nst: *upnp:rootdevice", re.I)
+
+    def log(self, msg: str, c: Union[int, str] = 0) -> None:
+        self.log_func("SSDP", msg, c)
+
+    def run(self) -> None:
+        try:
+            bound = self.create_servers()
+        except:
+            t = "no server IP matches the ssdp config\n{}"
+            self.log(t.format(min_ex()), 1)
+            bound = []
+
+        if not bound:
+            self.log("failed to announce copyparty services on the network", 3)
+            return
+
+        # find http port for this listening ip
+        for srv in self.srv.values():
+            tcps = self.hub.tcpsrv.bound
+            hp = next((x[1] for x in tcps if x[0] in ("0.0.0.0", srv.ip)), 0)
+            hp = hp or next((x[1] for x in tcps if x[0] == "::"), 0)
+            if not hp:
+                hp = tcps[0][1]
+                self.log("assuming port {} for {}".format(hp, srv.ip), 3)
+            srv.hport = hp
+
+        self.log("listening")
+        while self.running:
+            rdy = select.select(self.srv, [], [], 180)
+            rx: list[socket.socket] = rdy[0]  # type: ignore
+            self.rxc.cln()
+            for sck in rx:
+                buf, addr = sck.recvfrom(4096)
+                try:
+                    self.eat(buf, addr)
+                except:
+                    if not self.running:
+                        return
+
+                    t = "{} {} \033[33m|{}| {}\n{}".format(
+                        self.srv[sck].name, addr, len(buf), repr(buf)[2:-1], min_ex()
+                    )
+                    self.log(t, 6)
+
+    def stop(self) -> None:
+        self.running = False
+        self.srv = {}
+
+    def eat(self, buf: bytes, addr: tuple[str, int]) -> None:
+        cip = addr[0]
+        if cip.startswith("169.254") and not self.ll_ok:
+            return
+
+        if buf in self.rxc.c:
+            return
+
+        srv: Optional[SSDP_Sck] = self.map_client(cip)  # type: ignore
+        if not srv:
+            return
+
+        self.rxc.add(buf)
+        if not buf.startswith(b"M-SEARCH * HTTP/1."):
+            return
+
+        if not self.ptn_st.search(buf):
+            return
+
+        if self.args.zsv:
+            t = "{} [{}] \033[36m{} \033[0m|{}|"
+            self.log(t.format(srv.name, srv.ip, cip, len(buf)), "90")
+
+        zs = """
+HTTP/1.1 200 OK
+CACHE-CONTROL: max-age=1800
+DATE: {0}
+EXT:
+LOCATION: http://{1}:{2}/.cpr/ssdp/device.xml
+OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
+01-NLS: {3}
+SERVER: UPnP/1.0
+ST: upnp:rootdevice
+USN: {3}::upnp:rootdevice
+BOOTID.UPNP.ORG: 0
+CONFIGID.UPNP.ORG: 1
+
+"""
+        v4 = srv.ip.replace("::ffff:", "")
+        zs = zs.format(formatdate(usegmt=True), v4, srv.hport, self.args.zsid)
+        zb = zs[1:].replace("\n", "\r\n").encode("utf-8", "replace")
+        srv.sck.sendto(zb, addr[:2])
+
+        if cip not in self.txc.c:
+            self.log("{} [{}] --> {}".format(srv.name, srv.ip, cip), "6")
+
+        self.txc.add(cip)
+        self.txc.cln()
--- a/copyparty/star.py
+++ b/copyparty/star.py
@@ -1,21 +1,19 @@
 # coding: utf-8
 from __future__ import print_function, unicode_literals

+import stat
 import tarfile
-import threading

 from queue import Queue

 from .bos import bos
 from .sutil import StreamArc, errdesc
-from .util import fsenc, min_ex
+from .util import Daemon, fsenc, min_ex

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any, Generator, Optional

    from .util import NamedLogger
-except:
-    pass


 class QFile(object):  # inherit io.StringIO for painful typing
@@ -60,9 +58,7 @@ class StreamTar(StreamArc):
        fmt = tarfile.GNU_FORMAT
        self.tar = tarfile.open(fileobj=self.qfile, mode="w|", format=fmt)  # type: ignore

-        w = threading.Thread(target=self._gen, name="star-gen")
-        w.daemon = True
-        w.start()
+        Daemon(self._gen, "star-gen")

    def gen(self) -> Generator[Optional[bytes], None, None]:
        try:
@@ -84,6 +80,9 @@ class StreamTar(StreamArc):
        src = f["ap"]
        fsi = f["st"]

