惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
MyScale Blog
MyScale Blog
罗磊的独立博客
Hugging Face - Blog
Hugging Face - Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
爱范儿
爱范儿
博客园 - 司徒正美
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
N
News | PayPal Newsroom
S
Secure Thoughts
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 热门话题
有赞技术团队
有赞技术团队
V
Visual Studio Blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Project Zero
Project Zero
B
Blog RSS Feed
J
Java Code Geeks
Google Online Security Blog
Google Online Security Blog
Last Week in AI
Last Week in AI
Cyberwarzone
Cyberwarzone
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
小众软件
小众软件
博客园 - 【当耐特】
Latest news
Latest news
T
Threat Research - Cisco Blogs
aimingoo的专栏
aimingoo的专栏
博客园_首页
博客园 - 三生石上(FineUI控件)
Engineering at Meta
Engineering at Meta
D
Docker
Forbes - Security
Forbes - Security
Help Net Security
Help Net Security
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V2EX - 技术
V2EX - 技术
N
Netflix TechBlog - Medium
The Last Watchdog
The Last Watchdog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Threatpost
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 叶小钗
Webroot Blog
Webroot Blog

Hacker News: Show HN

PurrrrrFocus: Pomodoro Timer App - App Store Workflow Engine — Multi-Step Orchestration for Bun RapidPhoto: Pro Photo Editor App - App Store GitHub - DheerG/swarms: Achieve extraordinary results with claude code across a variety of tasks SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads Show HN: VCoding – A 5 MB native Windows IDE with no dynamic dependencies Show HN: LLMs don't hallucinate because they're bad at math, it's the format GitHub - Agent-FM/agentfm-core: AgentFM is a peer-to-peer network that turns everyday computers into a decentralized AI supercomputer. AgentFM lets you run massive AI workloads directly across a global mesh of idle CPUs and GPUs. Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years GitHub - Potarix/agent-hub: One place to talk to all your agents Show HN: Runtime security for AI agents(injection,tool abuse, data exfiltration) GitHub - dubeyKartikay/lazyspotify: Terminal Spotify client for macOS and Linux GitHub - the-banana-tool/king-louie: Easy to use GUI Personal AI Assistant. Win/Linux/Mac. Show HN I made my vacation rental bookable by AI agents–no Airbnb, 0% commission GitHub - basteez/jsf-autoreload: maven plugin to enable hot reload on jsf projects uvm32/hosts/host-gdbstub at main · ringtailsoftware/uvm32 GitHub - labsai/EDDI: Config-driven engine that turns JSON into production-grade AI agents. Multi-agent orchestration, 12+ LLM providers, MCP/A2A protocols, RAG, persistent memory, and enterprise compliance (EU AI Act, GDPR, HIPAA). Built on Quarkus. GitHub - glitchnsec/fortyone-oss: AI Executive Assistant Platform Quickstart | Alien GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. GitHub - ocrbase-hq/ocrbase: 📄 PDF/IMG ->.MD/JSON Document OCR API for PaddleOCR and GLMOCR. Self-hostable. GitHub - impactjo/home-memory: MCP server that lets your AI assistant remember everything about your home. GitHub - Sets88/dbcls: DbCls is a powerful terminal database client that supports various databases GitHub - neptun2000/heor-agent-mcp GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh RollQuation: Math Puzzles - Apps on Google Play GitHub - dropbox/witchcraft Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis GitHub - opentalon/opentalon: OpenTalon is an open-source platform built from the ground up in Go as a robust alternative to OpenClaw LinkedIn™ 职位抓取工具 - Chrome 应用商店 GitHub - EdoardoBambini/Agent-Armor-Iaga: AI agents are getting tool access — shell, file system, databases, APIs, secrets. But **nobody is governing what they actually do with it**. Frameworks like LangChain, CrewAI, AutoGen, and Claude Code give agents the power to execute. Agent Armor gives you the power to control, audit, and approve every single action before it happens. HN Vibes — Week 15, Apr 7–13 2026 GitHub - chojs23/ec: Easy terminal-native 3-way git mergetool vim-like workflow GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - JakOb-dotcom/cloud-sandbox-security-analysis: Technical analysis and Proof of Concept (PoC) regarding environment variable exfiltration in containerized cloud sandboxes via side-channel data leaks. Springboards - Flint Alpha Show HN: A simpler coding agent harness GitHub - audiodude/sudomake-friends GitHub - 256thFission/mini-mythos: OSS clone of Anthropic’s Mythos harness to locate C/C++ memory vulnerabilities Show HN: OpenParallax: OS-level privilege separation for AI agent execution Hacker News Sorted - Chrome 应用商店 Show HN: How to Install Docker on Ubuntu 24.04 LTS: Complete 2026 Guide GitHub - himanshudongre/smriti GitHub - sverrirsig/claude-control: macOS desktop dashboard for monitoring and managing multiple Claude Code sessions GitHub - ory/dockertest: Write better integration tests! Dockertest helps you boot up ephermal docker images for your Go tests with minimal work. Chiral - Chrome 应用商店 Show HN: Two Claudes collaborating through shared memory on a $100 