LANpaster: Secure Local Network Sharing

Working across three or four machines at once is the everyday reality of modern engineering — and the slowest part of that work is transferring small pieces of text between them. An error log on a workstation that needs to land in a phone search; a config snippet on a laptop that needs to land in a VM terminal; an API key that needs to move once and disappear forever. LANpaster turns the local network itself into the clipboard — no cloud, no accounts, no trace left behind.

The problem it solves

Engineers running across multiple machines lose roughly 15-30 seconds per text transfer to ad-hoc workarounds: copy-pasting into Telegram Saved Messages, SCP-ing temp files, sharing through chat tools that require accounts on every device. At 20-40 transfers a day that becomes 10-20 minutes of friction per engineer per day — over a working year, 40-80 hours of context-switching per person, plus the security cost of API keys lingering in chat history or temp files long after they were needed.

Cloud-based clipboards (Universal Clipboard, browser-sync extensions, paste services) introduce their own friction: they require accounts, they require internet, they leak credentials into third-party history, and they refuse to work on the air-gapped VMs, internal Linux workstations, and home-lab hardware that engineers actually use. The gap is a tool that lives on the LAN, has no external dependency, and treats secret-sharing as a first-class concern.

Who needs this most

• Engineers running 3+ workstations or VMs (e.g. one MacBook, one Linux workstation, one Windows VM, one phone) who move text between them dozens of times per day and don't want a Telegram chat as their backplane.
• Small distributed engineering teams (2-10 people) operating shared lab hardware, ZimaBoards, NAS appliances, or homelab infra — they need a low-friction text relay that doesn't require setting up cloud accounts for every device.
• Operators handling sensitive credentials — API keys, ephemeral tokens, recovery codes — who need a way to move a secret across the LAN, see it self-delete after 5 minutes, and leave no trace in chat logs or filesystem temp files.

The solution — in plain terms

LANpaster is a small web app you run on any always-on machine on your network — a home server, a ZimaBoard, an old laptop, a Raspberry Pi. Open it in a browser on any device on the same network and it gives you a single shared clipboard with history. Paste something on one machine; it appears instantly on every other browser pointed at the same address. One click copies it back out. No accounts, no cloud, no installation on the client device beyond a browser bookmark.

Three features push it past a glorified text box. Channels group messages by project or topic, so the API keys don't mix with the error logs. Auto-expiry lets a paste self-destruct after 5 minutes, an hour, or a day. Attachment upload moves screenshots, PDFs, and small files alongside the text. Real-time sync over WebSocket keeps every open browser tab updated without refreshing. Code blocks are auto-detected from terminal output and rendered in monospace.

It replaces the messy stack most engineers improvise: Telegram for casual transfers, SCP for files, screenshots over messaging apps for visual snippets — all of which sit outside the LAN and outside the operator's control.

Value delivered — what you get

• Cuts 15-30 seconds off every cross-device text transfer — paste, switch device, one click to copy. At 30 transfers a day that's 7-15 minutes saved per engineer.
• Auto-expiring secret slots remove the cleanup tax on credential sharing — paste an API key with a 5-minute timer, copy on the other device, the secret is gone with no manual delete step.
• No internet dependency, no third-party service — the whole stack runs on one Linux box on your LAN; works in air-gapped networks, lab environments, and home offices with unreliable WAN.
• Replaces 3-4 ad-hoc tools — Telegram Saved Messages, SCP scripts, browser-sync extensions, paste services — with one URL that every device bookmarks.
• Audit-friendly by default — all data lives in one SQLite file you can back up, inspect, export, or wipe with one command; nothing leaves the host.
• Phone-friendly without installing anything — the same browser page works on iOS and Android; no native app, no account, no app-store dependency.

Where it delivers outsized value

• Small engineering teams running shared lab or homelab hardware — distributed teams that already have a NAS or always-on box where LANpaster slots in as one more tiny service.
• Air-gapped or jurisdictionally-segregated environments — lab networks, internal development environments, or compliance setups where cloud clipboards are explicitly off-limits.
• Solo operators running multiple workstations and a phone — the personal-infrastructure case the project was originally built for, where dropping a cloud tool repays a weekend's setup within the first month.

Distinctive features — why this over the alternatives

• Auto-expiring messages as a first-class control — every paste can carry a TTL (5m / 30m / 1h / 6h / 24h). A background task deletes expired rows every 30 seconds and broadcasts the deletion to all connected browsers, so secrets vanish across the whole network at once.
• Channels keep clipboard streams separate — one channel for API keys, one for error logs, one for project-alpha. Pin important messages to the top so a fresh paste doesn't bury a still-needed config snippet.
• Single HTML frontend, zero build step — the entire UI is one 2,506-line HTML file with inline CSS and vanilla JavaScript. No npm, no webpack, no toolchain drift. Anyone can read it, fork it, and audit it in an afternoon.
• Backup and restore in one command — the API streams a clean SQLite snapshot via VACUUM INTO; an import endpoint swaps a snapshot in atomically with rollback on failure. Moving the install between machines is a copy-paste of one file.
• WebSocket real-time sync with automatic reconnect — every connected browser updates instantly when any device posts, edits, deletes, or expires a message. Pull a laptop out of sleep and it catches up within seconds.

Under the hood — built to last

The whole stack is boring on purpose. Python 3.11 with FastAPI handles the REST API and WebSocket on a single Uvicorn process; SQLite in WAL mode is the only datastore; the frontend is one HTML file served directly by the API. Total Python footprint is five dependencies — fastapi, uvicorn, aiosqlite, python-dotenv, python-multipart — and the running process holds 30-50 MB of memory. Everything ships as a single Docker image and a docker-compose file; one VPS, one Pi, or one ZimaBoard hosts the whole thing with no orchestration layer. No SaaS, no telemetry, no external services in the critical path.

Current maturity

Working tool in active personal and homelab use, with the full Tier-1 feature set from the original spec — channels, messages, attachments, auto-expiry, pinning, code detection, WebSocket sync, passphrase gate, lazy-load scrolling, dark mode — implemented and operational. The server is 612 lines of Python, the database layer 504 lines, the single-page frontend 2,506 lines. Design docs were drafted in late February 2026; implementation iterated through April 2026, with database snapshot/import, attachment upload, and PWA install support added incrementally. No public production deployment — it's a single-tenant, single-LAN tool by design — but in daily use on the operator's home network.

Roadmap — what's next

Next on the list is search across channels and history (Tier-2 in the original spec), followed by markdown rendering and per-channel export to text or markdown files. Beyond that the natural extension is multi-passphrase support — a second "guest" passphrase with read-only access — so a small distributed team can share a single LANpaster instance with different permission scopes. None of those changes shift the architecture; the SQLite + FastAPI + single-HTML model carries through.

Working with the architect

LANpaster is available in two engagement modes for teams who want a similar tool inside their environment. A team can commission a custom build — a private, branded LAN utility tailored to their hardware, identity provider, or compliance posture (multi-tenant gating, audit logging, LDAP/SSO front door). Or a team running its own homelab or lab infrastructure can engage in strategic advisory on small-utility design: how to keep a tool under 5,000 lines and still ship it for daily team use without operational drag. Reach out via sintegrium.io or LinkedIn for a 30-minute scoping call.

---

Built by Yurii Staryk · Solution Ecosystem Architect