+        if stat.S_ISDIR(fsi.st_mode):
+            return
+
        inf = tarfile.TarInfo(name=name)
        inf.mode = fsi.st_mode
        inf.size = fsi.st_size
--- a/copyparty/stolen/dnslib/README.md
+++ b/copyparty/stolen/dnslib/README.md
@@ -0,0 +1,5 @@
+`dnslib` but heavily simplified/feature-stripped
+
+L: MIT
+Copyright (c) 2010 - 2017 Paul Chakravarti
+https://github.com/paulc/dnslib/
--- a/copyparty/stolen/dnslib/init.py
+++ b/copyparty/stolen/dnslib/init.py
@@ -0,0 +1,11 @@
+# coding: utf-8
+
+"""
+L: MIT
+Copyright (c) 2010 - 2017 Paul Chakravarti
+https://github.com/paulc/dnslib/tree/0.9.23
+"""
+
+from .dns import *
+
+version = "0.9.23"
--- a/copyparty/stolen/dnslib/bimap.py
+++ b/copyparty/stolen/dnslib/bimap.py
@@ -0,0 +1,41 @@
+# coding: utf-8
+
+import types
+
+
+class BimapError(Exception):
+    pass
+
+
+class Bimap(object):
+    def __init__(self, name, forward, error=AttributeError):
+        self.name = name
+        self.error = error
+        self.forward = forward.copy()
+        self.reverse = dict([(v, k) for (k, v) in list(forward.items())])
+
+    def get(self, k, default=None):
+        try:
+            return self.forward[k]
+        except KeyError:
+            return default or str(k)
+
+    def __getitem__(self, k):
+        try:
+            return self.forward[k]
+        except KeyError:
+            if isinstance(self.error, types.FunctionType):
+                return self.error(self.name, k, True)
+            else:
+                raise self.error("%s: Invalid forward lookup: [%s]" % (self.name, k))
+
+    def __getattr__(self, k):
+        try:
+            if k == "__wrapped__":
+                raise AttributeError()
+            return self.reverse[k]
+        except KeyError:
+            if isinstance(self.error, types.FunctionType):
+                return self.error(self.name, k, False)
+            else:
+                raise self.error("%s: Invalid reverse lookup: [%s]" % (self.name, k))
--- a/copyparty/stolen/dnslib/bit.py
+++ b/copyparty/stolen/dnslib/bit.py
@@ -0,0 +1,15 @@
+# coding: utf-8
+
+from __future__ import print_function
+
+
+def get_bits(data, offset, bits=1):
+    mask = ((1 << bits) - 1) << offset
+    return (data & mask) >> offset
+
+
+def set_bits(data, value, offset, bits=1):
+    mask = ((1 << bits) - 1) << offset
+    clear = 0xFFFF ^ mask
+    data = (data & clear) | ((value << offset) & mask)
+    return data
--- a/copyparty/stolen/dnslib/buffer.py
+++ b/copyparty/stolen/dnslib/buffer.py
@@ -0,0 +1,56 @@
+# coding: utf-8
+
+import binascii
+import struct
+
+
+class BufferError(Exception):
+    pass
+
+
+class Buffer(object):
+    def __init__(self, data=b""):
+        self.data = bytearray(data)
+        self.offset = 0
+
+    def remaining(self):
+        return len(self.data) - self.offset
+
+    def get(self, length):
+        if length > self.remaining():
+            raise BufferError(
+                "Not enough bytes [offset=%d,remaining=%d,requested=%d]"
+                % (self.offset, self.remaining(), length)
+            )
+        start = self.offset
+        end = self.offset + length
+        self.offset += length
+        return bytes(self.data[start:end])
+
+    def hex(self):
+        return binascii.hexlify(self.data)
+
+    def pack(self, fmt, *args):
+        self.offset += struct.calcsize(fmt)
+        self.data += struct.pack(fmt, *args)
+
+    def append(self, s):
+        self.offset += len(s)
+        self.data += s
+
+    def update(self, ptr, fmt, *args):
+        s = struct.pack(fmt, *args)
+        self.data[ptr : ptr + len(s)] = s
+
+    def unpack(self, fmt):
+        try:
+            data = self.get(struct.calcsize(fmt))
+            return struct.unpack(fmt, data)
+        except struct.error:
+            raise BufferError(
+                "Error unpacking struct '%s' <%s>"
+                % (fmt, binascii.hexlify(data).decode())
+            )
+
+    def __len__(self):
+        return len(self.data)
--- a/copyparty/stolen/dnslib/dns.py
+++ b/copyparty/stolen/dnslib/dns.py
@@ -0,0 +1,775 @@
+# coding: utf-8
+
+from __future__ import print_function
+
+import binascii
+from itertools import chain
+
+from .bimap import Bimap, BimapError
+from .bit import get_bits, set_bits
+from .buffer import BufferError
+from .label import DNSBuffer, DNSLabel
+from .ranges import IP4, IP6, H, I, check_bytes
+
+
+class DNSError(Exception):
+    pass
+
+
+def unknown_qtype(name, key, forward):
+    if forward:
+        try:
+            return "TYPE%d" % (key,)
+        except:
+            raise DNSError("%s: Invalid forward lookup: [%s]" % (name, key))
+    else:
+        if key.startswith("TYPE"):
+            try:
+                return int(key[4:])
+            except:
+                pass
+        raise DNSError("%s: Invalid reverse lookup: [%s]" % (name, key))
+
+
+QTYPE = Bimap(
+    "QTYPE",
+    {1: "A", 12: "PTR", 16: "TXT", 28: "AAAA", 33: "SRV", 47: "NSEC", 255: "ANY"},
+    unknown_qtype,
+)
+
+CLASS = Bimap("CLASS", {1: "IN", 254: "None", 255: "*", 0x8001: "F_IN"}, DNSError)
+
+QR = Bimap("QR", {0: "QUERY", 1: "RESPONSE"}, DNSError)
+
+RCODE = Bimap(
+    "RCODE",
+    {
+        0: "NOERROR",
+        1: "FORMERR",
+        2: "SERVFAIL",
+        3: "NXDOMAIN",
+        4: "NOTIMP",
+        5: "REFUSED",
+        6: "YXDOMAIN",
+        7: "YXRRSET",
+        8: "NXRRSET",
+        9: "NOTAUTH",
+        10: "NOTZONE",
+    },
+    DNSError,
+)
+
+OPCODE = Bimap(
+    "OPCODE", {0: "QUERY", 1: "IQUERY", 2: "STATUS", 4: "NOTIFY", 5: "UPDATE"}, DNSError
+)
+
+
+def label(label, origin=None):
+    if label.endswith("."):
+        return DNSLabel(label)
+    else:
+        return (origin if isinstance(origin, DNSLabel) else DNSLabel(origin)).add(label)
+
+
+class DNSRecord(object):
+    @classmethod
+    def parse(cls, packet) -> "DNSRecord":
+        buffer = DNSBuffer(packet)
+        try:
+            header = DNSHeader.parse(buffer)
+            questions = []
+            rr = []
+            auth = []
+            ar = []
+            for i in range(header.q):
+                questions.append(DNSQuestion.parse(buffer))
+            for i in range(header.a):
+                rr.append(RR.parse(buffer))
+            for i in range(header.auth):
+                auth.append(RR.parse(buffer))
+            for i in range(header.ar):
+                ar.append(RR.parse(buffer))
+            return cls(header, questions, rr, auth=auth, ar=ar)
+        except (BufferError, BimapError) as e:
+            raise DNSError(
+                "Error unpacking DNSRecord [offset=%d]: %s" % (buffer.offset, e)
+            )
+
+    @classmethod
+    def question(cls, qname, qtype="A", qclass="IN"):
+        return DNSRecord(
+            q=DNSQuestion(qname, getattr(QTYPE, qtype), getattr(CLASS, qclass))
+        )
+
+    def __init__(
+        self, header=None, questions=None, rr=None, q=None, a=None, auth=None, ar=None
+    ) -> None:
+        self.header = header or DNSHeader()
+        self.questions: list[DNSQuestion] = questions or []
+        self.rr: list[RR] = rr or []
+        self.auth: list[RR] = auth or []
+        self.ar: list[RR] = ar or []
+
+        if q:
+            self.questions.append(q)
+        if a:
+            self.rr.append(a)
+        self.set_header_qa()
+
+    def reply(self, ra=1, aa=1):
+        return DNSRecord(
+            DNSHeader(id=self.header.id, bitmap=self.header.bitmap, qr=1, ra=ra, aa=aa),
+            q=self.q,
+        )
+
+    def add_question(self, *q) -> None:
+        self.questions.extend(q)
+        self.set_header_qa()
+
+    def add_answer(self, *rr) -> None:
+        self.rr.extend(rr)
+        self.set_header_qa()
+
+    def add_auth(self, *auth) -> None:
+        self.auth.extend(auth)
+        self.set_header_qa()
+
+    def add_ar(self, *ar) -> None:
+        self.ar.extend(ar)
+        self.set_header_qa()
+
+    def set_header_qa(self) -> None:
+        self.header.q = len(self.questions)
+        self.header.a = len(self.rr)
+        self.header.auth = len(self.auth)
+        self.header.ar = len(self.ar)
+
+    def get_q(self):
+        return self.questions[0] if self.questions else DNSQuestion()
+
+    q = property(get_q)
+
+    def get_a(self):
+        return self.rr[0] if self.rr else RR()
+
+    a = property(get_a)
+
+    def pack(self) -> bytes:
+        self.set_header_qa()
+        buffer = DNSBuffer()
+        self.header.pack(buffer)
+        for q in self.questions:
+            q.pack(buffer)
+        for rr in self.rr:
+            rr.pack(buffer)
+        for auth in self.auth:
+            auth.pack(buffer)
+        for ar in self.ar:
+            ar.pack(buffer)
+        return buffer.data
+
+    def truncate(self):
+        return DNSRecord(DNSHeader(id=self.header.id, bitmap=self.header.bitmap, tc=1))
+
+    def format(self, prefix="", sort=False):
+        s = sorted if sort else lambda x: x
+        sections = [repr(self.header)]
+        sections.extend(s([repr(q) for q in self.questions]))
+        sections.extend(s([repr(rr) for rr in self.rr]))
+        sections.extend(s([repr(rr) for rr in self.auth]))
+        sections.extend(s([repr(rr) for rr in self.ar]))
+        return prefix + ("\n" + prefix).join(sections)
+
+    short = format
+
+    def __repr__(self):
+        return self.format()
+
+    __str__ = __repr__
+
+
+class DNSHeader(object):
+    id = H("id")
+    bitmap = H("bitmap")
+    q = H("q")
+    a = H("a")
+    auth = H("auth")
+    ar = H("ar")
+
+    @classmethod
+    def parse(cls, buffer):
+        try:
+            (id, bitmap, q, a, auth, ar) = buffer.unpack("!HHHHHH")
+            return cls(id, bitmap, q, a, auth, ar)
+        except (BufferError, BimapError) as e:
+            raise DNSError(
+                "Error unpacking DNSHeader [offset=%d]: %s" % (buffer.offset, e)
+            )
+
+    def __init__(self, id=None, bitmap=None, q=0, a=0, auth=0, ar=0, **args) -> None:
+        self.id = id if id else 0
+        if bitmap is None:
+            self.bitmap = 0
+        else:
+            self.bitmap = bitmap
+        self.q = q
+        self.a = a
+        self.auth = auth
+        self.ar = ar
+        for k, v in args.items():
+            if k.lower() == "qr":
+                self.qr = v
+            elif k.lower() == "opcode":
+                self.opcode = v
+            elif k.lower() == "aa":
+                self.aa = v
+            elif k.lower() == "tc":
+                self.tc = v
+            elif k.lower() == "rd":
+                self.rd = v
+            elif k.lower() == "ra":
+                self.ra = v
+            elif k.lower() == "z":
+                self.z = v
+            elif k.lower() == "ad":
+                self.ad = v
+            elif k.lower() == "cd":
+                self.cd = v
+            elif k.lower() == "rcode":
+                self.rcode = v
+
+    def get_qr(self):
+        return get_bits(self.bitmap, 15)
+
+    def set_qr(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 15)
+
+    qr = property(get_qr, set_qr)
+
+    def get_opcode(self):
+        return get_bits(self.bitmap, 11, 4)
+
+    def set_opcode(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 11, 4)
+
+    opcode = property(get_opcode, set_opcode)
+
+    def get_aa(self):
+        return get_bits(self.bitmap, 10)
+
+    def set_aa(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 10)
+
+    aa = property(get_aa, set_aa)
+
+    def get_tc(self):
+        return get_bits(self.bitmap, 9)
+
+    def set_tc(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 9)
+
+    tc = property(get_tc, set_tc)
+
+    def get_rd(self):
+        return get_bits(self.bitmap, 8)
+
+    def set_rd(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 8)
+
+    rd = property(get_rd, set_rd)
+
+    def get_ra(self):
+        return get_bits(self.bitmap, 7)
+
+    def set_ra(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 7)
+
+    ra = property(get_ra, set_ra)
+
+    def get_z(self):
+        return get_bits(self.bitmap, 6)
+
+    def set_z(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 6)
+
+    z = property(get_z, set_z)
+
+    def get_ad(self):
+        return get_bits(self.bitmap, 5)
+
+    def set_ad(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 5)
+
+    ad = property(get_ad, set_ad)
+
+    def get_cd(self):
+        return get_bits(self.bitmap, 4)
+
+    def set_cd(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 4)
+
+    cd = property(get_cd, set_cd)
+
+    def get_rcode(self):
+        return get_bits(self.bitmap, 0, 4)
+
+    def set_rcode(self, val):
+        self.bitmap = set_bits(self.bitmap, val, 0, 4)
+
+    rcode = property(get_rcode, set_rcode)
+
+    def pack(self, buffer):
+        buffer.pack("!HHHHHH", self.id, self.bitmap, self.q, self.a, self.auth, self.ar)
+
+    def __repr__(self):
+        f = [
+            self.aa and "AA",
+            self.tc and "TC",
+            self.rd and "RD",
+            self.ra and "RA",
+            self.z and "Z",
+            self.ad and "AD",
+            self.cd and "CD",
+        ]
+        if OPCODE.get(self.opcode) == "UPDATE":
+            f1 = "zo"
+            f2 = "pr"
+            f3 = "up"
+            f4 = "ad"
+        else:
+            f1 = "q"
+            f2 = "a"
+            f3 = "ns"
+            f4 = "ar"
+        return (
+            "<DNS Header: id=0x%x type=%s opcode=%s flags=%s "
+            "rcode='%s' %s=%d %s=%d %s=%d %s=%d>"
+            % (
+                self.id,
+                QR.get(self.qr),
+                OPCODE.get(self.opcode),
+                ",".join(filter(None, f)),
+                RCODE.get(self.rcode),
+                f1,
+                self.q,
+                f2,
+                self.a,
+                f3,
+                self.auth,
+                f4,
+                self.ar,
+            )
+        )
+
+    __str__ = __repr__
+
+
+class DNSQuestion(object):
+    @classmethod
+    def parse(cls, buffer):
+        try:
+            qname = buffer.decode_name()
+            qtype, qclass = buffer.unpack("!HH")
+            return cls(qname, qtype, qclass)
+        except (BufferError, BimapError) as e:
+            raise DNSError(
+                "Error unpacking DNSQuestion [offset=%d]: %s" % (buffer.offset, e)
+            )
+
+    def __init__(self, qname=None, qtype=1, qclass=1) -> None:
+        self.qname = qname
+        self.qtype = qtype
+        self.qclass = qclass
+
+    def set_qname(self, qname):
+        if isinstance(qname, DNSLabel):
+            self._qname = qname
+        else:
+            self._qname = DNSLabel(qname)
+
+    def get_qname(self):
+        return self._qname
+
+    qname = property(get_qname, set_qname)
+
+    def pack(self, buffer):
+        buffer.encode_name(self.qname)
+        buffer.pack("!HH", self.qtype, self.qclass)
+
+    def __repr__(self):
+        return "<DNS Question: '%s' qtype=%s qclass=%s>" % (
+            self.qname,
+            QTYPE.get(self.qtype),
+            CLASS.get(self.qclass),
+        )
+
+    __str__ = __repr__
+
+
+class RR(object):
+    rtype = H("rtype")
+    rclass = H("rclass")
+    ttl = I("ttl")
+    rdlength = H("rdlength")
+
+    @classmethod
+    def parse(cls, buffer):
+        try:
+            rname = buffer.decode_name()
+            rtype, rclass, ttl, rdlength = buffer.unpack("!HHIH")
+            if rdlength:
+                rdata = RDMAP.get(QTYPE.get(rtype), RD).parse(buffer, rdlength)
+            else:
+                rdata = ""
+            return cls(rname, rtype, rclass, ttl, rdata)
+        except (BufferError, BimapError) as e:
+            raise DNSError("Error unpacking RR [offset=%d]: %s" % (buffer.offset, e))
+
+    def __init__(self, rname=None, rtype=1, rclass=1, ttl=0, rdata=None) -> None:
+        self.rname = rname
+        self.rtype = rtype
+        self.rclass = rclass
+        self.ttl = ttl
+        self.rdata = rdata
+
+    def set_rname(self, rname):
+        if isinstance(rname, DNSLabel):
+            self._rname = rname
+        else:
+            self._rname = DNSLabel(rname)
+
+    def get_rname(self):
+        return self._rname
+
+    rname = property(get_rname, set_rname)
+
+    def pack(self, buffer):
+        buffer.encode_name(self.rname)
+        buffer.pack("!HHI", self.rtype, self.rclass, self.ttl)
+        rdlength_ptr = buffer.offset
+        buffer.pack("!H", 0)
+        start = buffer.offset
+        self.rdata.pack(buffer)
+        end = buffer.offset
+        buffer.update(rdlength_ptr, "!H", end - start)
+
+    def __repr__(self):
+        return "<DNS RR: '%s' rtype=%s rclass=%s ttl=%d rdata='%s'>" % (
+            self.rname,
+            QTYPE.get(self.rtype),
+            CLASS.get(self.rclass),
+            self.ttl,
+            self.rdata,
+        )
+
+    __str__ = __repr__
+
+
+class RD(object):
+    @classmethod
+    def parse(cls, buffer, length):
+        try:
+            data = buffer.get(length)
+            return cls(data)
+        except (BufferError, BimapError) as e:
+            raise DNSError("Error unpacking RD [offset=%d]: %s" % (buffer.offset, e))
+
+    def __init__(self, data=b"") -> None:
+        check_bytes("data", data)
+        self.data = bytes(data)
+
+    def pack(self, buffer):
+        buffer.append(self.data)
+
+    def __repr__(self):
+        if len(self.data) > 0:
+            return "\\# %d %s" % (
+                len(self.data),
+                binascii.hexlify(self.data).decode().upper(),
+            )
+        else:
+            return "\\# 0"
+
+    attrs = ("data",)
+
+
+def _force_bytes(x):
+    if isinstance(x, bytes):
+        return x
+    else:
+        return x.encode()
+
+
+class TXT(RD):
+    @classmethod
+    def parse(cls, buffer, length):
+        try:
+            data = list()
+            start_bo = buffer.offset
+            now_length = 0
+            while buffer.offset < start_bo + length:
+                (txtlength,) = buffer.unpack("!B")
+
+                if now_length + txtlength < length:
+                    now_length += txtlength
+                    data.append(buffer.get(txtlength))
+                else:
+                    raise DNSError(
+                        "Invalid TXT record: len(%d) > RD len(%d)" % (txtlength, length)
+                    )
+            return cls(data)
+        except (BufferError, BimapError) as e:
+            raise DNSError("Error unpacking TXT [offset=%d]: %s" % (buffer.offset, e))
+
+    def __init__(self, data) -> None:
+        if type(data) in (tuple, list):
+            self.data = [_force_bytes(x) for x in data]
+        else:
+            self.data = [_force_bytes(data)]
+        if any([len(x) > 255 for x in self.data]):
+            raise DNSError("TXT record too long: %s" % self.data)
+
+    def pack(self, buffer):
+        for ditem in self.data:
+            if len(ditem) > 255:
+                raise DNSError("TXT record too long: %s" % ditem)
+            buffer.pack("!B", len(ditem))
+            buffer.append(ditem)
+
+    def __repr__(self):
+        return ",".join([repr(x) for x in self.data])
+
+
+class A(RD):
+
+    data = IP4("data")
+
+    @classmethod
+    def parse(cls, buffer, length):
+        try:
+            data = buffer.unpack("!BBBB")
+            return cls(data)
+        except (BufferError, BimapError) as e:
+            raise DNSError("Error unpacking A [offset=%d]: %s" % (buffer.offset, e))
+
+    def __init__(self, data) -> None:
+        if type(data) in (tuple, list):
+            self.data = tuple(data)
+        else:
+            self.data = tuple(map(int, data.rstrip(".").split(".")))
+
+    def pack(self, buffer):
+        buffer.pack("!BBBB", *self.data)
+
+    def __repr__(self):
+        return "%d.%d.%d.%d" % self.data
+
+
+def _parse_ipv6(a):
+    l, _, r = a.partition("::")
+    l_groups = list(chain(*[divmod(int(x, 16), 256) for x in l.split(":") if x]))
+    r_groups = list(chain(*[divmod(int(x, 16), 256) for x in r.split(":") if x]))
+    zeros = [0] * (16 - len(l_groups) - len(r_groups))
+    return tuple(l_groups + zeros + r_groups)
+
+
+def _format_ipv6(a):
+    left = []
+    right = []
+    current = "left"
+    for i in range(0, 16, 2):
+        group = (a[i] << 8) + a[i + 1]
+        if current == "left":
+            if group == 0 and i < 14:
+                if (a[i + 2] << 8) + a[i + 3] == 0:
+                    current = "right"
+                else:
+                    left.append("0")
+            else:
+                left.append("%x" % group)
+        else:
+            if group == 0 and len(right) == 0:
+                pass
+            else:
+                right.append("%x" % group)
+    if len(left) < 8:
+        return ":".join(left) + "::" + ":".join(right)
+    else:
+        return ":".join(left)
+
+
+class AAAA(RD):
+    data = IP6("data")
+
+    @classmethod
+    def parse(cls, buffer, length):
+        try:
+            data = buffer.unpack("!16B")
+            return cls(data)
+        except (BufferError, BimapError) as e:
+            raise DNSError("Error unpacking AAAA [offset=%d]: %s" % (buffer.offset, e))
+
+    def __init__(self, data) -> None:
+        if type(data) in (tuple, list):
+            self.data = tuple(data)
+        else:
+            self.data = _parse_ipv6(data)
+
+    def pack(self, buffer):
+        buffer.pack("!16B", *self.data)
+
+    def __repr__(self):
+        return _format_ipv6(self.data)
+
+
+class CNAME(RD):
+    @classmethod
+    def parse(cls, buffer, length):
+        try:
+            label = buffer.decode_name()
+            return cls(label)
+        except (BufferError, BimapError) as e:
+            raise DNSError("Error unpacking CNAME [offset=%d]: %s" % (buffer.offset, e))
+
+    def __init__(self, label=None) -> None:
+        self.label = label
+
+    def set_label(self, label):
+        if isinstance(label, DNSLabel):
+            self._label = label
+        else:
+            self._label = DNSLabel(label)
+
+    def get_label(self):
+        return self._label
+
+    label = property(get_label, set_label)
+
+    def pack(self, buffer):
+        buffer.encode_name(self.label)
+
+    def __repr__(self):
+        return "%s" % (self.label)
+
+    attrs = ("label",)
+
+
+class PTR(CNAME):
+    pass
+
+
+class SRV(RD):
+    priority = H("priority")
+    weight = H("weight")
+    port = H("port")
+
+    @classmethod
+    def parse(cls, buffer, length):
+        try:
+            priority, weight, port = buffer.unpack("!HHH")
+            target = buffer.decode_name()
+            return cls(priority, weight, port, target)
+        except (BufferError, BimapError) as e:
+            raise DNSError("Error unpacking SRV [offset=%d]: %s" % (buffer.offset, e))
+
+    def __init__(self, priority=0, weight=0, port=0, target=None) -> None:
+        self.priority = priority
+        self.weight = weight
+        self.port = port
+        self.target = target
+
+    def set_target(self, target):
+        if isinstance(target, DNSLabel):
+            self._target = target
+        else:
+            self._target = DNSLabel(target)
+
+    def get_target(self):
+        return self._target
+
+    target = property(get_target, set_target)
+
+    def pack(self, buffer):
+        buffer.pack("!HHH", self.priority, self.weight, self.port)
+        buffer.encode_name(self.target)
+
+    def __repr__(self):
+        return "%d %d %d %s" % (self.priority, self.weight, self.port, self.target)
+
+    attrs = ("priority", "weight", "port", "target")
+
+
+def decode_type_bitmap(type_bitmap):
+    rrlist = []
+    buf = DNSBuffer(type_bitmap)
+    while buf.remaining():
+        winnum, winlen = buf.unpack("BB")
+        bitmap = bytearray(buf.get(winlen))
+        for (pos, value) in enumerate(bitmap):
+            for i in range(8):
+                if (value << i) & 0x80:
+                    bitpos = (256 * winnum) + (8 * pos) + i
+                    rrlist.append(QTYPE[bitpos])
+    return rrlist
+
+
+def encode_type_bitmap(rrlist):
+    rrlist = sorted([getattr(QTYPE, rr) for rr in rrlist])
+    buf = DNSBuffer()
+    curWindow = rrlist[0] // 256
+    bitmap = bytearray(32)
+    n = len(rrlist) - 1
+    for i, rr in enumerate(rrlist):
+        v = rr - curWindow * 256
+        bitmap[v // 8] |= 1 << (7 - v % 8)
+
+        if i == n or rrlist[i + 1] >= (curWindow + 1) * 256:
+            while bitmap[-1] == 0:
+                bitmap = bitmap[:-1]
+            buf.pack("BB", curWindow, len(bitmap))
+            buf.append(bitmap)
+
+            if i != n:
+                curWindow = rrlist[i + 1] // 256
+                bitmap = bytearray(32)
+
+    return buf.data
+
+
+class NSEC(RD):
+    @classmethod
+    def parse(cls, buffer, length):
+        try:
+            end = buffer.offset + length
+            name = buffer.decode_name()
+            rrlist = decode_type_bitmap(buffer.get(end - buffer.offset))
+            return cls(name, rrlist)
+        except (BufferError, BimapError) as e:
+            raise DNSError("Error unpacking NSEC [offset=%d]: %s" % (buffer.offset, e))
+
+    def __init__(self, label, rrlist) -> None:
+        self.label = label
+        self.rrlist = rrlist
+
+    def set_label(self, label):
+        if isinstance(label, DNSLabel):
+            self._label = label
+        else:
+            self._label = DNSLabel(label)
+
+    def get_label(self):
+        return self._label
+
+    label = property(get_label, set_label)
+
+    def pack(self, buffer):
+        buffer.encode_name(self.label)
+        buffer.append(encode_type_bitmap(self.rrlist))
+
+    def __repr__(self):
+        return "%s %s" % (self.label, " ".join(self.rrlist))
+
+    attrs = ("label", "rrlist")
+
+
+RDMAP = {"A": A, "AAAA": AAAA, "TXT": TXT, "PTR": PTR, "SRV": SRV, "NSEC": NSEC}
--- a/copyparty/stolen/dnslib/label.py
+++ b/copyparty/stolen/dnslib/label.py
@@ -0,0 +1,154 @@
+# coding: utf-8
+
+from __future__ import print_function
+
+import re
+
+from .bit import get_bits, set_bits
+from .buffer import Buffer, BufferError
+
+LDH = set(range(33, 127))
+ESCAPE = re.compile(r"\\([0-9][0-9][0-9])")
+
+
+class DNSLabelError(Exception):
+    pass
+
+
+class DNSLabel(object):
+    def __init__(self, label):
+        if type(label) == DNSLabel:
+            self.label = label.label
+        elif type(label) in (list, tuple):
+            self.label = tuple(label)
+        else:
+            if not label or label in (b".", "."):
+                self.label = ()
+            elif type(label) is not bytes:
+                if type("") != type(b""):
+
+                    label = ESCAPE.sub(lambda m: chr(int(m[1])), label)
+                self.label = tuple(label.encode("idna").rstrip(b".").split(b"."))
+            else:
+                if type("") == type(b""):
+
+                    label = ESCAPE.sub(lambda m: chr(int(m.groups()[0])), label)
+                self.label = tuple(label.rstrip(b".").split(b"."))
+
+    def add(self, name):
+        new = DNSLabel(name)
+        if self.label:
+            new.label += self.label
+        return new
+
+    def idna(self):
+        return ".".join([s.decode("idna") for s in self.label]) + "."
+
+    def _decode(self, s):
+        if set(s).issubset(LDH):
+
+            return s.decode()
+        else:
+
+            return "".join([(chr(c) if (c in LDH) else "\\%03d" % c) for c in s])
+
+    def __str__(self):
+        return ".".join([self._decode(bytearray(s)) for s in self.label]) + "."
+
+    def __repr__(self):
+        return "<DNSLabel: '%s'>" % str(self)
+
+    def __hash__(self):
+        return hash(tuple(map(lambda x: x.lower(), self.label)))
+
+    def __ne__(self, other):
+        return not self == other
+
+    def __eq__(self, other):
+        if type(other) != DNSLabel:
+            return self.__eq__(DNSLabel(other))
+        else:
+            return [l.lower() for l in self.label] == [l.lower() for l in other.label]
+
+    def __len__(self):
+        return len(b".".join(self.label))
+
+
+class DNSBuffer(Buffer):
+    def __init__(self, data=b""):
+        super(DNSBuffer, self).__init__(data)
+        self.names = {}
+
+    def decode_name(self, last=-1):
+        label = []
+        done = False
+        while not done:
+            (length,) = self.unpack("!B")
+            if get_bits(length, 6, 2) == 3:
+
+                self.offset -= 1
+                pointer = get_bits(self.unpack("!H")[0], 0, 14)
+                save = self.offset
+                if last == save:
+                    raise BufferError(
+                        "Recursive pointer in DNSLabel [offset=%d,pointer=%d,length=%d]"
+                        % (self.offset, pointer, len(self.data))
+                    )
+                if pointer < self.offset:
+                    self.offset = pointer
+                else:
+
+                    raise BufferError(
+                        "Invalid pointer in DNSLabel [offset=%d,pointer=%d,length=%d]"
+                        % (self.offset, pointer, len(self.data))
+                    )
+                label.extend(self.decode_name(save).label)
+                self.offset = save
+                done = True
+            else:
+                if length > 0:
+                    l = self.get(length)
+                    try:
+                        l.decode()
+                    except UnicodeDecodeError:
+                        raise BufferError("Invalid label <%s>" % l)
+                    label.append(l)
+                else:
+                    done = True
+        return DNSLabel(label)
+
+    def encode_name(self, name):
+        if not isinstance(name, DNSLabel):
+            name = DNSLabel(name)
+        if len(name) > 253:
+            raise DNSLabelError("Domain label too long: %r" % name)
+        name = list(name.label)
+        while name:
+            if tuple(name) in self.names:
+
+                pointer = self.names[tuple(name)]
+                pointer = set_bits(pointer, 3, 14, 2)
+                self.pack("!H", pointer)
+                return
+            else:
+                self.names[tuple(name)] = self.offset
+                element = name.pop(0)
+                if len(element) > 63:
+                    raise DNSLabelError("Label component too long: %r" % element)
+                self.pack("!B", len(element))
+                self.append(element)
+        self.append(b"\x00")
+
+    def encode_name_nocompress(self, name):
+        if not isinstance(name, DNSLabel):
+            name = DNSLabel(name)
+        if len(name) > 253:
+            raise DNSLabelError("Domain label too long: %r" % name)
+        name = list(name.label)
+        while name:
+            element = name.pop(0)
+            if len(element) > 63:
+                raise DNSLabelError("Label component too long: %r" % element)
+            self.pack("!B", len(element))
+            self.append(element)
+        self.append(b"\x00")
--- a/copyparty/stolen/dnslib/lex.py
+++ b/copyparty/stolen/dnslib/lex.py
@@ -0,0 +1,105 @@
+# coding: utf-8
+
+from __future__ import print_function
+
+import collections
+
+try:
+    from StringIO import StringIO
+except ImportError:
+    from io import StringIO
+
+
+class Lexer(object):
+
+    escape_chars = "\\"
+    escape = {"n": "\n", "t": "\t", "r": "\r"}
+
+    def __init__(self, f, debug=False):
+        if hasattr(f, "read"):
+            self.f = f
+        elif type(f) == str:
+            self.f = StringIO(f)
+        elif type(f) == bytes:
+            self.f = StringIO(f.decode())
+        else:
+            raise ValueError("Invalid input")
+        self.debug = debug
+        self.q = collections.deque()
+        self.state = self.lexStart
+        self.escaped = False
+        self.eof = False
+
+    def __iter__(self):
+        return self.parse()
+
+    def next_token(self):
+        if self.debug:
+            print("STATE", self.state)
+        (tok, self.state) = self.state()
+        return tok
+
+    def parse(self):
+        while self.state is not None and not self.eof:
+            tok = self.next_token()
+            if tok:
+                yield tok
+
+    def read(self, n=1):
+        s = ""
+        while self.q and n > 0:
+            s += self.q.popleft()
+            n -= 1
+        s += self.f.read(n)
+        if s == "":
+            self.eof = True
+        if self.debug:
+            print("Read: >%s<" % repr(s))
+        return s
+
+    def peek(self, n=1):
+        s = ""
+        i = 0
+        while len(self.q) > i and n > 0:
+            s += self.q[i]
+            i += 1
+            n -= 1
+        r = self.f.read(n)
+        if n > 0 and r == "":
+            self.eof = True
+        self.q.extend(r)
+        if self.debug:
+            print("Peek : >%s<" % repr(s + r))
+        return s + r
+
+    def pushback(self, s):
+        p = collections.deque(s)
+        p.extend(self.q)
+        self.q = p
+
+    def readescaped(self):
+        c = self.read(1)
+        if c in self.escape_chars:
+            self.escaped = True
+            n = self.peek(3)
+            if n.isdigit():
+                n = self.read(3)
+                if self.debug:
+                    print("Escape: >%s<" % n)
+                return chr(int(n, 8))
+            elif n[0] in "x":
+                x = self.read(3)
+                if self.debug:
+                    print("Escape: >%s<" % x)
+                return chr(int(x[1:], 16))
+            else:
+                c = self.read(1)
+                if self.debug:
+                    print("Escape: >%s<" % c)
+                return self.escape.get(c, c)
+        else:
+            self.escaped = False
+            return c
+
+    def lexStart(self):
+        return (None, None)
--- a/copyparty/stolen/dnslib/ranges.py
+++ b/copyparty/stolen/dnslib/ranges.py
@@ -0,0 +1,81 @@
+# coding: utf-8
+
+import sys
+
+if sys.version_info < (3,):
+    int_types = (
+        int,
+        long,
+    )
+    byte_types = (str, bytearray)
+else:
+    int_types = (int,)
+    byte_types = (bytes, bytearray)
+
+
+def check_instance(name, val, types):
+    if not isinstance(val, types):
+        raise ValueError(
+            "Attribute '%s' must be instance of %s [%s]" % (name, types, type(val))
+        )
+
+
+def check_bytes(name, val):
+    return check_instance(name, val, byte_types)
+
+
+def range_property(attr, min, max):
+    def getter(obj):
+        return getattr(obj, "_%s" % attr)
+
+    def setter(obj, val):
+        if isinstance(val, int_types) and min <= val <= max:
+            setattr(obj, "_%s" % attr, val)
+        else:
+            raise ValueError(
+                "Attribute '%s' must be between %d-%d [%s]" % (attr, min, max, val)
+            )
+
+    return property(getter, setter)
+
+
+def B(attr):
+    return range_property(attr, 0, 255)
+
+
+def H(attr):
+    return range_property(attr, 0, 65535)
+
+
+def I(attr):
+    return range_property(attr, 0, 4294967295)
+
+
+def ntuple_range(attr, n, min, max):
+    f = lambda x: isinstance(x, int_types) and min <= x <= max
+
+    def getter(obj):
+        return getattr(obj, "_%s" % attr)
+
+    def setter(obj, val):
+        if len(val) != n:
+            raise ValueError(
+                "Attribute '%s' must be tuple with %d elements [%s]" % (attr, n, val)
+            )
+        if all(map(f, val)):
+            setattr(obj, "_%s" % attr, val)
+        else:
+            raise ValueError(
+                "Attribute '%s' elements must be between %d-%d [%s]"
+                % (attr, min, max, val)
+            )
+
+    return property(getter, setter)
+
+
+def IP4(attr):
+    return ntuple_range(attr, 4, 0, 255)
+
+
+def IP6(attr):
+    return ntuple_range(attr, 16, 0, 255)
--- a/copyparty/stolen/ifaddr/README.md
+++ b/copyparty/stolen/ifaddr/README.md
@@ -0,0 +1,5 @@
+`ifaddr` with py2.7 support enabled by make-sfx.sh which strips py3 hints using strip_hints and removes the `^if True:` blocks
+
+L: BSD-2-Clause
+Copyright (c) 2014 Stefan C. Mueller
+https://github.com/pydron/ifaddr/
--- a/copyparty/stolen/ifaddr/init.py
+++ b/copyparty/stolen/ifaddr/init.py
@@ -0,0 +1,21 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+"""
+L: BSD-2-Clause
+Copyright (c) 2014 Stefan C. Mueller
+https://github.com/pydron/ifaddr/tree/0.2.0
+"""
+
+import os
+
+from ._shared import IP, Adapter
+
+if os.name == "nt":
+    from ._win32 import get_adapters
+elif os.name == "posix":
+    from ._posix import get_adapters
+else:
+    raise RuntimeError("Unsupported Operating System: %s" % os.name)
+
+__all__ = ["Adapter", "IP", "get_adapters"]
--- a/copyparty/stolen/ifaddr/_posix.py
+++ b/copyparty/stolen/ifaddr/_posix.py
@@ -0,0 +1,84 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import collections
+import ctypes.util
+import os
+import socket
+
+import ipaddress
+
+if True:  # pylint: disable=using-constant-test
+    from typing import Iterable, Optional
+
+from . import _shared as shared
+from ._shared import U
+
+
+class ifaddrs(ctypes.Structure):
+    pass
+
+
+ifaddrs._fields_ = [
+    ("ifa_next", ctypes.POINTER(ifaddrs)),
+    ("ifa_name", ctypes.c_char_p),
+    ("ifa_flags", ctypes.c_uint),
+    ("ifa_addr", ctypes.POINTER(shared.sockaddr)),
+    ("ifa_netmask", ctypes.POINTER(shared.sockaddr)),
+]
+
+libc = ctypes.CDLL(ctypes.util.find_library("socket" if os.uname()[0] == "SunOS" else "c"), use_errno=True)  # type: ignore
+
+
+def get_adapters(include_unconfigured: bool = False) -> Iterable[shared.Adapter]:
+
+    addr0 = addr = ctypes.POINTER(ifaddrs)()
+    retval = libc.getifaddrs(ctypes.byref(addr))
+    if retval != 0:
+        eno = ctypes.get_errno()
+        raise OSError(eno, os.strerror(eno))
+
+    ips = collections.OrderedDict()
+
+    def add_ip(adapter_name: str, ip: Optional[shared.IP]) -> None:
+        if adapter_name not in ips:
+            index = None  # type: Optional[int]
+            try:
+                # Mypy errors on this when the Windows CI runs:
+                #     error: Module has no attribute "if_nametoindex"
+                index = socket.if_nametoindex(adapter_name)  # type: ignore
+            except (OSError, AttributeError):
+                pass
+            ips[adapter_name] = shared.Adapter(
+                adapter_name, adapter_name, [], index=index
+            )
+        if ip is not None:
+            ips[adapter_name].ips.append(ip)
+
+    while addr:
+        name = addr[0].ifa_name.decode(encoding="UTF-8")
+        ip_addr = shared.sockaddr_to_ip(addr[0].ifa_addr)
+        if ip_addr:
+            if addr[0].ifa_netmask and not addr[0].ifa_netmask[0].sa_familiy:
+                addr[0].ifa_netmask[0].sa_familiy = addr[0].ifa_addr[0].sa_familiy
+            netmask = shared.sockaddr_to_ip(addr[0].ifa_netmask)
+            if isinstance(netmask, tuple):
+                netmaskStr = U(netmask[0])
+                prefixlen = shared.ipv6_prefixlength(ipaddress.IPv6Address(netmaskStr))
+            else:
+                if netmask is None:
+                    t = "sockaddr_to_ip({}) returned None"
+                    raise Exception(t.format(addr[0].ifa_netmask))
+
+                netmaskStr = U("0.0.0.0/" + netmask)
+                prefixlen = ipaddress.IPv4Network(netmaskStr).prefixlen
+            ip = shared.IP(ip_addr, prefixlen, name)
+            add_ip(name, ip)
+        else:
+            if include_unconfigured:
+                add_ip(name, None)
+        addr = addr[0].ifa_next
+
+    libc.freeifaddrs(addr0)
+
+    return ips.values()
--- a/copyparty/stolen/ifaddr/_shared.py
+++ b/copyparty/stolen/ifaddr/_shared.py
@@ -0,0 +1,203 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import ctypes
+import platform
+import socket
+import sys
+
+import ipaddress
+
+if True:  # pylint: disable=using-constant-test
+    from typing import Callable, List, Optional, Union
+
+
+PY2 = sys.version_info < (3,)
+if not PY2:
+    U: Callable[[str], str] = str
+else:
+    U = unicode  # noqa: F821  # pylint: disable=undefined-variable,self-assigning-variable
+
+
+class Adapter(object):
+    """
+    Represents a network interface device controller (NIC), such as a
+    network card. An adapter can have multiple IPs.
+
+    On Linux aliasing (multiple IPs per physical NIC) is implemented
+    by creating 'virtual' adapters, each represented by an instance
+    of this class. Each of those 'virtual' adapters can have both
+    a IPv4 and an IPv6 IP address.
+    """
+
+    def __init__(
+        self, name: str, nice_name: str, ips: List["IP"], index: Optional[int] = None
+    ) -> None:
+
+        #: Unique name that identifies the adapter in the system.
+        #: On Linux this is of the form of `eth0` or `eth0:1`, on
+        #: Windows it is a UUID in string representation, such as
+        #: `{846EE342-7039-11DE-9D20-806E6F6E6963}`.
+        self.name = name
+
+        #: Human readable name of the adpater. On Linux this
+        #: is currently the same as :attr:`name`. On Windows
+        #: this is the name of the device.
+        self.nice_name = nice_name
+
+        #: List of :class:`ifaddr.IP` instances in the order they were
+        #: reported by the system.
+        self.ips = ips
+
+        #: Adapter index as used by some API (e.g. IPv6 multicast group join).
+        self.index = index
+
+    def __repr__(self) -> str:
+        return "Adapter(name={name}, nice_name={nice_name}, ips={ips}, index={index})".format(
+            name=repr(self.name),
+            nice_name=repr(self.nice_name),
+            ips=repr(self.ips),
+            index=repr(self.index),
+        )
+
+
+if True:
+    # Type of an IPv4 address (a string in "xxx.xxx.xxx.xxx" format)
+    _IPv4Address = str
+
+    # Type of an IPv6 address (a three-tuple `(ip, flowinfo, scope_id)`)
+    _IPv6Address = tuple[str, int, int]
+
+
+class IP(object):
+    """
+    Represents an IP address of an adapter.
+    """
+
+    def __init__(
+        self, ip: Union[_IPv4Address, _IPv6Address], network_prefix: int, nice_name: str
+    ) -> None:
+
+        #: IP address. For IPv4 addresses this is a string in
+        #: "xxx.xxx.xxx.xxx" format. For IPv6 addresses this
+        #: is a three-tuple `(ip, flowinfo, scope_id)`, where
+        #: `ip` is a string in the usual collon separated
+        #: hex format.
+        self.ip = ip
+
+        #: Number of bits of the IP that represent the
+        #: network. For a `255.255.255.0` netmask, this
+        #: number would be `24`.
+        self.network_prefix = network_prefix
+
+        #: Human readable name for this IP.
+        #: On Linux is this currently the same as the adapter name.
+        #: On Windows this is the name of the network connection
+        #: as configured in the system control panel.
+        self.nice_name = nice_name
+
+    @property
+    def is_IPv4(self) -> bool:
+        """
+        Returns `True` if this IP is an IPv4 address and `False`
+        if it is an IPv6 address.
+        """
+        return not isinstance(self.ip, tuple)
+
+    @property
+    def is_IPv6(self) -> bool:
+        """
+        Returns `True` if this IP is an IPv6 address and `False`
+        if it is an IPv4 address.
+        """
+        return isinstance(self.ip, tuple)
+
+    def __repr__(self) -> str:
+        return "IP(ip={ip}, network_prefix={network_prefix}, nice_name={nice_name})".format(
+            ip=repr(self.ip),
+            network_prefix=repr(self.network_prefix),
+            nice_name=repr(self.nice_name),
+        )
+
+
+if platform.system() == "Darwin" or "BSD" in platform.system():
+
+    # BSD derived systems use marginally different structures
+    # than either Linux or Windows.
+    # I still keep it in `shared` since we can use
+    # both structures equally.
+
+    class sockaddr(ctypes.Structure):
+        _fields_ = [
+            ("sa_len", ctypes.c_uint8),
+            ("sa_familiy", ctypes.c_uint8),
+            ("sa_data", ctypes.c_uint8 * 14),
+        ]
+
+    class sockaddr_in(ctypes.Structure):
+        _fields_ = [
+            ("sa_len", ctypes.c_uint8),
+            ("sa_familiy", ctypes.c_uint8),
+            ("sin_port", ctypes.c_uint16),
+            ("sin_addr", ctypes.c_uint8 * 4),
+            ("sin_zero", ctypes.c_uint8 * 8),
+        ]
+
+    class sockaddr_in6(ctypes.Structure):
+        _fields_ = [
+            ("sa_len", ctypes.c_uint8),
+            ("sa_familiy", ctypes.c_uint8),
+            ("sin6_port", ctypes.c_uint16),
+            ("sin6_flowinfo", ctypes.c_uint32),
+            ("sin6_addr", ctypes.c_uint8 * 16),
+            ("sin6_scope_id", ctypes.c_uint32),
+        ]
+
+else:
+
+    class sockaddr(ctypes.Structure):  # type: ignore
+        _fields_ = [("sa_familiy", ctypes.c_uint16), ("sa_data", ctypes.c_uint8 * 14)]
+
+    class sockaddr_in(ctypes.Structure):  # type: ignore
+        _fields_ = [
+            ("sin_familiy", ctypes.c_uint16),
+            ("sin_port", ctypes.c_uint16),
+            ("sin_addr", ctypes.c_uint8 * 4),
+            ("sin_zero", ctypes.c_uint8 * 8),
+        ]
+
+    class sockaddr_in6(ctypes.Structure):  # type: ignore
+        _fields_ = [
+            ("sin6_familiy", ctypes.c_uint16),
+            ("sin6_port", ctypes.c_uint16),
+            ("sin6_flowinfo", ctypes.c_uint32),
+            ("sin6_addr", ctypes.c_uint8 * 16),
+            ("sin6_scope_id", ctypes.c_uint32),
+        ]
+
+
+def sockaddr_to_ip(
+    sockaddr_ptr: "ctypes.pointer[sockaddr]",
+) -> Optional[Union[_IPv4Address, _IPv6Address]]:
+    if sockaddr_ptr:
+        if sockaddr_ptr[0].sa_familiy == socket.AF_INET:
+            ipv4 = ctypes.cast(sockaddr_ptr, ctypes.POINTER(sockaddr_in))
+            ippacked = bytes(bytearray(ipv4[0].sin_addr))
+            ip = U(ipaddress.ip_address(ippacked))
+            return ip
+        elif sockaddr_ptr[0].sa_familiy == socket.AF_INET6:
+            ipv6 = ctypes.cast(sockaddr_ptr, ctypes.POINTER(sockaddr_in6))
+            flowinfo = ipv6[0].sin6_flowinfo
+            ippacked = bytes(bytearray(ipv6[0].sin6_addr))
+            ip = U(ipaddress.ip_address(ippacked))
+            scope_id = ipv6[0].sin6_scope_id
+            return (ip, flowinfo, scope_id)
+    return None
+
+
+def ipv6_prefixlength(address: ipaddress.IPv6Address) -> int:
+    prefix_length = 0
+    for i in range(address.max_prefixlen):
+        if int(address) >> i & 1:
+            prefix_length = prefix_length + 1
+    return prefix_length
--- a/copyparty/stolen/ifaddr/_win32.py
+++ b/copyparty/stolen/ifaddr/_win32.py
@@ -0,0 +1,135 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import ctypes
+from ctypes import wintypes
+
+if True:  # pylint: disable=using-constant-test
+    from typing import Iterable, List
+
+from . import _shared as shared
+
+NO_ERROR = 0
+ERROR_BUFFER_OVERFLOW = 111
+MAX_ADAPTER_NAME_LENGTH = 256
+MAX_ADAPTER_DESCRIPTION_LENGTH = 128
+MAX_ADAPTER_ADDRESS_LENGTH = 8
+AF_UNSPEC = 0
+
+
+class SOCKET_ADDRESS(ctypes.Structure):
+    _fields_ = [
+        ("lpSockaddr", ctypes.POINTER(shared.sockaddr)),
+        ("iSockaddrLength", wintypes.INT),
+    ]
+
+
+class IP_ADAPTER_UNICAST_ADDRESS(ctypes.Structure):
+    pass
+
+
+IP_ADAPTER_UNICAST_ADDRESS._fields_ = [
+    ("Length", wintypes.ULONG),
+    ("Flags", wintypes.DWORD),
+    ("Next", ctypes.POINTER(IP_ADAPTER_UNICAST_ADDRESS)),
+    ("Address", SOCKET_ADDRESS),
+    ("PrefixOrigin", ctypes.c_uint),
+    ("SuffixOrigin", ctypes.c_uint),
+    ("DadState", ctypes.c_uint),
+    ("ValidLifetime", wintypes.ULONG),
+    ("PreferredLifetime", wintypes.ULONG),
+    ("LeaseLifetime", wintypes.ULONG),
+    ("OnLinkPrefixLength", ctypes.c_uint8),
+]
+
+
+class IP_ADAPTER_ADDRESSES(ctypes.Structure):
+    pass
+
+
+IP_ADAPTER_ADDRESSES._fields_ = [
+    ("Length", wintypes.ULONG),
+    ("IfIndex", wintypes.DWORD),
+    ("Next", ctypes.POINTER(IP_ADAPTER_ADDRESSES)),
+    ("AdapterName", ctypes.c_char_p),
+    ("FirstUnicastAddress", ctypes.POINTER(IP_ADAPTER_UNICAST_ADDRESS)),
+    ("FirstAnycastAddress", ctypes.c_void_p),
+    ("FirstMulticastAddress", ctypes.c_void_p),
+    ("FirstDnsServerAddress", ctypes.c_void_p),
+    ("DnsSuffix", ctypes.c_wchar_p),
+    ("Description", ctypes.c_wchar_p),
+    ("FriendlyName", ctypes.c_wchar_p),
+]
+
+
+iphlpapi = ctypes.windll.LoadLibrary("Iphlpapi")  # type: ignore
+
+
+def enumerate_interfaces_of_adapter(
+    nice_name: str, address: IP_ADAPTER_UNICAST_ADDRESS
+) -> Iterable[shared.IP]:
+
+    # Iterate through linked list and fill list
+    addresses = []  # type: List[IP_ADAPTER_UNICAST_ADDRESS]
+    while True:
+        addresses.append(address)
+        if not address.Next:
+            break
+        address = address.Next[0]
+
+    for address in addresses:
+        ip = shared.sockaddr_to_ip(address.Address.lpSockaddr)
+        if ip is None:
+            t = "sockaddr_to_ip({}) returned None"
+            raise Exception(t.format(address.Address.lpSockaddr))
+
+        network_prefix = address.OnLinkPrefixLength
+        yield shared.IP(ip, network_prefix, nice_name)
+
+
+def get_adapters(include_unconfigured: bool = False) -> Iterable[shared.Adapter]:
+
+    # Call GetAdaptersAddresses() with error and buffer size handling
+
+    addressbuffersize = wintypes.ULONG(15 * 1024)
+    retval = ERROR_BUFFER_OVERFLOW
+    while retval == ERROR_BUFFER_OVERFLOW:
+        addressbuffer = ctypes.create_string_buffer(addressbuffersize.value)
+        retval = iphlpapi.GetAdaptersAddresses(
+            wintypes.ULONG(AF_UNSPEC),
+            wintypes.ULONG(0),
+            None,
+            ctypes.byref(addressbuffer),
+            ctypes.byref(addressbuffersize),
+        )
+    if retval != NO_ERROR:
+        raise ctypes.WinError()  # type: ignore
+
+    # Iterate through adapters fill array
+    address_infos = []  # type: List[IP_ADAPTER_ADDRESSES]
+    address_info = IP_ADAPTER_ADDRESSES.from_buffer(addressbuffer)
+    while True:
+        address_infos.append(address_info)
+        if not address_info.Next:
+            break
+        address_info = address_info.Next[0]
+
+    # Iterate through unicast addresses
+    result = []  # type: List[shared.Adapter]
+    for adapter_info in address_infos:
+
+        # We don't expect non-ascii characters here, so encoding shouldn't matter
+        name = adapter_info.AdapterName.decode()
+        nice_name = adapter_info.Description
+        index = adapter_info.IfIndex
+
+        if adapter_info.FirstUnicastAddress:
+            ips = enumerate_interfaces_of_adapter(
+                adapter_info.FriendlyName, adapter_info.FirstUnicastAddress[0]
+            )
+            ips = list(ips)
+            result.append(shared.Adapter(name, nice_name, ips, index=index))
+        elif include_unconfigured:
+            result.append(shared.Adapter(name, nice_name, [], index=index))
+
+    return result
--- a/copyparty/stolen/qrcodegen.py
+++ b/copyparty/stolen/qrcodegen.py
@@ -0,0 +1,591 @@
+# coding: utf-8
+
+# modified copy of Project Nayuki's qrcodegen (MIT-licensed);
+# https://github.com/nayuki/QR-Code-generator/blob/daa3114/python/qrcodegen.py
+# the original ^ is extremely well commented so refer to that for explanations
+
+# hacks: binary-only, auto-ecc, render, py2-compat
+
+from __future__ import print_function, unicode_literals
+
+import collections
+import itertools
+
+if True:  # pylint: disable=using-constant-test
+    from collections.abc import Sequence
+
+    from typing import Callable, List, Optional, Tuple, Union
+
+
+def num_char_count_bits(ver: int) -> int:
+    return 16 if (ver + 7) // 17 else 8
+
+
+class Ecc(object):
+    ordinal: int
+    formatbits: int
+
+    def __init__(self, i: int, fb: int) -> None:
+        self.ordinal = i
+        self.formatbits = fb
+
+    LOW: "Ecc"
+    MEDIUM: "Ecc"
+    QUARTILE: "Ecc"
+    HIGH: "Ecc"
+
+
+Ecc.LOW = Ecc(0, 1)
+Ecc.MEDIUM = Ecc(1, 0)
+Ecc.QUARTILE = Ecc(2, 3)
+Ecc.HIGH = Ecc(3, 2)
+
+
+class QrSegment(object):
+    @staticmethod
+    def make_seg(data: Union[bytes, Sequence[int]]) -> "QrSegment":
+        bb = _BitBuffer()
+        for b in data:
+            bb.append_bits(b, 8)
+        return QrSegment(len(data), bb)
+
+    numchars: int  # num bytes, not the same as the data's bit length
+    bitdata: List[int]  # The data bits of this segment
+
+    def __init__(self, numch: int, bitdata: Sequence[int]) -> None:
+        if numch < 0:
+            raise ValueError()
+        self.numchars = numch
+        self.bitdata = list(bitdata)
+
+    @staticmethod
+    def get_total_bits(segs: Sequence["QrSegment"], ver: int) -> Optional[int]:
+        result = 0
+        for seg in segs:
+            ccbits: int = num_char_count_bits(ver)
+            if seg.numchars >= (1 << ccbits):
+                return None  # segment length doesn't fit the field's bit width
+            result += 4 + ccbits + len(seg.bitdata)
+        return result
+
+
+class QrCode(object):
+    @staticmethod
+    def encode_binary(data: Union[bytes, Sequence[int]]) -> "QrCode":
+        return QrCode.encode_segments([QrSegment.make_seg(data)])
+
+    @staticmethod
+    def encode_segments(
+        segs: Sequence[QrSegment],
+        ecl: Ecc = Ecc.LOW,
+        minver: int = 2,
+        maxver: int = 40,
+        mask: int = -1,
+    ) -> "QrCode":
+        for ver in range(minver, maxver + 1):
+            datacapacitybits: int = QrCode._get_num_data_codewords(ver, ecl) * 8
+            datausedbits: Optional[int] = QrSegment.get_total_bits(segs, ver)
+            if (datausedbits is not None) and (datausedbits <= datacapacitybits):
+                break
+
+        assert datausedbits
+
+        for newecl in (
+            Ecc.MEDIUM,
+            Ecc.QUARTILE,
+            Ecc.HIGH,
+        ):
+            if datausedbits <= QrCode._get_num_data_codewords(ver, newecl) * 8:
+                ecl = newecl
+
+        # Concatenate all segments to create the data bit string
+        bb = _BitBuffer()
+        for seg in segs:
+            bb.append_bits(4, 4)
+            bb.append_bits(seg.numchars, num_char_count_bits(ver))
+            bb.extend(seg.bitdata)
+        assert len(bb) == datausedbits
+
+        # Add terminator and pad up to a byte if applicable
+        datacapacitybits = QrCode._get_num_data_codewords(ver, ecl) * 8
+        assert len(bb) <= datacapacitybits
+        bb.append_bits(0, min(4, datacapacitybits - len(bb)))
+        bb.append_bits(0, -len(bb) % 8)
+        assert len(bb) % 8 == 0
+
+        # Pad with alternating bytes until data capacity is reached
+        for padbyte in itertools.cycle((0xEC, 0x11)):
+            if len(bb) >= datacapacitybits:
+                break
+            bb.append_bits(padbyte, 8)
+
+        # Pack bits into bytes in big endian
+        datacodewords = bytearray([0] * (len(bb) // 8))
+        for (i, bit) in enumerate(bb):
+            datacodewords[i >> 3] |= bit << (7 - (i & 7))
+
+        return QrCode(ver, ecl, datacodewords, mask)
+
+    ver: int
+    size: int  # w/h; 21..177 (ver * 4 + 17)
+    ecclvl: Ecc
+    mask: int  # 0..7
+    modules: List[List[bool]]
+    unmaskable: List[List[bool]]
+
+    def __init__(
+        self,
+        ver: int,
+        ecclvl: Ecc,
+        datacodewords: Union[bytes, Sequence[int]],
+        msk: int,
+    ) -> None:
+        self.ver = ver
+        self.size = ver * 4 + 17
+        self.ecclvl = ecclvl
+
+        self.modules = [[False] * self.size for _ in range(self.size)]
+        self.unmaskable = [[False] * self.size for _ in range(self.size)]
+
+        # Compute ECC, draw modules
+        self._draw_function_patterns()
+        allcodewords: bytes = self._add_ecc_and_interleave(bytearray(datacodewords))
+        self._draw_codewords(allcodewords)
+
+        if msk == -1:  # automask
+            minpenalty: int = 1 << 32
+            for i in range(8):
+                self._apply_mask(i)
+                self._draw_format_bits(i)
+                penalty = self._get_penalty_score()
+                if penalty < minpenalty:
+                    msk = i
+                    minpenalty = penalty
+                self._apply_mask(i)  # xor/undo
+
+        assert 0 <= msk <= 7
+        self.mask = msk
+        self._apply_mask(msk)  # Apply the final choice of mask
+        self._draw_format_bits(msk)  # Overwrite old format bits
+
+    def render(self, zoom=1, pad=4) -> str:
+        tab = self.modules
+        sz = self.size
+        if sz % 2 and zoom == 1:
+            tab.append([False] * sz)
+
+        tab = [[False] * sz] * pad + tab + [[False] * sz] * pad
+        tab = [[False] * pad + x + [False] * pad for x in tab]
+
+        rows: list[str] = []
+        if zoom == 1:
+            for y in range(0, len(tab), 2):
+                row = ""
+                for x in range(len(tab[y])):
+                    v = 2 if tab[y][x] else 0
+                    v += 1 if tab[y + 1][x] else 0
+                    row += " ▄▀█"[v]
+                rows.append(row)
+        else:
+            for tr in tab:
+                row = ""
+                for zb in tr:
+                    row += " █"[int(zb)] * 2
+                rows.append(row)
+
+        return "\n".join(rows)
+
+    def _draw_function_patterns(self) -> None:
+        # Draw horizontal and vertical timing patterns
+        for i in range(self.size):
+            self._set_function_module(6, i, i % 2 == 0)
+            self._set_function_module(i, 6, i % 2 == 0)
+
+        # Draw 3 finder patterns (all corners except bottom right; overwrites some timing modules)
+        self._draw_finder_pattern(3, 3)
+        self._draw_finder_pattern(self.size - 4, 3)
+        self._draw_finder_pattern(3, self.size - 4)
+
+        # Draw numerous alignment patterns
+        alignpatpos: List[int] = self._get_alignment_pattern_positions()
+        numalign: int = len(alignpatpos)
+        skips: Sequence[Tuple[int, int]] = (
+            (0, 0),
+            (0, numalign - 1),
+            (numalign - 1, 0),
+        )
+        for i in range(numalign):
+            for j in range(numalign):
+                if (i, j) not in skips:  # avoid finder corners
+                    self._draw_alignment_pattern(alignpatpos[i], alignpatpos[j])
+
+        # draw config data with dummy mask value; ctor overwrites it
+        self._draw_format_bits(0)
+        self._draw_ver()
+
+    def _draw_format_bits(self, mask: int) -> None:
+        # Calculate error correction code and pack bits; ecclvl is uint2, mask is uint3
+        data: int = self.ecclvl.formatbits << 3 | mask
+        rem: int = data
+        for _ in range(10):
+            rem = (rem << 1) ^ ((rem >> 9) * 0x537)
+        bits: int = (data << 10 | rem) ^ 0x5412  # uint15
+        assert bits >> 15 == 0
+
+        # first copy
+        for i in range(0, 6):
+            self._set_function_module(8, i, _get_bit(bits, i))
+        self._set_function_module(8, 7, _get_bit(bits, 6))
+        self._set_function_module(8, 8, _get_bit(bits, 7))
+        self._set_function_module(7, 8, _get_bit(bits, 8))
+        for i in range(9, 15):
+            self._set_function_module(14 - i, 8, _get_bit(bits, i))
+
+        # second copy
+        for i in range(0, 8):
+            self._set_function_module(self.size - 1 - i, 8, _get_bit(bits, i))
+        for i in range(8, 15):
+            self._set_function_module(8, self.size - 15 + i, _get_bit(bits, i))
+        self._set_function_module(8, self.size - 8, True)  # Always dark
+
+    def _draw_ver(self) -> None:
+        if self.ver < 7:
+            return
+
+        # Calculate error correction code and pack bits
+        rem: int = self.ver  # ver is uint6, 7..40
+        for _ in range(12):
+            rem = (rem << 1) ^ ((rem >> 11) * 0x1F25)
+        bits: int = self.ver << 12 | rem  # uint18
+        assert bits >> 18 == 0
+
+        # Draw two copies
+        for i in range(18):
+            bit: bool = _get_bit(bits, i)
+            a: int = self.size - 11 + i % 3
+            b: int = i // 3
+            self._set_function_module(a, b, bit)
+            self._set_function_module(b, a, bit)
+
+    def _draw_finder_pattern(self, x: int, y: int) -> None:
+        for dy in range(-4, 5):
+            for dx in range(-4, 5):
+                xx, yy = x + dx, y + dy
+                if (0 <= xx < self.size) and (0 <= yy < self.size):
+                    # Chebyshev/infinity norm
+                    self._set_function_module(
+                        xx, yy, max(abs(dx), abs(dy)) not in (2, 4)
+                    )
+
+    def _draw_alignment_pattern(self, x: int, y: int) -> None:
+        for dy in range(-2, 3):
+            for dx in range(-2, 3):
+                self._set_function_module(x + dx, y + dy, max(abs(dx), abs(dy)) != 1)
+
+    def _set_function_module(self, x: int, y: int, isdark: bool) -> None:
+        self.modules[y][x] = isdark
+        self.unmaskable[y][x] = True
+
+    def _add_ecc_and_interleave(self, data: bytearray) -> bytes:
+        ver: int = self.ver
+        assert len(data) == QrCode._get_num_data_codewords(ver, self.ecclvl)
+
+        # Calculate parameter numbers
+        numblocks: int = QrCode._NUM_ERROR_CORRECTION_BLOCKS[self.ecclvl.ordinal][ver]
+        blockecclen: int = QrCode._ECC_CODEWORDS_PER_BLOCK[self.ecclvl.ordinal][ver]
+        rawcodewords: int = QrCode._get_num_raw_data_modules(ver) // 8
+        numshortblocks: int = numblocks - rawcodewords % numblocks
+        shortblocklen: int = rawcodewords // numblocks
+
+        # Split data into blocks and append ECC to each block
+        blocks: List[bytes] = []
+        rsdiv: bytes = QrCode._reed_solomon_compute_divisor(blockecclen)
+        k: int = 0
+        for i in range(numblocks):
+            dat: bytearray = data[
+                k : k + shortblocklen - blockecclen + (0 if i < numshortblocks else 1)
+            ]
+            k += len(dat)
+            ecc: bytes = QrCode._reed_solomon_compute_remainder(dat, rsdiv)
+            if i < numshortblocks:
+                dat.append(0)
+            blocks.append(dat + ecc)
+        assert k == len(data)
+
+        # Interleave (not concatenate) the bytes from every block into a single sequence
+        result = bytearray()
+        for i in range(len(blocks[0])):
+            for (j, blk) in enumerate(blocks):
+                # Skip the padding byte in short blocks
+                if (i != shortblocklen - blockecclen) or (j >= numshortblocks):
+                    result.append(blk[i])
+        assert len(result) == rawcodewords
+        return result
+
+    def _draw_codewords(self, data: bytes) -> None:
+        assert len(data) == QrCode._get_num_raw_data_modules(self.ver) // 8
+
+        i: int = 0  # Bit index into the data
+        for right in range(self.size - 1, 0, -2):
+            # idx of right column in each column pair
+            if right <= 6:
+                right -= 1
+            for vert in range(self.size):  # Vertical counter
+                for j in range(2):
+                    x: int = right - j
+                    upward: bool = (right + 1) & 2 == 0
+                    y: int = (self.size - 1 - vert) if upward else vert
+                    if (not self.unmaskable[y][x]) and (i < len(data) * 8):
+                        self.modules[y][x] = _get_bit(data[i >> 3], 7 - (i & 7))
+                        i += 1
+                    # any remainder bits (0..7) were set 0/false/light by ctor
+
+        assert i == len(data) * 8
+
+    def _apply_mask(self, mask: int) -> None:
+        masker: Callable[[int, int], int] = QrCode._MASK_PATTERNS[mask]
+        for y in range(self.size):
+            for x in range(self.size):
+                self.modules[y][x] ^= (masker(x, y) == 0) and (
+                    not self.unmaskable[y][x]
+                )
+
+    def _get_penalty_score(self) -> int:
+        result: int = 0
+        size: int = self.size
+        modules: List[List[bool]] = self.modules
+
+        # Adjacent modules in row having same color, and finder-like patterns
+        for y in range(size):
+            runcolor: bool = False
+            runx: int = 0
+            runhistory = collections.deque([0] * 7, 7)
+            for x in range(size):
+                if modules[y][x] == runcolor:
+                    runx += 1
+                    if runx == 5:
+                        result += QrCode._PENALTY_N1
+                    elif runx > 5:
+                        result += 1
+                else:
+                    self._finder_penalty_add_history(runx, runhistory)
+                    if not runcolor:
+                        result += (
+                            self._finder_penalty_count_patterns(runhistory)
+                            * QrCode._PENALTY_N3
+                        )
+                    runcolor = modules[y][x]
+                    runx = 1
+            result += (
+                self._finder_penalty_terminate_and_count(runcolor, runx, runhistory)
+                * QrCode._PENALTY_N3
+            )
+
+        # Adjacent modules in column having same color, and finder-like patterns
+        for x in range(size):
+            runcolor = False
+            runy = 0
+            runhistory = collections.deque([0] * 7, 7)
+            for y in range(size):
+                if modules[y][x] == runcolor:
+                    runy += 1
+                    if runy == 5:
+                        result += QrCode._PENALTY_N1
+                    elif runy > 5:
+                        result += 1
+                else:
+                    self._finder_penalty_add_history(runy, runhistory)
+                    if not runcolor:
+                        result += (
+                            self._finder_penalty_count_patterns(runhistory)
+                            * QrCode._PENALTY_N3
+                        )
+                    runcolor = modules[y][x]
+                    runy = 1
+            result += (
+                self._finder_penalty_terminate_and_count(runcolor, runy, runhistory)
+                * QrCode._PENALTY_N3
+            )
+
+        # 2*2 blocks of modules having same color
+        for y in range(size - 1):
+            for x in range(size - 1):
+                if (
+                    modules[y][x]
+                    == modules[y][x + 1]
+                    == modules[y + 1][x]
+                    == modules[y + 1][x + 1]
+                ):
+                    result += QrCode._PENALTY_N2
+
+        # Balance of dark and light modules
+        dark: int = sum((1 if cell else 0) for row in modules for cell in row)
+        total: int = size ** 2  # Note that size is odd, so dark/total != 1/2
+
+        # Compute the smallest integer k >= 0 such that (45-5k)% <= dark/total <= (55+5k)%
+        k: int = (abs(dark * 20 - total * 10) + total - 1) // total - 1
+        assert 0 <= k <= 9
+        result += k * QrCode._PENALTY_N4
+        assert 0 <= result <= 2568888
+        # ^ Non-tight upper bound based on default values of PENALTY_N1, ..., N4
+
+        return result
+
+    def _get_alignment_pattern_positions(self) -> List[int]:
+        ver: int = self.ver
+        if ver == 1:
+            return []
+
+        numalign: int = ver // 7 + 2
+        step: int = (
+            26
+            if (ver == 32)
+            else (ver * 4 + numalign * 2 + 1) // (numalign * 2 - 2) * 2
+        )
+        result: List[int] = [
+            (self.size - 7 - i * step) for i in range(numalign - 1)
+        ] + [6]
+        return list(reversed(result))
+
+    @staticmethod
+    def _get_num_raw_data_modules(ver: int) -> int:
+        result: int = (16 * ver + 128) * ver + 64
+        if ver >= 2:
+            numalign: int = ver // 7 + 2
+            result -= (25 * numalign - 10) * numalign - 55
+            if ver >= 7:
+                result -= 36
+        assert 208 <= result <= 29648
+        return result
+
+    @staticmethod
+    def _get_num_data_codewords(ver: int, ecl: Ecc) -> int:
+        return (
+            QrCode._get_num_raw_data_modules(ver) // 8
+            - QrCode._ECC_CODEWORDS_PER_BLOCK[ecl.ordinal][ver]
+            * QrCode._NUM_ERROR_CORRECTION_BLOCKS[ecl.ordinal][ver]
+        )
+
+    @staticmethod
+    def _reed_solomon_compute_divisor(degree: int) -> bytes:
+        if not (1 <= degree <= 255):
+            raise ValueError("Degree out of range")
+
+        # Polynomial coefficients are stored from highest to lowest power, excluding the leading term which is always 1.
+        # For example the polynomial x^3 + 255x^2 + 8x + 93 is stored as the uint8 array [255, 8, 93].
+        result = bytearray([0] * (degree - 1) + [1])  # start with monomial x^0
+
+        # Compute the product polynomial (x - r^0) * (x - r^1) * (x - r^2) * ... * (x - r^{degree-1}),
+        # and drop the highest monomial term which is always 1x^degree.
+        # Note that r = 0x02, which is a generator element of this field GF(2^8/0x11D).
+        root: int = 1
+        for _ in range(degree):
+            # Multiply the current product by (x - r^i)
+            for j in range(degree):
+                result[j] = QrCode._reed_solomon_multiply(result[j], root)
+                if j + 1 < degree:
+                    result[j] ^= result[j + 1]
+            root = QrCode._reed_solomon_multiply(root, 0x02)
+
+        return result
+
+    @staticmethod
+    def _reed_solomon_compute_remainder(data: bytes, divisor: bytes) -> bytes:
+        result = bytearray([0] * len(divisor))
+        for b in data:  # Polynomial division
+            factor: int = b ^ result.pop(0)
+            result.append(0)
+            for (i, coef) in enumerate(divisor):
+                result[i] ^= QrCode._reed_solomon_multiply(coef, factor)
+
+        return result
+
+    @staticmethod
+    def _reed_solomon_multiply(x: int, y: int) -> int:
+        if (x >> 8 != 0) or (y >> 8 != 0):
+            raise ValueError("Byte out of range")
+        z: int = 0  # Russian peasant multiplication
+        for i in reversed(range(8)):
+            z = (z << 1) ^ ((z >> 7) * 0x11D)
+            z ^= ((y >> i) & 1) * x
+        assert z >> 8 == 0
+        return z
+
+    def _finder_penalty_count_patterns(self, runhistory: collections.deque[int]) -> int:
+        n: int = runhistory[1]
+        assert n <= self.size * 3
+        core: bool = (
+            n > 0
+            and (runhistory[2] == runhistory[4] == runhistory[5] == n)
+            and runhistory[3] == n * 3
+        )
+        return (
+            1 if (core and runhistory[0] >= n * 4 and runhistory[6] >= n) else 0
+        ) + (1 if (core and runhistory[6] >= n * 4 and runhistory[0] >= n) else 0)
+
+    def _finder_penalty_terminate_and_count(
+        self,
+        currentruncolor: bool,
+        currentrunlength: int,
+        runhistory: collections.deque[int],
+    ) -> int:
+        if currentruncolor:  # Terminate dark run
+            self._finder_penalty_add_history(currentrunlength, runhistory)
+            currentrunlength = 0
+        currentrunlength += self.size  # Add light border to final run
+        self._finder_penalty_add_history(currentrunlength, runhistory)
+        return self._finder_penalty_count_patterns(runhistory)
+
+    def _finder_penalty_add_history(
+        self, currentrunlength: int, runhistory: collections.deque[int]
+    ) -> None:
+        if runhistory[0] == 0:
+            currentrunlength += self.size  # Add light border to initial run
+
+        runhistory.appendleft(currentrunlength)
+
+    _PENALTY_N1: int = 3
+    _PENALTY_N2: int = 3
+    _PENALTY_N3: int = 40
+    _PENALTY_N4: int = 10
+
+    # fmt: off
+    _ECC_CODEWORDS_PER_BLOCK: Sequence[Sequence[int]] = (
+        (-1,  7, 10, 15, 20, 26, 18, 20, 24, 30, 18, 20, 24, 26, 30, 22, 24, 28, 30, 28, 28, 28, 28, 30, 30, 26, 28, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30),  # noqa: E241  # L
+        (-1, 10, 16, 26, 18, 24, 16, 18, 22, 22, 26, 30, 22, 22, 24, 24, 28, 28, 26, 26, 26, 26, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28),  # noqa: E241  # M
+        (-1, 13, 22, 18, 26, 18, 24, 18, 22, 20, 24, 28, 26, 24, 20, 30, 24, 28, 28, 26, 30, 28, 30, 30, 30, 30, 28, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30),  # noqa: E241  # Q
+        (-1, 17, 28, 22, 16, 22, 28, 26, 26, 24, 28, 24, 28, 22, 24, 24, 30, 28, 28, 26, 28, 30, 24, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30))  # noqa: E241  # H
+
+    _NUM_ERROR_CORRECTION_BLOCKS: Sequence[Sequence[int]] = (
+        (-1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 4,  4,  4,  4,  4,  6,  6,  6,  6,  7,  8,  8,  9,  9, 10, 12, 12, 12, 13, 14, 15, 16, 17, 18, 19, 19, 20, 21, 22, 24, 25),  # noqa: E241  # L
+        (-1, 1, 1, 1, 2, 2, 4, 4, 4, 5, 5,  5,  8,  9,  9, 10, 10, 11, 13, 14, 16, 17, 17, 18, 20, 21, 23, 25, 26, 28, 29, 31, 33, 35, 37, 38, 40, 43, 45, 47, 49),  # noqa: E241  # M
+        (-1, 1, 1, 2, 2, 4, 4, 6, 6, 8, 8,  8, 10, 12, 16, 12, 17, 16, 18, 21, 20, 23, 23, 25, 27, 29, 34, 34, 35, 38, 40, 43, 45, 48, 51, 53, 56, 59, 62, 65, 68),  # noqa: E241  # Q
+        (-1, 1, 1, 2, 4, 4, 4, 5, 6, 8, 8, 11, 11, 16, 16, 18, 16, 19, 21, 25, 25, 25, 34, 30, 32, 35, 37, 40, 42, 45, 48, 51, 54, 57, 60, 63, 66, 70, 74, 77, 81))  # noqa: E241  # H
+    # fmt: on
+
+    _MASK_PATTERNS: Sequence[Callable[[int, int], int]] = (
+        (lambda x, y: (x + y) % 2),
+        (lambda x, y: y % 2),
+        (lambda x, y: x % 3),
+        (lambda x, y: (x + y) % 3),
+        (lambda x, y: (x // 3 + y // 2) % 2),
+        (lambda x, y: x * y % 2 + x * y % 3),
+        (lambda x, y: (x * y % 2 + x * y % 3) % 2),
+        (lambda x, y: ((x + y) % 2 + x * y % 3) % 2),
+    )
+
+
+class _BitBuffer(list):  # type: ignore
+    def append_bits(self, val: int, n: int) -> None:
+        if (n < 0) or (val >> n != 0):
+            raise ValueError("Value out of range")
+
+        self.extend(((val >> i) & 1) for i in reversed(range(n)))
+
+
+def _get_bit(x: int, i: int) -> bool:
+    return (x >> i) & 1 != 0
+
+
+class DataTooLongError(ValueError):
+    pass
--- a/copyparty/stolen/surrogateescape.py
+++ b/copyparty/stolen/surrogateescape.py
@@ -16,28 +16,12 @@ import codecs
 import platform
 import sys