mini-PC GitHub - pmichaillat/latex-cv: Minimalist LaTeX template for academic CVs GitHub - oguzbilgic/posse: A web UI for Anthropic Managed Agents. GitHub - sshiraz/depsly: Dependency risk analysis tool for npm packages ABI Add safari/agent-harness — Safari browser automation via safari-mcp by achiya-automation · Pull Request #212 · HKUDS/CLI-Anything GitHub - Halfblood-Prince/trustcheck: Verify PyPI package attestations and improve Python supply-chain security GitHub - oguzbilgic/kern-ai: Agents that do the work and show it. GitHub - bruits/satteri: High-performance Markdown and MDX processing for the JavaScript ecosystem GitHub - tylergibbs1/feedstock: High-performance web crawler and scraper for TypeScript, powered by Bun and Playwright GitHub - Grimm67123/grimmbot: The self-improving sandboxed and open-source AI agent. With persistent memory and scheduling. GitHub - whitevanillaskies/whitebloom: Local whiteboard that blooms. GitHub - hwdsl2/docker-whisper: Docker image for a self-hosted Whisper speech-to-text server with speaker diarization and OpenAI-compatible transcription and translation APIs. Powered by faster-whisper. Supports all Whisper models, NVIDIA GPU (CUDA) acceleration, JSON/SRT/VTT output, SSE streaming, offline mode, and multi-arch (amd64, arm64). GitHub - yisding/reviewwiggum GitHub - MarwanAlsoltany/serrors: Structured errors for Go: sentinel hierarchies, typed data, custom formatting, and slog integration. GitHub - soatok/age-php GitHub - Luthiraa/markitme GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits GitHub - tombedor/excalicharts GitHub - wh1le/excalidraw-edit: Open and edit .excalidraw files from the terminal. Offline, auto-saves to disk. MalExt Sentry - Malicious Extension Scanner - Chrome 应用商店 GitHub - syi0808/asciianimesvg: Generate animated ASCII art SVGs from text. CLI, Rust library, WASM, and web editor. GitHub - zaina-ml/ml_forge: A visual-based graph node editor for training computer vision models. GitHub - anakin87/llm-rl-environments-lil-course: 🌱 A little course on Reinforcement Learning Environments for evaluating and training Language Models GitHub - takaakit/superpowers-uml: Superpowers-UML modifies Superpowers to ensure a software development workflow in which AI agents design through UML modeling. AdriByte Studio - Sviluppo Web e Soluzioni Digitali GitHub - chouligi/angel-copilot: Your personalized Angel Investment Advisor Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 GitHub - agenteractai/lodmem: Level Of Detail Context Management for Agents GitHub - ostefani/subnetlens: A fast, concurrent network scanner with a TUI and plain-text CLI, built in Go. It discovers live hosts on your network, scans their open ports, resolves hostnames, and fingerprints operating systems—delivered. Cyber Pulse: Agentic Intel - Apps on Google Play Whisper API: Self-Hostable Speech to Text Transcription The Agent-Web Protocol Stack: A Research Thesis GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Show HN: Provepy – A Python decorator that proves your code using Lean and LLMs Show HN: Pardonned.com – A searchable database of US Pardons GitHub - patrickdappollonio/dux: Dux is a terminal UI that lets you run multiple AI coding agents side by side, each in its own git worktree, with full companion terminals, macros, commit generation, and a command palette that knows more tricks than you do. kMC Crystal Simulator Show HN: HyperFlow – A self-improving agent framework built on LangGraph GitHub - stef41/vibescore: 🎵 Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing. GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. imgur.com GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. GitHub - nowork-studio/toprank: Open-source Claude Code skills for SEO, SEM, Google Ads GitHub - tacomanator/sash: Lightweight macOS menu bar app for reliably cycling through windows of the current application. Appents | Social Media Management for Product-First Teams GitHub - pnhoang/youtube-spam-blocker: Automatically detects and hides spam messages in YouTube Live chat. Set rate limits, keyword filters, and block repeat offenders. GitHub - decisionnode/DecisionNode: CLI + Local MCP - A shared structured memory store across Claude Code, Cursor, Windsurf, Antigravity, and every MCP client. Semantically queryable. GitHub - AvaCodeSolutions/django-email-learning: An open source Django app for creating email-based learning platforms with IMAP integration and React frontend components. The $100K Gap in Kubernetes Security Tooling Function Calling Harness: From 6.75% to 100%
GitHub - gekap/fast-copy: Fast file copier with SSH streaming, deduplication & block-order I/O. 3-5x faster than scp/rsync/SFTP for remote transfers. Copies folders at maximum sequential disk speed. Tar pipe streaming, content-aware dedup, hard-linking. Cross-platform (Linux, macOS, Windows). Python CLI.
yskapell · 2026-05-19 · via Hacker News: Show HN

A fast, cross-platform command-line tool for copying files and directories at maximum sequential disk speed. Designed for USB drives, external HDDs, NAS backups, and large SSH transfers.