-PY3 = sys.version_info[0] > 2
+PY3 = sys.version_info > (3,)
 WINDOWS = platform.system() == "Windows"
 FS_ERRORS = "surrogateescape"

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any
-except:
-    pass
-
-
-def u(text: Any) -> str:
-    if PY3:
-        return text
-    else:
-        return text.decode("unicode_escape")
-
-
-def b(data: Any) -> bytes:
-    if PY3:
-        return data.encode("latin1")
-    else:
-        return data


 if PY3:
@@ -171,9 +155,6 @@ def decodefilename(fn: bytes) -> str:


 FS_ENCODING = sys.getfilesystemencoding()
-# FS_ENCODING = "ascii"; fn = b("[abc\xff]"); encoded = u("[abc\udcff]")
-# FS_ENCODING = 'cp932'; fn = b('[abc\x81\x00]'); encoded = u('[abc\udc81\x00]')
-# FS_ENCODING = 'UTF-8'; fn = b('[abc\xff]'); encoded = u('[abc\udcff]')


 if WINDOWS and not PY3:
--- a/copyparty/sutil.py
+++ b/copyparty/sutil.py
@@ -6,12 +6,10 @@ from datetime import datetime

 from .bos import bos

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any, Generator, Optional

    from .util import NamedLogger
-except:
-    pass


 class StreamArc(object):
@@ -25,7 +23,7 @@ class StreamArc(object):
        self.fgen = fgen

    def gen(self) -> Generator[Optional[bytes], None, None]:
-        pass
+        raise Exception("override me")


 def errdesc(errors: list[tuple[str, str]]) -> tuple[dict[str, Any], list[str]]:
--- a/copyparty/svchub.py
+++ b/copyparty/svchub.py
@@ -5,6 +5,7 @@ import argparse
 import base64
 import calendar
 import gzip
+import logging
 import os
 import re
 import shlex
@@ -16,15 +17,17 @@ import threading
 import time
 from datetime import datetime, timedelta

-try:
+# from inspect import currentframe
+# print(currentframe().f_lineno)
+
+
+if True:  # pylint: disable=using-constant-test
    from types import FrameType

    import typing
    from typing import Any, Optional, Union
-except:
-    pass

-from .__init__ import ANYWIN, MACOS, PY2, VT100, WINDOWS, E, unicode
+from .__init__ import ANYWIN, MACOS, TYPE_CHECKING, VT100, EnvParams, unicode
 from .authsrv import AuthSrv
 from .mtag import HAVE_FFMPEG, HAVE_FFPROBE
 from .tcpsrv import TcpSrv
@@ -32,6 +35,10 @@ from .th_srv import HAVE_PIL, HAVE_VIPS, HAVE_WEBP, ThumbSrv
 from .up2k import Up2k
 from .util import (
    VERSIONS,
+    Daemon,
+    Garda,
+    HLog,
+    HMaccas,
    alltrace,
    ansi_re,
    min_ex,
@@ -40,6 +47,13 @@ from .util import (
    start_stackmon,
 )

+if TYPE_CHECKING:
+    try:
+        from .mdns import MDNS
+        from .ssdp import SSDPd
+    except:
+        pass
+

 class SvcHub(object):
    """
@@ -55,6 +69,7 @@ class SvcHub(object):
    def __init__(self, args: argparse.Namespace, argv: list[str], printed: str) -> None:
        self.args = args
        self.argv = argv
+        self.E: EnvParams = args.E
        self.logf: Optional[typing.TextIO] = None
        self.logf_base_fn = ""
        self.stop_req = False
@@ -71,8 +86,16 @@ class SvcHub(object):
        self.next_day = 0
        self.tstack = 0.0

+        self.iphash = HMaccas(os.path.join(self.E.cfg, "iphash"), 8)
+
+        # for non-http clients (ftp)
+        self.bans: dict[str, int] = {}
+        self.gpwd = Garda(self.args.ban_pw)
+        self.g404 = Garda(self.args.ban_404)
+
        if args.sss or args.s >= 3:
            args.ss = True
+            args.no_dav = True
            args.lo = args.lo or "cpp-%Y-%m%d-%H%M%S.txt.xz"
            args.ls = args.ls or "**,*,ln,p,r"

@@ -85,6 +108,7 @@ class SvcHub(object):
            args.no_mv = True
            args.hardlink = True
            args.vague_403 = True
+            args.ban_404 = "50,60,1440"
            args.nih = True

        if args.s:
@@ -98,6 +122,11 @@ class SvcHub(object):
        if args.lo:
            self._setup_logfile(printed)

+        lg = logging.getLogger()
+        lh = HLog(self.log)
+        lg.handlers = [lh]
+        lg.setLevel(logging.DEBUG)
+
        if args.stackmon:
            start_stackmon(args.stackmon, 0)

@@ -132,6 +161,14 @@ class SvcHub(object):
        if args.ls:
            self.asrv.dbg_ls()

+        if not ANYWIN:
+            self._setlimits()
+
+        self.log("root", "max clients: {}".format(self.args.nc))
+
+        if not self._process_config():
+            raise Exception("bad config")
+
        self.tcpsrv = TcpSrv(self)
        self.up2k = Up2k(self)

@@ -172,10 +209,35 @@ class SvcHub(object):

        args.th_poke = min(args.th_poke, args.th_maxage, args.ac_maxage)

+        zms = ""
+        if not args.https_only:
+            zms += "d"
+        if not args.http_only:
+            zms += "D"
+
        if args.ftp or args.ftps:
            from .ftpd import Ftpd

            self.ftpd = Ftpd(self)
+            zms += "f" if args.ftp else "F"
+
+        if args.smb:
+            # impacket.dcerpc is noisy about listen timeouts
+            sto = socket.getdefaulttimeout()
+            socket.setdefaulttimeout(None)
+
+            from .smbd import SMB
+
+            self.smbd = SMB(self)
+            socket.setdefaulttimeout(sto)
+            self.smbd.start()
+            zms += "s"
+
+        if not args.zms:
+            args.zms = zms
+
+        self.mdns: Optional["MDNS"] = None
+        self.ssdp: Optional["SSDPd"] = None

        # decide which worker impl to use
        if self.check_mp_enable():
@@ -206,6 +268,9 @@ class SvcHub(object):
        self.log("root", t, 1)

        self.retcode = 1
+        self.sigterm()
+
+    def sigterm(self) -> None:
        os.kill(os.getpid(), signal.SIGTERM)

    def cb_httpsrv_up(self) -> None:
@@ -214,12 +279,78 @@ class SvcHub(object):
            return

        time.sleep(0.1)  # purely cosmetic dw
-        self.log("root", "workers OK\n")
+        if self.tcpsrv.qr:
+            self.log("qr-code", self.tcpsrv.qr)
+        else:
+            self.log("root", "workers OK\n")
+
        self.up2k.init_vols()

-        thr = threading.Thread(target=self.sd_notify, name="sd-notify")
-        thr.daemon = True
-        thr.start()
+        Daemon(self.sd_notify, "sd-notify")
+
+    def _process_config(self) -> bool:
+        al = self.args
+
+        al.zm_on = al.zm_on or al.z_on
+        al.zs_on = al.zs_on or al.z_on
+        al.zm_off = al.zm_off or al.z_off
+        al.zs_off = al.zs_off or al.z_off
+        for n in ("zm_on", "zm_off", "zs_on", "zs_off"):
+            vs = getattr(al, n).split(",")
+            vs = [x.strip() for x in vs]
+            vs = [x for x in vs if x]
+            setattr(al, n, vs)
+
+        R = al.rp_loc
+        if "//" in R or ":" in R:
+            t = "found URL in --rp-loc; it should be just the location, for example /foo/bar"
+            raise Exception(t)
+
+        al.R = R = R.strip("/")
+        al.SR = "/" + R if R else ""
+        al.RS = R + "/" if R else ""
+
+        return True
+
+    def _setlimits(self) -> None:
+        try:
+            import resource
+
+            soft, hard = [
+                x if x > 0 else 1024 * 1024
+                for x in list(resource.getrlimit(resource.RLIMIT_NOFILE))
+            ]
+        except:
+            self.log("root", "failed to read rlimits from os", 6)
+            return
+
+        if not soft or not hard:
+            t = "got bogus rlimits from os ({}, {})"
+            self.log("root", t.format(soft, hard), 6)
+            return
+
+        want = self.args.nc * 4
+        new_soft = min(hard, want)
+        if new_soft < soft:
+            return
+
+        # t = "requesting rlimit_nofile({}), have {}"
+        # self.log("root", t.format(new_soft, soft), 6)
+
+        try:
+            import resource
+
+            resource.setrlimit(resource.RLIMIT_NOFILE, (new_soft, hard))
+            soft = new_soft
+        except:
+            t = "rlimit denied; max open files: {}"
+            self.log("root", t.format(soft), 3)
+            return
+
+        if soft < want:
+            t = "max open files: {} (wanted {} for -nc {})"
+            self.log("root", t.format(soft, want, self.args.nc), 3)
+            self.args.nc = min(self.args.nc, soft // 2)

    def _logname(self) -> str:
        dt = datetime.utcnow()
@@ -244,10 +375,12 @@ class SvcHub(object):
        fn = sel_fn

        try:
-            import lzma
-
-            lh = lzma.open(fn, "wt", encoding="utf-8", errors="replace", preset=0)
+            if fn.lower().endswith(".xz"):
+                import lzma

+                lh = lzma.open(fn, "wt", encoding="utf-8", errors="replace", preset=0)
+            else:
+                lh = open(fn, "wt", encoding="utf-8", errors="replace")
        except:
            import codecs

@@ -261,7 +394,8 @@ class SvcHub(object):

        msg = "[+] opened logfile [{}]\n".format(fn)
        printed += msg
-        lh.write("t0: {:.3f}\nargv: {}\n\n{}".format(E.t0, " ".join(argv), printed))
+        t = "t0: {:.3f}\nargv: {}\n\n{}"
+        lh.write(t.format(self.E.t0, " ".join(argv), printed))
        self.logf = lh
        self.logf_base_fn = base_fn
        print(msg, end="")
@@ -269,9 +403,25 @@ class SvcHub(object):
    def run(self) -> None:
        self.tcpsrv.run()

-        thr = threading.Thread(target=self.thr_httpsrv_up, name="sig-hsrv-up2")
-        thr.daemon = True
-        thr.start()
+        if getattr(self.args, "zm", False):
+            try:
+                from .mdns import MDNS
+
+                self.mdns = MDNS(self)
+                Daemon(self.mdns.run, "mdns")
+            except:
+                self.log("root", "mdns startup failed;\n" + min_ex(), 3)
+
+        if getattr(self.args, "zs", False):
+            try:
+                from .ssdp import SSDPd
+
+                self.ssdp = SSDPd(self)
+                Daemon(self.ssdp.run, "ssdp")
+            except:
+                self.log("root", "ssdp startup failed;\n" + min_ex(), 3)
+
+        Daemon(self.thr_httpsrv_up, "sig-hsrv-up2")

        sigs = [signal.SIGINT, signal.SIGTERM]
        if not ANYWIN:
@@ -286,9 +436,7 @@ class SvcHub(object):
        # never lucky
        if ANYWIN:
            # msys-python probably fine but >msys-python
-            thr = threading.Thread(target=self.stop_thr, name="svchub-sig")
-            thr.daemon = True
-            thr.start()
+            Daemon(self.stop_thr, "svchub-sig")

            try:
                while not self.stop_req:
@@ -308,9 +456,7 @@ class SvcHub(object):
            return "cannot reload; already in progress"

        self.reloading = True
-        t = threading.Thread(target=self._reload, name="reloading")
-        t.daemon = True
-        t.start()
+        Daemon(self._reload, "reloading")
        return "reload initiated"

    def _reload(self) -> None:
@@ -333,6 +479,17 @@ class SvcHub(object):

        self.shutdown()

+    def kill9(self, delay: float = 0.0) -> None:
+        if delay > 0.01:
+            time.sleep(delay)
+            print("component stuck; issuing sigkill")
+            time.sleep(0.1)
+
+        if ANYWIN:
+            os.system("taskkill /f /pid {}".format(os.getpid()))
+        else:
+            os.kill(os.getpid(), signal.SIGKILL)
+
    def signal_handler(self, sig: int, frame: Optional[FrameType]) -> None:
        if self.stopping:
            if self.nsigs <= 0:
@@ -342,10 +499,7 @@ class SvcHub(object):
                except:
                    pass

-                if ANYWIN:
-                    os.system("taskkill /f /pid {}".format(os.getpid()))
-                else:
-                    os.kill(os.getpid(), signal.SIGKILL)
+                self.kill9()
            else:
                self.nsigs -= 1
                return
@@ -372,8 +526,18 @@ class SvcHub(object):
        ret = 1
        try:
            self.pr("OPYTHAT")
-            self.tcpsrv.shutdown()
+            slp = 0.0
+
+            if self.mdns:
+                Daemon(self.mdns.stop)
+                slp = time.time() + 0.5
+
+            if self.ssdp:
+                Daemon(self.ssdp.stop)
+                slp = time.time() + 0.5
+
            self.broker.shutdown()
+            self.tcpsrv.shutdown()
            self.up2k.shutdown()
            if self.thumbsrv:
                self.thumbsrv.shutdown()
@@ -386,6 +550,14 @@ class SvcHub(object):
                    if n == 3:
                        self.pr("waiting for thumbsrv (10sec)...")