Key capabilities:

  • Reflink-based copy on btrfs / XFS / APFS / ReFS — metadata-only CoW clones (FICLONE on Linux, clonefile(2) on macOS) make a 10 GB copy on the same volume complete in milliseconds
  • Sparse-file awareness (v3.1.0+) — VM disk images and Longhorn replicas are copied via SEEK_DATA / SEEK_HOLE so unallocated holes never hit the wire or the destination disk (2.3 TB logical → 12 GB on disk on real backups)
  • Multiple sources per command (v3.1.0+)fast-copy /var/lib/longhorn/replicas/pvc-* /mnt/backup accepts N source trees and preserves each by basename, cp -r style
  • --use-sudo self-elevation + tamper-resistant audit log (v3.1.0+) — re-execs under sudo for root-only paths and writes a chattr +i JSONL audit trail of who ran what
  • Security-hardened sudo flow (v3.1.1+)O_NOFOLLOW everywhere, audit file in ~$SUDO_USER, script-perm preflight, --update refused under sudo
  • Reads files in physical disk order (eliminates random seeks on HDDs)
  • Content-aware deduplication — copies each unique file once, hard-links or reflinks duplicates
  • Automatic filesystem detection — detects reflink/hardlink/symlink/none capability on the destination and picks the safest dedup strategy
  • Honest dedup accounting — on link-incapable destinations (FAT32, exFAT) reports "Bandwidth saved" separately from disk usage
  • Cross-run dedup database — SQLite cache remembers hashes across runs
  • Explicit hash algorithm selection--hash=auto|xxh128|sha256 with auto preferring the fast xxh128 if available
  • SSH remote transfers — local↔remote and remote↔remote with tar pipe streaming
  • Chunked streaming — 100 MB tar batches with streaming extraction (no temp files)
  • Pre-flight space check and post-copy verification
  • Synology NAS compatible — busybox / non-standard OSes are supported via portable tar stdin handling
  • File-path destination for single-file copiesfast_copy host:file.tar.gz /local/renamed.tar.gz works like scp/cp
  • Works on Linux, macOS, and Windows (including long paths >260 chars)

Why fast-copy?

Problem Solution
cp -r is slow on HDDs due to random seeks Reads files in physical disk order for sequential throughput
Thousands of small files copy painfully slow Bundles small files into tar stream batches
Duplicate files waste space and time Content-aware dedup — copies once, hard-links the rest
No space check until copy fails mid-way Pre-flight space check before any data is written
Silent corruption on cheap USB drives Post-copy verification confirms integrity
Need it on multiple OSes Cross-platform — Linux, macOS, Windows with native I/O optimizations
Copying between two servers is painful Remote-to-remote relay via SSH tar pipe streaming
SFTP is slow (~1-2 MB/s) Raw SSH tar streaming bypasses SFTP overhead (5-10 MB/s on LAN)

How It Works

Local-to-Local Copy

Files are copied in 5 phases:

  1. Scan — Walks the source tree, indexes every file with its size
  2. Dedup — Hashes files (xxHash-128 or SHA-256) to find identical content. Each unique file is copied once; duplicates become hard links
  3. Space check — Verifies the destination has enough free space for the deduplicated data
  4. Physical layout — Resolves on-disk physical offsets (FIEMAP on Linux, fcntl on macOS, FSCTL on Windows) and sorts files by block order
  5. Block copy — Large files (≥1 MB) are copied with 64 MB buffers. Small files are streamed via tar pipe (producer→consumer, no temp file on disk). Duplicates are recreated as hard links

After copying, all files are verified against source hashes.

SSH Remote Transfers

Three remote copy modes are supported:

Mode How it works
Local → Remote Files are streamed as chunked tar batches over SSH. Remote runs tar xf - to extract on the fly
Remote → Local Remote runs tar cf -, local extracts with streaming extraction — files appear on disk as data arrives (no temp file)
Remote → Remote Data relays through your machine: source tar cf → SSH → local relay buffer → SSH → dest tar xf

Chunked tar streaming: Files are split into ~100 MB batches. Each batch is a separate tar stream over SSH. This provides:

  • Progress updates per batch
  • Error recovery (partial batches don't lose completed work)
  • No temp files — streaming extraction writes files directly to disk
  • Large files (≥1 MB) get per-chunk progress updates during extraction

Deduplication on remote sources: File hashing runs on the remote server via python3 or sha256sum over SSH, in batches of 5,000 files to avoid timeouts.

SFTP-free operation: When the remote server has tar available, all transfers use raw SSH channels instead of SFTP. This avoids SFTP protocol overhead and works even on servers with SFTP disabled (e.g., Synology NAS). Manifests are read/written via exec commands with SFTP as fallback.