+            if hasattr(self, "smbd"):
+                slp = max(slp, time.time() + 0.5)
+                Daemon(self.kill9, a=(1,))
+                Daemon(self.smbd.stop)
+
+            while time.time() < slp:
+                time.sleep(0.1)
+
            self.pr("nailed it", end="")
            ret = self.retcode
        except:
@@ -409,7 +581,7 @@ class SvcHub(object):

        with self.log_mutex:
            ts = datetime.utcnow().strftime("%Y-%m%d-%H%M%S.%f")[:-3]
-            self.logf.write("@{} [{}] {}\n".format(ts, src, msg))
+            self.logf.write("@{} [{}\033[0m] {}\n".format(ts, src, msg))

            now = time.time()
            if now >= self.next_day:
@@ -472,17 +644,10 @@ class SvcHub(object):
            print(*a, **ka)

    def check_mp_support(self) -> str:
-        vmin = sys.version_info[1]
-        if WINDOWS:
-            msg = "need python 3.3 or newer for multiprocessing;"
-            if PY2 or vmin < 3:
-                return msg
-        elif MACOS:
+        if MACOS:
            return "multiprocessing is wonky on mac osx;"
-        else:
-            msg = "need python 3.3+ for multiprocessing;"
-            if PY2 or vmin < 3:
-                return msg
+        elif sys.version_info < (3, 3):
+            return "need python 3.3 or newer for multiprocessing;"

        try:
            x: mp.Queue[tuple[str, str]] = mp.Queue(1)
@@ -498,7 +663,10 @@ class SvcHub(object):
        if self.args.j == 1:
            return False

-        if mp.cpu_count() <= 1:
+        try:
+            if mp.cpu_count() <= 1:
+                raise Exception()
+        except:
            self.log("svchub", "only one CPU detected; multiprocessing disabled")
            return False

--- a/copyparty/szip.py
+++ b/copyparty/szip.py
@@ -3,18 +3,17 @@ from __future__ import print_function, unicode_literals

 import calendar
 import time
+import stat
 import zlib

 from .bos import bos
 from .sutil import StreamArc, errdesc
 from .util import min_ex, sanitize_fn, spack, sunpack, yieldfile

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any, Generator, Optional

    from .util import NamedLogger
-except:
-    pass


 def dostime2unix(buf: bytes) -> int:
@@ -240,6 +239,9 @@ class StreamZip(StreamArc):
        src = f["ap"]
        st = f["st"]

+        if stat.S_ISDIR(st.st_mode):
+            return
+
        sz = st.st_size
        ts = st.st_mtime

@@ -271,6 +273,7 @@ class StreamZip(StreamArc):
            yield self._ct(buf)

    def gen(self) -> Generator[bytes, None, None]:
+        errf: dict[str, Any] = {}
        errors = []
        try:
            for f in self.fgen:
@@ -311,5 +314,5 @@ class StreamZip(StreamArc):
            ecdr, _ = gen_ecdr(self.items, cdir_pos, cdir_end)
            yield self._ct(ecdr)
        finally:
-            if errors:
+            if errf:
                bos.unlink(errf["ap"])
--- a/copyparty/tcpsrv.py
+++ b/copyparty/tcpsrv.py
@@ -6,12 +6,28 @@ import re
 import socket
 import sys

-from .__init__ import ANYWIN, MACOS, TYPE_CHECKING, unicode
-from .util import chkcmd
+from .__init__ import ANYWIN, PY2, TYPE_CHECKING, VT100, unicode
+from .stolen.qrcodegen import QrCode
+from .util import (
+    E_ACCESS,
+    E_ADDR_IN_USE,
+    E_ADDR_NOT_AVAIL,
+    E_UNREACH,
+    Netdev,
+    min_ex,
+    sunpack,
+    termsize,
+)
+
+if True:
+    from typing import Generator

 if TYPE_CHECKING:
    from .svchub import SvcHub

+if not hasattr(socket, "IPPROTO_IPV6"):
+    setattr(socket, "IPPROTO_IPV6", 41)
+

 class TcpSrv(object):
    """
@@ -24,47 +40,117 @@ class TcpSrv(object):
        self.args = hub.args
        self.log = hub.log

-        self.stopping = False
+        # mp-safe since issue6056
+        socket.setdefaulttimeout(120)

+        self.stopping = False
        self.srv: list[socket.socket] = []
+        self.bound: list[tuple[str, int]] = []
        self.nsrv = 0
+        self.qr = ""
+        pad = False
        ok: dict[str, list[int]] = {}
        for ip in self.args.i:
-            ok[ip] = []
+            if ip == "::":
+                if socket.has_ipv6:
+                    ips = ["::", "0.0.0.0"]
+                    dual = True
+                else:
+                    ips = ["0.0.0.0"]
+                    dual = False
+            else:
+                ips = [ip]
+                dual = False
+
+            for ipa in ips:
+                ok[ipa] = []
+
            for port in self.args.p:
-                self.nsrv += 1
+                successful_binds = 0
                try:
-                    self._listen(ip, port)
-                    ok[ip].append(port)
+                    for ipa in ips:
+                        try:
+                            self._listen(ipa, port)
+                            ok[ipa].append(port)
+                            successful_binds += 1
+                        except:
+                            if dual and ":" in ipa:
+                                t = "listen on IPv6 [{}] failed; trying IPv4 {}...\n{}"
+                                self.log("tcpsrv", t.format(ipa, ips[1], min_ex()), 3)
+                                pad = True
+                                continue
+
+                            # binding 0.0.0.0 after :: fails on dualstack
+                            # but is necessary on non-dualstakc
+                            if successful_binds:
+                                continue
+
+                            raise
+
                except Exception as ex:
                    if self.args.ign_ebind or self.args.ign_ebind_all:
                        t = "could not listen on {}:{}: {}"
                        self.log("tcpsrv", t.format(ip, port, ex), c=3)
+                        pad = True
                    else:
                        raise

        if not self.srv and not self.args.ign_ebind_all:
            raise Exception("could not listen on any of the given interfaces")

-        if self.nsrv != len(self.srv):
+        if pad:
            self.log("tcpsrv", "")

-        ip = "127.0.0.1"
-        eps = {ip: "local only"}
-        nonlocals = [x for x in self.args.i if x != ip]
+        eps = {
+            "127.0.0.1": Netdev("127.0.0.1", 0, "", "local only"),
+            "::1": Netdev("::1", 0, "", "local only"),
+        }
+        nonlocals = [x for x in self.args.i if x not in [k.split("/")[0] for k in eps]]
        if nonlocals:
-            eps = self.detect_interfaces(self.args.i)
+            try:
+                self.netdevs = self.detect_interfaces(self.args.i)
+            except:
+                t = "failed to discover server IP addresses\n"
+                self.log("tcpsrv", t + min_ex(), 3)
+                self.netdevs = {}
+
+            eps.update({k.split("/")[0]: v for k, v in self.netdevs.items()})
            if not eps:
                for x in nonlocals:
-                    eps[x] = "external"
+                    eps[x] = Netdev(x, 0, "", "external")
+        else:
+            self.netdevs = {}

+        # keep IPv6 LL-only nics
+        ll_ok: set[str] = set()
+        for ip, nd in self.netdevs.items():
+            if not ip.startswith("fe80"):
+                continue
+
+            just_ll = True
+            for ip2, nd2 in self.netdevs.items():
+                if nd == nd2 and ":" in ip2 and not ip2.startswith("fe80"):
+                    just_ll = False
+
+            if just_ll or self.args.ll:
+                ll_ok.add(ip.split("/")[0])
+
+        qr1: dict[str, list[int]] = {}
+        qr2: dict[str, list[int]] = {}
        msgs = []
        title_tab: dict[str, dict[str, int]] = {}
        title_vars = [x[1:] for x in self.args.wintitle.split(" ") if x.startswith("$")]
        t = "available @ {}://{}:{}/  (\033[33m{}\033[0m)"
        for ip, desc in sorted(eps.items(), key=lambda x: x[1]):
+            if ip.startswith("fe80") and ip not in ll_ok:
+                continue
+
            for port in sorted(self.args.p):
-                if port not in ok.get(ip, ok.get("0.0.0.0", [])):
+                if (
+                    port not in ok.get(ip, [])
+                    and port not in ok.get("::", [])
+                    and port not in ok.get("0.0.0.0", [])
+                ):
                    continue

                proto = " http"
@@ -73,7 +159,15 @@ class TcpSrv(object):
                elif self.args.https_only or port == 443:
                    proto = "https"

-                msgs.append(t.format(proto, ip, port, desc))
+                hip = "[{}]".format(ip) if ":" in ip else ip
+                msgs.append(t.format(proto, hip, port, desc))
+
+                is_ext = "external" in unicode(desc)
+                qrt = qr1 if is_ext else qr2
+                try:
+                    qrt[ip].append(port)
+                except:
+                    qrt[ip] = [port]

                if not self.args.wintitle:
                    continue
@@ -84,7 +178,7 @@ class TcpSrv(object):
                    ep = "{}:{}".format(ip, port)

                hits = []
-                if "pub" in title_vars and "external" in unicode(desc):
+                if "pub" in title_vars and is_ext:
                    hits.append(("pub", ep))

                if "pub" in title_vars or "all" in title_vars:
@@ -101,41 +195,81 @@ class TcpSrv(object):
                        title_tab[tk] = {tv: 1}

        if msgs:
-            msgs[-1] += "\n"
            for t in msgs:
                self.log("tcpsrv", t)

        if self.args.wintitle:
            self._set_wintitle(title_tab)
+        else:
+            print("\n", end="")
+
+        if self.args.qr or self.args.qrs:
+            self.qr = self._qr(qr1, qr2)

    def _listen(self, ip: str, port: int) -> None:
-        srv = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        ipv = socket.AF_INET6 if ":" in ip else socket.AF_INET
+        srv = socket.socket(ipv, socket.SOCK_STREAM)
+
+        if not ANYWIN or self.args.reuseaddr:
+            srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+
        srv.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
+        srv.settimeout(None)  # < does not inherit, ^ opts above do
+
+        try:
+            srv.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+        except:
+            pass  # will create another ipv4 socket instead
+
        try:
            srv.bind((ip, port))
            self.srv.append(srv)
        except (OSError, socket.error) as ex:
-            if ex.errno in [98, 48]:
+            if ex.errno in E_ADDR_IN_USE:
                e = "\033[1;31mport {} is busy on interface {}\033[0m".format(port, ip)
-            elif ex.errno in [99, 49]:
+            elif ex.errno in E_ADDR_NOT_AVAIL:
                e = "\033[1;31minterface {} does not exist\033[0m".format(ip)
            else:
                raise
            raise Exception(e)

    def run(self) -> None:
+        all_eps = [x.getsockname()[:2] for x in self.srv]
+        bound: list[tuple[str, int]] = []
+        srvs: list[socket.socket] = []
        for srv in self.srv:
-            srv.listen(self.args.nc)
-            ip, port = srv.getsockname()
+            ip, port = srv.getsockname()[:2]
+            try:
+                srv.listen(self.args.nc)
+            except:
+                if ip == "0.0.0.0" and ("::", port) in bound:
+                    # dualstack
+                    srv.close()
+                    continue
+
+                if ip == "::" and ("0.0.0.0", port) in all_eps:
+                    # no ipv6
+                    srv.close()
+                    continue
+
+                raise
+
+            bound.append((ip, port))
+            srvs.append(srv)
            fno = srv.fileno()
-            msg = "listening @ {}:{}  f{} p{}".format(ip, port, fno, os.getpid())
+            hip = "[{}]".format(ip) if ":" in ip else ip
+            msg = "listening @ {}:{}  f{} p{}".format(hip, port, fno, os.getpid())
            self.log("tcpsrv", msg)
            if self.args.q:
                print(msg)

            self.hub.broker.say("listen", srv)

+        self.srv = srvs
+        self.bound = bound
+        self.nsrv = len(srvs)
+        self.hub.broker.say("set_netdevs", self.netdevs)
+
    def shutdown(self) -> None:
        self.stopping = True
        try:
@@ -146,180 +280,84 @@ class TcpSrv(object):

        self.log("tcpsrv", "ok bye")

-    def ips_linux_ifconfig(self) -> dict[str, str]:
-        # for termux
-        try:
-            txt, _ = chkcmd(["ifconfig"])
-        except:
-            return {}
+    def detect_interfaces(self, listen_ips: list[str]) -> dict[str, Netdev]:
+        from .stolen.ifaddr import get_adapters

-        eps: dict[str, str] = {}
-        dev = None
-        ip = None
-        up = None
-        for ln in (txt + "\n").split("\n"):
-            if not ln.strip() and dev and ip:
-                eps[ip] = dev + ("" if up else ", \033[31mLINK-DOWN")
-                dev = ip = up = None
+        nics = get_adapters(True)
+        eps: dict[str, Netdev] = {}
+        for nic in nics:
+            for nip in nic.ips:
+                ipa = nip.ip[0] if ":" in str(nip.ip) else nip.ip
+                sip = "{}/{}".format(ipa, nip.network_prefix)
+                nd = Netdev(sip, nic.index or 0, nic.nice_name, "")
+                eps[sip] = nd
+                try:
+                    idx = socket.if_nametoindex(nd.name)
+                    if idx and idx != nd.idx:
+                        t = "netdev idx mismatch; ifaddr={} cpython={}"
+                        self.log("tcpsrv", t.format(nd.idx, idx), 3)
+                        nd.idx = idx
+                except:
+                    pass
+
+        if "0.0.0.0" not in listen_ips and "::" not in listen_ips:
+            eps = {k: v for k, v in eps.items() if k.split("/")[0] in listen_ips}
+
+        try:
+            ext_devs = list(self._extdevs_nix())
+            ext_ips = [k for k, v in eps.items() if v.name in ext_devs]
+            ext_ips = [x.split("/")[0] for x in ext_ips]
+            if not ext_ips:
+                raise Exception()
+        except:
+            rt = self._defroute()
+            ext_ips = [rt] if rt else []
+
+        for lip in listen_ips:
+            if not ext_ips or lip not in ["0.0.0.0", "::"] + ext_ips:
                continue

-            if ln == ln.lstrip():
-                dev = re.split(r"[: ]", ln)[0]
-
-            if "UP" in re.split(r"[<>, \t]", ln):
-                up = True
-
-            m = re.match(r"^\s+inet\s+([^ ]+)", ln)
-            if m:
-                ip = m.group(1)
+            desc = "\033[32mexternal"
+            ips = ext_ips if lip in ["0.0.0.0", "::"] else [lip]
+            for ip in ips:
+                ip = next((x for x in eps if x.startswith(ip + "/")), "")
+                if ip and "external" not in eps[ip].desc:
+                    eps[ip].desc += ", " + desc

        return eps

-    def ips_linux(self) -> dict[str, str]:
-        try:
-            txt, _ = chkcmd(["ip", "addr"])
-        except:
-            return self.ips_linux_ifconfig()
+    def _extdevs_nix(self) -> Generator[str, None, None]:
+        with open("/proc/net/route", "rb") as f:
+            next(f)
+            for ln in f:
+                r = ln.decode("utf-8").strip().split()
+                if r[1] == "0" * 8 and int(r[3], 16) & 2:
+                    yield r[0]

-        r = re.compile(r"^\s+inet ([^ ]+)/.* (.*)")
-        ri = re.compile(r"^\s*[0-9]+\s*:.*")
-        up = False
-        eps: dict[str, str] = {}
-        for ln in txt.split("\n"):
-            if ri.match(ln):
-                up = "UP" in re.split("[>,< ]", ln)
-
-            try:
-                ip, dev = r.match(ln.rstrip()).groups()  # type: ignore
-                eps[ip] = dev + ("" if up else ", \033[31mLINK-DOWN")
-            except:
-                pass
-
-        return eps
-
-    def ips_macos(self) -> dict[str, str]:
-        eps: dict[str, str] = {}
-        try:
-            txt, _ = chkcmd(["ifconfig"])
-        except:
-            return eps
-
-        rdev = re.compile(r"^([^ ]+):")
-        rip = re.compile(r"^\tinet ([0-9\.]+) ")
-        dev = "UNKNOWN"
-        for ln in txt.split("\n"):
-            m = rdev.match(ln)
-            if m:
-                dev = m.group(1)
-
-            m = rip.match(ln)
-            if m:
-                eps[m.group(1)] = dev
-                dev = "UNKNOWN"
-
-        return eps
-
-    def ips_windows_ipconfig(self) -> tuple[dict[str, str], set[str]]:
-        eps: dict[str, str] = {}
-        offs: set[str] = set()
-        try:
-            txt, _ = chkcmd(["ipconfig"])
-        except:
-            return eps, offs
-
-        rdev = re.compile(r"(^[^ ].*):$")
-        rip = re.compile(r"^ +IPv?4? [^:]+: *([0-9\.]{7,15})$")
-        roff = re.compile(r".*: Media disconnected$")
-        dev = None
-        for ln in txt.replace("\r", "").split("\n"):
-            m = rdev.match(ln)
-            if m:
-                if dev and dev not in eps.values():
-                    offs.add(dev)
-
-                dev = m.group(1).split(" adapter ", 1)[-1]
-
-            if dev and roff.match(ln):
-                offs.add(dev)
-                dev = None
-
-            m = rip.match(ln)
-            if m and dev:
-                eps[m.group(1)] = dev
-                dev = None
-
-        if dev and dev not in eps.values():
-            offs.add(dev)
-
-        return eps, offs
-
-    def ips_windows_netsh(self) -> dict[str, str]:
-        eps: dict[str, str] = {}
-        try:
-            txt, _ = chkcmd("netsh interface ip show address".split())
-        except:
-            return eps
-
-        rdev = re.compile(r'.* "([^"]+)"$')
-        rip = re.compile(r".* IP\b.*: +([0-9\.]{7,15})$")
-        dev = None
-        for ln in txt.replace("\r", "").split("\n"):
-            m = rdev.match(ln)
-            if m:
-                dev = m.group(1)
-
-            m = rip.match(ln)
-            if m and dev:
-                eps[m.group(1)] = dev
-
-        return eps
-
-    def detect_interfaces(self, listen_ips: list[str]) -> dict[str, str]:
-        if MACOS:
-            eps = self.ips_macos()
-        elif ANYWIN:
-            eps, off = self.ips_windows_ipconfig()  # sees more interfaces + link state
-            eps.update(self.ips_windows_netsh())  # has better names
-            for k, v in eps.items():
-                if v in off:
-                    eps[k] += ", \033[31mLINK-DOWN"
-        else:
-            eps = self.ips_linux()
-
-        if "0.0.0.0" not in listen_ips:
-            eps = {k: v for k, v in eps.items() if k in listen_ips}
-
-        default_route = None
+    def _defroute(self) -> str:
+        ret = ""
        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        for ip in [
-            "10.255.255.255",
-            "172.31.255.255",
-            "192.168.255.255",
-            "239.255.255.255",
+            "10.254.39.23",
+            "172.31.39.23",
+            "192.168.39.23",
+            "239.254.39.23",
+            "169.254.39.23",
            # could add 1.1.1.1 as a final fallback
            # but external connections is kinshi
        ]:
            try:
                s.connect((ip, 1))
-                default_route = s.getsockname()[0]
+                ret = s.getsockname()[0]
                break
            except (OSError, socket.error) as ex:
-                if ex.errno == 13:
+                if ex.errno in E_ACCESS:
                    self.log("tcpsrv", "eaccess {} (trying next)".format(ip))
-                elif ex.errno not in [101, 10065, 10051]:
+                elif ex.errno not in E_UNREACH:
                    self.log("tcpsrv", "route lookup failed; err {}".format(ex.errno))

        s.close()
-
-        for lip in listen_ips:
-            if default_route and lip in ["0.0.0.0", default_route]:
-                desc = "\033[32mexternal"
-                try:
-                    eps[default_route] += ", " + desc
-                except:
-                    eps[default_route] = desc
-
-        return eps
+        return ret

    def _set_wintitle(self, vs: dict[str, dict[str, int]]) -> None:
        vs["all"] = vs.get("all", {"Local-Only": 1})
@@ -327,19 +365,108 @@ class TcpSrv(object):

        vs2 = {}
        for k, eps in vs.items():
-            vs2[k] = {
-                ep: 1
-                for ep in eps.keys()
-                if ":" not in ep or ep.split(":")[0] not in eps
-            }
+            filt = {ep: 1 for ep in eps if ":" not in ep}
+            have = set(filt)
+            for ep in sorted(eps):
+                ip = ep.split(":")[0]
+                if ip not in have:
+                    have.add(ip)
+                    filt[ep] = 1
+
+            lo = [x for x in filt if x.startswith("127.")]
+            if len(filt) > 3 and lo:
+                for ip in lo:
+                    filt.pop(ip)
+
+            vs2[k] = filt

        title = ""
        vs = vs2
        for p in self.args.wintitle.split(" "):
            if p.startswith("$"):
-                p = " and ".join(sorted(vs.get(p[1:], {"(None)": 1}).keys()))
+                seps = list(sorted(vs.get(p[1:], {"(None)": 1}).keys()))
+                p = ", ".join(seps[:3])
+                if len(seps) > 3:
+                    p += ", ..."

            title += "{} ".format(p)

-        print("\033]0;{}\033\\".format(title), file=sys.stderr, end="")
+        print("\033]0;{}\033\\\n".format(title), file=sys.stderr, end="")
        sys.stderr.flush()
+
+    def _qr(self, t1: dict[str, list[int]], t2: dict[str, list[int]]) -> str:
+        ip = None
+        ips = list(t1) + list(t2)
+        qri = self.args.qri
+        if self.args.zm and not qri:
+            name = self.args.name + ".local"
+            t1[name] = next(v for v in (t1 or t2).values())
+            ips = [name] + ips
+
+        for ip in ips:
+            if ip.startswith(qri) or qri == ".":
+                break
+            ip = ""
+
+        if not ip:
+            # maybe /bin/ip is missing or smth
+            ip = qri
+
+        if not ip:
+            return ""
+
+        if ":" in ip:
+            ip = "[{}]".format(ip)
+
+        if self.args.http_only:
+            https = ""
+        elif self.args.https_only:
+            https = "s"
+        else:
+            https = "s" if self.args.qrs else ""
+
+        ports = t1.get(ip, t2.get(ip, []))
+        dport = 443 if https else 80
+        port = "" if dport in ports or not ports else ":{}".format(ports[0])
+        txt = "http{}://{}{}/{}".format(https, ip, port, self.args.qrl)
+
+        btxt = txt.encode("utf-8")
+        if PY2:
+            btxt = sunpack(b"B" * len(btxt), btxt)
+
+        fg = self.args.qr_fg
+        bg = self.args.qr_bg
+        pad = self.args.qrp
+        zoom = self.args.qrz
+        qrc = QrCode.encode_binary(btxt)
+        if zoom == 0:
+            try:
+                tw, th = termsize()
+                tsz = min(tw // 2, th)
+                zoom = 1 if qrc.size + pad * 2 >= tsz else 2
+            except:
+                zoom = 1
+
+        qr = qrc.render(zoom, pad)
+        if not VT100:
+            return "{}\n{}".format(txt, qr)
+
+        halfc = "\033[40;48;5;{0}m{1}\033[47;48;5;{2}m"
+        if not fg:
+            halfc = "\033[0;40m{1}\033[0;47m"
+
+        def ansify(m: re.Match) -> str:
+            return halfc.format(fg, " " * len(m.group(1)), bg)
+
+        if zoom > 1:
+            qr = re.sub("(█+)", ansify, qr)
+
+        qr = qr.replace("\n", "\033[K\n") + "\033[K"  # win10do
+        cc = " \033[0;38;5;{0};47;48;5;{1}m" if fg else " \033[0;30;47m"
+        t = cc + "\n{2}\033[999G\033[0m\033[J"
+        t = t.format(fg, bg, qr)
+        if ANYWIN:
+            # prevent color loss on terminal resize
+            t = t.replace("\n", "`\n`")
+
+        return txt + t
--- a/copyparty/th_cli.py
+++ b/copyparty/th_cli.py
@@ -9,10 +9,8 @@ from .bos import bos
 from .th_srv import HAVE_WEBP, thumb_path
 from .util import Cooldown

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Optional, Union
-except:
-    pass

 if TYPE_CHECKING:
    from .httpsrv import HttpSrv
@@ -30,6 +28,8 @@ class ThumbCli(object):

        try:
            c = hsrv.th_cfg
+            if not c:
+                raise Exception()
        except:
            c = {k: {} for k in ["thumbable", "pil", "vips", "ffi", "ffv", "ffa"]}

@@ -75,7 +75,7 @@ class ThumbCli(object):

        preferred = self.args.th_dec[0] if self.args.th_dec else ""

-        if rem.startswith(".hist/th/") and rem.split(".")[-1] in ["webp", "jpg"]:
+        if rem.startswith(".hist/th/") and rem.split(".")[-1] in ["webp", "jpg", "png"]:
            return os.path.join(ptop, rem)

        if fmt == "j" and self.args.th_no_jpg:
--- a/copyparty/th_srv.py
+++ b/copyparty/th_srv.py
@@ -3,6 +3,7 @@ from __future__ import print_function, unicode_literals

 import base64
 import hashlib
+import logging
 import os
 import shutil
 import subprocess as sp
@@ -14,12 +15,20 @@ from queue import Queue
 from .__init__ import TYPE_CHECKING
 from .bos import bos
 from .mtag import HAVE_FFMPEG, HAVE_FFPROBE, ffprobe
-from .util import BytesIO, Cooldown, fsenc, min_ex, runcmd, statdir, vsplit
+from .util import (
+    BytesIO,
+    Cooldown,
+    Daemon,
+    Pebkac,
+    fsenc,
+    min_ex,
+    runcmd,
+    statdir,
+    vsplit,
+)

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Optional, Union
-except:
-    pass

 if TYPE_CHECKING:
    from .svchub import SvcHub
@@ -53,12 +62,16 @@ try:
        HAVE_AVIF = True
    except:
        pass
+
+    logging.getLogger("PIL").setLevel(logging.WARNING)
 except:
    pass

 try:
    HAVE_VIPS = True
    import pyvips
+
+    logging.getLogger("pyvips").setLevel(logging.WARNING)
 except:
    HAVE_VIPS = False

@@ -82,7 +95,7 @@ def thumb_path(histpath: str, rem: str, mtime: float, fmt: str) -> str:
    if fmt in ("opus", "caf"):
        cat = "ac"
    else:
-        fmt = "webp" if fmt == "w" else "jpg"
+        fmt = "webp" if fmt == "w" else "png" if fmt == "p" else "jpg"
        cat = "th"

    return "{}/{}/{}/{}.{:x}.{}".format(histpath, cat, rd, fn, int(mtime), fmt)
@@ -106,11 +119,7 @@ class ThumbSrv(object):

        self.q: Queue[Optional[tuple[str, str]]] = Queue(self.nthr * 4)
        for n in range(self.nthr):
-            thr = threading.Thread(
-                target=self.worker, name="thumb-{}-{}".format(n, self.nthr)
-            )
-            thr.daemon = True
-            thr.start()
+            Daemon(self.worker, "thumb-{}-{}".format(n, self.nthr))

        want_ff = not self.args.no_vthumb or not self.args.no_athumb
        if want_ff and (not HAVE_FFMPEG or not HAVE_FFPROBE):
@@ -126,9 +135,7 @@ class ThumbSrv(object):
            self.log(msg, c=3)

        if self.args.th_clean:
-            t = threading.Thread(target=self.cleaner, name="thumb.cln")
-            t.daemon = True
-            t.start()
+            Daemon(self.cleaner, "thumb.cln")

        self.fmt_pil, self.fmt_vips, self.fmt_ffi, self.fmt_ffv, self.fmt_ffa = [
            set(y.split(","))
@@ -239,33 +246,47 @@ class ThumbSrv(object):

            abspath, tpath = task
            ext = abspath.split(".")[-1].lower()
-            fun = None
+            png_ok = False
+            funs = []
            if not bos.path.exists(tpath):
                for lib in self.args.th_dec:
-                    if fun:
-                        break
-                    elif lib == "pil" and ext in self.fmt_pil:
-                        fun = self.conv_pil
+                    if lib == "pil" and ext in self.fmt_pil:
+                        funs.append(self.conv_pil)
                    elif lib == "vips" and ext in self.fmt_vips:
-                        fun = self.conv_vips
+                        funs.append(self.conv_vips)
                    elif lib == "ff" and ext in self.fmt_ffi or ext in self.fmt_ffv:
-                        fun = self.conv_ffmpeg
+                        funs.append(self.conv_ffmpeg)
                    elif lib == "ff" and ext in self.fmt_ffa:
                        if tpath.endswith(".opus") or tpath.endswith(".caf"):
-                            fun = self.conv_opus
+                            funs.append(self.conv_opus)
+                        elif tpath.endswith(".png"):
+                            funs.append(self.conv_waves)
+                            png_ok = True
                        else:
-                            fun = self.conv_spec
+                            funs.append(self.conv_spec)

-            if fun:
+            if not png_ok and tpath.endswith(".png"):
+                raise Pebkac(400, "png only allowed for waveforms")
+
+            for fun in funs:
                try:
                    fun(abspath, tpath)
-                except:
+                    break
+                except Exception as ex:
                    msg = "{} could not create thumbnail of {}\n{}"
                    msg = msg.format(fun.__name__, abspath, min_ex())
-                    c: Union[str, int] = 1 if "<Signals.SIG" in msg else "1;30"
+                    c: Union[str, int] = 1 if "<Signals.SIG" in msg else "90"
                    self.log(msg, c)
-                    with open(tpath, "wb") as _:
-                        pass
+                    if getattr(ex, "returncode", 0) != 321:
+                        if fun == funs[-1]:
+                            with open(tpath, "wb") as _:
+                                pass
+                    else:
+                        # ffmpeg may spawn empty files on windows
+                        try:
+                            os.unlink(tpath)
+                        except:
+                            pass

            with self.mutex:
                subs = self.busy[tpath]
@@ -309,7 +330,7 @@ class ThumbSrv(object):
            try:
                im = self.fancy_pillow(im)
            except Exception as ex:
-                self.log("fancy_pillow {}".format(ex), "1;30")
+                self.log("fancy_pillow {}".format(ex), "90")
                im.thumbnail(self.res)

            fmts = ["RGB", "L"]
@@ -347,12 +368,13 @@ class ThumbSrv(object):
                img = pyvips.Image.thumbnail(abspath, w, **kw)
                break
            except:
-                pass
+                if c == crops[-1]:
+                    raise

        img.write_to_file(tpath, Q=40)

    def conv_ffmpeg(self, abspath: str, tpath: str) -> None:
-        ret, _ = ffprobe(abspath)
+        ret, _ = ffprobe(abspath, int(self.args.th_convt / 2))
        if not ret:
            return

@@ -409,23 +431,32 @@ class ThumbSrv(object):
        if not ret:
            return

-        c: Union[str, int] = "1;30"
+        c: Union[str, int] = "90"
        t = "FFmpeg failed (probably a corrupt video file):\n"
-        if cmd[-1].lower().endswith(b".webp") and (
-            "Error selecting an encoder" in serr
-            or "Automatic encoder selection failed" in serr
-            or "Default encoder for format webp" in serr
-            or "Please choose an encoder manually" in serr
+        if (
+            (not self.args.th_ff_jpg or time.time() - int(self.args.th_ff_jpg) < 60)
+            and cmd[-1].lower().endswith(b".webp")
+            and (
+                "Error selecting an encoder" in serr
+                or "Automatic encoder selection failed" in serr
+                or "Default encoder for format webp" in serr
+                or "Please choose an encoder manually" in serr
+            )
        ):
-            self.args.th_ff_jpg = True
+            self.args.th_ff_jpg = time.time()
            t = "FFmpeg failed because it was compiled without libwebp; enabling --th-ff-jpg to force jpeg output:\n"
+            ret = 321
            c = 1

        if (
+            not self.args.th_ff_swr or time.time() - int(self.args.th_ff_swr) < 60
+        ) and (
            "Requested resampling engine is unavailable" in serr
            or "output pad on Parsed_aresample_" in serr
        ):
-            t = "FFmpeg failed because it was compiled without libsox; you must set --th-ff-swr to force swr resampling:\n"
+            self.args.th_ff_swr = time.time()
+            t = "FFmpeg failed because it was compiled without libsox; enabling --th-ff-swr to force swr resampling:\n"
+            ret = 321
            c = 1

        lines = serr.strip("\n").split("\n")
@@ -439,8 +470,36 @@ class ThumbSrv(object):
        self.log(t + txt, c=c)
        raise sp.CalledProcessError(ret, (cmd[0], b"...", cmd[-1]))

+    def conv_waves(self, abspath: str, tpath: str) -> None:
+        ret, _ = ffprobe(abspath, int(self.args.th_convt / 2))
+        if "ac" not in ret:
+            raise Exception("not audio")
+
+        flt = (
+            b"[0:a:0]"
+            b"compand=.3|.3:1|1:-90/-60|-60/-40|-40/-30|-20/-20:6:0:-90:0.2"
+            b",volume=2"
+            b",showwavespic=s=2048x64:colors=white"
+            b",convolution=1 1 1 1 1 1 1 1 1:1 1 1 1 1 1 1 1 1:1 1 1 1 1 1 1 1 1:1 -1 1 -1 5 -1 1 -1 1"  # idk what im doing but it looks ok
+        )
+
+        # fmt: off
+        cmd = [
+            b"ffmpeg",
+            b"-nostdin",
+            b"-v", b"error",
+            b"-hide_banner",
+            b"-i", fsenc(abspath),
+            b"-filter_complex", flt,
+            b"-frames:v", b"1",
+        ]
+        # fmt: on
+
+        cmd += [fsenc(tpath)]
+        self._run_ff(cmd)
+
    def conv_spec(self, abspath: str, tpath: str) -> None:
-        ret, _ = ffprobe(abspath)
+        ret, _ = ffprobe(abspath, int(self.args.th_convt / 2))
        if "ac" not in ret:
            raise Exception("not audio")

@@ -461,7 +520,8 @@ class ThumbSrv(object):
            b"-hide_banner",
            b"-i", fsenc(abspath),
            b"-filter_complex", fc.encode("utf-8"),
-            b"-map", b"[o]"
+            b"-map", b"[o]",
+            b"-frames:v", b"1",
        ]
        # fmt: on

@@ -485,7 +545,7 @@ class ThumbSrv(object):
        if self.args.no_acode:
            raise Exception("disabled in server config")

-        ret, _ = ffprobe(abspath)
+        ret, _ = ffprobe(abspath, int(self.args.th_convt / 2))
        if "ac" not in ret:
            raise Exception("not audio")