How the Buffer Works

The buffer is a fixed-size transfer window. Even a 500 GB file only holds 64 MB in RAM at a time:

Source (500GB file)          Buffer (64MB)         Destination file
┌──────────────────┐        ┌─────────┐           ┌──────────────────┐
│ chunk 1 (64MB)   │──read──│ 64MB    │──write──▶ │ chunk 1 (64MB)   │
│ chunk 2 (64MB)   │──read──│ 64MB    │──write──▶ │ chunk 2 (64MB)   │
│ ...              │        │ (reused)│           │ ...              │
│ chunk 7813       │──read──│ 64MB    │──write──▶ │ chunk 7813       │
└──────────────────┘        └─────────┘           └──────────────────┘
                                                   = 500GB complete

Adjust with --buffer: --buffer 8 for low-memory systems, --buffer 128 for fast SSDs.

How Remote-to-Remote Works

When both source and destination are remote SSH servers, data relays through your local machine:

┌─────────────┐        ┌───────────────┐        ┌─────────────┐
│  Source SSH  │  tar   │ Your machine  │  tar   │  Dest SSH   │
│   server    │ ─────▶ │   (relay)     │ ─────▶ │   server    │
└─────────────┘ cf -   └───────────────┘ xf -   └─────────────┘

The two servers do not need to reach each other directly. Data streams through in ~100 MB tar batches — your machine never stores the full dataset.

Filesystem detection and dedup strategy

Before Phase 2, fast-copy detects the destination filesystem and probes its actual capabilities (hardlink, symlink, reflink CoW clones, case-sensitivity). Detection is ~5 ms on warm cache and uses cheap per-OS APIs (/proc/self/mountinfo on Linux, statfs(2) on macOS, GetVolumeInformationW on Windows) with targeted probes only for ambiguous filesystems (XFS reflink, NTFS Dev Drive, network mounts, FUSE).

The detected strategy is shown in the banner alongside the Dedup: line and determines how dedup links AND how unique files are copied:

Destination filesystem Strategy Copy mechanism Dedup link mechanism
btrfs, XFS (reflink=1), APFS, bcachefs reflink FICLONE/clonefile (metadata-only, instant) reflinks (CoW; modifying one peer leaves others untouched)
ext4, tmpfs, NTFS, HFS+, f2fs, NFS, SMB, most others hardlink byte stream copy with large buffers os.link() hardlinks (shared inode)
FAT32, exFAT, some FUSE mounts none byte stream copy full copies (no links possible)

Reflink-based copy (v3.1.0+)

On btrfs / XFS-with-reflinks / APFS / bcachefs, fast-copy uses the kernel's CoW clone primitive instead of reading and writing bytes:

  • Linux: ioctl(FICLONE) on btrfs, XFS (reflink=1), bcachefs
  • macOS: clonefile(2) on APFS — same primitive cp uses internally on macOS Big Sur+
  • Windows: ReFS reflinks via FSCTL_DUPLICATE_EXTENTS_TO_FILE (deferred — future release)

This means:

  • A 10 GB copy on the same btrfs volume completes in milliseconds instead of minutes
  • A backup of /home to /mnt/btrfs/backup is essentially free until you start modifying files
  • Synology DS720+ users (btrfs at /volume1) get near-instant local backups
  • macOS users get the same speed cp already provides — fast-copy was previously slower on APFS for the same operation

When the source and destination are on different filesystems (e.g. copying from /home ext4 to /mnt/btrfs), reflink isn't possible and fast-copy automatically falls back to the byte-stream copy. The same-filesystem check via st_dev happens before any syscall.

Important architectural property: Reflinks are CoW. If you modify one of two reflinked files, the kernel allocates new blocks for that file only — the other peer is untouched. This is fundamentally safer than hardlinks for any incremental update workflow:

Hardlinks:                    Reflinks:
  fileA  ┐                      fileA  → blocks 1-100
         ├→ inode 12345         fileB  → blocks 1-100 (shared)
  fileB  ┘                      
                                After modifying fileB:
  After modifying fileA:        fileA  → blocks 1-100 (unchanged)
  fileA  ┐                      fileB  → blocks 1-100 (CoW: new alloc only for changes)
         ├→ inode 12345 (NEW)
  fileB  ┘  ← also changed!

Run output on a reflink-capable destination:

Phase 5 — Block copy
  Strategy: reflink (CoW) for 5 files, 12.0 MB
    Metadata-only clone — no data is read or written.

  ██████████████████████████████ 100%  12.0 MB in 0.1s  avg 209.1 MB/s

  Duplicate handling:
    ✓ Reflinks:           4 (CoW shared blocks; modifying one does not affect peers)
    → all reflinked (CoW; safe to modify peers)

On link-incapable filesystems (strategy: none), the dedup summary honestly reports what happened:

Dedup complete:
  Unique files:    44718
  Total duplicates: 46951 (51.2% of files)
  Bandwidth saved: 378.5 MB (transfer only)
  Disk usage:      888.2 MB (full copies — FS does not support links)

And the Phase 3 space check uses the full undeduplicated size so you never hit ENOSPC mid-copy because of misleading dedup accounting.

For verbose output including FS type, capability matrix, and detection/probe timings, pass -v / --verbose:

FS:          xfs → reflink
             hardlink=y symlink=y reflink=y case=sens
             detect=4.3ms probe=1.1ms (4 probes)

Bulk-backup workflow for VM images and Longhorn replicas (v3.1.0+)

v3.1.0 added a set of features that together make fast-copy practical for sysadmin-style bulk backups: copying many sparse VM disks or Longhorn replicas from system paths that require root, with a tamper-evident audit trail.

Multiple sources per command. Pass any number of source paths followed by the destination — each source is copied as its own subtree under the destination, preserving its basename:

# Shell glob expands to N source paths
fast-copy /var/lib/longhorn/replicas/pvc-* /mnt/backup_pvc/

# Or list them explicitly
fast-copy /etc /var/log /home/operator /mnt/incident_snapshot/

Existing single-source fast-copy SRC DST invocations are unaffected.

Sparse-file awareness (Linux/macOS). Files where st_blocks * 512 < st_size are auto-detected and copied with SEEK_DATA / SEEK_HOLE so unallocated holes never hit the wire or the destination disk. The Phase 3 space check uses the allocated byte count on sparse-capable destinations, so a 2.3 TB sparse tree holding 12 GB of real data no longer rejects a 900 GB destination. Scan output reports the summary up front:

Sparse:  346 sparse files — 2.3 TB logical, 12.2 GB on disk
Data to write: 12.2 GB (after sparse holes skipped 2.2 TB)

Falls back to dense copy on Windows and on filesystems without hole support (FAT32, exFAT). The wire format for SSH transfers is still dense — sparse-aware copy applies to local→local destinations only.

--use-sudo self-elevation. Saves typing sudo python fast_copy.py … for the common case where the source or destination requires root (Longhorn replicas, container volumes, system paths). fast-copy re-execs itself under sudo and lets sudo prompt for the password on the terminal as usual. Linux/macOS only.

fast-copy --use-sudo /var/lib/longhorn/replicas/pvc-x123 /mnt/backup/

Tamper-resistant audit log. When running under sudo (detected via $SUDO_USER), fast-copy writes a hidden .fast_copy_audit.jsonl to ~$SUDO_USER/ — one JSON record per run capturing the pre-elevation username, the full command, source/destination, the per-file copy list, and run summary. After each write the file is chattr +i (immutable) so even root cannot edit or delete it without first running chattr -i. The next sudo run clears the flag, appends its record, and re-immutables. Degrades gracefully (writes the record unprotected, with a warning) on tmpfs/FAT32/NFS where immutability isn't supported.

To inspect: sudo cat ~/.fast_copy_audit.jsonl (reads work on immutable files). To remove: sudo chattr -i <path> && sudo rm <path>.

Security model for --use-sudo (v3.1.1+)

The convenience flag re-execs the tool under sudo, so anything fast-copy does while elevated runs as root. v3.1.1 closes seven local-privilege-escalation paths in that flow against a non-root attacker on the same host who can write the source tree, the destination tree, or the script's directory:

  • O_NOFOLLOW on every destination open (block-stream / sparse / individual / SFTP / tar-extract paths). A planted symlink like <dst>/file -> /root/.bashrc no longer redirects root-privileged writes.
  • Audit file moved to ~$SUDO_USER with O_NOFOLLOW, fchmod via fd, and a st_nlink > 1 refusal so a pre-planted symlink or hardlink at the audit path cannot trick root into chattr +i / chmod 0600 / appending on a sensitive file.
  • Source walk uses followlinks=False on POSIX and lstat-checks each entry: under sudo, all symlinks are refused with a visible "Skipped N symlinks" warning; without sudo, only symlinks whose realpath escapes the source root are skipped.
  • TOCTOU-safe source reads under sudo. All five file-read producers route through a shared opener that adds O_NOFOLLOW when elevated, so an attacker who races the scan→copy window cannot swap a regular file for a symlink and exfiltrate /etc/shadow.
  • --update is refused under sudo. A compromised release publisher can no longer auto-trojan root — the user has to explicitly re-elevate after updating. Optional --update-sha256 <hex> (64-char hex from the release page) adds out-of-band integrity pinning.
  • --use-sudo preflight on script + interpreter. Refuses to elevate if fast_copy.py, its directory, or sys.executable is owned by someone other than root/invoker, or is group/world-writable. Closes the "edit the script and wait" trojan path.
  • SSH known_hosts routed to ~$SUDO_USER so accepted TOFU keys persist for the human operator rather than disappearing into /root/.ssh/.

No CLI change for non-elevated copies of regular files. Under sudo, the only behavior change is that symlinks in the source are skipped (with a visible warning) rather than silently followed.