@@ -569,7 +629,7 @@ class ThumbSrv(object):

    def _clean(self, cat: str, thumbpath: str) -> int:
        # self.log("cln {}".format(thumbpath))
-        exts = ["jpg", "webp"] if cat == "th" else ["opus", "caf"]
+        exts = ["jpg", "webp", "png"] if cat == "th" else ["opus", "caf"]
        maxage = getattr(self.args, cat + "_maxage")
        now = time.time()
        prev_b64 = None
--- a/copyparty/u2idx.py
+++ b/copyparty/u2idx.py
@@ -11,7 +11,16 @@ from operator import itemgetter
 from .__init__ import ANYWIN, TYPE_CHECKING, unicode
 from .bos import bos
 from .up2k import up2k_wark_from_hashlist
-from .util import HAVE_SQLITE3, Pebkac, absreal, gen_filekey, min_ex, quotep, s3dec
+from .util import (
+    HAVE_SQLITE3,
+    Daemon,
+    Pebkac,
+    absreal,
+    gen_filekey,
+    min_ex,
+    quotep,
+    s3dec,
+)

 if HAVE_SQLITE3:
    import sqlite3
@@ -21,10 +30,8 @@ try:
 except:
    pass

-try:
+if True:  # pylint: disable=using-constant-test
    from typing import Any, Optional, Union
-except:
-    pass

 if TYPE_CHECKING:
    from .httpconn import HttpConn
@@ -90,14 +97,17 @@ class U2idx(object):
            return None

        cur = None
-        if ANYWIN:
+        if ANYWIN and not bos.path.exists(db_path + "-wal"):
            uri = ""
            try:
                uri = "{}?mode=ro&nolock=1".format(Path(db_path).as_uri())
                cur = sqlite3.connect(uri, 2, uri=True).cursor()
+                cur.execute('pragma table_info("up")').fetchone()
                self.log("ro: {}".format(db_path))
            except:
                self.log("could not open read-only: {}\n{}".format(uri, min_ex()))
+                # may not fail until the pragma so unset it
+                cur = None

        if not cur:
            # on windows, this steals the write-lock from up2k.deferred_init --
@@ -190,7 +200,7 @@ class U2idx(object):
                    v = "exists(select 1 from mt where mt.w = mtw and " + vq

                else:
-                    raise Pebkac(400, "invalid key [" + v + "]")
+                    raise Pebkac(400, "invalid key [{}]".format(v))

                q += v + " "
                continue
@@ -270,16 +280,7 @@ class U2idx(object):
        self.active_id = "{:.6f}_{}".format(
            time.time(), threading.current_thread().ident
        )
-        thr = threading.Thread(
-            target=self.terminator,
-            args=(
-                self.active_id,
-                done_flag,
-            ),
-            name="u2idx-terminator",
-        )
-        thr.daemon = True
-        thr.start()
+        Daemon(self.terminator, "u2idx-terminator", (self.active_id, done_flag))

        if not uq or not uv:
            uq = "select * from up"
--- a/copyparty/up2k.py
+++ b/copyparty/up2k.py
--- a/copyparty/util.py
+++ b/copyparty/util.py
--- a/copyparty/web/a/init.py
+++ b/copyparty/web/a/init.py
--- a/copyparty/web/a/partyfuse.py
+++ b/copyparty/web/a/partyfuse.py
@@ -0,0 +1 @@
+../../../bin/partyfuse.py
--- a/copyparty/web/a/up2k.py
+++ b/copyparty/web/a/up2k.py
@@ -0,0 +1 @@
+../../../bin/up2k.py
--- a/copyparty/web/a/webdav-cfg.bat
+++ b/copyparty/web/a/webdav-cfg.bat
@@ -0,0 +1 @@
+../../../contrib/webdav-cfg.bat
--- a/copyparty/web/baguettebox.js
+++ b/copyparty/web/baguettebox.js
@@ -27,8 +27,8 @@ window.baguetteBox = (function () {
        isOverlayVisible = false,
        touch = {},  // start-pos
        touchFlag = false,  // busy
-        re_i = /.+\.(gif|jpe?g|png|webp)(\?|$)/i,
-        re_v = /.+\.(webm|mp4)(\?|$)/i,
+        re_i = /.+\.(a?png|avif|bmp|gif|heif|jpe?g|jfif|svg|webp)(\?|$)/i,
+        re_v = /.+\.(webm|mkv|mp4)(\?|$)/i,
        anims = ['slideIn', 'fadeIn', 'none'],
        data = {},  // all galleries
        imagesElements = [],
@@ -246,12 +246,24 @@ window.baguetteBox = (function () {
    }

    function keyDownHandler(e) {
-        if (e.ctrlKey || e.altKey || e.metaKey || e.isComposing || modal.busy)
+        if (modal.busy)
+            return;
+
+        if (e.key == '?')
+            return halp();
+
+        if (anymod(e, true))
            return;

        var k = e.code + '', v = vid(), pos = -1;

-        if (k == "ArrowLeft" || k == "KeyJ")
+        if (k == "BracketLeft")
+            setloop(1);
+        else if (k == "BracketRight")
+            setloop(2);
+        else if (e.shiftKey)
+            return;
+        else if (k == "ArrowLeft" || k == "KeyJ")
            showPreviousImage();
        else if (k == "ArrowRight" || k == "KeyL")
            showNextImage();
@@ -289,10 +301,6 @@ window.baguetteBox = (function () {
            rotn(e.shiftKey ? -1 : 1);
        else if (k == "KeyY")
            dlpic();
-        else if (k == "BracketLeft")
-            setloop(1);
-        else if (k == "BracketRight")
-            setloop(2);
    }

    function anim() {
@@ -406,7 +414,7 @@ window.baguetteBox = (function () {
    }

    function keyUpHandler(e) {
-        if (e.ctrlKey || e.altKey || e.metaKey || e.isComposing)
+        if (anymod(e))
            return;

        var k = e.code + '';
--- a/copyparty/web/browser.css
+++ b/copyparty/web/browser.css
@@ -88,10 +88,10 @@

 	--g-sel-fg: #fff;
 	--g-sel-bg: #925;
-	--g-sel-b1: #c37;
+	--g-sel-b1: #e39;
 	--g-sel-sh: #b36;
 	--g-fsel-bg: #d39;
-	--g-fsel-b1: #d48;
+	--g-fsel-b1: #f4a;
 	--g-fsel-ts: #804;
 	--g-fg: var(--a-hil);
 	--g-bg: var(--bg-u2);
@@ -246,6 +246,7 @@ html.b {
 	--u2-o-1h-bg: var(--a-hil);

 	--f-sh1: 0.1;
+	--mp-b-bg: transparent;
 }
 html.bz {
 	--fg: #cce;
@@ -278,6 +279,7 @@ html.bz {

 	--f-h-b1: #34384e;
 	--mp-sh: #11121d;
+	/*--mp-b-bg: #2c3044;*/
 }
 html.by {
 	--bg: #f2f2f2;
@@ -321,6 +323,7 @@ html.c {
 	--u2-o-1-bg: #4cf;

 	--srv-1: #ea0;
+	--mp-b-bg: transparent;
 }
 html.cz {
 	--bgg: var(--bg-u2);
@@ -470,7 +473,6 @@ html.dz {

 	--fm-off: #f6c;
 	--mp-sh: var(--bg-d3);
-	--mp-b-bg: rgba(0,0,0,0.2);

 	--err-fg: #fff;
 	--err-bg: #a20;
@@ -664,7 +666,7 @@ a:hover {
 	background: var(--bg-d3);
 	text-decoration: underline;
 }
-#files thead {
+#files thead th {
 	position: sticky;
 	top: -1px;
 }
@@ -855,6 +857,12 @@ html.y #path a:hover {
 	color: var(--srv-3);
 	border-bottom: 1px solid var(--srv-3b);
 }
+#goh+span {
+	color: var(--bg-u5);
+	padding-left: .5em;
+	margin-left: .5em;
+	border-left: .2em solid var(--bg-u5);
+}
 #repl {
 	padding: .33em;
 }
@@ -1067,18 +1075,18 @@ html.y #widget.open {
 	top: -.12em;
 }
 #wtico {
-	cursor: url(/.cpr/dd/4.png), pointer;
+	cursor: url(dd/4.png), pointer;
 	animation: cursor 500ms;
 }
 #wtico:hover {
 	animation: cursor 500ms infinite;
 }
@keyframes cursor {
-	 0% {cursor: url(/.cpr/dd/2.png), pointer}
-	30% {cursor: url(/.cpr/dd/3.png), pointer}
-	50% {cursor: url(/.cpr/dd/4.png), pointer}
-	75% {cursor: url(/.cpr/dd/5.png), pointer}
-	85% {cursor: url(/.cpr/dd/4.png), pointer}
+	 0% {cursor: url(dd/2.png), pointer}
+	30% {cursor: url(dd/3.png), pointer}
+	50% {cursor: url(dd/4.png), pointer}
+	75% {cursor: url(dd/5.png), pointer}
+	85% {cursor: url(dd/4.png), pointer}
 }
@keyframes spin {
 	100% {transform: rotate(360deg)}
@@ -1093,7 +1101,6 @@ html.y #widget.open {
 #wtoggle {
 	position: absolute;
 	white-space: nowrap;
-	font-size: .8em;
 	top: -1em;
 	right: 0;
 	height: 1em;
@@ -1175,7 +1182,7 @@ html.y #widget.open {
 	font-size: .4em;
 	margin: -.3em .1em;
 }
-#wtoggle.sel #wzip #selzip {
+#wtoggle.sel .l1 {
 	top: -.6em;
 	padding: .4em .3em;
 }
@@ -1219,6 +1226,40 @@ html.y #widget.open {
 	width: calc(100% - 10.5em);
 	background: rgba(0,0,0,0.2);
 }
+#widget.cmp {
+	height: 1.6em;
+	bottom: -1.6em;
+}
+#widget.cmp.open {
+	bottom: 0;
+}
+#widget.cmp #wtoggle {
+	font-size: 1.2em;
+}
+#widget.cmp #wtgrid {
+	display: none;
+}
+#widget.cmp #pctl {
+	top: 0;
+	left: 0;
+	font-size: .75em;
+}
+#widget.cmp #pctl a {
+	margin: 0;
+}
+#widget.cmp #barpos,
+#widget.cmp #barbuf {
+	width: calc(100% - 11em);
+	border-radius: 0;
+	left: 5em;
+	top: 0;
+}
+#widget.cmp #pvol {
+	top: 0;
+	right: 0;
+	max-width: 5.8em;
+	border-radius: 0;
+}
 .opview {
 	display: none;
 }
@@ -1261,8 +1302,12 @@ html.y #ops svg circle {
 	max-width: min(41em, calc(100% - 2.6em));
 }
 .opbox input {
+	position: relative;
 	margin: .5em;
 }
+#op_cfg input[type=text] {
+	top: -.3em;
+}
 .opview input[type=text] {
 	color: var(--fg);
 	background: var(--txt-bg);
@@ -1338,8 +1383,12 @@ input.eq_gain {
 	padding-right: .2em;
 	text-align: right;
 }
+#srch_form:not(.tags) #tsrch_tags,
+#srch_form:not(.tags) #tsrch_adv {
+	display: none;
+}
 #op_search input {
-	margin: 0;
+	margin: .1em 0 0 0;
 }
 #srch_q {
 	white-space: pre;
@@ -1454,7 +1503,7 @@ html {
 	margin: .2em;
 	white-space: pre;
 	position: relative;
-	top: -.2em;
+	top: -.12em;
 }
 html.c .btn,
 html.a .btn {
@@ -1581,11 +1630,27 @@ html.y #tree.nowrap .ntree a+a:hover {
 }
 #files>thead>tr>th.min,
 #files td.min {
-		display: none;
+	display: none;
 }
 #files td:nth-child(2n) {
 	color: var(--tab-alt);
 }
+#plazy {
+	width: 1px;
+	height: 1px;
+	overflow: hidden;
+	white-space: nowrap;
+}
+#blazy {
+	text-align: center;
+	font-size: 1.2em;
+	margin: 1em 0;
+}
+#blazy code,
+#blazy a {
+	font-size: 1.1em;
+	padding: 0 .2em;
+}
 .opwide,
 #op_unpost,
 #srch_form {
@@ -1783,6 +1848,36 @@ a.btn,
 	-ms-user-select: none;
 	user-select: none;
 }
+#hkhelp {
+	background: var(--bg);
+}
+#hkhelp table {
+	margin: 2em 2em 0 2em;
+	float: left;
+}
+#hkhelp th {
+	border-bottom: 1px solid var(--bg-u5);
+	background: var(--bg-u1);
+	font-weight: bold;
+	text-align: right;
+}
+#hkhelp tr+tr th {
+	border-top: 1.5em solid var(--bg);
+}
+#hkhelp td {
+	padding: .2em .3em;
+}
+#hkhelp td:first-child {
+	font-family: 'scp', monospace, monospace;
+}
+html.noscroll,
+html.noscroll .sbar {
+	scrollbar-width: none;
+}
+html.noscroll::-webkit-scrollbar,
+html.noscroll .sbar::-webkit-scrollbar {
+	display: none;
+}



@@ -2383,6 +2478,9 @@ html.y #bbox-overlay figcaption a {
 #u2conf.ww #u2c3w {
 	width: 29em;
 }
+#u2conf.ww #u2c3w.s {
+	width: 39em;
+}
 #u2conf .c,
 #u2conf .c * {
 	text-align: center;
@@ -2475,13 +2573,34 @@ html.b #u2conf a.b:hover {
 	text-align: center;
 	border: .2em dashed rgba(128, 128, 128, 0.3);
 }
-#u2foot {
+#u2foot,
+#u2life {
 	color: var(--fg-max);
-	font-style: italic;
 	text-align: center;
-	font-size: 1.2em;
 	margin: .8em 0;
 }
+#u2life {
+	margin: 2.5em 0;
+	line-height: 1.5em;
+}
+#u2life div {
+	display: inline-block;
+	white-space: nowrap;
+	margin: 0 2em;
+}
+#u2life div:first-child {
+	margin-bottom: .2em;
+}
+#u2life small {
+	opacity: .6;
+}
+#lifew {
+	border-bottom: 1px dotted var(--fg-max);
+}
+#u2foot {
+	font-size: 1.2em;
+	font-style: italic;
+}
 #u2foot .warn {
 	font-size: 1.2em;
 	padding: .5em .8em;
@@ -2500,6 +2619,10 @@ html.b #u2conf a.b:hover {
 #u2foot>*+* {
 	margin-top: 1.5em;
 }
+#u2life input {
+	width: 4em;
+	text-align: right;
+}
 .prog {
 	font-family: 'scp', monospace, monospace;
 }
@@ -2720,7 +2843,6 @@ html.b #barpos,
 html.b #barbuf,
 html.b #pvol {
 	border-radius: .2em;
-	background: none;
 }
 html.b #barpos {
 	box-shadow: 0 0 0 1px rgba(0,0,0,0.4);
@@ -2762,6 +2884,7 @@ html.b #tree li {
 html.b #tree li {
 	margin-left: .8em;
 }
+html.b #docul a,
 html.b .ntree a {
 	padding: .6em .2em;
 }
@@ -2893,3 +3016,28 @@ html.d #treepar {
 		margin-top: 1.7em;
 	}
 }
+@supports (display: grid) {
+	#ggrid {
+		display: grid;
+		margin: 0em 0.25em;
+		padding: unset;
+		grid-template-columns: repeat(auto-fit,var(--grid-sz));
+		justify-content: center;
+		gap: 1em;
+	}
+
+	html.b #ggrid {
+		padding: 0 2em 2em 0;
+		gap: .5em 3em;
+	}
+
+	#ggrid > a {
+		margin: unset;
+		padding: unset;
+  	}
+
+  	#ggrid>a>span {
+		text-align: center;
+		padding: 0.2em;
+	}
+}
--- a/copyparty/web/browser.html
+++ b/copyparty/web/browser.html
@@ -5,10 +5,11 @@
 	<meta charset="utf-8">
 	<title>{{ title }}</title>
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
-	<meta name="viewport" content="width=device-width, initial-scale=0.8">
+	<meta name="viewport" content="width=device-width, initial-scale=0.8, minimum-scale=0.6">
+	<meta name="theme-color" content="#333">
 {{ html_head }}
-	<link rel="stylesheet" media="screen" href="/.cpr/ui.css?_={{ ts }}">
-	<link rel="stylesheet" media="screen" href="/.cpr/browser.css?_={{ ts }}">
+	<link rel="stylesheet" media="screen" href="{{ r }}/.cpr/ui.css?_={{ ts }}">
+	<link rel="stylesheet" media="screen" href="{{ r }}/.cpr/browser.css?_={{ ts }}">
 	{%- if css %}
 	<link rel="stylesheet" media="screen" href="{{ css }}?_={{ ts }}">
 	{%- endif %}
@@ -41,7 +42,7 @@
 	<div id="op_mkdir" class="opview opbox act">
 		<form method="post" enctype="multipart/form-data" accept-charset="utf-8" action="{{ url_suf }}">
 			<input type="hidden" name="act" value="mkdir" />
-			📂<input type="text" name="name" class="i">
+			📂<input type="text" name="name" class="i" placeholder="awesome mix vol.1">
 			<input type="submit" value="make directory">
 		</form>
 	</div>
@@ -49,14 +50,14 @@
 	<div id="op_new_md" class="opview opbox">
 		<form method="post" enctype="multipart/form-data" accept-charset="utf-8" action="{{ url_suf }}">
 			<input type="hidden" name="act" value="new_md" />
-			📝<input type="text" name="name" class="i">
+			📝<input type="text" name="name" class="i" placeholder="weekend-plans">
 			<input type="submit" value="new markdown doc">
 		</form>
 	</div>

 	<div id="op_msg" class="opview opbox act">
 		<form method="post" enctype="application/x-www-form-urlencoded" accept-charset="utf-8" action="{{ url_suf }}">
-			📟<input type="text" name="msg" class="i">
+			📟<input type="text" name="msg" class="i" placeholder="lorem ipsum dolor sit amet">
 			<input type="submit" value="send msg to srv log">
 		</form>
 	</div>
@@ -70,7 +71,7 @@
 	<h1 id="path">
 		<a href="#" id="entree">🌲</a>
 		{%- for n in vpnodes %}
-		<a href="/{{ n[0] }}">{{ n[1] }}</a>
+		<a href="{{ r }}/{{ n[0] }}">{{ n[1] }}</a>
 		{%- endfor %}
 	</h1>
 	
@@ -120,7 +121,7 @@
 	
 	<div id="epi" class="logue">{{ logues[1] }}</div>

-	<h2><a href="/?h" id="goh">control-panel</a></h2>
+	<h2><a href="{{ r }}/?h" id="goh">control-panel</a></h2>
 	
 	<a href="#" id="repl">π</a>

@@ -133,7 +134,8 @@
 	<div id="widget"></div>

 	<script>
-		var acct = "{{ acct }}",
+		var SR = {{ r|tojson }},
+			acct = "{{ acct }}",
 			perms = {{ perms }},
 			themes = {{ themes }},
 			dtheme = "{{ dtheme }}",
@@ -146,8 +148,9 @@
 			have_acode = {{ have_acode|tojson }},
 			have_mv = {{ have_mv|tojson }},
 			have_del = {{ have_del|tojson }},
-			have_unpost = {{ have_unpost|tojson }},
+			have_unpost = {{ have_unpost }},
 			have_zip = {{ have_zip|tojson }},
+			lifetime = {{ lifetime }},
 			turbolvl = {{ turbolvl }},
 			u2sort = "{{ u2sort }}",
 			have_emp = {{ have_emp|tojson }},
@@ -158,10 +161,10 @@

 		document.documentElement.className = localStorage.theme || dtheme;
 	</script>
-	<script src="/.cpr/util.js?_={{ ts }}"></script>
-	<script src="/.cpr/baguettebox.js?_={{ ts }}"></script>
-	<script src="/.cpr/browser.js?_={{ ts }}"></script>
-	<script src="/.cpr/up2k.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/util.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/baguettebox.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/browser.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/up2k.js?_={{ ts }}"></script>
 	{%- if js %}
 	<script src="{{ js }}?_={{ ts }}"></script>
 	{%- endif %}
--- a/copyparty/web/browser.js
+++ b/copyparty/web/browser.js
--- a/copyparty/web/browser2.html
+++ b/copyparty/web/browser2.html
@@ -57,7 +57,7 @@
 	<div>{{ logues[1] }}</div><br />
 	{%- endif %}
 	
-	<h2><a href="/{{ url_suf }}{{ url_suf and '&amp;' or '?' }}h">control-panel</a></h2>
+	<h2><a href="{{ r }}/{{ url_suf }}{{ url_suf and '&amp;' or '?' }}h">control-panel</a></h2>

 </body>
 </html>
--- a/copyparty/web/dd/init.py
+++ b/copyparty/web/dd/init.py
--- a/copyparty/web/deps/init.py
+++ b/copyparty/web/deps/init.py
--- a/copyparty/web/md.css
+++ b/copyparty/web/md.css
@@ -4,6 +4,12 @@ html, body {
 	font-family: sans-serif;
 	line-height: 1.5em;
 }
+html.y #helpbox a {
+	color: #079;
+}
+html.z #helpbox a {
+	color: #fc5;
+}
 #repl {
 	position: absolute;
 	top: 0;
--- a/copyparty/web/md.html
+++ b/copyparty/web/md.html
@@ -3,11 +3,12 @@
 	<title>📝 {{ title }}</title>
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
 	<meta name="viewport" content="width=device-width, initial-scale=0.7">
+	<meta name="theme-color" content="#333">
 {{ html_head }}
-	<link rel="stylesheet" href="/.cpr/ui.css?_={{ ts }}">
-	<link rel="stylesheet" href="/.cpr/md.css?_={{ ts }}">
+	<link rel="stylesheet" href="{{ r }}/.cpr/ui.css?_={{ ts }}">
+	<link rel="stylesheet" href="{{ r }}/.cpr/md.css?_={{ ts }}">
 	{%- if edit %}
-	<link rel="stylesheet" href="/.cpr/md2.css?_={{ ts }}">
+	<link rel="stylesheet" href="{{ r }}/.cpr/md2.css?_={{ ts }}">
 	{%- endif %}
 </head>
 <body>
@@ -31,7 +32,7 @@
 		{%- else %}
 			<a href="{{ arg_base }}edit" tt="good: higher performance$Ngood: same document width as viewer$Nbad: assumes you know markdown">edit (basic)</a>
 			<a href="{{ arg_base }}edit2" tt="not in-house so probably less buggy">edit (fancy)</a>
-			<a href="{{ arg_base }}raw">view raw</a>
+			<a href="{{ arg_base }}">view raw</a>
 		{%- endif %}
 	</div>
 	<div id="toc"></div>
@@ -127,7 +128,8 @@ write markdown (most html is 🙆 too)
 	
 	<script>

-var last_modified = {{ lastmod }},
+var SR = {{ r|tojson }},
+	last_modified = {{ lastmod }},
 	have_emp = {{ have_emp|tojson }},
 	dfavico = "{{ favico }}";

@@ -152,10 +154,10 @@ l.light = drk? 0:1;
 })();

 	</script>
-	<script src="/.cpr/util.js?_={{ ts }}"></script>
-	<script src="/.cpr/deps/marked.js?_={{ ts }}"></script>
-	<script src="/.cpr/md.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/util.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/deps/marked.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/md.js?_={{ ts }}"></script>
 	{%- if edit %}
-	<script src="/.cpr/md2.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/md2.js?_={{ ts }}"></script>
 	{%- endif %}
 </body></html>
--- a/copyparty/web/md.js
+++ b/copyparty/web/md.js
@@ -1,12 +1,13 @@
 "use strict";

-var dom_toc = ebi('toc');
-var dom_wrap = ebi('mw');
-var dom_hbar = ebi('mh');
-var dom_nav = ebi('mn');
-var dom_pre = ebi('mp');
-var dom_src = ebi('mt');
-var dom_navtgl = ebi('navtoggle');
+var dom_toc = ebi('toc'),
+    dom_wrap = ebi('mw'),
+    dom_hbar = ebi('mh'),
+    dom_nav = ebi('mn'),
+    dom_pre = ebi('mp'),
+    dom_src = ebi('mt'),
+    dom_navtgl = ebi('navtoggle'),
+    hash0 = location.hash;


 // chrome 49 needs this
@@ -35,12 +36,12 @@ var dbg = function () { };

 // add navbar
 (function () {
-    var parts = get_evpath().split('/'), link = '', o;
-    for (var a = 0, aa = parts.length - 2; a <= aa; a++) {
+    var parts = (get_evpath().slice(0, -1).split('?')[0] + '?v').split('/'), link = '', o;
+    for (var a = 0, aa = parts.length - 1; a <= aa; a++) {
        link += parts[a] + (a < aa ? '/' : '');
        o = mknod('a');
        o.setAttribute('href', link);
-        o.textContent = uricom_dec(parts[a])[0] || 'top';
+        o.textContent = uricom_dec(parts[a].split('?')[0]) || 'top';
        dom_nav.appendChild(o);
    }
 })();
@@ -256,7 +257,7 @@ function convert_markdown(md_text, dest_dom) {
        var html = dom_li.innerHTML;
        dom_li.innerHTML =
            '<span class="todo_' + clas + '">' + char + '</span>' +
-            html.substr(html.indexOf('>') + 1);
+            html.slice(html.indexOf('>') + 1);
    }

    // separate <code> for each line in <pre>
@@ -328,6 +329,15 @@ function convert_markdown(md_text, dest_dom) {
        catch (ex) {
            md_plug_err(ex, ext[1]);
        }
+
+    if (hash0)
+        setTimeout(function () {
+            try {
+                QS(hash0).scrollIntoView();
+                hash0 = '';
+            }
+            catch (ex) { }
+        }, 1);
 }


@@ -395,7 +405,7 @@ function init_toc() {

    // collect vertical position of all toc items (headers in document)
    function freshen_offsets() {
-        var top = window.pageYOffset || document.documentElement.scrollTop;
+        var top = yscroll();
        for (var a = anchors.length - 1; a >= 0; a--) {
            var y = top + anchors[a].elm.getBoundingClientRect().top;
            y = Math.round(y * 10.0) / 10;
@@ -411,7 +421,7 @@ function init_toc() {
        if (anchors.length == 0)
            return;

-        var ptop = window.pageYOffset || document.documentElement.scrollTop;
+        var ptop = yscroll();
        var hit = anchors.length - 1;
        for (var a = 0; a < anchors.length; a++) {
            if (anchors[a].y >= ptop - 8) {  //???
@@ -498,5 +508,5 @@ dom_navtgl.onclick = function () {
 if (sread('hidenav') == 1)
    dom_navtgl.onclick();

-if (window['tt'])
+if (window.tt && tt.init)
    tt.init();
--- a/copyparty/web/md2.js
+++ b/copyparty/web/md2.js
@@ -107,7 +107,8 @@ var draw_md = (function () {
        map_src = genmap(dom_ref, map_src);
        map_pre = genmap(dom_pre, map_pre);

-        clmod(ebi('save'), 'disabled', src == server_md);
+        clmod(ebi('save'), 'disabled',
+            src.replace(/\r/g, "") == server_md.replace(/\r/g, ""));

        var t1 = Date.now();
        delay = t1 - t0 > 100 ? 25 : 1;
@@ -230,7 +231,8 @@ redraw = (function () {
 // modification checker
 function Modpoll() {
    var r = {
-        skip_one: true,
+        initial: true,
+        skip_one: false,
        disabled: false
    };

@@ -253,7 +255,7 @@ function Modpoll() {
        }

        console.log('modpoll...');
-        var url = (document.location + '').split('?')[0] + '?raw&_=' + Date.now();
+        var url = (document.location + '').split('?')[0] + '?_=' + Date.now();
        var xhr = new XHR();
        xhr.open('GET', url, true);
        xhr.responseType = 'text';
@@ -275,8 +277,18 @@ function Modpoll() {
        if (!this.responseText)
            return;

-        var server_ref = server_md.replace(/\r/g, '');
-        var server_now = this.responseText.replace(/\r/g, '');
+        var new_md = this.responseText,
+            server_ref = server_md.replace(/\r/g, ''),
+            server_now = new_md.replace(/\r/g, '');
+
+        // firefox bug: sometimes get stale text even if copyparty sent a 200
+        if (r.initial && server_ref != server_now)
+            return modal.confirm('Your browser decided to show an outdated copy of the document!\n\nDo you want to load the latest version from the server instead?', function () {
+                dom_src.value = server_md = new_md;
+                draw_md();
+            }, null);
+
+        r.initial = false;

        if (server_ref != server_now) {
            console.log("modpoll diff |" + server_ref.length + "|, |" + server_now.length + "|");
@@ -296,6 +308,7 @@ function Modpoll() {
        console.log('modpoll eq');
    };

+    setTimeout(r.periodic, 300);
    if (md_opt.modpoll_freq > 0)
        setInterval(r.periodic, 1000 * md_opt.modpoll_freq);

@@ -389,7 +402,7 @@ function save_cb() {

 function run_savechk(lastmod, txt, btn, ntry) {
    // download the saved doc from the server and compare
-    var url = (document.location + '').split('?')[0] + '?raw&_=' + Date.now();
+    var url = (document.location + '').split('?')[0] + '?_=' + Date.now();
    var xhr = new XHR();
    xhr.open('GET', url, true);
    xhr.responseType = 'text';
--- a/copyparty/web/mde.html
+++ b/copyparty/web/mde.html
@@ -3,11 +3,12 @@
 	<title>📝 {{ title }}</title>
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
 	<meta name="viewport" content="width=device-width, initial-scale=0.7">
+	<meta name="theme-color" content="#333">
 {{ html_head }}
-	<link rel="stylesheet" href="/.cpr/ui.css?_={{ ts }}">
-	<link rel="stylesheet" href="/.cpr/mde.css?_={{ ts }}">
-	<link rel="stylesheet" href="/.cpr/deps/mini-fa.css?_={{ ts }}">
-	<link rel="stylesheet" href="/.cpr/deps/easymde.css?_={{ ts }}">
+	<link rel="stylesheet" href="{{ r }}/.cpr/ui.css?_={{ ts }}">
+	<link rel="stylesheet" href="{{ r }}/.cpr/mde.css?_={{ ts }}">
+	<link rel="stylesheet" href="{{ r }}/.cpr/deps/mini-fa.css?_={{ ts }}">
+	<link rel="stylesheet" href="{{ r }}/.cpr/deps/easymde.css?_={{ ts }}">
 </head>
 <body>
 	<div id="mw">
@@ -25,7 +26,8 @@
 	<a href="#" id="repl">π</a>
 	<script>

-var last_modified = {{ lastmod }},
+var SR = {{ r|tojson }},
+	last_modified = {{ lastmod }},
 	have_emp = {{ have_emp|tojson }},
 	dfavico = "{{ favico }}";

@@ -47,8 +49,8 @@ l.light = drk? 0:1;
 })();

 	</script>
-	<script src="/.cpr/util.js?_={{ ts }}"></script>
-	<script src="/.cpr/deps/marked.js?_={{ ts }}"></script>
-	<script src="/.cpr/deps/easymde.js?_={{ ts }}"></script>
-	<script src="/.cpr/mde.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/util.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/deps/marked.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/deps/easymde.js?_={{ ts }}"></script>
+	<script src="{{ r }}/.cpr/mde.js?_={{ ts }}"></script>
 </body></html>
--- a/copyparty/web/mde.js
+++ b/copyparty/web/mde.js
@@ -7,7 +7,7 @@ var dom_md = ebi('mt');

 (function () {
    var n = document.location + '';
-    n = n.substr(n.indexOf('//') + 2).split('?')[0].split('/');
+    n = (n.slice(n.indexOf('//') + 2).split('?')[0] + '?v').split('/');
    n[0] = 'top';
    var loc = [];
    var nav = [];
@@ -15,7 +15,7 @@ var dom_md = ebi('mt');
        if (a > 0)
            loc.push(n[a]);

-        var dec = uricom_dec(n[a])[0].replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+        var dec = uricom_dec(n[a].split('?')[0]).replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");

        nav.push('<a href="/' + loc.join('/') + '">' + dec + '</a>');
    }
@@ -166,7 +166,7 @@ function save_cb() {
    //alert('save OK -- wrote ' + r.size + ' bytes.\n\nsha512: ' + r.sha512);

    // download the saved doc from the server and compare
-    var url = (document.location + '').split('?')[0] + '?raw';
+    var url = (document.location + '').split('?')[0] + '?_=' + Date.now();
    var xhr = new XHR();
    xhr.open('GET', url, true);
    xhr.responseType = 'text';
--- a/copyparty/web/msg.html
+++ b/copyparty/web/msg.html
@@ -6,8 +6,9 @@
 	<title>{{ svcname }}</title>
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
 	<meta name="viewport" content="width=device-width, initial-scale=0.8">
-	{{ html_head }}
-	<link rel="stylesheet" media="screen" href="/.cpr/msg.css?_={{ ts }}">
+	<meta name="theme-color" content="#333">
+{{ html_head }}
+	<link rel="stylesheet" media="screen" href="{{ r }}/.cpr/msg.css?_={{ ts }}">
 </head>

 <body>
--- a/copyparty/web/splash.css
+++ b/copyparty/web/splash.css
@@ -10,10 +10,14 @@ html {
 	padding: 0 1em 3em 1em;
 	line-height: 1.3em;
 }
+#wrap.w {
+	max-width: 96%;
+}
 h1 {
 	border-bottom: 1px solid #ccc;
 	margin: 2em 0 .4em 0;
-	padding: 0 0 .2em 0;
+	padding: 0;
+	line-height: 1em;
 	font-weight: normal;
 }
 li {
@@ -23,23 +27,30 @@ a {
 	color: #047;
 	background: #fff;
 	text-decoration: none;
+	white-space: nowrap;
 	border-bottom: 1px solid #8ab;
 	border-radius: .2em;
-	padding: .2em .8em;
+	padding: .2em .6em;
+	margin: 0 .3em;
 }
-a+a {
-	margin-left: .5em;
+td a {
+	margin: 0;
 }
-.refresh,
+.af,
 .logout {
 	float: right;
-	margin: -.2em 0 0 .5em;
+	margin: -.2em 0 0 .8em;
 }
 .logout,
 a.r {
 	color: #c04;
 	border-color: #c7a;
 }
+a.g {
+	color: #2b0;
+	border-color: #3a0;
+	box-shadow: 0 .3em 1em #4c0;
+}
 #repl {
 	border: none;
 	background: none;
@@ -64,9 +75,15 @@ table {
 .num td:first-child {
 	text-align: right;
 }
+.cn {
+	text-align: center;
+}
 .btns {
 	margin: 1em 0;
 }
+.btns>a:first-child {
+	margin-left: 0;
+}
 #msg {
 	margin: 3em 0;
 }
@@ -83,6 +100,39 @@ blockquote {
 	border-left: .3em solid rgba(128,128,128,0.5);
 	border-radius: 0 0 0 .25em;
 }
+pre, code {
+	color: #480;
+	background: #fff;
+	font-family: 'scp', monospace, monospace;
+	border: 1px solid rgba(128,128,128,0.3);
+	border-radius: .2em;
+	padding: .15em .2em;
+}
+html.z pre,
+html.z code {
+	color: #9e0;
+	background: #000;
+	background: rgba(0,16,0,0.2);
+}
+.os {
+	line-height: 1.5em;
+}
+.sph {
+	margin-top: 4em;
+}
+.sph code {
+	margin-left: .3em;
+}
+pre b,
+code b {
+	color: #000;
+	font-weight: normal;
+	text-shadow: 0 0 .2em #0f0;
+}
+html.z pre b,
+html.z code b {
+	color: #fff;
+}


 html.z {
@@ -102,6 +152,11 @@ html.z a.r {
 	background: #804;
 	border-color: #c28;
 }
+html.z a.g {
+	background: #470;
+	border-color: #af4;
+	box-shadow: 0 .3em 1em #7d0;
+}
 html.z input {
 	color: #fff;
 	background: #626;
--- a/copyparty/web/splash.html
+++ b/copyparty/web/splash.html
@@ -6,19 +6,21 @@
 	<title>{{ svcname }}</title>
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
 	<meta name="viewport" content="width=device-width, initial-scale=0.8">
+	<meta name="theme-color" content="#333">
 {{ html_head }}
-	<link rel="stylesheet" media="screen" href="/.cpr/splash.css?_={{ ts }}">
-	<link rel="stylesheet" media="screen" href="/.cpr/ui.css?_={{ ts }}">
+	<link rel="stylesheet" media="screen" href="{{ r }}/.cpr/splash.css?_={{ ts }}">
+	<link rel="stylesheet" media="screen" href="{{ r }}/.cpr/ui.css?_={{ ts }}">
 </head>

 <body>
 	<div id="wrap">
-		<a id="a" href="/?h" class="refresh">refresh</a>
+		<a id="a" href="{{ r }}/?h" class="af">refresh</a>
+		<a id="v" href="{{ r }}/?hc" class="af">connect</a>

 		{%- if this.uname == '*' %}
 			<p id="b">howdy stranger &nbsp; <small>(you're not logged in)</small></p>
 		{%- else %}
-			<a id="c" href="/?pw=x" class="logout">logout</a>
+			<a id="c" href="{{ r }}/?pw=x" class="logout">logout</a>
 			<p><span id="m">welcome back,</span> <strong>{{ this.uname }}</strong></p>
 		{%- endif %}

@@ -51,8 +53,8 @@
 			</table>
 		</td></tr></table>
 		<div class="btns">
-			<a id="d" href="/?stack">dump stack</a>
-			<a id="e" href="/?reload=cfg">reload cfg</a>
+			<a id="d" href="{{ r }}/?stack">dump stack</a>
+			<a id="e" href="{{ r }}/?reload=cfg">reload cfg</a>
 		</div>
 		{%- endif %}

@@ -77,18 +79,18 @@
 		<h1 id="cc">client config:</h1>
 		<ul>
 			{% if k304 %}
-			<li><a id="h" href="/?k304=n">disable k304</a> (currently enabled)
+			<li><a id="h" href="{{ r }}/?k304=n">disable k304</a> (currently enabled)
 			{%- else %}
-			<li><a id="i" href="/?k304=y" class="r">enable k304</a> (currently disabled)
+			<li><a id="i" href="{{ r }}/?k304=y" class="r">enable k304</a> (currently disabled)
 			{% endif %}
 			<blockquote id="j">enabling this will disconnect your client on every HTTP 304, which can prevent some buggy proxies from getting stuck (suddenly not loading pages), <em>but</em> it will also make things slower in general</blockquote></li>
 			
-			<li><a id="k" href="/?reset" class="r" onclick="localStorage.clear();return true">reset client settings</a></li>
+			<li><a id="k" href="{{ r }}/?reset" class="r" onclick="localStorage.clear();return true">reset client settings</a></li>
 		</ul>

 		<h1 id="l">login for more:</h1>
 		<ul>
-			<form method="post" enctype="multipart/form-data" action="/{{ qvpath }}">
+			<form method="post" enctype="multipart/form-data" action="{{ r }}/{{ qvpath }}">
 				<input type="hidden" name="act" value="login" />
 				<input type="password" name="cppwd" />
 				<input type="submit" value="Login" />
@@ -98,13 +100,14 @@
 	<a href="#" id="repl">π</a>
 	<script>

-var lang="{{ lang }}",
+var SR = {{ r|tojson }},
+	lang="{{ lang }}",
 	dfavico="{{ favico }}";

 document.documentElement.className=localStorage.theme||"{{ this.args.theme }}";

 </script>
-<script src="/.cpr/util.js?_={{ ts }}"></script>
-<script src="/.cpr/splash.js?_={{ ts }}"></script>
+<script src="{{ r }}/.cpr/util.js?_={{ ts }}"></script>
+<script src="{{ r }}/.cpr/splash.js?_={{ ts }}"></script>
 </body>
 </html>
--- a/copyparty/web/splash.js
+++ b/copyparty/web/splash.js
@@ -12,23 +12,26 @@ var Ls = {
 		"cc1": "klient-konfigurasjon",
 		"h1": "skru av k304",
 		"i1": "skru på k304",
-		"j1": "k304 bryter tilkoplingen for hver HTTP 304. Dette hjelper visse mellomtjenere som kan sette seg fast / plutselig slutter å laste sider, men det reduserer også ytelsen betydelig",
+		"j1": "k304 bryter tilkoplingen for hver HTTP 304. Dette hjelper mot visse mellomtjenere som kan sette seg fast / plutselig slutter å laste sider, men det reduserer også ytelsen betydelig",
 		"k1": "nullstill innstillinger",
 		"l1": "logg inn:",
 		"m1": "velkommen tilbake,",
 		"n1": "404: filen finnes ikke &nbsp;┐( ´ -`)┌",
-		"o1": 'eller kanskje du ikke har tilgang? prøv å logge inn eller <a href="/?h">gå hjem</a>',
+		"o1": 'eller kanskje du ikke har tilgang? prøv å logge inn eller <a href="' + SR + '/?h">gå hjem</a>',
 		"p1": "403: tilgang nektet &nbsp;~┻━┻",
-		"q1": 'du må logge inn eller <a href="/?h">gå hjem</a>',
+		"q1": 'du må logge inn eller <a href="' + SR + '/?h">gå hjem</a>',
 		"r1": "gå hjem",
 		".s1": "kartlegg",
 		"t1": "handling",
 		"u2": "tid siden noen sist skrev til serveren$N( opplastning / navneendring / ... )$N$N17d = 17 dager$N1h23 = 1 time 23 minutter$N4m56 = 4 minuter 56 sekunder",
+		"v1": "koble til",
+		"v2": "bruk denne serveren som en lokal harddisk$N$NADVARSEL: kommer til å vise passordet ditt!"
 	},
 	"eng": {
 		"d2": "shows the state of all active threads",
 		"e2": "reload config files (accounts/volumes/volflags),$Nand rescan all e2ds volumes",
 		"u2": "time since the last server write$N( upload / rename / ... )$N$N17d = 17 days$N1h23 = 1 hour 23 minutes$N4m56 = 4 minutes 56 seconds",
+		"v2": "use this server as a local HDD$N$NWARNING: this will show your password!",
 	}
 },
 	d = Ls[sread("lang") || lang];
--- a/copyparty/web/svcs.html
+++ b/copyparty/web/svcs.html
@@ -0,0 +1,201 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+	<meta charset="utf-8">
+	<title>{{ args.doctitle }} @ {{ args.name }}</title>
+	<meta http-equiv="X-UA-Compatible" content="IE=edge">
+	<meta name="viewport" content="width=device-width, initial-scale=0.8">
+	<meta name="theme-color" content="#333">
+{{ html_head }}
+	<link rel="stylesheet" media="screen" href="{{ r }}/.cpr/splash.css?_={{ ts }}">
+	<link rel="stylesheet" media="screen" href="{{ r }}/.cpr/ui.css?_={{ ts }}">
+</head>
+
+<body>
+	<div id="wrap" class="w">
+        <div class="cn">
+            <p class="btns"><a href="{{ r }}/{{ vp }}">browse files</a> // <a href="{{ r }}/?h">control panel</a></p>
+            <p>or choose your OS for cooler alternatives:</p>
+            <div class="ossel">
+                <a id="swin" href="#">Windows</a>
+                <a id="slin" href="#">Linux</a>
+                <a id="smac" href="#">macOS</a>
+            </div>
+        </div>
+
+        <p class="sph">
+            make this server appear on your computer as a regular HDD!<br />
+            pick your favorite below (sorted by performance, best first) and lets 🎉<br />
+            <br />
+            <span class="os win lin mac">placeholders:</span>
+            <span class="os win">
+                {% if accs %}<code><b>{{ pw }}</b></code>=password, {% endif %}<code><b>W:</b></code>=mountpoint
+            </span>
+            <span class="os lin mac">
+                {% if accs %}<code><b>{{ pw }}</b></code>=password, {% endif %}<code><b>mp</b></code>=mountpoint
+            </span>
+        </p>
+
+
+
+        {% if not args.no_dav %}
+        <h1>WebDAV</h1>
+
+        <div class="os win">
+            <p><em>note: rclone-FTP is a bit faster, so {% if args.ftp or args.ftps %}try that first{% else %}consider enabling FTP in server settings{% endif %}</em></p>
+            <p>if you can, install <a href="https://winfsp.dev/rel/">winfsp</a>+<a href="https://downloads.rclone.org/rclone-current-windows-amd64.zip">rclone</a> and then paste this in cmd:</p>
+            <pre>
+                rclone config create {{ aname }}-dav webdav url=http{{ s }}://{{ rip }}{{ hport }} vendor=other{% if accs %} user=k pass=<b>{{ pw }}</b>{% endif %}
+                rclone mount --vfs-cache-mode writes --dir-cache-time 5s {{ aname }}-dav:{{ vp }} <b>W:</b>
+            </pre>
+            {% if s %}
+            <p><em>note: if you are on LAN (or just dont have valid certificates), add <code>--no-check-certificate</code> to the mount command</em><br />---</p>
+            {% endif %}
+            
+            <p>if you want to use the native WebDAV client in windows instead (slow and buggy), first run <a href="{{ r }}/.cpr/a/webdav-cfg.bat">webdav-cfg.bat</a> to remove the 47 MiB filesize limit (also fixes latency and password login), then connect:</p>
+            <pre>
+                net use <b>w:</b> http{{ s }}://{{ ep }}/{{ vp }}{% if accs %} k /user:<b>{{ pw }}</b>{% endif %}
+            </pre>
+        </div>
+
+        <div class="os lin">
+            <pre>
+                yum install davfs2
+                {% if accs %}printf '%s\n' <b>{{ pw }}</b> k | {% endif %}mount -t davfs -ouid=1000 http{{ s }}://{{ ep }}/{{ vp }} <b>mp</b>
+            </pre>
+            <p>or you can use rclone instead, which is much slower but doesn't require root:</p>
+            <pre>
+                rclone config create {{ aname }}-dav webdav url=http{{ s }}://{{ rip }}{{ hport }} vendor=other{% if accs %} user=k pass=<b>{{ pw }}</b>{% endif %}
+                rclone mount --vfs-cache-mode writes --dir-cache-time 5s {{ aname }}-dav:{{ vp }} <b>mp</b>
+            </pre>
+            {% if s %}
+            <p><em>note: if you are on LAN (or just dont have valid certificates), add <code>--no-check-certificate</code> to the mount command</em><br />---</p>
+            {% endif %}
+            
+            <p>or the emergency alternative (gnome/gui-only):</p>
+            <!-- gnome-bug: ignores vp -->
+            <pre>
+                {%- if accs %}
+                echo <b>{{ pw }}</b> | gio mount dav{{ s }}://k@{{ ep }}/{{ vp }}
+                {%- else %}
+                gio mount -a dav{{ s }}://{{ ep }}/{{ vp }}
+                {%- endif %}
+            </pre>
+        </div>
+
+        <div class="os mac">
+            <pre>
+                osascript -e ' mount volume "http{{ s }}://k:<b>{{ pw }}</b>@{{ ep }}/{{ vp }}" '
+            </pre>
+            <p>or you can open up a Finder, press command-K and paste this instead:</p>
+            <pre>
+                http{{ s }}://k:<b>{{ pw }}</b>@{{ ep }}/{{ vp }}
+            </pre>
+            
+            {% if s %}
+            <p><em>replace <code>https</code> with <code>http</code> if it doesn't work</em></p>
+            {% endif %}
+        </div>
+        {% endif %}
+
+
+
+        {% if args.ftp or args.ftps %}
+        <h1>FTP</h1>
+
+        <div class="os win">
+            <p>if you can, install <a href="https://winfsp.dev/rel/">winfsp</a>+<a href="https://downloads.rclone.org/rclone-current-windows-amd64.zip">rclone</a> and then paste this in cmd:</p>
+            <pre>
+                rclone config create {{ aname }}-ftp ftp host={{ rip }} port={{ args.ftp or args.ftps }} pass=k user={% if accs %}<b>{{ pw }}</b>{% else %}anonymous{% endif %} tls={{ "false" if args.ftp else "true" }}
+                rclone mount --vfs-cache-mode writes --dir-cache-time 5s {{ aname }}-ftp:{{ vp }} <b>W:</b>
+            </pre>
+            <p>if you want to use the native FTP client in windows instead (please dont), press <code>win+R</code> and run this command:</p>
+            <pre>
+                explorer {{ "ftp" if args.ftp else "ftps" }}://{% if accs %}<b>{{ pw }}</b>:k@{% endif %}{{ host }}:{{ args.ftp or args.ftps }}/{{ vp }}
+            </pre>
+        </div>
+
+        <div class="os lin">
+            <pre>
+                rclone config create {{ aname }}-ftp ftp host={{ rip }} port={{ args.ftp or args.ftps }} pass=k user={% if accs %}<b>{{ pw }}</b>{% else %}anonymous{% endif %} tls={{ "false" if args.ftp else "true" }}
+                rclone mount --vfs-cache-mode writes --dir-cache-time 5s {{ aname }}-ftp:{{ vp }} <b>mp</b>
+            </pre>
+            <p>emergency alternative (gnome/gui-only):</p>
+            <!-- gnome-bug: ignores vp -->
+            <pre>
+                {%- if accs %}
+                echo <b>{{ pw }}</b> | gio mount ftp{{ "" if args.ftp else "s" }}://k@{{ host }}:{{ args.ftp or args.ftps }}/{{ vp }}
+                {%- else %}
+                gio mount -a ftp{{ "" if args.ftp else "s" }}://{{ host }}:{{ args.ftp or args.ftps }}/{{ vp }}
+                {%- endif %}
+            </pre>
+        </div>
+
+        <div class="os mac">
+            <p>note: FTP is read-only on macos; please use WebDAV instead</p>
+            <pre>
+                open {{ "ftp" if args.ftp else "ftps" }}://{% if accs %}k:<b>{{ pw }}</b>@{% else %}anonymous:@{% endif %}{{ host }}:{{ args.ftp or args.ftps }}/{{ vp }}
+            </pre>
+        </div>
+        {% endif %}
+
+
+
+        <h1>partyfuse</h1>
+        <p>
+            <a href="{{ r }}/.cpr/a/partyfuse.py">partyfuse.py</a> -- fast, read-only,
+            <span class="os win">needs <a href="https://winfsp.dev/rel/">winfsp</a></span>
+            <span class="os lin">doesn't need root</span>
+        </p>
+        <pre>
+            partyfuse.py{% if accs %} -a <b>{{ pw }}</b>{% endif %} http{{ s }}://{{ ep }}/{{ vp }} <b><span class="os win">W:</span><span class="os lin mac">mp</span></b>
+        </pre>
+        {% if s %}
+        <p><em>note: if you are on LAN (or just dont have valid certificates), add <code>-td</code></em></p>
+        {% endif %}
+        <p>
+            you can use <a href="{{ r }}/.cpr/a/up2k.py">up2k.py</a> to upload (sometimes faster than web-browsers)
+        </p>
+
+
+        {% if args.smb %}
+        <h1>SMB / CIFS</h1>
+        <em><a href="https://github.com/SecureAuthCorp/impacket/issues/1433">bug:</a> max ~300 files in each folder</em>
+
+        <div class="os win">
+            <pre>
+                net use <b>w:</b> \\{{ host }}\a{% if accs %} k /user:<b>{{ pw }}</b>{% endif %}
+            </pre>
+            <!-- rclone fails due to copyparty-smb bugs -->
+        </div>
+
+        <div class="os lin">
+            <pre>
+                mount -t cifs -o{% if accs %}user=<b>{{ pw }}</b>,pass=k,{% endif %}vers={{ 1 if args.smb1 else 2 }}.0,port={{ args.smb_port }},uid=1000 //{{ host }}/a/ <b>mp</b>
+            </pre>
+            <!-- p>or the emergency alternative (gnome/gui-only):</p nevermind, only works through mdns -->
+        </div>
+
+        <pre class="os mac">
+            open 'smb://<b>{{ pw }}</b>:k@{{ host }}/a'
+        </pre>
+        {% endif %}
+
+
+
+    </div>
+	<a href="#" id="repl">π</a>
+	<script>
+
+var SR = {{ r|tojson }},
+    lang="{{ lang }}",
+	dfavico="{{ favico }}";
+
+document.documentElement.className=localStorage.theme||"{{ args.theme }}";
+
+</script>
+<script src="{{ r }}/.cpr/util.js?_={{ ts }}"></script>
+<script src="{{ r }}/.cpr/svcs.js?_={{ ts }}"></script>
+</body>
+</html>
--- a/copyparty/web/svcs.js
+++ b/copyparty/web/svcs.js
@@ -0,0 +1,42 @@
+function QSA(x) {
+    return document.querySelectorAll(x);
+}
+var LINUX = /Linux/.test(navigator.userAgent),
+    MACOS = /[^a-z]mac ?os/i.test(navigator.userAgent),
+    WINDOWS = /Windows/.test(navigator.userAgent);
+
+
+var oa = QSA('pre');
+for (var a = 0; a < oa.length; a++) {
+    var html = oa[a].innerHTML,
+        nd = /^ +/.exec(html)[0].length,
+        rd = new RegExp('(^|\r?\n) {' + nd + '}', 'g');
+
+    oa[a].innerHTML = html.replace(rd, '$1').replace(/[ \r\n]+$/, '').replace(/\r?\n/g, '<br />');
+}
+
+
+oa = QSA('.ossel a');
+for (var a = 0; a < oa.length; a++)
+    oa[a].onclick = esetos;
+
+function esetos(e) {
+    ev(e);
+    setos(((e && e.target) || (window.event && window.event.srcElement)).id.slice(1));
+}
+
+function setos(os) {
+    var oa = QSA('.os');
+    for (var a = 0; a < oa.length; a++)
+        oa[a].style.display = 'none';
+
+    var oa = QSA('.' + os);
+    for (var a = 0; a < oa.length; a++)
+        oa[a].style.display = '';
+
+    oa = QSA('.ossel a');
+    for (var a = 0; a < oa.length; a++)
+        clmod(oa[a], 'g', oa[a].id.slice(1) == os);
+}
+
+setos(WINDOWS ? 'win' : LINUX ? 'lin' : MACOS ? 'mac' : 'idk');
--- a/copyparty/web/ui.css
+++ b/copyparty/web/ui.css
@@ -1,7 +1,7 @@
@font-face {
 	font-family: 'scp';
 	font-display: swap;
-	src: local('Source Code Pro Regular'), local('SourceCodePro-Regular'), url(/.cpr/deps/scp.woff2) format('woff2');
+	src: local('Source Code Pro Regular'), local('SourceCodePro-Regular'), url(deps/scp.woff2) format('woff2');
 }
 html {
 	touch-action: manipulation;
@@ -202,6 +202,7 @@ html.y #tth {
 	border: .4em solid var(--fg);
 	box-shadow: 0 2em 4em 1em var(--bg-max);
 }
+#hkhelp,
 #modal {
 	position: fixed;
    overflow: auto;
@@ -236,6 +237,10 @@ html.y #tth {
 	max-height: 30em;
 	overflow: auto;
 }
+#modalc td {
+	text-align: unset;
+	padding: .2em;
+}
@media (min-width: 40em) {
    #modalc {
        min-width: 30em;
@@ -251,6 +256,9 @@ html.y #tth {
 	padding: .3em;
 	text-align: center;
 }
+#modalc a {
+	color: #07b;
+}
 #modalb {
 	position: sticky;
 	text-align: right;
--- a/copyparty/web/up2k.js
+++ b/copyparty/web/up2k.js
@@ -267,6 +267,9 @@ function U2pvis(act, btns, uc, st) {
        fo.cb[nchunk] = cbd;
        fo.bd += delta;

+        if (!fo.bd)
+            return;
+
        var p = r.perc(fo.bd, fo.bd0, fo.bt, fobj.t_uploading);
        fo.hp = f2f(p[0], 2) + '%, ' + p[1] + ', ' + f2f(p[2], 2) + ' MB/s';

@@ -612,6 +615,9 @@ function Donut(uc, st) {
    var r = this,
        el = null,
        psvg = null,
+        tenstrobe = null,
+        tstrober = null,
+        strobes = [],
        o = 20 * 2 * Math.PI,
        optab = QS('#ops a[data-dest="up2k"]');

@@ -661,11 +667,15 @@ function Donut(uc, st) {
        r.base = pos();
        optab.innerHTML = ya ? svg() : optab.getAttribute('ico');
        el = QS('#ops a .donut');
+        clearTimeout(tenstrobe);
        if (!ya) {
            favico.upd();
            wintitle();
+            if (document.visibilityState == 'hidden')
+                tenstrobe = setTimeout(r.enstrobe, 500); //debounce
        }
    };
+
    r.do = function () {
        if (!el)
            return;
@@ -698,6 +708,54 @@ function Donut(uc, st) {
            r.fc = 0;
        }
    };
+
+    r.enstrobe = function () {
+        strobes = ['████████████████', '________________', '████████████████'];
+        tstrober = setInterval(strobe, 300);
+
+        if (uc.upsfx && actx && actx.state != 'suspended')
+            sfx();
+
+        // firefox may forget that filedrops are user-gestures so it can skip this:
+        if (uc.upnag && window.Notification && Notification.permission == 'granted')
+            new Notification(uc.nagtxt);
+    }
+
+    function strobe() {
+        var txt = strobes.pop();
+        wintitle(txt);
+        if (!txt)
+            clearInterval(tstrober);
+    }
+
+    function sfx() {
+        var osc = actx.createOscillator(),
+            gain = actx.createGain(),
+            gg = gain.gain,
+            ft = [660, 880, 440, 660, 880],
+            ofs = 0;
+
+        osc.connect(gain);
+        gain.connect(actx.destination);
+        var ct = actx.currentTime + 0.03;
+
+        osc.type = 'triangle';
+        while (ft.length)
+            osc.frequency.setTargetAtTime(
+                ft.shift(), ct + (ofs += 0.05), 0.001);
+
+        gg.value = 0.15;
+        gg.setTargetAtTime(0.8, ct, 0.01);
+        gg.setTargetAtTime(0.3, ct + 0.13, 0.01);
+        gg.setTargetAtTime(0, ct + ofs + 0.05, 0.02);
+
+        osc.start();
+        setTimeout(function () {
+            osc.stop();
+            osc.disconnect();
+            gain.disconnect();
+        }, 500);
+    }
 }


@@ -719,12 +777,10 @@ function up2k_init(subtle) {
        "gotallfiles": [gotallfiles]  // hooks
    };

-    if (window.WebAssembly) {
-        for (var a = 0; a < Math.min(navigator.hardwareConcurrency || 4, 16); a++)
-            hws.push(new Worker('/.cpr/w.hash.js'));
-
-        console.log(hws.length + " hashers ready");
-    }
+    setTimeout(function () {
+        if (window.WebAssembly && !hws.length)
+            fetch(SR + '/.cpr/w.hash.js' + CB);
+    }, 1000);

    function showmodal(msg) {
        ebi('u2notbtn').innerHTML = msg;
@@ -753,7 +809,7 @@ function up2k_init(subtle) {
                m = L.u_https1 + ' <a href="' + (window.location + '').replace(':', 's:') + '">' + L.u_https2 + '</a> ' + L.u_https3;

            showmodal('<h1>loading ' + fn + '</h1>');
-            import_js('/.cpr/deps/' + fn, unmodal);
+            import_js(SR + '/.cpr/deps/' + fn, unmodal);

            if (HTTPS) {
                // chrome<37 firefox<34 edge<12 opera<24 safari<7
@@ -803,12 +859,15 @@ function up2k_init(subtle) {
    bcfg_bind(uc, 'multitask', 'multitask', true, null, false);
    bcfg_bind(uc, 'potato', 'potato', false, set_potato, false);
    bcfg_bind(uc, 'ask_up', 'ask_up', true, null, false);
-    bcfg_bind(uc, 'flag_en', 'flag_en', false, apply_flag_cfg);
    bcfg_bind(uc, 'fsearch', 'fsearch', false, set_fsearch, false);
-    bcfg_bind(uc, 'turbo', 'u2turbo', turbolvl > 1, draw_turbo, false);
-    bcfg_bind(uc, 'datechk', 'u2tdate', turbolvl < 3, null, false);
-    bcfg_bind(uc, 'az', 'u2sort', u2sort.indexOf('n') + 1, set_u2sort, false);
-    bcfg_bind(uc, 'hashw', 'hashw', !!window.WebAssembly, set_hashw, false);
+
+    bcfg_bind(uc, 'flag_en', 'flag_en', false, apply_flag_cfg);
+    bcfg_bind(uc, 'turbo', 'u2turbo', turbolvl > 1, draw_turbo);
+    bcfg_bind(uc, 'datechk', 'u2tdate', turbolvl < 3, null);
+    bcfg_bind(uc, 'az', 'u2sort', u2sort.indexOf('n') + 1, set_u2sort);
+    bcfg_bind(uc, 'hashw', 'hashw', !!window.WebAssembly && (!subtle || !CHROME || MOBILE || VCHROME >= 107), set_hashw);
+    bcfg_bind(uc, 'upnag', 'upnag', false, set_upnag);
+    bcfg_bind(uc, 'upsfx', 'upsfx', false, set_upsfx);

    var st = {
        "files": [],
@@ -845,8 +904,19 @@ function up2k_init(subtle) {
            "u": "",
            "t": ""
        },
+        "etaw": {
+            "h": [['', 0, 0, 0]],
+            "u": [['', 0, 0, 0]],
+            "t": [['', 0, 0, 0]]
+        },
+        "etac": {
+            "h": 0,
+            "u": 0,
+            "t": 0
+        },
        "car": 0,
        "slow_io": null,
+        "oserr": false,
        "modn": 0,
        "modv": 0,
        "mod0": null
@@ -868,11 +938,7 @@ function up2k_init(subtle) {
    r.st = st;
    r.uc = uc;

-    var bobslice = null;
-    if (window.File)
-        bobslice = File.prototype.slice || File.prototype.mozSlice || File.prototype.webkitSlice;
-
-    if (!bobslice || !window.FileReader || !window.FileList)
+    if (!window.File || !window.FileReader || !window.FileList || !File.prototype || !File.prototype.slice)
        return un2k(L.u_ever);

    var flag = false;
@@ -880,7 +946,21 @@ function up2k_init(subtle) {
    set_fsearch();

    function nav() {
-        ebi('file' + fdom_ctr).click();
+        start_actx();
+
+        var uf = function () { ebi('file' + fdom_ctr).click(); },
+            ud = function () { ebi('dir' + fdom_ctr).click(); };
+
+        // too buggy on chrome <= 72
+        var m = / Chrome\/([0-9]+)\./.exec(navigator.userAgent);
+        if (m && parseInt(m[1]) < 73)
+            return uf();
+
+        // phones dont support folder upload
+        if (MOBILE)
+            return uf();
+
+        modal.confirm(L.u_nav_m, uf, ud, null, L.u_nav_b);
    }
    ebi('u2btn').onclick = nav;

@@ -973,6 +1053,36 @@ function up2k_init(subtle) {
    }
    ebi('drops').onclick = offdrag;  // old ff

+    function gotdir(e) {
+        ev(e);
+        var good_files = [],
+            nil_files = [],
+            bad_files = [];
+
+        for (var a = 0, aa = e.target.files.length; a < aa; a++) {
+            var fobj = e.target.files[a],
+                name = fobj.webkitRelativePath,
+                dst = good_files;
+
+            try {
+                if (!name)
+                    throw 1;
+
+                if (fobj.size < 1)
+                    dst = nil_files;
+            }
+            catch (ex) {
+                dst = bad_files;
+            }
+            dst.push([fobj, name]);
+        }
+
+        if (!good_files.length && bad_files.length)
+            return toast.err(30, "that's not a folder!\n\nyour browser is too old,\nplease try dragdrop instead");
+
+        return read_dirs(null, [], [], good_files, nil_files, bad_files);
+    }
+
    function gotfile(e) {
        ev(e);
        nenters = 0;
@@ -1024,7 +1134,7 @@ function up2k_init(subtle) {
                    continue;

                try {
-                    var wi = fobj.webkitGetAsEntry();
+                    var wi = fobj.getAsEntry ? fobj.getAsEntry() : fobj.webkitGetAsEntry();
                    if (wi.isDirectory) {
                        dirs.push(wi);
                        continue;
@@ -1042,9 +1152,8 @@ function up2k_init(subtle) {
            }
            dst.push([fobj, fobj.name]);
        }
-        if (dirs) {
-            return read_dirs(null, [], dirs, good_files, nil_files, bad_files);
-        }
+        start_actx();  // good enough for chrome; not firefox
+        return read_dirs(null, [], dirs, good_files, nil_files, bad_files);
    }

    function rd_flatten(pf, dirs) {
@@ -1107,7 +1216,7 @@ function up2k_init(subtle) {
                }
                else {
                    var name = dn.fullPath;
-                    if (name.indexOf('/') === 0)
+                    if (name.startsWith('/'))
                        name = name.slice(1);

                    pf.push(name);
@@ -1130,7 +1239,16 @@ function up2k_init(subtle) {
                dirs.shift();
                rd = null;
            }
-            return read_dirs(rd, pf, dirs, good, nil, bad, spins);
+            read_dirs(rd, pf, dirs, good, nil, bad, spins);
+        }, function () {
+            var dn = dirs[0],
+                name = dn.fullPath;
+
+            if (name.startsWith('/'))
+                name = name.slice(1);
+
+            bad.push([dn, name + '/']);
+            read_dirs(null, pf, dirs.slice(1), good, nil, bad, spins);
        });
    }