Hash algorithm selection

fast-copy uses a content hash to detect duplicates during dedup and to verify files after copy. Choose the algorithm with --hash:

Flag Algorithm When to use
--hash=auto (default) xxh128 if the xxhash package is installed, else sha256 General use — fastest available
--hash=xxh128 xxh128 (128-bit, ~10× faster) Force the fast non-cryptographic hash. Errors with a clear install hint if xxhash is missing.
--hash=sha256 SHA-256 (cryptographic) Force collision-resistant hashing — recommended for adversarial environments or when you want strong guarantees against crafted collisions

The selected algorithm is shown in the banner upfront so the trust boundary is visible:

  Hash:        xxh128 (non-cryptographic; default)

or

  Hash:        sha256 (cryptographic; forced)

Duplicate-handling summary

After Phase 5, fast-copy prints a per-type breakdown of how the duplicates were actually handled on the destination:

Duplicate handling:
  ✓ Hardlinks:          46951 (shared inode; zero extra disk)
  → all disk savings realized

On FAT32, where links aren't available:

Duplicate handling:
  ✗ Full copies:            2 (FS does not support links — no disk savings)
  → no disk savings (bandwidth only)

Mixed cases (rare — some filesystems fall back to symlinks):

Duplicate handling:
  ✓ Hardlinks:             45 (shared inode; zero extra disk)
  ~ Symlinks:               3 (pointer to canonical; canonical must not be deleted)
  ✗ Full copies:            2 (FS does not support links — no disk savings)
  → 48/50 linked, 2 copied

Platform Requirements

Platform Minimum Version Notes
Windows Windows 7 SP1 Pre-built binary compatible from v2.4.5+ (built with Python 3.8). Releases v2.2.0–v2.4.4 require Windows 8.1+
macOS macOS 10.13 (High Sierra) Both ARM64 (Apple Silicon) and Intel x86_64 binaries provided
Linux Any with glibc 2.17+ x86_64 binary; or run the Python script on any architecture

When running the Python script directly, Python 3.8 or later is required on all platforms.

Installation

# Run directly with Python 3.8+
python fast_copy.py <source> <destination>

# SSH support requires paramiko
python -m pip install paramiko

# Optional: ~10x faster hashing
python -m pip install xxhash

Platform-specific xxHash installation

Platform Command
Debian/Ubuntu sudo apt install python3-xxhash
Fedora/RHEL sudo dnf install python3-xxhash
Arch sudo pacman -S python-xxhash
macOS brew install python-xxhash
Windows python -m pip install xxhash

If xxHash is not installed, fast-copy silently falls back to SHA-256.

Documentation

Every CLI flag and GUI control is documented in DOCUMENTATION.md — what each option does, defaults, and when to change it. The same content is shown inside the GUI under Help → Documentation.

Usage

usage: fast_copy.py [-h] [--buffer BUFFER] [--threads THREADS] [--dry-run]
                    [-v] [--no-verify] [--no-dedup] [--hash {auto,xxh128,sha256}]
                    [--no-cache] [--force] [--overwrite] [--exclude EXCLUDE]
                    [--log-file LOG_FILE] [--use-sudo]
                    [--ssh-src-port PORT] [--ssh-src-key PATH] [--ssh-src-password]
                    [--ssh-dst-port PORT] [--ssh-dst-key PATH] [--ssh-dst-password]
                    [-z]
                    source [source ...] destination

positional arguments:
  source               One or more source folders, files, globs, or remote
                       (user@host:/path). When two or more positionals are given,
                       the last is the destination and earlier ones are sources.
  destination          Destination path or remote (user@host:/path)

options:
  -h, --help              Show help message and exit
  --version, -V           Show version and exit
  --check-update          Show available updates and release notes
  --update [VERSION]      Download and install latest (or a specific version).
                          Refused under sudo (v3.1.1+).
  --update-sha256 HEX     Verify the downloaded binary against a 64-char SHA-256
                          obtained out-of-band from the GitHub release page (v3.1.1+).
  --buffer BUFFER         Buffer size in MB (default: 64)
  --threads THREADS       Threads for hashing/layout (default: 4)
  --dry-run               Show copy plan without copying
  -v, --verbose           Verbose output (full FS detection details, etc.)
  --no-verify             Skip post-copy verification
  --log-file LOG_FILE     Write structured JSON log to file
  --no-dedup              Disable deduplication
  --hash ALGO             Hash algorithm: auto (default), xxh128, or sha256
                          auto  = xxh128 if installed, else sha256
                          xxh128= 10× faster, non-cryptographic
                          sha256= cryptographic, collision-resistant
  --no-cache              Disable persistent hash cache (cross-run dedup database)
  --force                 Skip space check, copy even if not enough space
  --overwrite             Overwrite all files, skip identical-file detection
  --exclude EXCLUDE       Exclude files/dirs by name (can use multiple times)
  --use-sudo              Re-exec self under sudo if not already root (v3.1.0+).
                          Useful when source or destination needs root, e.g.
                          /var/lib/longhorn/replicas. Linux/macOS only. Refuses
                          to elevate if the script or its directory is
                          group/world-writable (v3.1.1+).

SSH source options:
  --ssh-src-port PORT     SSH port for remote source (default: 22)
  --ssh-src-key PATH      Path to SSH private key for remote source
  --ssh-src-password      Prompt for SSH password for remote source

SSH destination options:
  --ssh-dst-port PORT     SSH port for remote destination (default: 22)
  --ssh-dst-key PATH      Path to SSH private key for remote destination
  --ssh-dst-password      Prompt for SSH password for remote destination

General SSH options:
  -z, --compress          Enable SSH compression (good for slow links)

Examples

Local copy

# Copy a folder to USB drive
python fast_copy.py /home/kai/my-app /mnt/usb/my-app

# Copy a single file
python fast_copy.py ~/Downloads/Rocky-10.0-x86_64-dvd1.iso /mnt/usb/

# Glob pattern
python fast_copy.py "~/Downloads/*.zip" /mnt/usb/zips/

# Windows
python fast_copy.py "C:\Projects\my-app" "E:\Backup\my-app"

SSH remote transfers

# Local to remote
python fast_copy.py /data user@server:/backup/data --ssh-dst-password

# Remote to local
python fast_copy.py user@server:/data /local/backup --ssh-src-password

# Remote to remote (relay through your machine)
python fast_copy.py user@src-host:/data admin@dst-host:/backup/data \
    --ssh-src-password --ssh-dst-password

# Custom ports and keys
python fast_copy.py user@host:/data /local \
    --ssh-src-port 2222 --ssh-src-key ~/.ssh/id_ed25519

# Destination on non-standard port (e.g., Synology NAS)
python fast_copy.py /local/data "user@nas:/volume1/Shared Folder/backup" \
    --ssh-dst-port 2205 --ssh-dst-password

Bulk-backup workflow (v3.1.0+)

# Multiple sources at once (cp -r style)
fast-copy /var/lib/longhorn/replicas/pvc-* /mnt/backup_pvc/

# Sparse VM disks — only the allocated bytes are read and written
fast-copy --use-sudo /var/lib/libvirt/images /mnt/backup/

# Auto-elevate under sudo; writes an immutable audit log to ~/.fast_copy_audit.jsonl
fast-copy --use-sudo /etc /var/log /home/operator /mnt/incident_snapshot/

# Verify a self-update against a hash from the release page
fast-copy --update --update-sha256 <paste-64-char-hex-from-release-page>

Other options

# Dry run (preview without copying)
python fast_copy.py /data /mnt/usb/data --dry-run

# Verbose output with full FS detection details
python fast_copy.py /data /mnt/usb/data -v

# Force SHA-256 (cryptographic, collision-resistant) for dedup hashing
python fast_copy.py /data /mnt/usb/data --hash=sha256

# Force xxh128 (fastest) — errors if xxhash not installed
python fast_copy.py /data /mnt/usb/data --hash=xxh128

# Copy a single file with a new name at the destination (like cp/scp)
python fast_copy.py user@host:/data/archive.tar.gz /backup/renamed.tar.gz

# Skip deduplication (faster for known-unique files)
python fast_copy.py /data /mnt/usb/data --no-dedup

# Exclude files/directories by name
python fast_copy.py /project /mnt/usb/project --exclude node_modules --exclude .git

# Write structured JSON log of all actions
python fast_copy.py /data /mnt/usb/data --log-file copy.json

Structured JSON log

The --log-file option writes a machine-readable JSON log with:

  • Summary — source, destination, mode, files copied/linked/skipped/errored, bytes written, speed, dedup savings
  • Per-file entries — action (copied, linked, skipped, error), path, size, method, link target, error message
{
  "timestamp": "2026-04-04T13:25:48.680170+00:00",
  "summary": {
    "source": "/data", "destination": "/mnt/usb/data",
    "mode": "local_to_local", "total_files": 3,
    "copied": 2, "linked": 1, "skipped": 0, "errors": 0,
    "total_bytes": 18, "bytes_written": 12, "dedup_saved": 6,
    "elapsed_sec": 0.03, "avg_speed_bps": 400, "hash_algo": "xxh128"
  },
  "files": [
    {"action": "copied", "path": "data.bin", "size": 6, "method": "block_stream"},
    {"action": "linked", "path": "data_copy.bin", "size": 6, "method": "hardlink", "link_target": "data.bin"}
  ]
}

Real-World Benchmarks

Local-to-Local: 59,925 files (593 MB) to HDD

  Files:   59925 total (44454 unique + 15471 linked)
  Data:    500.7 MB written (92.5 MB saved by dedup)
  Time:    12.1s
  Speed:   41.2 MB/s

Dedup detected 15,471 duplicate files (25.8%), saving 92.5 MB. Files were read in physical disk order and small files bundled into block streams.

Remote-to-Local: 91,669 files (888 MB) over 100 Mbps LAN

  Files:   91669 total (44718 copied + 46951 linked)
  Data:    509.8 MB downloaded (378.5 MB saved by dedup)
  Time:    14m 2s
  Speed:   619.5 KB/s

Dedup found 46,951 duplicates (51.2%), saving 378.5 MB of transfer. Files streamed in 6 tar batches of ~100 MB each with streaming extraction (no temp files). All 91,669 files verified after copy.