@@ -1149,6 +1267,7 @@ function up2k_init(subtle) {

            msg += L.u_just1;
            return modal.alert(msg, function () {
+                start_actx();
                gotallfiles(good_files, nil_files, []);
            });
        }
@@ -1160,8 +1279,10 @@ function up2k_init(subtle) {

            msg += L.u_just1;
            return modal.confirm(msg, function () {
+                start_actx();
                gotallfiles(good_files.concat(nil_files), [], []);
            }, function () {
+                start_actx();
                gotallfiles(good_files, [], []);
            });
        }
@@ -1172,23 +1293,40 @@ function up2k_init(subtle) {
            return a < b ? -1 : a > b ? 1 : 0;
        });

-        var msg = [L.u_asku.format(good_files.length, esc(get_vpath())) + '<ul>'];
+        var msg = [];
+
+        if (lifetime)
+            msg.push('<b>' + L.u_up_life.format(lhumantime(st.lifetime || lifetime)) + '</b>\n\n');
+
+        if (FIREFOX && good_files.length > 3000)
+            msg.push(L.u_ff_many + "\n\n");
+
+        msg.push(L.u_asku.format(good_files.length, esc(get_vpath())) + '<ul>');
        for (var a = 0, aa = Math.min(20, good_files.length); a < aa; a++)
            msg.push('<li>' + esc(good_files[a][1]) + '</li>');

        if (uc.ask_up && !uc.fsearch)
            return modal.confirm(msg.join('') + '</ul>', function () {
+                start_actx();
                up_them(good_files);
-                toast.inf(15, L.u_unpt);
+                toast.inf(15, L.u_unpt, L.u_unpt);
            }, null);

        up_them(good_files);
    }

    function up_them(good_files) {
+        start_actx();
        var evpath = get_evpath(),
            draw_each = good_files.length < 50;

+        if (window.WebAssembly && !hws.length) {
+            for (var a = 0; a < Math.min(navigator.hardwareConcurrency || 4, 16); a++)
+                hws.push(new Worker(SR + '/.cpr/w.hash.js' + CB));
+
+            console.log(hws.length + " hashers");
+        }
+
        if (!uc.az)
            good_files.sort(function (a, b) {
                a = a[0].size;
@@ -1248,9 +1386,7 @@ function up2k_init(subtle) {

            st.bytes.total += entry.size;
            st.files.push(entry);
-            if (!entry.size)
-                push_t(st.todo.handshake, entry);
-            else if (uc.turbo)
+            if (uc.turbo)
                push_t(st.todo.head, entry);
            else
                push_t(st.todo.hash, entry);
@@ -1260,14 +1396,25 @@ function up2k_init(subtle) {
            pvis.changecard(pvis.act);
        }
        ebi('u2tabw').className = 'ye';
+
+        setTimeout(function () {
+            if (!actx || actx.state != 'suspended' || toast.tag == L.u_unpt)
+                return;
+
+            toast.warn(30, "<div onclick=\"start_actx();toast.inf(3,'thanks!')\">please click this text to<br />unlock full upload speed</div>");
+        }, 500);
    }

    function more_one_file() {
        fdom_ctr++;
        var elm = mknod('div');
-        elm.innerHTML = '<input id="file{0}" type="file" name="file{0}[]" multiple="multiple" tabindex="-1" />'.format(fdom_ctr);
+        elm.innerHTML = (
+            '<input id="file{0}" type="file" name="file{0}[]" multiple="multiple" tabindex="-1" />' +
+            '<input id="dir{0}" type="file" name="dir{0}[]" multiple="multiple" tabindex="-1" webkitdirectory />'
+        ).format(fdom_ctr);
        ebi('u2form').appendChild(elm);
        ebi('file' + fdom_ctr).onchange = gotfile;
+        ebi('dir' + fdom_ctr).onchange = gotdir;
    }
    more_one_file();

@@ -1343,10 +1490,20 @@ function up2k_init(subtle) {
            }
        }
        for (var a = 0; a < t.length; a++) {
-            var rem = st.bytes.total - t[a][2],
-                bps = t[a][1] / t[a][3],
-                hid = t[a][0],
+            var hid = t[a][0],
                eid = hid.slice(-1),
+                etaw = st.etaw[eid];
+
+            if (st.etac[eid] > 100) {  // num chunks
+                st.etac[eid] = 0;
+                etaw.push(jcp(t[a]));
+                if (etaw.length > 5)
+                    etaw.shift();
+            }
+
+            var h = etaw[0],
+                rem = st.bytes.total - t[a][2],
+                bps = (t[a][1] - h[1]) / Math.max(0.1, t[a][3] - h[3]),
                eta = Math.floor(rem / bps);

            if (t[a][1] < 1024 || t[a][3] < 0.1) {
@@ -1365,6 +1522,15 @@ function up2k_init(subtle) {
            etaskip = 0;
    }

+    function got_oserr() {
+        if (!hws.length || !uc.hashw || st.oserr)
+            return;
+
+        st.oserr = true;
+        var msg = HTTPS ? L.u_emtleak3 : L.u_emtleak2.format((window.location + '').replace(':', 's:'));
+        modal.alert(L.u_emtleak1 + msg + (CHROME ? L.u_emtleakc : FIREFOX ? L.u_emtleakf : ''));
+    }
+
    /////
    ////
    ///   actuator
@@ -1469,6 +1635,7 @@ function up2k_init(subtle) {

                    if (!is_busy) {
                        uptoast();
+                        //throw console.hist.join('\n');
                    }
                    else {
                        timer.add(donut.do);
@@ -1588,15 +1755,15 @@ function up2k_init(subtle) {
        console.log('toast', ok, ng);

        if (ok && ng)
-            toast.warn(t, (sr ? L.ur_sm : L.ur_um).format(ok, ng));
+            toast.warn(t, uc.nagtxt = (sr ? L.ur_sm : L.ur_um).format(ok, ng));
        else if (ok > 1)
-            toast.ok(t, (sr ? L.ur_aso : L.ur_auo).format(ok));
+            toast.ok(t, uc.nagtxt = (sr ? L.ur_aso : L.ur_auo).format(ok));
        else if (ok)
-            toast.ok(t, sr ? L.ur_1so : L.ur_1uo);
+            toast.ok(t, uc.nagtxt = sr ? L.ur_1so : L.ur_1uo);
        else if (ng > 1)
-            toast.err(t, (sr ? L.ur_asn : L.ur_aun).format(ng));
+            toast.err(t, uc.nagtxt = (sr ? L.ur_asn : L.ur_aun).format(ng));
        else if (ng)
-            toast.err(t, sr ? L.ur_1sn : L.ur_1un);
+            toast.err(t, uc.nagtxt = sr ? L.ur_1sn : L.ur_1un);

        timer.rm(etafun);
        timer.rm(donut.do);
@@ -1666,7 +1833,7 @@ function up2k_init(subtle) {
        while (true) {
            for (var mul = 1; mul <= 2; mul++) {
                var nchunks = Math.ceil(filesize / chunksize);
-                if (nchunks <= 256 || chunksize >= 32 * 1024 * 1024)
+                if (nchunks <= 256 || (chunksize >= 32 * 1024 * 1024 && nchunks <= 4096))
                    return chunksize;

                chunksize += stepsize;
@@ -1677,6 +1844,9 @@ function up2k_init(subtle) {

    function exec_hash() {
        var t = st.todo.hash.shift();
+        if (!t.size)
+            return st.todo.handshake.push(t);
+
        st.busy.hash.push(t);
        st.nfile.hash = t.n;
        t.t_hashing = Date.now();
@@ -1690,7 +1860,8 @@ function up2k_init(subtle) {
        pvis.setab(t.n, nchunks);
        pvis.move(t.n, 'bz');

-        if (nchunks > 1 && hws.length && uc.hashw)
+        if (hws.length && uc.hashw && (nchunks > 1 || document.visibilityState == 'hidden'))
+            // resolving subtle.digest w/o worker takes 1sec on blur if the actx hack breaks
            return wexec_hash(t, chunksize, nchunks);

        var segm_next = function () {
@@ -1703,6 +1874,7 @@ function up2k_init(subtle) {
                cdr = Math.min(chunksize + car, t.size);

            st.bytes.hashed += cdr - car;
+            st.etac.h++;

            function orz(e) {
                bpend--;
@@ -1723,6 +1895,7 @@ function up2k_init(subtle) {
                    pvis.seth(t.n, 2, err + ' @ ' + car);
                    console.log('OS-error', reader.error, '@', car);
                    handled = true;
+                    got_oserr();
                }

                if (handled) {
@@ -1735,8 +1908,7 @@ function up2k_init(subtle) {
                toast.err(0, 'y o u   b r o k e    i t\nfile: ' + esc(t.name + '') + '\nerror: ' + err);
            };
            bpend++;
-            reader.readAsArrayBuffer(
-                bobslice.call(t.fobj, car, cdr));
+            reader.readAsArrayBuffer(t.fobj.slice(car, cdr));

            return true;
        };
@@ -1841,6 +2013,8 @@ function up2k_init(subtle) {
                pvis.seth(t.n, 1, d[1]);
                pvis.seth(t.n, 2, d[2]);
                console.log(d[1], d[2]);
+                if (d[1] == 'OS-error')
+                    got_oserr();

                pvis.move(t.n, 'ng');
                apop(st.busy.hash, t);
@@ -1908,7 +2082,10 @@ function up2k_init(subtle) {

        var xhr = new XMLHttpRequest();
        xhr.onerror = function () {
-            console.log('head onerror, retrying', t);
+            console.log('head onerror, retrying', t.name, t);
+            if (!toast.visible)
+                toast.warn(9.98, L.u_enethd + "\n\nfile: " + t.name, t);
+
            apop(st.busy.head, t);
            st.todo.head.unshift(t);
        };
@@ -1945,7 +2122,7 @@ function up2k_init(subtle) {
            try { orz(e); } catch (ex) { vis_exh(ex + '', 'up2k.js', '', '', ex); }
        };

-        xhr.open('HEAD', t.purl + uricom_enc(t.name) + '?raw', true);
+        xhr.open('HEAD', t.purl + uricom_enc(t.name), true);
        xhr.send();
    }

@@ -1964,22 +2141,25 @@ function up2k_init(subtle) {
        t.t_busied = me;

        if (keepalive)
-            console.log("sending keepalive handshake", t);
+            console.log("sending keepalive handshake", t.name, t);

        var xhr = new XMLHttpRequest();
        xhr.onerror = function () {
            if (t.t_busied != me) {
-                console.log('zombie handshake onerror,', t);
+                console.log('zombie handshake onerror,', t.name, t);
                return;
            }
-            console.log('handshake onerror, retrying', t);
+            if (!toast.visible)
+                toast.warn(9.98, L.u_eneths + "\n\nfile: " + t.name, t);
+
+            console.log('handshake onerror, retrying', t.name, t);
            apop(st.busy.handshake, t);
            st.todo.handshake.unshift(t);
            t.keepalive = keepalive;
        };
        function orz(e) {
            if (t.t_busied != me) {
-                console.log('zombie handshake onload,', t);
+                console.log('zombie handshake onload,', t.name, t);
                return;
            }
            if (xhr.status == 200) {
@@ -1989,6 +2169,9 @@ function up2k_init(subtle) {
                    return;
                }

+                if (toast.tag === t)
+                    toast.ok(5, L.u_fixed);
+
                var response = JSON.parse(xhr.responseText);
                if (!response.name) {
                    var msg = '',
@@ -2074,7 +2257,7 @@ function up2k_init(subtle) {
                            'npart': t.postlist[a]
                        });

-                    msg = L.u_upping;
+                    msg = null;
                    done = false;

                    if (sort)
@@ -2084,7 +2267,10 @@ function up2k_init(subtle) {
                                    a.npart < b.npart ? -1 : 1;
                        });
                }
-                pvis.seth(t.n, 1, msg);
+
+                if (msg)
+                    pvis.seth(t.n, 1, msg);
+
                apop(st.busy.handshake, t);

                if (done) {
@@ -2095,7 +2281,7 @@ function up2k_init(subtle) {
                        spd2 = (t.size / ((t.t_uploaded - t.t_uploading) / 1000.)) / (1024 * 1024.);

                    pvis.seth(t.n, 2, 'hash {0}, up {1} MB/s'.format(
-                        f2f(spd1, 2), isNaN(spd2) ? '--' : f2f(spd2, 2)));
+                        f2f(spd1, 2), !isNum(spd2) ? '--' : f2f(spd2, 2)));

                    pvis.move(t.n, 'ok');
                    if (!pvis.ctr.bz && !pvis.ctr.q)
@@ -2111,7 +2297,7 @@ function up2k_init(subtle) {
            }
            else {
                pvis.seth(t.n, 1, "ERROR");
-                pvis.seth(t.n, 2, L.u_ehstmp);
+                pvis.seth(t.n, 2, L.u_ehstmp, t);

                var err = "",
                    rsp = (xhr.responseText + ''),
@@ -2132,9 +2318,8 @@ function up2k_init(subtle) {
                    return;
                }

-                st.bytes.finished += t.size;
-                var err_pend = rsp.indexOf('partial upload exists') + 1,
-                    err_dupe = rsp.indexOf('file already exists') + 1;
+                var err_pend = rsp.indexOf('partial upload exists at a different') + 1,
+                    err_dupe = rsp.indexOf('upload rejected, file already exists') + 1;

                if (err_pend || err_dupe) {
                    err = rsp;
@@ -2151,6 +2336,9 @@ function up2k_init(subtle) {
                    return toast.err(0, L.u_ehsdf + "\n\n" + rsp.replace(/.*; /, ''));

                if (err != "") {
+                    if (!t.t_uploading)
+                        st.bytes.finished += t.size;
+
                    pvis.seth(t.n, 1, "ERROR");
                    pvis.seth(t.n, 2, err);
                    pvis.move(t.n, 'ng');
@@ -2160,7 +2348,7 @@ function up2k_init(subtle) {
                    return;
                }
                err = t.t_uploading ? L.u_ehsfin : t.srch ? L.u_ehssrch : L.u_ehsinit;
-                xhrchk(xhr, err + ";\n\nfile: " + t.name + "\n\nerror ", "404, target folder not found");
+                xhrchk(xhr, err + "\n\nfile: " + t.name + "\n\nerror ", "404, target folder not found", "warn", t);
            }
        }
        xhr.onload = function (e) {
@@ -2171,6 +2359,7 @@ function up2k_init(subtle) {
            "name": t.name,
            "size": t.size,
            "lmod": t.lmod,
+            "life": st.lifetime,
            "hash": t.hash
        };
        if (t.srch)
@@ -2188,7 +2377,14 @@ function up2k_init(subtle) {

    function can_upload_next() {
        var upt = st.todo.upload[0],
-            upf = st.files[upt.nfile];
+            upf = st.files[upt.nfile],
+            now = Date.now();
+
+        for (var a = 0, aa = st.busy.handshake.length; a < aa; a++) {
+            var hs = st.busy.handshake[a];
+            if (hs.n < upt.nfile && hs.t_busied > now - 10 * 1000 && !st.files[hs.n].bytes_uploaded)
+                return false;  // handshake race; wait for lexically first
+        }

        if (upf.sprs)
            return true;
@@ -2228,13 +2424,15 @@ function up2k_init(subtle) {
                st.bytes.finished += cdr - car;
                st.bytes.uploaded += cdr - car;
                t.bytes_uploaded += cdr - car;
+                st.etac.u++;
+                st.etac.t++;
            }
            else if (txt.indexOf('already got that') + 1 ||
                txt.indexOf('already being written') + 1) {
-                console.log("ignoring dupe-segment error", t);
+                console.log("ignoring dupe-segment error", t.name, t);
            }
            else {
-                xhrchk(xhr, L.u_cuerr2.format(npart, Math.ceil(t.size / chunksize), t.name), "404, target folder not found (???)");
+                xhrchk(xhr, L.u_cuerr2.format(npart, Math.ceil(t.size / chunksize), t.name), "404, target folder not found (???)", "warn", t);

                chill(t);
            }
@@ -2266,9 +2464,9 @@ function up2k_init(subtle) {
                    return;

                if (!toast.visible)
-                    toast.warn(9.98, L.u_cuerr.format(npart, Math.ceil(t.size / chunksize), t.name));
+                    toast.warn(9.98, L.u_cuerr.format(npart, Math.ceil(t.size / chunksize), t.name), t);

-                console.log('chunkpit onerror,', ++tries, t);
+                console.log('chunkpit onerror,', ++tries, t.name, t);
                orz2(xhr);
            };
            xhr.open('POST', t.purl, true);
@@ -2282,7 +2480,7 @@ function up2k_init(subtle) {
                xhr.overrideMimeType('Content-Type', 'application/octet-stream');

            xhr.responseType = 'text';
-            xhr.send(bobslice.call(t.fobj, car, cdr));
+            xhr.send(t.fobj.slice(car, cdr));
        }
        do_send();
    }
@@ -2298,9 +2496,8 @@ function up2k_init(subtle) {
            wpx = window.innerWidth,
            fpx = parseInt(getComputedStyle(bar)['font-size']),
            wem = wpx * 1.0 / fpx,
-            write = has(perms, 'write'),
-            wide = write && wem > 54 ? 'w' : '',
-            parent = ebi(wide && write ? 'u2btn_cw' : 'u2btn_ct'),
+            wide = wem > 54 ? 'w' : '',
+            parent = ebi(wide ? 'u2btn_cw' : 'u2btn_ct'),
            btn = ebi('u2btn');

        if (btn.parentNode !== parent) {
@@ -2308,8 +2505,8 @@ function up2k_init(subtle) {
            ebi('u2conf').className = ebi('u2cards').className = ebi('u2etaw').className = wide;
        }

-        wide = write && wem > 82 ? 'ww' : wide;
-        parent = ebi(wide == 'ww' && write ? 'u2c3w' : 'u2c3t');
+        wide = wem > 82 ? 'ww' : wide;
+        parent = ebi(wide == 'ww' ? 'u2c3w' : 'u2c3t');
        var its = [ebi('u2etaw'), ebi('u2cards')];
        if (its[0].parentNode !== parent) {
            ebi('u2conf').className = wide;
@@ -2336,7 +2533,7 @@ function up2k_init(subtle) {
    tt.att(QS('#u2conf'));

    function bumpthread2(e) {
-        if (e.ctrlKey || e.altKey || e.metaKey || e.isComposing)
+        if (anymod(e))
            return;

        if (e.code == 'ArrowUp')
@@ -2398,19 +2595,95 @@ function up2k_init(subtle) {
    }
    draw_turbo();

+    function draw_life() {
+        var el = ebi('u2life');
+        if (!lifetime) {
+            el.style.display = 'none';
+            el.innerHTML = '';
+            st.lifetime = 0;
+            return;
+        }
+        el.style.display = uc.fsearch ? 'none' : '';
+        el.innerHTML = '<div>' + L.u_life_cfg + '</div><div>' + L.u_life_est + '</div><div id="undor"></div>';
+        set_life(Math.min(lifetime, icfg_get('lifetime', lifetime)));
+        ebi('lifem').oninput = ebi('lifeh').oninput = mod_life;
+        ebi('lifem').onkeydown = ebi('lifeh').onkeydown = kd_life;
+        tt.att(ebi('u2life'));
+    }
+    draw_life();
+
+    function mod_life(e) {
+        var el = e.target,
+            pow = parseInt(el.getAttribute('p')),
+            v = parseInt(el.value);
+
+        if (!isNum(v))
+            return;
+
+        if (toast.tag == mod_life)
+            toast.hide();
+
+        v *= pow;
+        if (v > lifetime) {
+            v = lifetime;
+            toast.warn(20, L.u_life_max.format(lhumantime(lifetime)), mod_life);
+        }
+
+        swrite('lifetime', v);
+        set_life(v);
+    }
+
+    function kd_life(e) {
+        var el = e.target,
+            d = e.code == 'ArrowUp' ? 1 : e.code == 'ArrowDown' ? -1 : 0;
+
+        if (anymod(e) || !d)
+            return;
+
+        el.value = parseInt(el.value) + d;
+        mod_life(e);
+    }
+
+    function set_life(v) {
+        //ebi('lifes').value = v;
+        ebi('lifem').value = parseInt(v / 60);
+        ebi('lifeh').value = parseInt(v / 3600);
+
+        var undo = have_unpost - (v ? lifetime - v : 0);
+        ebi('undor').innerHTML = undo <= 0 ?
+            L.u_unp_ng : L.u_unp_ok.format(lhumantime(undo));
+
+        st.lifetime = v;
+        rel_life();
+    }
+
+    function rel_life() {
+        if (!lifetime)
+            return;
+
+        try {
+            ebi('lifew').innerHTML = unix2iso((st.lifetime || lifetime) +
+                Date.now() / 1000 - new Date().getTimezoneOffset() * 60
+            ).replace(' ', ', ').slice(0, -3);
+        }
+        catch (ex) { }
+    }
+    setInterval(rel_life, 9000);
+
    function set_potato() {
        pvis.potato();
        set_fsearch();
    }

    function set_fsearch(new_state) {
-        var fixed = false;
+        var fixed = false,
+            can_write = false;

        if (!ebi('fsearch')) {
            new_state = false;
        }
        else if (perms.length) {
-            if (!has(perms, 'write')) {
+            if (!(can_write = has(perms, 'write'))) {
                new_state = true;
                fixed = true;
            }
@@ -2420,12 +2693,11 @@ function up2k_init(subtle) {
            }
        }

-        if (new_state !== undefined) {
-            uc.fsearch = new_state;
-            bcfg_set('fsearch', uc.fsearch);
-        }
+        if (new_state !== undefined)
+            bcfg_set('fsearch', uc.fsearch = new_state);

        try {
+            clmod(ebi('u2c3w'), 's', !can_write);
            QS('label[for="fsearch"]').style.display = QS('#fsearch').style.display = fixed ? 'none' : '';
        }
        catch (ex) { }
@@ -2446,6 +2718,7 @@ function up2k_init(subtle) {
        ebi('u2mu').style.display = potato ? '' : 'none';

        draw_turbo();
+        draw_life();
        onresize();
    }

@@ -2456,7 +2729,7 @@ function up2k_init(subtle) {
            }
            catch (ex) {
                toast.err(5, "not supported on your browser:\n" + esc(basenames(ex)));
-                bcfg_set('flag_en', false);
+                bcfg_set('flag_en', uc.flag_en = false);
            }
        }
        else if (!uc.flag_en && flag) {
@@ -2478,11 +2751,47 @@ function up2k_init(subtle) {

    function set_hashw() {
        if (!window.WebAssembly) {
-            bcfg_set('hashw', false);
+            bcfg_set('hashw', uc.hashw = false);
            toast.err(10, L.u_nowork);
        }
    }

+    function set_upnag(en) {
+        function nopenag() {
+            bcfg_set('upnag', uc.upnag = false);
+            toast.err(10, "https only");
+        }
+
+        function chknag() {
+            if (Notification.permission != 'granted')
+                nopenag();
+        }
+
+        if (!window.Notification || !HTTPS)
+            return nopenag();
+
+        if (en && Notification.permission == 'default')
+            Notification.requestPermission().then(chknag, chknag);
+
+        set_upsfx(en);
+    }
+
+    function set_upsfx(en) {
+        if (!en)
+            return;
+
+        toast.inf(10, 'OK -- <a href="#" id="nagtest">test it!</a>')
+
+        ebi('nagtest').onclick = function () {
+            start_actx();
+            uc.nagtxt = ':^)';
+            setTimeout(donut.enstrobe, 200);
+        };
+    }
+
+    if (uc.upnag && (!window.Notification || Notification.permission != 'granted'))
+        bcfg_set('upnag', uc.upnag = false);
+
    ebi('nthread_add').onclick = function (e) {
        ev(e);
        bumpthread(1);
--- a/copyparty/web/util.js
+++ b/copyparty/web/util.js
@@ -1,30 +1,53 @@
 "use strict";

-if (!window['console'])
-    window['console'] = {
+if (!window.console || !console.log)
+    window.console = {
        "log": function (msg) { }
    };


 var wah = '',
+    L, tt, treectl, thegrid, up2k, asmCrypto, hashwasm, vbar, marked,
+    CB = '?_=' + Date.now(),
+    R = SR.slice(1),
+    RS = R ? "/" + R : "",
    HALFMAX = 8192 * 8192 * 8192 * 8192,
    HTTPS = (window.location + '').indexOf('https:') === 0,
    TOUCH = 'ontouchstart' in window,
    MOBILE = TOUCH,
    CHROME = !!window.chrome,
+    VCHROME = CHROME ? 1 : 0,
+    FIREFOX = ('netscape' in window) && / rv:/.test(navigator.userAgent),
    IPHONE = TOUCH && /iPhone|iPad|iPod/i.test(navigator.userAgent),
-    WINDOWS = navigator.platform ? navigator.platform == 'Win32' : /Windows/.test(navigator.userAgent);
+    LINUX = /Linux/.test(navigator.userAgent),
+    MACOS = /[^a-z]mac ?os/i.test(navigator.userAgent),
+    WINDOWS = /Windows/.test(navigator.userAgent);

+if (!window.WebAssembly || !WebAssembly.Memory)
+    window.WebAssembly = false;
+
+if (!window.Notification || !Notification.permission)
+    window.Notification = false;
+
+if (!window.FormData)
+    window.FormData = false;

 try {
+    CB = '?' + document.currentScript.src.split('?').pop();
+
    if (navigator.userAgentData.mobile)
        MOBILE = true;

    if (navigator.userAgentData.platform == 'Windows')
        WINDOWS = true;

-    if (navigator.userAgentData.brands.some(function (d) { return d.brand == 'Chromium' }))
-        CHROME = true;
+    CHROME = navigator.userAgentData.brands.find(function (d) { return d.brand == 'Chromium' });
+    if (CHROME)
+        VCHROME = CHROME.version;
+    else
+        VCHROME = 0;
+
+    CHROME = !!CHROME;
 }
 catch (ex) { }

@@ -35,11 +58,15 @@ var ebi = document.getElementById.bind(document),
    XHR = XMLHttpRequest;


-function mknod(et, eid) {
+function mknod(et, eid, html) {
    var ret = document.createElement(et);
+
    if (eid)
        ret.id = eid;

+    if (html)
+        ret.innerHTML = html;
+
    return ret;
 }

@@ -108,7 +135,7 @@ catch (ex) {
        console.log = console.stdlog;
    console.log('console capture failed', ex);
 }
-var crashed = false, ignexd = {};
+var crashed = false, ignexd = {}, evalex_fatal = false;
 function vis_exh(msg, url, lineNo, columnNo, error) {
    if ((msg + '').indexOf('ResizeObserver') + 1)
        return;  // chrome issue 809574 (benign, from <video>)
@@ -119,7 +146,7 @@ function vis_exh(msg, url, lineNo, columnNo, error) {
    if (!/\.js($|\?)/.exec('' + url))
        return;  // chrome debugger

-    if ((url + '').indexOf(' > eval') + 1)
+    if ((url + '').indexOf(' > eval') + 1 && !evalex_fatal)
        return;  // md timer

    var ekey = url + '\n' + lineNo + '\n' + msg;
@@ -130,9 +157,9 @@ function vis_exh(msg, url, lineNo, columnNo, error) {
    window.onerror = undefined;
    var html = [
        '<h1>you hit a bug!</h1>',
-        '<p style="font-size:1.3em;margin:0">try to <a href="#" onclick="localStorage.clear();location.reload();">reset copyparty settings</a> if you are stuck here, or <a href="#" onclick="ignex();">ignore this</a> / <a href="#" onclick="ignex(true);">ignore all</a></p>',
+        '<p style="font-size:1.3em;margin:0">try to <a href="#" onclick="localStorage.clear();location.reload();">reset copyparty settings</a> if you are stuck here, or <a href="#" onclick="ignex();">ignore this</a> / <a href="#" onclick="ignex(true);">ignore all</a> / <a href="?b=u">basic</a></p>',
        '<p style="color:#fff">please send me a screenshot arigathanks gozaimuch: <a href="<ghi>" target="_blank">github issue</a> or <code>ed#2644</code></p>',
-        '<p class="b">' + esc(url + ' @' + lineNo + ':' + columnNo), '<br />' + esc(String(msg)) + '</p>',
+        '<p class="b">' + esc(url + ' @' + lineNo + ':' + columnNo), '<br />' + esc(String(msg)).replace(/\n/g, '<br />') + '</p>',
        '<p><b>UA:</b> ' + esc(navigator.userAgent + '')
    ];

@@ -168,8 +195,12 @@ function vis_exh(msg, url, lineNo, columnNo, error) {
        var lsk = Object.keys(ls);
        lsk.sort();
        html.push('<p class="b">');
-        for (var a = 0; a < lsk.length; a++)
+        for (var a = 0; a < lsk.length; a++) {
+            if (ls[lsk[a]].length > 9000)
+                continue;
+
            html.push(' <b>' + esc(lsk[a]) + '</b> <code>' + esc(ls[lsk[a]]) + '</code> ');
+        }
        html.push('</p>');
    }
    catch (e) { }
@@ -226,13 +257,18 @@ function ctrl(e) {
 }


+function anymod(e, shift_ok) {
+    return e && (e.ctrlKey || e.altKey || e.metaKey || e.isComposing || (!shift_ok && e.shiftKey));
+}
+
+
 function ev(e) {
    e = e || window.event;
    if (!e)
        return;

    if (e.preventDefault)
-        e.preventDefault()
+        e.preventDefault();

    if (e.stopPropagation)
        e.stopPropagation();
@@ -378,13 +414,29 @@ function clgot(el, cls) {


 var ANIM = true;
-if (window.matchMedia) {
+try {
    var mq = window.matchMedia('(prefers-reduced-motion: reduce)');
    mq.onchange = function () {
        ANIM = !mq.matches;
    };
    ANIM = !mq.matches;
 }
+catch (ex) { }
+
+
+function yscroll() {
+    if (document.documentElement.scrollTop) {
+        return (window.yscroll = function () {
+            return document.documentElement.scrollTop;
+        })();
+    }
+    if (window.pageYOffset) {
+        return (window.yscroll = function () {
+            return window.pageYOffset;
+        })();
+    }
+    return 0;
+}


 function showsort(tab) {
@@ -526,7 +578,7 @@ function linksplit(rp, id) {
            link = rp.slice(0, ofs + 1);
            rp = rp.slice(ofs + 1);
        }
-        var vlink = esc(uricom_dec(link)[0]);
+        var vlink = esc(uricom_dec(link));

        if (link.indexOf('/') !== -1) {
            vlink = vlink.slice(0, -1) + '<span>/</span>';
@@ -584,6 +636,17 @@ function url_enc(txt) {


 function uricom_dec(txt) {
+    try {
+        return decodeURIComponent(txt);
+    }
+    catch (ex) {
+        console.log("ucd-err [" + txt + "]");
+        return txt;
+    }
+}
+
+
+function uricom_sdec(txt) {
    try {
        return [decodeURIComponent(txt), true];
    }
@@ -597,7 +660,7 @@ function uricom_dec(txt) {
 function uricom_adec(arr, li) {
    var ret = [];
    for (var a = 0; a < arr.length; a++) {
-        var txt = uricom_dec(arr[a])[0];
+        var txt = uricom_dec(arr[a]);
        ret.push(li ? '<li>' + esc(txt) + '</li>' : txt);
    }

@@ -619,7 +682,7 @@ function get_evpath() {


 function get_vpath() {
-    return uricom_dec(get_evpath())[0];
+    return uricom_dec(get_evpath());
 }


@@ -649,6 +712,14 @@ function s2ms(s) {
 }


+var isNum = function (v) {
+    var n = parseFloat(v);
+    return !isNaN(v - n) && n === v;
+};
+if (window.Number && Number.isFinite)
+    isNum = Number.isFinite;
+
+
 function f2f(val, nd) {
    // 10.toFixed(1) returns 10.00 for certain values of 10
    val = (val * Math.pow(10, nd)).toFixed(0).split('.')[0];
@@ -657,12 +728,13 @@ function f2f(val, nd) {


 function humansize(b, terse) {
-    var i = 0, u = terse ? ['B', 'K', 'M', 'G'] : ['B', 'KB', 'MB', 'GB'];
-    while (b >= 1000 && i < u.length) {
+    var i = 0, u = ['B', 'KB', 'MB', 'GB', 'TB', 'PB'];
+    while (b >= 1000 && i < u.length - 1) {
        b /= 1024;
        i += 1;
    }
-    return f2f(b, b >= 100 ? 0 : b >= 10 ? 1 : 2) + ' ' + u[i];
+    return (f2f(b, b >= 100 ? 0 : b >= 10 ? 1 : 2) +
+        ' ' + (terse ? u[i].charAt(0) : u[i]));
 }


@@ -679,7 +751,7 @@ function humantime(v) {
 }


-function shumantime(v) {
+function shumantime(v, long) {
    if (v < 10)
        return f2f(v, 2) + 's';
    if (v < 60)
@@ -699,11 +771,27 @@ function shumantime(v) {
        var v1 = parseInt(v / m1),
            v2 = ('0' + parseInt((v % m1) / m2)).slice(-2);

-        return v1 + ch + (v1 >= 10 ? '' : v2);
+        return v1 + ch + (v1 >= 10 || v2 == '00' ? '' : v2 + (
+            long && a < st.length - 1 ? st[a + 1][2] : ''));
    }
 }


+function lhumantime(v) {
+    var t = shumantime(v, 1),
+        tp = t.replace(/([a-z])/g, " $1 ").split(/ /g).slice(0, -1);
+
+    if (!L || tp.length < 2 || tp[1].indexOf('$') + 1)
+        return t;
+
+    var ret = '';
+    for (var a = 0; a < tp.length; a += 2)
+        ret += tp[a] + ' ' + L['ht_' + tp[a + 1]].replace(tp[a] == 1 ? /!.*/ : /!/, '') + L.ht_and;
+
+    return ret.slice(0, -L.ht_and.length);
+}
+
+
 function clamp(v, a, b) {
    return Math.min(Math.max(v, a), b);
 }
@@ -774,7 +862,7 @@ function fcfg_get(name, defval) {
    var o = ebi(name),
        val = parseFloat(sread(name));

-    if (isNaN(val))
+    if (!isNum(val))
        return parseFloat(o ? o.value : defval);

    if (o)
@@ -865,14 +953,18 @@ function scfg_bind(obj, oname, cname, defval, cb) {

 function hist_push(url) {
    console.log("h-push " + url);
-    if (window.history && history.pushState)
+    try {
        history.pushState(url, url, url);
+    }
+    catch (ex) { }
 }

 function hist_replace(url) {
    console.log("h-repl " + url);
-    if (window.history && history.replaceState)
+    try {
        history.replaceState(url, url, url);
+    }
+    catch (ex) { }  // ff "The operation is insecure." on rapid switches
 }

 function sethash(hv) {
@@ -951,7 +1043,7 @@ var tt = (function () {
        prev = this;
    };

-    var tev;
+    var tev, vh;
    r.dshow = function (e) {
        clearTimeout(tev);
        if (!r.getmsg(this))
@@ -964,6 +1056,7 @@ var tt = (function () {
        if (TOUCH)
            return;

+        vh = window.innerHeight;
        this.addEventListener('mousemove', r.move);
        clmod(r.th, 'act', 1);
        r.move(e);
@@ -1025,7 +1118,7 @@ var tt = (function () {
    };

    r.hide = function (e) {
-        ev(e);
+        //ev(e);  // eats checkbox-label clicks
        clearTimeout(tev);
        window.removeEventListener('scroll', r.hide);

@@ -1042,8 +1135,9 @@ var tt = (function () {
    };

    r.move = function (e) {
+        var sy = e.clientY + 128 > vh ? -1 : 1;
        r.th.style.left = (e.pageX + 12) + 'px';
-        r.th.style.top = (e.pageY + 12) + 'px';
+        r.th.style.top = (e.pageY + 12 * sy) + 'px';
    };

    if (IPHONE) {
@@ -1113,6 +1207,7 @@ var toast = (function () {
    document.body.appendChild(obj);
    r.visible = false;
    r.txt = null;
+    r.tag = obj;  // filler value (null is scary)

    function scrollchk() {
        if (scrolling)
@@ -1141,9 +1236,10 @@ var toast = (function () {
        clearTimeout(te);
        clmod(obj, 'vis');
        r.visible = false;
+        r.tag = obj;
    };

-    r.show = function (cl, sec, txt) {
+    r.show = function (cl, sec, txt, tag) {
        clearTimeout(te);
        if (sec)
            te = setTimeout(r.hide, sec * 1000);
@@ -1159,19 +1255,20 @@ var toast = (function () {
        timer.add(scrollchk);
        r.visible = true;
        r.txt = txt;
+        r.tag = tag;
    };

-    r.ok = function (sec, txt) {
-        r.show('ok', sec, txt);
+    r.ok = function (sec, txt, tag) {
+        r.show('ok', sec, txt, tag);
    };
-    r.inf = function (sec, txt) {
-        r.show('inf', sec, txt);
+    r.inf = function (sec, txt, tag) {
+        r.show('inf', sec, txt, tag);
    };
-    r.warn = function (sec, txt) {
-        r.show('warn', sec, txt);
+    r.warn = function (sec, txt, tag) {
+        r.show('warn', sec, txt, tag);
    };
-    r.err = function (sec, txt) {
-        r.show('err', sec, txt);
+    r.err = function (sec, txt, tag) {
+        r.show('err', sec, txt, tag);
    };

    return r;
@@ -1185,9 +1282,16 @@ var modal = (function () {
        cb_up = null,
        cb_ok = null,
        cb_ng = null,
-        prim = '<a href="#" id="modal-ok">OK</a>',
-        sec = '<a href="#" id="modal-ng">Cancel</a>',
+        tok, tng, prim, sec, ok_cancel;
+
+    r.load = function () {
+        tok = (L && L.m_ok) || 'OK';
+        tng = (L && L.m_ng) || 'Cancel';
+        prim = '<a href="#" id="modal-ok">' + tok + '</a>';
+        sec = '<a href="#" id="modal-ng">' + tng + '</a>';
        ok_cancel = WINDOWS ? prim + sec : sec + prim;
+    };
+    r.load();

    r.busy = false;

@@ -1294,17 +1398,17 @@ var modal = (function () {
        r.show(html);
    }

-    r.confirm = function (html, cok, cng, fun) {
+    r.confirm = function (html, cok, cng, fun, btns) {
        q.push(function () {
-            _confirm(lf2br(html), cok, cng, fun);
+            _confirm(lf2br(html), cok, cng, fun, btns);
        });
        next();
    }
-    function _confirm(html, cok, cng, fun) {
+    function _confirm(html, cok, cng, fun, btns) {
        cb_ok = cok;
        cb_ng = cng === undefined ? cok : cng;
        cb_up = fun;
-        html += '<div id="modalb">' + ok_cancel + '</div>';
+        html += '<div id="modalb">' + (btns || ok_cancel) + '</div>';
        r.show(html);
    }

@@ -1406,8 +1510,10 @@ function repl(e) {
        if (!cmd)
            return toast.inf(3, 'eval aborted');

-        if (cmd.startsWith(','))
-            return modal.alert(esc(eval(cmd.slice(1)) + ''))
+        if (cmd.startsWith(',')) {
+            evalex_fatal = true;
+            return modal.alert(esc(eval(cmd.slice(1)) + ''));
+        }

        try {
            modal.alert(esc(eval(cmd) + ''));
@@ -1534,19 +1640,38 @@ var favico = (function () {
 })();


+function cprop(name) {
+    return getComputedStyle(document.documentElement).getPropertyValue(name);
+}
+
+
+function bchrome() {
+    console.log(document.documentElement.className);
+    var v, o = QS('meta[name=theme-color]');
+    if (!o)
+        return;
+
+    try {
+        v = cprop('--bg-u3');
+    }
+    catch (ex) { }
+    o.setAttribute('content', v ? v : document.documentElement.className.indexOf('y') + 1 ? '#eee' : '#333');
+}
+bchrome();
+
 var cf_cha_t = 0;
-function xhrchk(xhr, prefix, e404) {
+function xhrchk(xhr, prefix, e404, lvl, tag) {
    if (xhr.status < 400 && xhr.status >= 200)
        return true;

    if (xhr.status == 403)
-        return toast.err(0, prefix + (window.L && L.xhr403 || "403: access denied\n\ntry pressing F5, maybe you got logged out"));
+        return toast.err(0, prefix + (L && L.xhr403 || "403: access denied\n\ntry pressing F5, maybe you got logged out"), tag);

    if (xhr.status == 404)
-        return toast.err(0, prefix + e404);
+        return toast.err(0, prefix + e404, tag);

    var errtxt = (xhr.response && xhr.response.err) || xhr.responseText,
-        fun = toast.err;
+        fun = toast[lvl || 'err'];

    if (xhr.status == 503 && /[Cc]loud[f]lare|>Just a mo[m]ent|#cf-b[u]bbles|Chec[k]ing your br[o]wser/.test(errtxt)) {
        var now = Date.now(), td = now - cf_cha_t;
@@ -1559,9 +1684,9 @@ function xhrchk(xhr, prefix, e404) {

        qsr('#cf_frame');
        var fr = mknod('iframe', 'cf_frame');
-        fr.src = '/?cf_challenge';
+        fr.src = SR + '/?cf_challenge';
        document.body.appendChild(fr);
    }

-    return fun(0, prefix + xhr.status + ": " + errtxt);
+    return fun(0, prefix + xhr.status + ": " + errtxt, tag);
 }
--- a/copyparty/web/w.hash.js
+++ b/copyparty/web/w.hash.js
@@ -8,7 +8,7 @@ function hex2u8(txt) {

 var subtle = null;
 try {
-    subtle = crypto.subtle || crypto.webkitSubtle;
+    subtle = crypto.subtle;
    subtle.digest('SHA-512', new Uint8Array(1)).then(
        function (x) { },
        function (x) { load_fb(); }
@@ -19,26 +19,44 @@ catch (ex) {
 }
 function load_fb() {
    subtle = null;
-    importScripts('/.cpr/deps/sha512.hw.js');
+    importScripts('deps/sha512.hw.js');
 }


+var reader = null,
+    gc1, gc2, gc3,
+    busy = false;
+
+
 onmessage = (d) => {
-    var [nchunk, fobj, car, cdr] = d.data,
-        t0 = Date.now(),
+    if (busy)
+        return postMessage(["panic", 'worker got another task while busy']);
+
+    if (!reader)
        reader = new FileReader();

+    var [nchunk, fobj, car, cdr] = d.data,
+        t0 = Date.now();
+
    reader.onload = function (e) {
        try {
+            // chrome gc forgets the filereader output; remind it
+            // (for some chromes, also necessary for subtle)
+            gc1 = e.target.result;
+            gc2 = new Uint8Array(gc1, 0, 1);
+            gc3 = new Uint8Array(gc1, gc1.byteLength - 1);
+
            //console.log('[ w] %d HASH bgin', nchunk);
            postMessage(["read", nchunk, cdr - car, Date.now() - t0]);
-            hash_calc(e.target.result);
+            hash_calc(gc1);
        }
        catch (ex) {
+            busy = false;
            postMessage(["panic", ex + '']);
        }
    };
    reader.onerror = function () {
+        busy = false;
        var err = reader.error + '';

        if (err.indexOf('NotReadableError') !== -1 || // win10-chrome defender
@@ -49,12 +67,18 @@ onmessage = (d) => {
        postMessage(["ferr", err]);
    };
    //console.log('[ w] %d read bgin', nchunk);
-    reader.readAsArrayBuffer(
-        File.prototype.slice.call(fobj, car, cdr));
+    busy = true;
+    reader.readAsArrayBuffer(fobj.slice(car, cdr));


    var hash_calc = function (buf) {
        var hash_done = function (hashbuf) {
+            // stop gc from attempting to free early
+            if (!gc1 || !gc2 || !gc3)
+                return console.log('torch went out');
+
+            gc1 = gc2 = gc3 = null;
+            busy = false;
            try {
                var hslice = new Uint8Array(hashbuf).subarray(0, 33);
                //console.log('[ w] %d HASH DONE', nchunk);
@@ -65,9 +89,14 @@ onmessage = (d) => {
            }
        };

+        // stop gc from attempting to free early
+        if (!gc1 || !gc2 || !gc3)
+            console.log('torch went out');
+
        if (subtle)
            subtle.digest('SHA-512', buf).then(hash_done);
        else {
+            // note: lifting u8buf counterproductive for the chrome gc bug
            var u8buf = new Uint8Array(buf);
            hashwasm.sha512(u8buf).then(function (v) {
                hash_done(hex2u8(v))
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -1,3 +1,421 @@
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-1213-1956  `v1.5.3`  folder-sync + turbo-rust
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+
+## new features
+* one-way folder sync (client to server) using [up2k.py](https://github.com/9001/copyparty/blob/hovudstraum/bin/README.md#up2kpy) `-z --dr`
+  * great rsync alternative when combined with `-e2ds --hardlink` deduplication on the server
+* **50x faster** when uploading small files to HDD, especially SMR
+  * by switching sqlite to WAL which carries a small chance of temporarily forgetting the ~200 most recent uploads if you have a power outage or your OS crashes; see `--help-dbd` if you have `-mtp` plugins which produces metadata you can't afford to lose
+* location-based [reverse-proxying](https://github.com/9001/copyparty/#reverse-proxy) (but it's still recommended to use a dedicated domain/subdomain instead)
+* IPv6 link-local automatically enabled for TCP and zeroconf on NICs without a routable IPv6
+* zeroconf network filters now accept subnets too, for example `--z-on 192.168.0.0/16`
+* `.hist` folders are hidden on windows
+* ux:
+  * more accurate total ETA on upload
+  * sorting of batch-unpost links was unintuitive / dangerous
+  * hotkey `Y` turns files into download links if nothing's selected
+  * option to replace or disable the mediaplayer-toggle mouse cursor with `--mpmc`
+
+## bugfixes
+* WAL probably/hopefully fixes #10 (we'll know in 6 months roughly)
+* repair db inconsistencies (which can happen if terminated during startup)
+* [davfs2](https://wiki.archlinux.org/title/Davfs2) did not approve of the authentication prompt
+* the `connect` button on the control-panel didn't work on phones
+* couldn't specify windows NICs in arguments `--z-on` / `--z-off` and friends
+* ssdp xml escaping for `--zsl` URL
+* no longer possible to accidentally launch multiple copyparty instances on the same port on windows
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-1203-2048  `v1.5.1`  babel
+
+named after [that other thing](https://en.wikipedia.org/wiki/Tower_of_Babel), not [the song](https://soundcloud.com/kanaze/babel-dimension-0-remix)
+* read-only demo server at https://a.ocv.me/pub/demo/
+
+## new features
+* new protocols!
+  * native IPv6 support, no longer requiring a reverse-proxy for that
+  * [webdav server](https://github.com/9001/copyparty#webdav-server) -- read/write-access to copyparty straight from windows explorer, macos finder, kde/gnome
+  * [smb/cifs server](https://github.com/9001/copyparty#smb-server) -- extremely buggy and unsafe, for when there is no other choice
+  * [zeroconf](https://github.com/9001/copyparty#zeroconf) -- copyparty announces itself on the LAN, showing up in various file managers
+    * [mdns](https://github.com/9001/copyparty#mdns) -- macos/kde/gnome + makes copyparty available at http://hostname.local/
+    * [ssdp](https://github.com/9001/copyparty#ssdp) -- windows
+  * commands to mount copyparty as a local disk are in the web-UI at control-panel --> `connect`
+* detect buggy / malicious clients spamming the server with idle connections
+  * first tries to be nice with `Connection: close` (enough to fix windows-webdav)
+  * eventually bans the IP for `--loris` minutes (default: 1 hour)
+* new arg `--xlink` for cross-volume detection of duplicate files on upload
+* new arg `--no-snap` to disable upload tracking on restart
+  * will not create `.hist` folders unless required for thumbnails or markdown backups
+* [config includes](https://github.com/9001/copyparty/blob/hovudstraum/docs/example2.conf) -- split your config across multiple config files
+* ux improvements
+  * hotkey `?` shows a summary of all the hotkeys
+  * hotkey `Y` to download selected files
+  * position indicator when hovering over the audio scrubber
+  * textlabel on the volume slider
+  * placeholder values in textboxes
+  * options to hide scrollbars, compact media player, follow playing song
+  * phone-specific
+    * buttons for prev/next folder
+    * much better ui for hiding folder columns
+
+## bugfixes
+* now possible to upload files larger than 697 GiB
+  * technically a [breaking change](https://github.com/9001/copyparty#breaking-changes) if you wrote your own up2k client
+    * please let me know if you did because that's awesome
+* several macos issues due to hardcoded syscall numbers
+* sfx: fix python 3.12 support (forbids nullbytes in source code)
+* use ctypes to discover network config -- fixes grapheneos, non-english windows
+* detect firefox showing stale markdown documents in the editor
+* detect+ban password bruteforcing on ftp too
+* http 206 failing on empty files
+* incorrect header timestamps on non-english locales
+* remind ftp clients that you cannot cd into an image file -- fixes kde dolphin
+* ux fixes
+  * uploader survives running into inaccessible folders
+  * middleclick documents in the textviewer sidebar to open in a new tab
+  * playing really long audio files (1 week or more) would spinlock the browser
+
+## other changes
+* autodetect max number of clients based on OS limits
+  * `-nc` is probably no longer necessary when running behind a reverse-proxy
+* allow/try playing mkv files in chrome
+* markdown documents returned as plaintext unless `?v`
+* only compress `-lo` logfiles if filename ends with `.xz`
+* changed sfx compression from bz2 to gz
+  * startup is slightly faster
+  * better compatibility with embedded linux
+* copyparty64.exe -- 64bit edition for [running inside WinPE](https://user-images.githubusercontent.com/241032/205454984-e6b550df-3c49-486d-9267-1614078dd0dd.png)
+  * which was an actual feature request, believe it or not!
+* more attempts at avoiding the [firefox fd leak](https://bugzilla.mozilla.org/show_bug.cgi?id=1790500)
+  * if you are uploading many small files and the browser keeps crashing, use chrome instead
+    * or the commandline client, which is now available for download straight from copyparty
+      * control-panel --> `connect` --> `up2k.py`
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-1013-1937  `v1.4.6`  wav2opus
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: *This version*
+
+## bugfixes
+* the option to transcode flac to opus while playing audio in the browser was supposed to transcode wav-files as well, instead of being extremely hazardous to mobile data plans (sorry)
+* `--license` didn't work if copyparty was installed from `pip`
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-1009-0919  `v1.4.5`  qr-code
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## new features
+* display a server [qr-code](https://github.com/9001/copyparty#qr-code) [(screenshot)](https://user-images.githubusercontent.com/241032/194728533-6f00849b-c6ac-43c6-9359-83e454d11e00.png) on startup
+  * primarily for running copyparty on a phone and accessing it from another
+  * optionally specify a path or password with `--qrl lootbox/?pw=hunter2`
+  * uses the server's exteral ip (default route) unless `--qri` specifies a domain / ip-prefix
+  * classic cp437 `▄` `▀` for space efficiency; some misbehaving terminals / fonts need `--qrz 2`
+* new permission `G` returns the filekey of uploaded files for users without read-access
+  * when combined with permission `w` and volflag `fk`, uploaded files will not be accessible unless the filekey is provided in the url, and `G` provides the filekey to the uploader unlike `g`
+* filekeys are added to the unpost listing
+
+## bugfixes
+* renaming / moving folders is now **at least 120x faster**
+  * and that's on nvme drives, so probably like 2000x on HDDs
+* uploads to volumes with lifetimes could get instapurged depending on browser and browser settings
+* ux fixes
+  * FINALLY fixed messageboxes appearing offscreen on phones (and some other layout issues)
+  * stop asking about folder-uploads on phones because they dont support it
+  * on android-firefox, default to truncating huge folders with the load-more button due to ff onscroll being buggy
+  * audioplayer looking funky if ffmpeg unavailable
+* waveform-seekbar cache expiration (the thumbcleaner complaining about png files)
+* ie11 panic when opening a folder which contains a file named `up2k`
+  * turns out `<a name=foo>` becomes `window.foo` unless that's already declared somewhere in js -- luckily other browsers "only" do that with IDs
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0926-2037  `v1.4.3`  signal in the noise
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## new features
+* `--bak-flips` saves a copy of corrupted / bitflipped up2k uploads
+  * comparing against a good copy can help pinpoint the culprit
+  * also see [tracking bitflips](https://github.com/9001/copyparty/blob/hovudstraum/docs/notes.sh#:~:text=tracking%20bitflips)
+
+## bugfixes
+* some edgecases where deleted files didn't get dropped from the db
+  * can reduce performance over time, hitting the filesystem more than necessary
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0925-1236  `v1.4.2`  fuhgeddaboudit
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## new features
+* forget incoming uploads by deleting the name-reservation
+  * (the zerobyte file with the actual filename, not the .PARTIAL)
+  * can take 5min to kick in
+
+## bugfixes
+* zfs on ubuntu 20.04 would reject files with big unicode names such as `148. Профессор Лебединский, Виктор Бондарюк, Дмитрий Нагиев - Я её хой (Я танцую пьяный на столе) (feat. Виктор Бондарюк & Дмитрий Нагиев).mp3`
+  * usually not a problem since copyparty truncates names to fit filesystem limits, except zfs uses a nonstandard errorcode
+* in the "print-message-to-serverlog" feature, a unicode message larger than one tcp-frame could decode incorrectly
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0924-1245  `v1.4.1`  fix api compat
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+# bugfixes
+* [v1.4.0](https://github.com/9001/copyparty/releases/tag/v1.4.0) accidentally required all clients to use the new up2k.js to continue uploading; support the old js too
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0923-2053  `v1.4.0`  mostly reliable
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## new features
+* huge folders are lazily rendered for a massive speedup, #11
+  * also reduces the number of `?tree` requests; helps a tiny bit on server load
+* [selfdestruct timer](https://github.com/9001/copyparty#self-destruct) on uploaded files -- see link for howto and side-effects
+* ban clients trying to bruteforce passwords
+  * arg `--ban-pw`, default `9,60,1440`, bans for 1440min after 9 wrong passwords in 60min
+  * clients repeatedly trying the same password (due to a bug or whatever) are not counted
+  * does a `/64` range-ban for IPv6 offenders
+  * arg `--ban-404`, disabled by default, bans for excessive 404s / directory-scanning
+    * but that breaks up2k turbo-mode and probably some other eccentric usecases
+* waveform seekbar [(screenshot)](https://user-images.githubusercontent.com/241032/192042695-522b3ec7-6845-494a-abdb-d1c0d0e23801.png)
+* the up2k upload button can do folders recursively now
+  * but only a single folder can be selected at a time, making drag-drop the obvious choice still
+* gridview is now less jank, #12
+* togglebuttons for desktop-notifications and audio-jingle when upload completes
+* stop exposing uploader IPs when avoiding filename collisions
+  * IPs are now HMAC'ed with urandom stored at `~/.config/copyparty/iphash`
+* stop crashing chrome; generate PNGs rather than SVGs for filetype icons
+* terminate connections with SHUT_WR and flush with siocoutq
+  * makes buggy enterprise proxies behave less buggy
+  * do a read-spin on windows for almost the same effect
+* improved upload scheduling
+  * unfortunately removes the `0.0%, NaN:aN, N.aN MB/s` easteregg
+* arg `--magic` enables filetype detection on nameless uploads based on libmagic
+* mtp modifiers to let tagparsers keep their stdout/stderr instead of capturing
+  * `c0` disables all capturing, `c1` captures stdout only, `c2` only stderr, and `c3` (default) captures both
+* arg `--write-uplog` enables the old default of writing upload reports on POSTs
+  * kinda pointless and was causing issues in prisonparty
+* [upload modifiers](https://github.com/9001/copyparty#write) for terse replies and to randomize filenames
+* other optimizations
+  * 30% faster tag collection on directory listings
+  * 8x faster rendering of huge tagsets
+* new mtps [guestbook](https://github.com/9001/copyparty/blob/hovudstraum/bin/mtag/guestbook.py) and [guestbook-read](https://github.com/9001/copyparty/blob/hovudstraum/bin/mtag/guestbook-read.py), for example for comment-fields on uploads
+* arg `--stackmon` now takes dateformat filenames to produce multiple files
+* arg `--mtag-vv` to debug tagparser configs
+* arg `--version` shows copyparty version and exits
+* arg `--license` shows a list of embedded dependencies + their licenses
+* arg `--no-forget` and volflag `:c,noforget` keeps deleted files in the up2k db/index
+  * useful if you're shuffling uploads to s3/gdrive/etc and still want deduplication
+
+## bugfixes
+* upload deduplication using symlinks on windows
+* increase timeouts to run better on servers with extremely overloaded HDDs
+  * arg `--mtag-to` (default 60 sec, was 10) can be reduced for faster tag scanning
+* incorrect filekeys for files symlinked into another volume
+* playback could start mid-song if skipping back and forth between songs
+* use affinity mask to determine how many CPU cores are available
+* restore .bin-suffix for nameless PUT/POSTs (disappeared in v1.0.11)
+* fix glitch in uploader-UI when upload queue is bigger than 1 TiB
+* avoid a firefox race-condition accessing the navigation history
+* sfx tmpdir keepalive when flipflopping between unix users
+* reject anon ftp if anon has no read/write
+* improved autocorrect for poor ffmpeg builds
+* patch popen on older pythons so collecting tags on windows is always possible
+* misc ui/ux fixes
+  * filesearch layout in read-only folders
+  * more comfy fadein/fadeout on play/pause
+  * total-ETA going crazy when an overloaded server drops requests
+  * stop trying to play into the next folder while in search results
+  * improve warnings/errors in the uploader ui
+    * some errors which should have been warnings are now warnings
+    * autohide warnings/errors when they are remedied
+  * delay starting the audiocontext until necessary
+    * reduces cpu-load by 0.2% and fixes chrome claiming the tab is playing audio
+
+# copyparty.exe
+
+now introducing [copyparty.exe](https://github.com/9001/copyparty/releases/download/v1.4.0/copyparty.exe)!   only suitable for the rainiest of days ™
+
+[first thing you'll see](https://user-images.githubusercontent.com/241032/192070274-bfe0bfef-2293-40fc-8852-fcf4f7a90043.png) when you run it is a warning to **«please use the [python-sfx](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py) instead»**,
+* `copyparty.exe` was compiled using 32bit python3.7 to support windows7, meaning it won't receive any security patches
+* `copyparty-sfx.py` uses your system libraries instead so it'll stay safe for much longer while also having better performance
+
+so the exe might be super useful in a pinch on a secluded LAN but otherwise *Absolutely Not Recommended*
+
+you can download [ffmpeg](https://ocv.me/stuff/bin/ffmpeg.exe) and [ffprobe](https://ocv.me/stuff/bin/ffprobe.exe) into the same folder if you want multimedia-info, audio-transcoding or thumbnails/spectrograms/waveforms -- those binaries were [built](https://github.com/9001/copyparty/tree/hovudstraum/scripts/pyinstaller#ffmpeg) with just enough features to cover what copyparty wants, but much like copyparty.exe itself (so due to security reasons) it is strongly recommended to instead grab a [recent official build](https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/ffmpeg-master-latest-win64-gpl.zip) every once in a while
+
+## and finally some good news
+
+* the chrome memory leak will be [fixed in v107](https://bugs.chromium.org/p/chromium/issues/detail?id=1354816)
+* and firefox may fix the crash in [v106 or so](https://bugzilla.mozilla.org/show_bug.cgi?id=1790500)
+* and the release title / this season's codename stems from a cpp instance recently being slammed with terabytes of uploads running on a struggling server mostly without breaking a sweat 👍
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0818-1724  `v1.3.16`  gc kiting
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## bugfixes
+* found a janky workaround for [the remaining chrome wasm gc bug](https://bugs.chromium.org/p/chromium/issues/detail?id=1354816)
+  * worker-global typedarray holding on to the first and last byte of the filereader output while wasm chews on it
+  * overhead is small enough, slows down firefox by 2~3%
+  * seems to work on many chrome versions but no guarantees
+    * still OOM's some 93 and 97 betas, probably way more 
+
+## other changes
+* disable `mt` by default on https-desktop-chrome
+  * avoids the gc bug entirely (except for plaintext-http and phones)
+  * chrome [doesn't parallelize](https://bugs.chromium.org/p/chromium/issues/detail?id=1352210) `crypto.subtle.digest` anyways
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0817-2302  `v1.3.15`  pls let me stop finding chrome bugs
+
+two browser-bugs in two hours, man i just wanna play horizon
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## bugfixes
+* chrome randomly running out of memory while hashing files and `mt` is enabled
+  * the gc suddenly gives up collecting the filereaders
+  * fixed by reusing a pool of readers instead
+* chrome failing to gc Any Buffers At All while hashing files and `mt` is enabled on plaintext http
+  * this one's funkier, they've repeatedly fixed and broke it like 6 times between chrome 84 and 106
+  * looks like it just forgets about everything that's passed into wasm
+  * no way around it, just show a popup explaining how to disable multithreaded hashing
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0815-1825  `v1.3.14`  fix windows db
+
+after two exciting releases, time for something boring
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## new features
+* upload-info (ip and timestamp) is provided to `mtp` tagparser plugins as json
+* tagscanner will index `fmt` (file-format / container type) by default
+  * and `description` can be enabled in `-mte`
+
+## bugfixes
+* [v1.3.12](https://github.com/9001/copyparty/releases/tag/v1.3.12) broke file-indexing on windows if an entire HDD was mounted as a volume
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0812-2258  `v1.3.12`  quickboot
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## new features
+*but wait, there's more!*   not only do you get the [multithreaded file hashing](https://github.com/9001/copyparty/releases/tag/v1.3.11) but also --
+* faster bootup and volume reindexing when `-e2ds` (file indexing) is enabled
+  * `3x` faster is probably the average on most instances; more files per folder = faster
+  * `9x` faster on a 36 TiB zfs music/media nas with `-e2ts` (metadata indexing), dropping from 46sec to 5sec
+  * and `34x` on another zfs box, 63sec -> 1.8sec
+  * new arg `--no-dhash` disables the speedhax in case it's buggy (skipping files or audio tags)
+* add option `--exit idx` to abort and shutdown after volume indexing has finished
+
+## bugfixes
+* [u2cli](https://github.com/9001/copyparty/tree/hovudstraum/bin#up2kpy): detect and skip uploading from recursive symlinks
+* stop reindexing empty files on startup
+* support fips-compliant cpython builds
+  * replaces md5 with sha1, changing the filetype-associated colors in the gallery view
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0810-2135  `v1.3.11`  webworkers
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## new features
+* multithreaded file hashing! **300%** average speed increase
+  * when uploading files through the browser client, based on web-workers
+    * `4.5x` faster on http from a laptop -- `146` -> `670` MiB/s
+    * ` 30%` faster on https from a laptop -- `552` -> `716` MiB/s
+    * `4.2x` faster on http from android -- `13.5` -> `57.1` MiB/s
+    * `5.3x` faster on https from android -- `13.8` -> `73.3` MiB/s
+    * can be disabled using the `mt` togglebtn in the settings pane, for example if your phone runs out of memory (it eats ~250 MiB extra RAM)
+  * `2.3x` faster [u2cli](https://github.com/9001/copyparty/tree/hovudstraum/bin#up2kpy) (cmd-line client) -- `398` -> `930` MiB/s
+  * `2.4x` faster filesystem indexing on the server
+  * thx to @kipukun for the webworker suggestion!
+
+## bugfixes
+* ux: reset scroll when navigating into a new folder
+* u2cli: better errormsg if the server's tls certificate got rejected
+* js: more futureproof cloudflare-challenge detection (they got a new one recently)
+
+## other changes
+* print warning if the python interpreter was built with an unsafe sqlite
+* u2cli: add helpful messages on how to make it run on python 2.6
+
+**trivia:** due to a [chrome bug](https://bugs.chromium.org/p/chromium/issues/detail?id=1352210), http can sometimes be faster than https now ¯\\\_(ツ)\_/¯
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2022-0803-2340  `v1.3.10`  folders first
+
+* read-only demo server at https://a.ocv.me/pub/demo/
+* latest gzip edition of the sfx: [v1.0.14](https://github.com/9001/copyparty/releases/tag/v1.0.14#:~:text=release-specific%20notes)
+
+## new features
+* faster
+  * tag scanner
+  * on windows: uploading to fat32 or smb
+* toggle-button to sort folders before files (default-on)
+  * almost the same as before, but now also when sorting by size / date
+* repeatedly hit `ctrl-c` to force-quit if everything dies
+* new file-indexing guards
+  * `--xdev` / volflag `:c,xdev` stops if it hits another filesystem (bindmount/symlink)
+  * `--xvol` / volflag `:c,xvol` does not follow symlinks pointing outside the volume
+  * only affects file indexing -- does NOT prevent access!
+
+## bugfixes
+* forget uploads that failed to initialize (allows retry in another folder)
+* wrong filekeys in upload response if volume path contained a symlink
+* faster shutdown on `ctrl-c` while hashing huge files
+* ux: fix navpane covering files on horizontal scroll
+
+## other changes
+* include version info in the base64 crash-message
+* ux: make upload errors more visible on mobile
+
+
+
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
 # 2022-0727-1407  `v1.3.8`  more async

--- a/Show More
+++ b/Show More