Local-to-Remote: 91,663 files (888 MB) over 100 Mbps LAN

  Files:   91663 total (44712 copied + 46951 linked)
  Data:    509.8 MB uploaded
  Time:    2m 7s
  Speed:   4.0 MB/s

Uploaded in 6 tar batches. Remote hard links created via batched Python script over SSH (5,000 links per batch). 3x faster than SFTP-based transfer.

Remote-to-Remote: 3 files (1.7 GB) relay through local machine

  Files:   3 total
  Data:    1.7 GB relayed
  Time:    5m 30s
  Speed:   5.2 MB/s

Data relayed between two SSH servers via tar pipe. Source and destination did not need direct connectivity. Verified on destination after transfer.

Key Features

  • Sparse-file awareness (v3.1.0+) — VM disk images, Longhorn replicas, and other sparse files are auto-detected (st_blocks * 512 < st_size) and copied via SEEK_DATA / SEEK_HOLE so unallocated holes never hit the wire or the destination disk. Phase 3 space check uses allocated bytes on sparse-capable destinations.
  • Multiple sources per command (v3.1.0+)fast-copy SRC1 SRC2 … DST/ accepts N source paths; each is copied as its own subtree under the destination, preserving its basename (cp -r style).
  • --use-sudo self-elevation (v3.1.0+) — Re-execs under sudo for paths that need root (Longhorn replicas, container volumes). Linux/macOS only.
  • Tamper-resistant audit log (v3.1.0+, hardened in v3.1.1+) — Under sudo, writes an immutable (chattr +i) JSONL of every run to ~$SUDO_USER/.fast_copy_audit.jsonl — captures invoking user, command, source/dest, per-file copy list, summary. Even root can't quietly delete a record.
  • Security-hardened sudo flow (v3.1.1+)O_NOFOLLOW on every destination open and on source reads under sudo; audit file moved out of attacker-controllable destination paths; --update refused under sudo (with optional --update-sha256 integrity pin); script-perm preflight refuses to elevate if fast_copy.py or its directory is group/world-writable.
  • Reflink-based copy (v3.1.0+) — On btrfs / XFS reflink / APFS / bcachefs, files are cloned via FICLONE/clonefile (metadata-only, instant) instead of byte-by-byte copy. CoW semantics make modified peers independent.
  • Block-order reads — Files read in physical disk order, eliminating random seeks
  • Content deduplication — xxHash-128 or SHA-256 hashing; copies once, hard-links or reflinks duplicates
  • Automatic filesystem detection (v3.0.0+) — Detects destination FS type (ext4, btrfs, XFS, APFS, NTFS, FAT32, etc.) and probes capabilities (hardlink, symlink, reflink, case-sensitivity) to pick the safest dedup strategy
  • Honest dedup accounting (v3.0.0+) — On FAT32/exFAT, reports "Bandwidth saved" separately from "Disk usage" and uses the correct full size for the space check
  • Explicit hash algorithm selection (v3.0.0+)--hash=auto|xxh128|sha256 lets users force a specific algorithm; the choice is displayed in the banner
  • Per-type duplicate-handling summary (v3.0.0+) — Phase 6 shows exactly how many duplicates became hardlinks / symlinks / full copies on the destination
  • File-path destination for single files (v2.4.8+)fast_copy host:file.tar.gz /local/renamed.tar.gz works across all copy modes
  • Cross-run dedup database — SQLite cache at drive root; re-runs skip already-copied content
  • Streaming tar pipe — Producer→consumer pipe for local copies (no temp file); chunked 100 MB batches for SSH
  • SFTP-free SSH transfers — Uses raw SSH channels with tar; works on servers with SFTP disabled
  • Synology NAS compatible (v3.0.0+) — Uses portable tar stdin handling; tested against DS720+ with DSM 7.x
  • Flexible source — Directories, single files, or glob patterns (*.zip, *.iso)
  • Pre-flight space check — Verifies space before writing; walks parent directories for remote paths
  • Post-copy verification — Every file verified against source hash
  • Structured JSON logging--log-file records every action (copied, linked, skipped, error) with summary stats
  • Permission preservation — Copies file permissions on local and remote transfers
  • Windows long path support — Handles paths exceeding 260 characters via \\?\ prefix
  • Interactive SSH host key verification — TOFU prompt with MD5 + SHA-256 fingerprints; rejects changed keys (MITM defense)
  • Authentication retry — Prompts for password up to 3 times on auth failure; handles Ctrl+C gracefully
  • Cross-platform — Linux, macOS, and Windows with native I/O optimizations
  • Self-update--check-update shows available versions with categorized release notes; --update [VERSION] installs the latest or a specific version
  • Standalone binary — Build with PyInstaller for a single-file executable

License

Apache License 2.0 — see LICENSE for details.

Support

If you find this tool useful, consider a donation:

Currency Address
USDC (Base) 0xca8a1223300ab7fff6de983d642b96084305cccb
ETH (ERC-20) 0xca8a1223300ab7fff6de983d642b96084305cccb